[OpenBIOS] r634 - cpu/x86/pc/olpc
svn at openbios.org
svn at openbios.org
Thu Sep 20 01:58:44 CEST 2007
Author: wmb
Date: 2007-09-20 01:58:43 +0200 (Thu, 20 Sep 2007)
New Revision: 634
Modified:
cpu/x86/pc/olpc/security.fth
Log:
OLPC security - added dispostion code to lease and devkey formats.
Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth 2007-09-19 23:57:43 UTC (rev 633)
+++ cpu/x86/pc/olpc/security.fth 2007-09-19 23:58:43 UTC (rev 634)
@@ -283,7 +283,7 @@
\ including serial number, UUID, and expiration time, is place.
\ That string is the signed object for lease and developer key verification.
-d# 65 buffer: machine-id-buf
+d# 67 buffer: machine-id-buf
\ get-my-sn get the machine identification info including serial number
\ and UUID from the manufacturing data, placing it into machine-id-buf
@@ -315,6 +315,8 @@
[char] : machine-id-buf d# 48 + c!
+ [char] : machine-id-buf d# 50 + c!
+
false
;
@@ -333,10 +335,12 @@
: check-machine-signature ( sig$ expiration$ -- -1|1 )
0 hashname c!
- machine-id-buf d# 49 + swap move ( sig$ )
- machine-id-buf d# 65 2swap valid? if 1 else -1 then
+ machine-id-buf d# 51 + swap move ( sig$ )
+ machine-id-buf d# 67 2swap valid? if 1 else -1 then
;
+: set-disposition ( adr -- ) c@ machine-id-buf d# 49 + c! ;
+
\ check-lease checks a lease signature record in act01: format
\ -1 means lease is for this machine and is invalid
@@ -348,16 +352,23 @@
" Not act01:" ?lease-debug-cr
2drop -1 exit
then
+
bl left-parse-string ( rem$ serial$ )
my-sn$ $= 0= if ( rem$ )
" is for a different system" ?lease-debug-cr
2drop 0 exit
then ( rem$ )
+
+ \ Disposition code
+ bl left-parse-string 1 <> if 3drop -1 exit then ( rem$ disp-adr )
+ set-disposition ( rem$ )
+
bl left-parse-string ( sig$ expiration$ )
dup d# 16 <> if ( sig$ expiration$ )
" has bad expiration format" ?lease-debug-cr
4drop -1 exit
then ( sig$ expiration$ )
+
2dup expired? if
" expired" ?lease-debug-cr
4drop -1 exit
@@ -535,6 +546,10 @@
bl left-parse-string ( rem$ serial$ )
my-sn$ $= 0= if 2drop 0 exit then ( rem$ )
+ \ Disposition code
+ bl left-parse-string 1 <> if 3drop -1 exit then ( rem$ disp-adr )
+ set-disposition ( rem$ )
+
develkey$ to pubkey$
" 00000000T000000Z" check-machine-signature
;
More information about the OpenBIOS
mailing list