1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2015 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker *
5*8617a60dSAndroid Build Coastguard Worker * This utility wraps around "cgpt" execution to work with NAND. If the target
6*8617a60dSAndroid Build Coastguard Worker * device is an MTD device, this utility will read the GPT structures from
7*8617a60dSAndroid Build Coastguard Worker * FMAP, invokes "cgpt" on that, and writes the result back to NOR flash. */
8*8617a60dSAndroid Build Coastguard Worker
9*8617a60dSAndroid Build Coastguard Worker #include <err.h>
10*8617a60dSAndroid Build Coastguard Worker #include <errno.h>
11*8617a60dSAndroid Build Coastguard Worker #include <fcntl.h>
12*8617a60dSAndroid Build Coastguard Worker #include <inttypes.h>
13*8617a60dSAndroid Build Coastguard Worker #include <limits.h>
14*8617a60dSAndroid Build Coastguard Worker #if !defined(__FreeBSD__)
15*8617a60dSAndroid Build Coastguard Worker #include <linux/major.h>
16*8617a60dSAndroid Build Coastguard Worker #endif
17*8617a60dSAndroid Build Coastguard Worker #include <stdbool.h>
18*8617a60dSAndroid Build Coastguard Worker #include <stdlib.h>
19*8617a60dSAndroid Build Coastguard Worker #include <stdint.h>
20*8617a60dSAndroid Build Coastguard Worker #include <stdio.h>
21*8617a60dSAndroid Build Coastguard Worker #include <string.h>
22*8617a60dSAndroid Build Coastguard Worker #include <sys/stat.h>
23*8617a60dSAndroid Build Coastguard Worker #if !defined(__FreeBSD__)
24*8617a60dSAndroid Build Coastguard Worker #include <sys/sysmacros.h>
25*8617a60dSAndroid Build Coastguard Worker #endif
26*8617a60dSAndroid Build Coastguard Worker #include <sys/types.h>
27*8617a60dSAndroid Build Coastguard Worker #include <unistd.h>
28*8617a60dSAndroid Build Coastguard Worker
29*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
30*8617a60dSAndroid Build Coastguard Worker #include "2sha.h"
31*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h"
32*8617a60dSAndroid Build Coastguard Worker #include "cgpt.h"
33*8617a60dSAndroid Build Coastguard Worker #include "cgpt_nor.h"
34*8617a60dSAndroid Build Coastguard Worker #include "file_keys.h"
35*8617a60dSAndroid Build Coastguard Worker
36*8617a60dSAndroid Build Coastguard Worker // Check if cmdline |argv| has "-D". "-D" signifies that GPT structs are stored
37*8617a60dSAndroid Build Coastguard Worker // off device, and hence we should not wrap around cgpt.
has_dash_D(int argc,const char * const argv[])38*8617a60dSAndroid Build Coastguard Worker static bool has_dash_D(int argc, const char *const argv[]) {
39*8617a60dSAndroid Build Coastguard Worker int i;
40*8617a60dSAndroid Build Coastguard Worker // We go from 2, because the second arg is a cgpt command such as "create".
41*8617a60dSAndroid Build Coastguard Worker for (i = 2; i < argc; ++i) {
42*8617a60dSAndroid Build Coastguard Worker if (strcmp("-D", argv[i]) == 0) {
43*8617a60dSAndroid Build Coastguard Worker return true;
44*8617a60dSAndroid Build Coastguard Worker }
45*8617a60dSAndroid Build Coastguard Worker }
46*8617a60dSAndroid Build Coastguard Worker return false;
47*8617a60dSAndroid Build Coastguard Worker }
48*8617a60dSAndroid Build Coastguard Worker
49*8617a60dSAndroid Build Coastguard Worker // Check if |device_path| is an MTD device based on its major number being 90.
