1 /* Copyright 2014 The ChromiumOS Authors
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Misc functions which need access to vb2_context but are not public APIs
6 */
7
8 #include "2api.h"
9 #include "2common.h"
10 #include "2misc.h"
11 #include "2nvstorage.h"
12 #include "2rsa.h"
13 #include "2secdata.h"
14 #include "2sha.h"
15 #include "2sysincludes.h"
16
vb2_load_fw_keyblock(struct vb2_context * ctx)17 vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx)
18 {
19 struct vb2_shared_data *sd = vb2_get_sd(ctx);
20 struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
21 struct vb2_workbuf wb;
22
23 uint8_t *key_data;
24 uint32_t key_size;
25 struct vb2_public_key root_key;
26
27 struct vb2_keyblock *kb;
28 uint32_t block_size;
29
30 vb2_error_t rv = VB2_SUCCESS;
31
32 vb2_workbuf_from_ctx(ctx, &wb);
33
34 /* Read the root key */
35 key_size = gbb->rootkey_size;
36 key_data = vb2_workbuf_alloc(&wb, key_size);
37 if (!key_data)
38 return VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY;
39
40 VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_GBB, gbb->rootkey_offset,
41 key_data, key_size));
42
43 /* Unpack the root key */
44 VB2_TRY(vb2_unpack_key_buffer(&root_key, key_data, key_size));
45
46 root_key.allow_hwcrypto = vb2api_hwcrypto_allowed(ctx);
47
48 /* Load the firmware keyblock header after the root key */
49 kb = vb2_workbuf_alloc(&wb, sizeof(*kb));
50 if (!kb)
51 return VB2_ERROR_FW_KEYBLOCK_WORKBUF_HEADER;
52
53 VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0,
54 kb, sizeof(*kb)));
55
56 block_size = kb->keyblock_size;
57
58 /*
59 * Load the entire keyblock, now that we know how big it is. Note that
60 * we're loading the entire keyblock instead of just the piece after
61 * the header. That means we re-read the header. But that's a tiny
62 * amount of data, and it makes the code much more straightforward.
63 */
64 kb = vb2_workbuf_realloc(&wb, sizeof(*kb), block_size);
65 if (!kb)
66 return VB2_ERROR_FW_KEYBLOCK_WORKBUF;
67
68 VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, block_size));
69
70 /* Verify the keyblock */
71 VB2_TRY(vb2_verify_keyblock(kb, block_size, &root_key, &wb),
72 ctx, VB2_RECOVERY_FW_KEYBLOCK);
73
74 /* Key version is the upper 16 bits of the composite firmware version */
75 if (kb->data_key.key_version > VB2_MAX_KEY_VERSION)
76 rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE;
77 if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) {
78 if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
79 VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n");
80 else
81 rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
82 }
83 if (rv) {
84 vb2api_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
85 return rv;
86 }
87
88 sd->fw_version = kb->data_key.key_version << 16;
89
90 /* Preamble follows the keyblock in the vblock. */
91 sd->vblock_preamble_offset = kb->keyblock_size;
92
93 /*
94 * Save the data key in the work buffer. We'll overwrite the root key
95 * we read above. That's ok, because now that we have the data key we
96 * no longer need the root key. First, let's double-check that it is
97 * well-formed though (although the keyblock was signed anyway).
98 */
99 VB2_TRY(vb2_verify_packed_key_inside(kb, block_size, &kb->data_key));
100
101 /* Save the future offset and size while kb->data_key is still valid.
102 The check above made sure that key_offset and key_size are valid. */
103 sd->data_key_offset = vb2_offset_of(sd, key_data);
104 sd->data_key_size = kb->data_key.key_offset + kb->data_key.key_size;
105
106 /*
107 * Use memmove() instead of memcpy(). In theory, the destination will
108 * never overlap because with the source because the root key is likely
109 * to be at least as large as the data key, but there's no harm here in
110 * being paranoid. Make sure we immediately invalidate 'kb' after the
111 * move to guarantee we won't try to access it anymore.
112 */
113 memmove(key_data, &kb->data_key, sd->data_key_size);
114 kb = NULL;
115
116 /*
117 * Data key will persist in the workbuf after we return.
