Wim Vervoorn has uploaded this change for review.

View Change

vendorcode/eltan/security: Switch to vb2 vboot library

The eltan verified_boot is using the vboot 2.1 data structures and code,
as well as the fwlib21 build target, they are all depreciated. Refer to
CB:37654 for more information.

The verified_boot code is updated to use the vb2 structures and code and
make sure only public functions are used.

BUG=N/A
TEST=build

Change-Id: I1e1a7bce6110fe35221a4d7a47c1eb7c7074c318
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
---
M src/vendorcode/eltan/security/include/cb_sha.h
M src/vendorcode/eltan/security/lib/Makefile.inc
M src/vendorcode/eltan/security/lib/cb_sha.c
M src/vendorcode/eltan/security/verified_boot/Kconfig
M src/vendorcode/eltan/security/verified_boot/vboot_check.c
5 files changed, 69 insertions(+), 43 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/90/38590/1
diff --git a/src/vendorcode/eltan/security/include/cb_sha.h b/src/vendorcode/eltan/security/include/cb_sha.h
index 9a231d8..8b4e647 100644
--- a/src/vendorcode/eltan/security/include/cb_sha.h
+++ b/src/vendorcode/eltan/security/include/cb_sha.h
@@ -16,9 +16,8 @@
 #ifndef __SECURITY_CB_SHA_H__
 #define __SECURITY_CB_SHA_H__
 
-#include <2rsa.h>
-#include <vb21_common.h>
 #include <vb2_api.h>
+#include <vb2_sha.h>
 
 vb2_error_t cb_sha_little_endian(enum vb2_hash_algorithm hash_alg, const uint8_t *data,
 				 uint32_t len, uint8_t *digest);
diff --git a/src/vendorcode/eltan/security/lib/Makefile.inc b/src/vendorcode/eltan/security/lib/Makefile.inc
index 2e11fb5..45a185a 100644
--- a/src/vendorcode/eltan/security/lib/Makefile.inc
+++ b/src/vendorcode/eltan/security/lib/Makefile.inc
@@ -16,7 +16,7 @@
 # call with $1 = stage name to create rules for building the library
 # for the stage and adding it to the stage's set of object files.
 define vendor-security-lib
-VEN_SEC_LIB_$(1) = $(obj)/external/ven_sec_lib-$(1)/vboot_fw21.a
+VEN_SEC_LIB_$(1) = $(obj)/external/ven_sec_lib-$(1)/vboot_fw.a
 VEN_SEC_CFLAGS_$(1) += $$(patsubst -I%,-I$(top)/%,\
 		$$(patsubst $(src)/%.h,$(top)/$(src)/%.h,\
 		$$(filter-out -I$(obj), $$(CPPFLAGS_$(1)))))
@@ -32,29 +32,28 @@
 	$(MAKE) -C $(VBOOT_SOURCE) \
 		BUILD=$$(abspath $$(dir $$(VEN_SEC_LIB_$(1)))) \
 		V=$(V) \
-		fwlib21
+		fwlib
 endef # vendor-security-for-stage
 
 CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include
-CFLAGS_common += -I3rdparty/vboot/firmware/lib21/include
 
 ifneq ($(filter y,$(CONFIG_VENDORCODE_ELTAN_VBOOT) $(CONFIG_VENDORCODE_ELTAN_MBOOT)),)
 
 bootblock-y += cb_sha.c
 bootblock-y += ../../../../security/vboot/vboot_logic.c
 $(eval $(call vendor-security-lib,bootblock))
-bootblock-srcs  += $(obj)/external/ven_sec_lib-bootblock/vboot_fw21.a
+bootblock-srcs += $(obj)/external/ven_sec_lib-bootblock/vboot_fw.a
 
 postcar-y += cb_sha.c
 $(eval $(call vendor-security-lib,postcar))
-postcar-srcs += $(obj)/external/ven_sec_lib-postcar/vboot_fw21.a
+postcar-srcs += $(obj)/external/ven_sec_lib-postcar/vboot_fw.a
 