is_mtd(const char * device_path)50*8617a60dSAndroid Build Coastguard Worker static bool is_mtd(const char *device_path) {
51*8617a60dSAndroid Build Coastguard Worker struct stat stat;
52*8617a60dSAndroid Build Coastguard Worker if (lstat(device_path, &stat) != 0) {
53*8617a60dSAndroid Build Coastguard Worker return false;
54*8617a60dSAndroid Build Coastguard Worker }
55*8617a60dSAndroid Build Coastguard Worker
56*8617a60dSAndroid Build Coastguard Worker #if !defined(__FreeBSD__)
57*8617a60dSAndroid Build Coastguard Worker if (major(stat.st_rdev) == MTD_CHAR_MAJOR) {
58*8617a60dSAndroid Build Coastguard Worker return true;
59*8617a60dSAndroid Build Coastguard Worker }
60*8617a60dSAndroid Build Coastguard Worker #endif
61*8617a60dSAndroid Build Coastguard Worker return false;
62*8617a60dSAndroid Build Coastguard Worker }
63*8617a60dSAndroid Build Coastguard Worker
64*8617a60dSAndroid Build Coastguard Worker // Return the element in |argv| that is an MTD device.
find_mtd_device(int argc,const char * const argv[])65*8617a60dSAndroid Build Coastguard Worker static const char *find_mtd_device(int argc, const char *const argv[]) {
66*8617a60dSAndroid Build Coastguard Worker int i;
67*8617a60dSAndroid Build Coastguard Worker for (i = 2; i < argc; ++i) {
68*8617a60dSAndroid Build Coastguard Worker if (is_mtd(argv[i])) {
69*8617a60dSAndroid Build Coastguard Worker return argv[i];
70*8617a60dSAndroid Build Coastguard Worker }
71*8617a60dSAndroid Build Coastguard Worker }
72*8617a60dSAndroid Build Coastguard Worker return NULL;
73*8617a60dSAndroid Build Coastguard Worker }
74*8617a60dSAndroid Build Coastguard Worker
wrap_cgpt(int argc,const char * const argv[],const char * mtd_device)75*8617a60dSAndroid Build Coastguard Worker static int wrap_cgpt(int argc,
76*8617a60dSAndroid Build Coastguard Worker const char *const argv[],
77*8617a60dSAndroid Build Coastguard Worker const char *mtd_device) {
78*8617a60dSAndroid Build Coastguard Worker uint8_t original_hash[VB2_SHA1_DIGEST_SIZE];
79*8617a60dSAndroid Build Coastguard Worker uint8_t modified_hash[VB2_SHA1_DIGEST_SIZE];
80*8617a60dSAndroid Build Coastguard Worker int ret = 0;
81*8617a60dSAndroid Build Coastguard Worker
82*8617a60dSAndroid Build Coastguard Worker // Create a temp dir to work in.
83*8617a60dSAndroid Build Coastguard Worker ret++;
84*8617a60dSAndroid Build Coastguard Worker char temp_dir[] = VBOOT_TMP_DIR "/cgpt_wrapper.XXXXXX";
85*8617a60dSAndroid Build Coastguard Worker if (mkdtemp(temp_dir_template) == NULL) {
86*8617a60dSAndroid Build Coastguard Worker Error("Cannot create a temporary directory.\n");
87*8617a60dSAndroid Build Coastguard Worker return ret;
88*8617a60dSAndroid Build Coastguard Worker }
89*8617a60dSAndroid Build Coastguard Worker if (ReadNorFlash(temp_dir) != 0) {
90*8617a60dSAndroid Build Coastguard Worker goto cleanup;
91*8617a60dSAndroid Build Coastguard Worker }
92*8617a60dSAndroid Build Coastguard Worker char rw_gpt_path[PATH_MAX];
93*8617a60dSAndroid Build Coastguard Worker if (snprintf(rw_gpt_path, sizeof(rw_gpt_path), "%s/rw_gpt", temp_dir) < 0) {
94*8617a60dSAndroid Build Coastguard Worker goto cleanup;
95*8617a60dSAndroid Build Coastguard Worker }
96*8617a60dSAndroid Build Coastguard Worker if (VB2_SUCCESS != DigestFile(rw_gpt_path, VB2_HASH_SHA1,
97*8617a60dSAndroid Build Coastguard Worker original_hash, sizeof(original_hash))) {
98*8617a60dSAndroid Build Coastguard Worker Error("Cannot compute original GPT digest.\n");
99*8617a60dSAndroid Build Coastguard Worker goto cleanup;
100*8617a60dSAndroid Build Coastguard Worker }
101*8617a60dSAndroid Build Coastguard Worker
102*8617a60dSAndroid Build Coastguard Worker // Obtain the MTD size.
