mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-12 15:36:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

mod_image_for_recovery: reuse salt.

Browse Source 
This will prevent the recovery kernel from having a different salt from the
rootfs it corresponds to.

BUG=chromium-os:20766
TESTED_ON=kaen
TEST=Adhoc
Build a recovery image and do recovery from it.

Change-Id: I96f735e527d807247e09e17aac1ed5b51367f0ef
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/8288
This commit is contained in:
Elly Jones 2011-09-26 15:18:19 -04:00 committed by chrome-bot
parent 53eb7a03b8
commit 9ca3e4c0fe
4 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/cros_make_image_bootable
View File

@ -34,6 +34,7 @@ assert_inside_chroot
# Load functions and constants for chromeos-install # Load functions and constants for chromeos-install
. "/usr/lib/installer/chromeos-common.sh" || \ . "/usr/lib/installer/chromeos-common.sh" || \
die "Unable to load /usr/lib/installer/chromeos-common.sh" die "Unable to load /usr/lib/installer/chromeos-common.sh"
. "${SCRIPTS_DIR}/build_library/build_image_util.sh" || die "No build_image_util"
set -e set -e
@ -101,6 +102,8 @@ DEFINE_integer verity_max_ios 1024 \
"Number of outstanding I/O operations dm-verity caps at." "Number of outstanding I/O operations dm-verity caps at."
DEFINE_string verity_algorithm "sha1" \ DEFINE_string verity_algorithm "sha1" \
"Cryptographic hash algorithm used for kernel vboot." "Cryptographic hash algorithm used for kernel vboot."
DEFINE_string verity_salt "" \
"Salt for rootfs hash tree."
DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ DEFINE_string keys_dir "/usr/share/vboot/devkeys" \
"Directory containing the signing keys." "Directory containing the signing keys."
@ -137,6 +140,8 @@ DEFINE_string squash_sort_file "" \
eval set -- "${BOOT_DESC} ${FLAG_OVERRIDES}" eval set -- "${BOOT_DESC} ${FLAG_OVERRIDES}"
FLAGS "${@}" || exit 1 FLAGS "${@}" || exit 1
[ -z "${FLAGS_verity_salt}" ] && FLAGS_verity_salt=$(make_salt)
# Only now can we die on error. shflags functions leak non-zero error codes, # Only now can we die on error. shflags functions leak non-zero error codes,
# so will die prematurely if 'set -e' is specified before now. # so will die prematurely if 'set -e' is specified before now.
set -e -u set -e -u
@ -216,6 +221,7 @@ make_image_bootable() {
--verity_hash_alg=${FLAGS_verity_algorithm} \ --verity_hash_alg=${FLAGS_verity_algorithm} \
--verity_max_ios=${FLAGS_verity_max_ios} \ --verity_max_ios=${FLAGS_verity_max_ios} \
--verity_error_behavior=${FLAGS_verity_error_behavior} \ --verity_error_behavior=${FLAGS_verity_error_behavior} \
--verity_salt=${FLAGS_verity_salt} \
--root=${cros_root} \ --root=${cros_root} \
--keys_dir="${FLAGS_keys_dir}" \ --keys_dir="${FLAGS_keys_dir}" \
${use_dev_keys} ${use_dev_keys}

2
build_image
View File

@ -62,6 +62,8 @@ DEFINE_integer verity_max_ios -1 \
"Number of outstanding I/O operations dm-verity caps at. Default: -1" "Number of outstanding I/O operations dm-verity caps at. Default: -1"
DEFINE_string verity_algorithm "sha1" \ DEFINE_string verity_algorithm "sha1" \
"Cryptographic hash algorithm used for kernel vboot. Default : sha1" "Cryptographic hash algorithm used for kernel vboot. Default : sha1"
DEFINE_string verity_salt "" \
"Root filesystem salt. Default: randomly generated."
DEFINE_boolean standard_backdoor ${FLAGS_TRUE} \ DEFINE_boolean standard_backdoor ${FLAGS_TRUE} \
"Install standard backdoor credentials for testing" "Install standard backdoor credentials for testing"
DEFINE_string symlink "latest" \ DEFINE_string symlink "latest" \