 ramstage-y += cb_sha.c
 $(eval $(call vendor-security-lib,ramstage))
-ramstage-srcs += $(obj)/external/ven_sec_lib-ramstage/vboot_fw21.a
+ramstage-srcs += $(obj)/external/ven_sec_lib-ramstage/vboot_fw.a
 
 romstage-y += cb_sha.c
 $(eval $(call vendor-security-lib,romstage))
-romstage-srcs += $(obj)/external/ven_sec_lib-romstage/vboot_fw21.a
+romstage-srcs += $(obj)/external/ven_sec_lib-romstage/vboot_fw.a
 
-endif
\ No newline at end of file
+endif
diff --git a/src/vendorcode/eltan/security/lib/cb_sha.c b/src/vendorcode/eltan/security/lib/cb_sha.c
index 20a84af..b9777b7 100644
--- a/src/vendorcode/eltan/security/lib/cb_sha.c
+++ b/src/vendorcode/eltan/security/lib/cb_sha.c
@@ -20,11 +20,19 @@
 {
 	int i;
 	int rv;
-	uint32_t digest_size = vb2_digest_size(hash_alg);
+	uint32_t digest_size;
 	uint8_t result[VB2_MAX_DIGEST_SIZE];
 
-	if (!digest_size)
+	switch (hash_alg) {
+	case VB2_HASH_SHA256:
+		digest_size = VB2_SHA256_DIGEST_SIZE;
+		break;
+	case VB2_HASH_SHA512:
+		digest_size = VB2_SHA512_DIGEST_SIZE;
+		break;
+	default:
 		return VB2_ERROR_SHA_INIT_ALGORITHM;
+	}
 
 	rv = vb2_digest_buffer(data, len, hash_alg, (uint8_t *)&result, digest_size);
 	if (rv)
diff --git a/src/vendorcode/eltan/security/verified_boot/Kconfig b/src/vendorcode/eltan/security/verified_boot/Kconfig
index ab254c4..3f95bef 100644
--- a/src/vendorcode/eltan/security/verified_boot/Kconfig
+++ b/src/vendorcode/eltan/security/verified_boot/Kconfig
@@ -61,7 +61,6 @@
 
 config VENDORCODE_ELTAN_VBOOT_KEY_SIZE
 	int
-	default 610 if VENDORCODE_ELTAN_VBOOT_USE_SHA512
-	default 576
+	default 552
 
 endmenu # Verified Boot (verified_boot)
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
index 461a847..ce7e99c 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
@@ -13,6 +13,9 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  */
+
+#define NEED_VB20_INTERNALS /* Peeking into vb2_shared_data */
+
 #include <boot_device.h>
 #include <bootmem.h>
 #include <cbfs.h>
@@ -32,12 +35,17 @@
 int verified_boot_check_manifest(void)
 {
 	uint8_t *buffer;
-	uint8_t sig_buffer[1024]; /* used to build vb21_signature */
-	size_t size = 0;
-	struct vb2_public_key key;
-	struct vb2_workbuf wb;
-	struct vb21_signature *vb2_sig_hdr = (struct vb21_signature *)sig_buffer;
-	uint8_t wb_buffer[1024];
+	struct vb2_context *ctx;
+	struct vb2_kernel_preamble *pre;
+	static struct vb2_shared_data *sd;
+	size_t size;
+	uint8_t wb_buffer[2800];
+
+	if (vb2api_init(&wb_buffer, sizeof(wb_buffer), &ctx)) {
+		goto fail;
+	}
+
+	sd = vb2_get_sd(ctx);
 
 	buffer = cbfs_boot_map_with_leak(RSA_PUBLICKEY_FILE_NAME, CBFS_TYPE_RAW, &size);
 	if (!buffer || !size) {
@@ -46,48 +54,61 @@
 	}
 
 	if ((size != CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE) ||
-			(buffer != (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION)) {
+	    (buffer != (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION)) {
 		printk(BIOS_ERR, "ERROR: Illegal public key!\n");
 		goto fail;
 	}
 
