[coreboot-gerrit] Patch set updated for coreboot: cbfstool: Add 'hashcbfs' command to compute hash of CBFS region.
Aaron Durbin (adurbin@chromium.org)
gerrit at coreboot.org
Mon Jan 4 19:00:09 CET 2016
Aaron Durbin (adurbin at chromium.org) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/12790
-gerrit
commit 67d32451761b66141d70532f420ca130006ba45d
Author: Aaron Durbin <adurbin at chromium.org>
Date: Tue Dec 15 18:00:30 2015 -0600
cbfstool: Add 'hashcbfs' command to compute hash of CBFS region.
For the purposes of maintaining integrity of a CBFS allow one to
hash a CBFS over a given region. The hash consists of all file
metadata and non-empty file data. The resulting digest is saved
to the requested destination region.
BUG=chrome-os-partner:48412
BUG=chromium:445938
BRANCH=None
TEST=Integrated with glados chrome os build. vboot verification
works using the same code to generate the hash in the tooling
as well as at runtime on the board in question.
Change-Id: Ib0d6bf668ffd6618f5f73e1217bdef404074dbfc
Signed-off-by: Aaron Durbin <adurbin at chromium.org>
---
util/cbfstool/Makefile.inc | 8 +++++++
util/cbfstool/cbfs_hash.c | 33 ++++++++++++++++++++++++++++
util/cbfstool/cbfstool.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 95 insertions(+)
diff --git a/util/cbfstool/Makefile.inc b/util/cbfstool/Makefile.inc
index 9633ca4..8e04411 100644
--- a/util/cbfstool/Makefile.inc
+++ b/util/cbfstool/Makefile.inc
@@ -2,10 +2,14 @@ cbfsobj :=
cbfsobj += cbfstool.o
cbfsobj += common.o
cbfsobj += compress.o
+cbfsobj += cbfs.o
+cbfsobj += cbfs_hash.o
cbfsobj += cbfs_image.o
cbfsobj += cbfs-mkstage.o
cbfsobj += cbfs-mkpayload.o
cbfsobj += elfheaders.o
+cbfsobj += mem_pool.o
+cbfsobj += region.o
cbfsobj += rmodule.o
cbfsobj += xdr.o
cbfsobj += fit.o
@@ -129,6 +133,10 @@ $(objutil)/cbfstool/LzmaEnc.o: TOOLCFLAGS += -Wno-sign-compare -Wno-cast-qual
# Tolerate vboot warnings
$(objutil)/cbfstool/2sha_utility.o: TOOLCFLAGS += -Wno-sign-compare
$(objutil)/cbfstool/2sha1.o: TOOLCFLAGS += -Wno-cast-qual
+# Tolerate commonlib warnings
+$(objutil)/cbfstool/region.o: TOOLCFLAGS += -Wno-sign-compare -Wno-cast-qual
+$(objutil)/cbfstool/cbfs.o: TOOLCFLAGS += -Wno-sign-compare -Wno-cast-qual
+$(objutil)/cbfstool/mem_pool.o: TOOLCFLAGS += -Wno-sign-compare -Wno-cast-qual
$(objutil)/cbfstool/fmd.o: $(objutil)/cbfstool/fmd_parser.h
$(objutil)/cbfstool/fmd.o: $(objutil)/cbfstool/fmd_scanner.h
diff --git a/util/cbfstool/cbfs_hash.c b/util/cbfstool/cbfs_hash.c
new file mode 100644
index 0000000..332a59b
--- /dev/null
+++ b/util/cbfstool/cbfs_hash.c
@@ -0,0 +1,33 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2015 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <commonlib/cbfs.h>
+#include <commonlib/region.h>
+
+int cbfs_calculate_hash(void *cbfs, size_t cbfs_sz,
+ enum vb2_hash_algorithm hash_algo,
+ void *digest, size_t digest_sz);
+
+int cbfs_calculate_hash(void *cbfs, size_t cbfs_sz,
+ enum vb2_hash_algorithm hash_algo,
+ void *digest, size_t digest_sz)
+{
+ struct mem_region_device mdev;
+
+ mem_region_device_init(&mdev, cbfs, cbfs_sz);
+
+ return cbfs_vb2_hash_contents(&mdev.rdev,
+ hash_algo, digest, digest_sz);
+}
diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c
index f00aa30..2da4071 100644
--- a/util/cbfstool/cbfstool.c
+++ b/util/cbfstool/cbfstool.c
@@ -781,6 +781,57 @@ static int cbfs_print(void)
return 0;
}
+/* Forward declared so there aren't type collisions with cbfstool proper
+ * and commonlib. */
+int cbfs_calculate_hash(void *cbfs, size_t cbfs_sz,
+ enum vb2_hash_algorithm hash_algo,
+ void *digest, size_t digest_sz);
+
+static int cbfs_hash(void)
+{
+ struct cbfs_image src_image;
+ struct buffer src_buf;
+ struct buffer *dst = param.image_region;
+
+ if (param.hash == VB2_HASH_INVALID) {
+ ERROR("You need to specify -A/--hash-algorithm.\n");
+ return 1;
+ }
+
+ if (!param.source_region) {
+ ERROR("You need to specify -R/--source-region.\n");
+ return 1;
+ }
+
+ unsigned hash_size = widths_cbfs_hash[param.hash];
+ if (hash_size == 0)
+ return 1;
+
+ if (buffer_size(param.image_region) < hash_size) {
+ ERROR("Region '%s' size too small.\n", param.region_name)
+ return 1;
+ }
+
+ /* Obtain the source region and convert it to a cbfs_image. */
+ if (!partitioned_file_read_region(&src_buf, param.image_file,
+ param.source_region)) {
+ ERROR("Region not found in image: %s\n", param.source_region);
+ return 1;
+ }
+
+ if (cbfs_image_from_buffer(&src_image, &src_buf, param.headeroffset))
+ return 1;
+
+ if (cbfs_calculate_hash(buffer_get(&src_image.buffer),
+ buffer_size(&src_image.buffer),
+ param.hash, buffer_get(dst), hash_size)) {
+ ERROR("Hash calculation failed.\n");
+ return 1;
+ }
+
+ return 0;
+}
+
static int cbfs_extract(void)
{
if (!param.filename) {
@@ -947,6 +998,7 @@ static const struct command commands[] = {
{"add-master-header", "H:r:vh?", cbfs_add_master_header, true, true},
{"copy", "r:R:h?", cbfs_copy, true, true},
{"create", "M:r:s:B:b:H:o:m:vh?", cbfs_create, true, true},
+ {"hashcbfs", "r:R:A:vh?", cbfs_hash, true, true},
{"extract", "H:r:m:n:f:vh?", cbfs_extract, true, false},
{"layout", "wvh?", cbfs_layout, false, false},
{"print", "H:r:vh?", cbfs_print, true, false},
@@ -1090,6 +1142,8 @@ static void usage(char *name)
" print [-r image,regions] "
"Show the contents of the ROM\n"
" extract [-r image,regions] [-m ARCH] -n NAME -f FILE "
+ " hashcbfs -r image_region -R source-region "
+ "Hashes CBFS source-region and saves digest\n"
"Extracts a raw payload from ROM\n"
" write -r image,regions -f file [-u | -d] "
"Write file into same-size [or larger] raw region\n"
More information about the coreboot-gerrit
mailing list