1 # SPDX-License-Identifier: GPL-2.0+
2 # Copyright (c) 2018 Google, Inc
3 # Written by Simon Glass <sjg@chromium.org>
6 # Support for a Chromium OS verified boot block, used to sign a read-write
7 # section of the image.
9 from collections import OrderedDict
12 from entry import Entry, EntryArg
17 class Entry_vblock(Entry):
18 """An entry which contains a Chromium OS verified boot block
20 Properties / Entry arguments:
21 - keydir: Directory containing the public keys to use
22 - keyblock: Name of the key file to use (inside keydir)
23 - signprivate: Name of provide key file to use (inside keydir)
24 - version: Version number of the vblock (typically 1)
25 - kernelkey: Name of the kernel key to use (inside keydir)
26 - preamble-flags: Value of the vboot preamble flags (typically 0)
28 Chromium OS signs the read-write firmware and kernel, writing the signature
29 in this block. This allows U-Boot to verify that the next firmware stage
30 and kernel are genuine.
32 def __init__(self, section, etype, node):
33 Entry.__init__(self, section, etype, node)
34 self.content = fdt_util.GetPhandleList(self._node, 'content')
36 self.Raise("Vblock must have a 'content' property")
37 (self.keydir, self.keyblock, self.signprivate, self.version,
38 self.kernelkey, self.preamble_flags) = self.GetEntryArgsOrProps([
39 EntryArg('keydir', str),
40 EntryArg('keyblock', str),
41 EntryArg('signprivate', str),
42 EntryArg('version', int),
43 EntryArg('kernelkey', str),
44 EntryArg('preamble-flags', int)])
46 def ObtainContents(self):
47 # Join up the data files to be signed
49 for entry_phandle in self.content:
50 data = self.section.GetContentsByPhandle(entry_phandle, self)
52 # Data not available yet
56 output_fname = tools.GetOutputFilename('vblock.%s' % self.name)
57 input_fname = tools.GetOutputFilename('input.%s' % self.name)
58 tools.WriteFile(input_fname, input_data)
59 prefix = self.keydir + '/'
62 '--vblock', output_fname,
63 '--keyblock', prefix + self.keyblock,
64 '--signprivate', prefix + self.signprivate,
65 '--version', '%d' % self.version,
67 '--kernelkey', prefix + self.kernelkey,
68 '--flags', '%d' % self.preamble_flags,
70 #out.Notice("Sign '%s' into %s" % (', '.join(self.value), self.label))
71 stdout = tools.Run('futility', *args)
73 self.SetContents(tools.ReadFile(output_fname))