-	if (vb21_unpack_key(&key, buffer, size)) {
-		printk(BIOS_ERR, "ERROR: Invalid public key!\n");
+	/*
+	 * Check if all items will fit into workbuffer:
+	 * vb2_shared data, Public Key, Preamble data
+	 */
+	if ((sd->workbuf_used + size + sizeof(struct vb2_kernel_preamble) +
+	    ((CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE) + (2048/8))) >
+	    sizeof(wb_buffer)) {
+		printk(BIOS_ERR, "ERROR: Work buffer too small\n");
 		goto fail;
 	}
 
+	/* Add public key */
+	sd->data_key_offset = sd->workbuf_used;
+	sd->data_key_size = size;
+	sd->workbuf_used += sd->data_key_size;
+	memcpy((void *)((void *)sd + (long)sd->data_key_offset), (uint8_t *)buffer, size);
+
+	/* Fill preamble area */
+	sd->preamble_size = sizeof(struct vb2_kernel_preamble);
+	sd->preamble_offset = sd->data_key_offset + sd->data_key_size;
+	sd->workbuf_used += sd->preamble_size;
+	pre = (struct vb2_kernel_preamble *)((void *)sd + (long)sd->preamble_offset);
+
+	pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO;
+
+	/* Fill body_signature (vb2_structure). RSA2048 key is used */
 	cbfs_boot_map_with_leak("oemmanifest.bin", CBFS_TYPE_RAW, &size);
-	if (size != (CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE) +
-			      vb2_rsa_sig_size(VB2_SIG_RSA2048)) {
+	if (size != ((CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE) + (2048/8))) {
 		printk(BIOS_ERR, "ERROR: Incorrect manifest size!\n");
 		goto fail;
 	}
-
-	/* prepare work buffer structure */
-	wb.buf = (uint8_t *)&wb_buffer;
-	wb.size = sizeof(wb_buffer);
-
-	/* Build vb2_sig_hdr buffer */
-	vb2_sig_hdr->sig_offset = sizeof(struct vb21_signature) +
-				 (CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE);
-	vb2_sig_hdr->sig_alg = VB2_SIG_RSA2048;
-	vb2_sig_hdr->sig_size = vb2_rsa_sig_size(VB2_SIG_RSA2048);
-	vb2_sig_hdr->hash_alg = HASH_ALG;
-	vb2_sig_hdr->data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE;
-	memcpy(&sig_buffer[sizeof(struct vb21_signature)],
+	pre->body_signature.data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS *
+					DIGEST_SIZE;
+	pre->body_signature.sig_offset = sizeof(struct vb2_signature) +
+					 pre->body_signature.data_size;
+	pre->body_signature.sig_size =  size - pre->body_signature.data_size;
+	sd->workbuf_used += size;
+	memcpy((void *)((void *)&pre->body_signature + (long)sizeof(struct vb2_signature)),
 	       (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size);
 
-	if (vb21_verify_data(&sig_buffer[sizeof(struct vb21_signature)], vb2_sig_hdr->data_size,
-			     (struct vb21_signature *)&sig_buffer, &key, &wb)) {
-		printk(BIOS_ERR, "ERROR: Signature verification failed for hash table\n");
+
+	if (vb2api_verify_kernel_data(ctx, (void *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC,
+				      pre->body_signature.data_size))
 		goto fail;
-	}
 
 	printk(BIOS_INFO, "%s: Successfully verified hash_table signature.\n", __func__);
 	return 0;
 
 fail:
-	die("HASH table verification failed!\n");
+	die("ERROR: HASH table verification failed!\n");
 	return -1;
 }

To view, visit change 38590. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I1e1a7bce6110fe35221a4d7a47c1eb7c7074c318
Gerrit-Change-Number: 38590
Gerrit-PatchSet: 1
Gerrit-Owner: Wim Vervoorn <wvervoorn@eltan.com>
Gerrit-MessageType: newchange