118 *
119 * Work buffer now contains:
120 * - vb2_shared_data
121 * - packed firmware data key
122 */
123 vb2_set_workbuf_used(ctx, sd->data_key_offset + sd->data_key_size);
124
125 return VB2_SUCCESS;
126 }
127
vb2_load_fw_preamble(struct vb2_context * ctx)128 vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx)
129 {
130 struct vb2_shared_data *sd = vb2_get_sd(ctx);
131 struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
132 struct vb2_workbuf wb;
133
134 uint8_t *key_data = vb2_member_of(sd, sd->data_key_offset);
135 uint32_t key_size = sd->data_key_size;
136 struct vb2_public_key data_key;
137
138 /* Preamble goes in the next unused chunk of work buffer */
139 struct vb2_fw_preamble *pre;
140 uint32_t pre_size;
141
142 vb2_error_t rv = VB2_SUCCESS;
143
144 vb2_workbuf_from_ctx(ctx, &wb);
145
146 /* Unpack the firmware data key */
147 if (!sd->data_key_size)
148 return VB2_ERROR_FW_PREAMBLE2_DATA_KEY;
149
150 VB2_TRY(vb2_unpack_key_buffer(&data_key, key_data, key_size));
151
152 data_key.allow_hwcrypto = vb2api_hwcrypto_allowed(ctx);
153
154 /* Load the firmware preamble header */
155 pre = vb2_workbuf_alloc(&wb, sizeof(*pre));
156 if (!pre)
157 return VB2_ERROR_FW_PREAMBLE2_WORKBUF_HEADER;
158
159 VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK,
160 sd->vblock_preamble_offset,
161 pre, sizeof(*pre)));
162
163 pre_size = pre->preamble_size;
164
165 /* Load the entire firmware preamble, now that we know how big it is */
166 pre = vb2_workbuf_realloc(&wb, sizeof(*pre), pre_size);
167 if (!pre)
168 return VB2_ERROR_FW_PREAMBLE2_WORKBUF;
169
170 VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK,
171 sd->vblock_preamble_offset,
172 pre, pre_size));
173
174 /* Work buffer now contains the data subkey data and the preamble */
175
176 /* Verify the preamble */
177 VB2_TRY(vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb),
178 ctx, VB2_RECOVERY_FW_PREAMBLE);
179
180 /*
181 * Firmware version is the lower 16 bits of the composite firmware
182 * version.
183 */
184 if (pre->firmware_version > VB2_MAX_PREAMBLE_VERSION)
185 rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE;
186 /* Combine with the key version from vb2_load_fw_keyblock() */
187 sd->fw_version |= pre->firmware_version;
188 if (!rv && sd->fw_version < sd->fw_version_secdata) {
189 if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
190 VB2_DEBUG("Ignoring FW rollback due to GBB flag\n");
191 else
192 rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
193 }
194 if (rv) {
195 vb2api_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
196 return rv;
197 }
198
199 /*
200 * If this is a newer version than in secure storage, and we
201 * successfully booted the same slot last boot, roll forward the
202 * version in secure storage.
203 *
204 * Note that this happens before we've verified the firmware data this
205 * boot; we're relying on the indicator that the last boot was
206 * successful. That's ok, because even if the firmware data has a
207 * valid hash, the only way we can know if it's functional is to trust
208 * the status from the last boot.
209 */
210 if (sd->fw_version > sd->fw_version_secdata &&
211 sd->last_fw_slot == sd->fw_slot &&
212 sd->last_fw_result == VB2_FW_RESULT_SUCCESS) {
213 sd->fw_version_secdata = sd->fw_version;
214 vb2_secdata_firmware_set(ctx, VB2_SECDATA_FIRMWARE_VERSIONS,
215 sd->fw_version);
216 }
217
218 /* Keep track of where we put the preamble */
219 sd->preamble_offset = vb2_offset_of(sd, pre);
220 sd->preamble_size = pre_size;
221
222 /*
223 * Preamble will persist in work buffer after we return.
224 *
225 * Work buffer now contains:
226 * - vb2_shared_data
227 * - vb2_gbb_header
228 * - packed firmware data key
229 * - firmware preamble
230 *
231 * TODO: we could move the preamble down over the firmware data key
232 * since we don't need it anymore.
233 */
234 vb2_set_workbuf_used(ctx, sd->preamble_offset + pre_size);
235
236 return VB2_SUCCESS;
237 }
238