103*8617a60dSAndroid Build Coastguard Worker ret++;
104*8617a60dSAndroid Build Coastguard Worker uint64_t drive_size = 0;
105*8617a60dSAndroid Build Coastguard Worker if (GetMtdSize(mtd_device, &drive_size) != 0) {
106*8617a60dSAndroid Build Coastguard Worker Error("Cannot get the size of %s.\n", mtd_device);
107*8617a60dSAndroid Build Coastguard Worker goto cleanup;
108*8617a60dSAndroid Build Coastguard Worker }
109*8617a60dSAndroid Build Coastguard Worker
110*8617a60dSAndroid Build Coastguard Worker // Launch cgpt on "rw_gpt" with -D size.
111*8617a60dSAndroid Build Coastguard Worker ret++;
112*8617a60dSAndroid Build Coastguard Worker const char** my_argv = calloc(argc + 2 + 1, sizeof(char *));
113*8617a60dSAndroid Build Coastguard Worker if (my_argv == NULL) {
114*8617a60dSAndroid Build Coastguard Worker errno = ENOMEM;
115*8617a60dSAndroid Build Coastguard Worker goto cleanup;
116*8617a60dSAndroid Build Coastguard Worker }
117*8617a60dSAndroid Build Coastguard Worker memcpy(my_argv, argv, sizeof(char *) * argc);
118*8617a60dSAndroid Build Coastguard Worker char *real_cgpt;
119*8617a60dSAndroid Build Coastguard Worker if (asprintf(&real_cgpt, "%s.bin", argv[0]) == -1) {
120*8617a60dSAndroid Build Coastguard Worker free(my_argv);
121*8617a60dSAndroid Build Coastguard Worker goto cleanup;
122*8617a60dSAndroid Build Coastguard Worker }
123*8617a60dSAndroid Build Coastguard Worker my_argv[0] = real_cgpt;
124*8617a60dSAndroid Build Coastguard Worker
125*8617a60dSAndroid Build Coastguard Worker int i;
126*8617a60dSAndroid Build Coastguard Worker for (i = 2; i < argc; ++i) {
127*8617a60dSAndroid Build Coastguard Worker if (strcmp(my_argv[i], mtd_device) == 0) {
128*8617a60dSAndroid Build Coastguard Worker my_argv[i] = rw_gpt_path;
129*8617a60dSAndroid Build Coastguard Worker }
130*8617a60dSAndroid Build Coastguard Worker }
131*8617a60dSAndroid Build Coastguard Worker my_argv[argc] = "-D";
132*8617a60dSAndroid Build Coastguard Worker char size[32];
133*8617a60dSAndroid Build Coastguard Worker snprintf(size, sizeof(size), "%" PRIu64, drive_size);
134*8617a60dSAndroid Build Coastguard Worker my_argv[argc + 1] = size;
135*8617a60dSAndroid Build Coastguard Worker i = ForkExecV(NULL, my_argv);
136*8617a60dSAndroid Build Coastguard Worker free(real_cgpt);
137*8617a60dSAndroid Build Coastguard Worker free(my_argv);
138*8617a60dSAndroid Build Coastguard Worker if (i != 0) {
139*8617a60dSAndroid Build Coastguard Worker Error("Cannot exec cgpt to modify rw_gpt.\n");
140*8617a60dSAndroid Build Coastguard Worker goto cleanup;
141*8617a60dSAndroid Build Coastguard Worker }
142*8617a60dSAndroid Build Coastguard Worker
143*8617a60dSAndroid Build Coastguard Worker // Write back "rw_gpt" to NOR flash in two chunks.