15
build_kernel_image.sh
View File

@ -68,6 +68,8 @@ DEFINE_integer verity_max_ios -1 \
"Optional number of outstanding I/O operations. (Default: -1)" "Optional number of outstanding I/O operations. (Default: -1)"
DEFINE_string verity_hash_alg "sha1" \ DEFINE_string verity_hash_alg "sha1" \
"Cryptographic hash algorithm used for dm-verity. (Default: sha1)" "Cryptographic hash algorithm used for dm-verity. (Default: sha1)"
DEFINE_string verity_salt "" \
"Salt to use for rootfs hash (Default: \"\")"
# Parse flags # Parse flags
FLAGS "$@" || exit 1 FLAGS "$@" || exit 1
@ -76,14 +78,6 @@ eval set -- "${FLAGS_ARGV}"
# Die on error # Die on error
set -e set -e
make_salt() {
# It is not important that the salt be cryptographically strong; it just needs
# to be different for each release. The purpose of the salt is just to ensure
# that if someone collides a block in one release, they can't reuse it in
# future releases.
xxd -l 32 -p -c 32 /dev/urandom
}
verity_args= verity_args=
# Even with a rootfs_image, root= is not changed unless specified. # Even with a rootfs_image, root= is not changed unless specified.
if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
@ -108,8 +102,7 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
error "Root file system blocks are not 4k!" error "Root file system blocks are not 4k!"
fi fi
salt=$(make_salt) info "Generating root fs hash tree (salt '${FLAGS_verity_salt}')."
info "Generating root fs hash tree (salt $salt)."
# Runs as sudo in case the image is a block device. # Runs as sudo in case the image is a block device.
# First argument to verity is reserved/unused and MUST be 0 # First argument to verity is reserved/unused and MUST be 0
table=$(sudo verity mode=create \ table=$(sudo verity mode=create \
@ -117,7 +110,7 @@ if [[ -n "${FLAGS_rootfs_image}" && -n "${FLAGS_rootfs_hash}" ]]; then
payload=${FLAGS_rootfs_image} \ payload=${FLAGS_rootfs_image} \
payload_blocks=${root_fs_blocks} \ payload_blocks=${root_fs_blocks} \
hashtree=${FLAGS_rootfs_hash} \ hashtree=${FLAGS_rootfs_hash} \
salt=$salt) salt=${FLAGS_verity_salt})
if [[ -f "${FLAGS_rootfs_hash}" ]]; then if [[ -f "${FLAGS_rootfs_hash}" ]]; then
sudo chmod a+r "${FLAGS_rootfs_hash}" sudo chmod a+r "${FLAGS_rootfs_hash}"
fi fi

10
build_library/build_image_util.sh
View File

@ -34,6 +34,14 @@ check_blacklist() {
info "No blacklisted packages found." info "No blacklisted packages found."
} }
make_salt() {
# It is not important that the salt be cryptographically strong; it just needs
# to be different for each release. The purpose of the salt is just to ensure
# that if someone collides a block in one release, they can't reuse it in
# future releases.
xxd -l 32 -p -c 32 /dev/urandom
}
# Takes no arguments and populates the configuration for # Takes no arguments and populates the configuration for
# cros_make_image_bootable. # cros_make_image_bootable.
create_boot_desc() { create_boot_desc() {
@ -42,6 +50,7 @@ create_boot_desc() {
enable_rootfs_verification_flag="--enable_rootfs_verification" enable_rootfs_verification_flag="--enable_rootfs_verification"
fi fi
[ -z "${FLAGS_verity_salt}" ] && FLAGS_verity_salt=$(make_salt)
cat <<EOF > ${OUTPUT_DIR}/boot.desc cat <<EOF > ${OUTPUT_DIR}/boot.desc
--arch="${ARCH}" --arch="${ARCH}"
--boot_args="${FLAGS_boot_args}" --boot_args="${FLAGS_boot_args}"
@ -50,6 +59,7 @@ create_boot_desc() {
--verity_error_behavior="${FLAGS_verity_error_behavior}" --verity_error_behavior="${FLAGS_verity_error_behavior}"
--verity_max_ios="${FLAGS_verity_max_ios}" --verity_max_ios="${FLAGS_verity_max_ios}"
--verity_algorithm="${FLAGS_verity_algorithm}" --verity_algorithm="${FLAGS_verity_algorithm}"
--verity_salt="${FLAGS_verity_salt}"
--keys_dir="${DEVKEYSDIR}" --keys_dir="${DEVKEYSDIR}"
--usb_disk="${FLAGS_usb_disk}" --usb_disk="${FLAGS_usb_disk}"
--nocleanup_dirs --nocleanup_dirs