144*8617a60dSAndroid Build Coastguard Worker ret++;
145*8617a60dSAndroid Build Coastguard Worker if (VB2_SUCCESS == DigestFile(rw_gpt_path, VB2_HASH_SHA1,
146*8617a60dSAndroid Build Coastguard Worker modified_hash, sizeof(modified_hash))) {
147*8617a60dSAndroid Build Coastguard Worker if (memcmp(original_hash, modified_hash, VB2_SHA1_DIGEST_SIZE) != 0) {
148*8617a60dSAndroid Build Coastguard Worker ret = WriteNorFlash(temp_dir);
149*8617a60dSAndroid Build Coastguard Worker } else {
150*8617a60dSAndroid Build Coastguard Worker ret = 0;
151*8617a60dSAndroid Build Coastguard Worker }
152*8617a60dSAndroid Build Coastguard Worker }
153*8617a60dSAndroid Build Coastguard Worker
154*8617a60dSAndroid Build Coastguard Worker cleanup:
155*8617a60dSAndroid Build Coastguard Worker RemoveDir(temp_dir);
156*8617a60dSAndroid Build Coastguard Worker return ret;
157*8617a60dSAndroid Build Coastguard Worker }
158*8617a60dSAndroid Build Coastguard Worker
main(int argc,const char * argv[])159*8617a60dSAndroid Build Coastguard Worker int main(int argc, const char *argv[]) {
160*8617a60dSAndroid Build Coastguard Worker char resolved_cgpt[PATH_MAX];
161*8617a60dSAndroid Build Coastguard Worker pid_t pid = getpid();
162*8617a60dSAndroid Build Coastguard Worker char exe_link[40];
163*8617a60dSAndroid Build Coastguard Worker int retval = 0;
164*8617a60dSAndroid Build Coastguard Worker
165*8617a60dSAndroid Build Coastguard Worker if (argc < 1) {
166*8617a60dSAndroid Build Coastguard Worker return -1;
167*8617a60dSAndroid Build Coastguard Worker }
168*8617a60dSAndroid Build Coastguard Worker
169*8617a60dSAndroid Build Coastguard Worker const char *orig_argv0 = argv[0];
170*8617a60dSAndroid Build Coastguard Worker
171*8617a60dSAndroid Build Coastguard Worker snprintf(exe_link, sizeof(exe_link), "/proc/%d/exe", pid);
172*8617a60dSAndroid Build Coastguard Worker memset(resolved_cgpt, 0, sizeof(resolved_cgpt));
173*8617a60dSAndroid Build Coastguard Worker if (readlink(exe_link, resolved_cgpt, sizeof(resolved_cgpt) - 1) == -1) {
174*8617a60dSAndroid Build Coastguard Worker perror("readlink");
175*8617a60dSAndroid Build Coastguard Worker return -1;
176*8617a60dSAndroid Build Coastguard Worker }
177*8617a60dSAndroid Build Coastguard Worker
178*8617a60dSAndroid Build Coastguard Worker argv[0] = resolved_cgpt;
179*8617a60dSAndroid Build Coastguard Worker
180*8617a60dSAndroid Build Coastguard Worker if (argc > 2 && !has_dash_D(argc, argv)) {
181*8617a60dSAndroid Build Coastguard Worker const char *mtd_device = find_mtd_device(argc, argv);
182*8617a60dSAndroid Build Coastguard Worker if (mtd_device) {
183*8617a60dSAndroid Build Coastguard Worker retval = wrap_cgpt(argc, argv, mtd_device);
184*8617a60dSAndroid Build Coastguard Worker goto cleanup;
185*8617a60dSAndroid Build Coastguard Worker }
186*8617a60dSAndroid Build Coastguard Worker }
187*8617a60dSAndroid Build Coastguard Worker
188*8617a60dSAndroid Build Coastguard Worker // Forward to cgpt as-is. Real cgpt has been renamed cgpt.bin.
189*8617a60dSAndroid Build Coastguard Worker char *real_cgpt;
190*8617a60dSAndroid Build Coastguard Worker if (asprintf(&real_cgpt, "%s.bin", argv[0]) == -1) {
191*8617a60dSAndroid Build Coastguard Worker retval = -1;
192*8617a60dSAndroid Build Coastguard Worker goto cleanup;
193*8617a60dSAndroid Build Coastguard Worker }
194*8617a60dSAndroid Build Coastguard Worker argv[0] = real_cgpt;
195*8617a60dSAndroid Build Coastguard Worker if (execv(argv[0], (char * const *)argv) == -1) {
196*8617a60dSAndroid Build Coastguard Worker err(-2, "execv(%s) failed", real_cgpt);
197*8617a60dSAndroid Build Coastguard Worker }
198*8617a60dSAndroid Build Coastguard Worker free(real_cgpt);
199*8617a60dSAndroid Build Coastguard Worker retval = -2;
200*8617a60dSAndroid Build Coastguard Worker
201*8617a60dSAndroid Build Coastguard Worker cleanup:
202*8617a60dSAndroid Build Coastguard Worker argv[0] = orig_argv0;
203*8617a60dSAndroid Build Coastguard Worker return retval;
204*8617a60dSAndroid Build Coastguard Worker }
205