Home | History | Annotate | Download | only in utils 
      1 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 """A module containing kernel handler class used by SAFT."""
      6 
      7 import hashlib
      8 import os
      9 import re
     10 
     11 TMP_FILE_NAME = 'kernel_header_dump'
     12 
     13 # Types of kernel modifications.
     14 KERNEL_BODY_MOD = 1
     15 KERNEL_VERSION_MOD = 2
     16 KERNEL_RESIGN_MOD = 3
     17 
     18 
     19 class KernelHandlerError(Exception):
     20     pass
     21 
     22 
     23 class KernelHandler(object):
     24     """An object to provide ChromeOS kernel related actions.
     25 
     26     Mostly it allows to corrupt and restore a particular kernel partition
     27     (designated by the partition name, A or B.
     28     """
     29 
     30     # This value is used to alter contents of a byte in the appropriate kernel
     31     # image. First added to corrupt the image, then subtracted to restore the
     32     # image.
     33     DELTA = 1
     34 
     35     # The maximum kernel size in MB.
     36     KERNEL_SIZE_MB = 16
     37 
     38     def __init__(self):
     39         self.os_if = None
     40         self.dump_file_name = None
     41         self.partition_map = {}
     42         self.root_dev = None
     43 
     44     def _get_version(self, device):
     45         """Get version of the kernel hosted on the passed in partition."""
     46         # 16 K should be enough to include headers and keys
     47         data = self.os_if.read_partition(device, 0x4000)
     48         return self.os_if.retrieve_body_version(data)
     49 
     50     def _get_datakey_version(self,device):
     51         """Get datakey version of kernel hosted on the passed in partition."""
     52         # 16 K should be enought to include headers and keys
     53         data = self.os_if.read_partition(device, 0x4000)
     54         return self.os_if.retrieve_datakey_version(data)
     55 
     56     def _get_partition_map(self, internal_disk=True):
     57         """Scan `cgpt show <device> output to find kernel devices.
     58 
     59         Args:
     60           internal_disk - decide whether to use internal kernel disk.
     61         """
     62         if internal_disk:
     63             target_device = self.os_if.get_internal_disk(
     64                     self.os_if.get_root_part())
     65         else:
     66             target_device = self.root_dev
     67 
     68         kernel_partitions = re.compile('KERN-([AB])')
     69         disk_map = self.os_if.run_shell_command_get_output(
     70             'cgpt show %s' % target_device)
     71 
     72         for line in disk_map:
     73             matched_line = kernel_partitions.search(line)
     74             if not matched_line:
     75                 continue
     76             label = matched_line.group(1)
     77             part_info = {}
     78             device = self.os_if.join_part(target_device, line.split()[2])
     79             part_info['device'] = device
     80             part_info['version'] = self._get_version(device)
     81             part_info['datakey_version'] = self._get_datakey_version(device)
     82             self.partition_map[label] = part_info
     83 
     84     def dump_kernel(self, section, kernel_path):
     85         """Dump the specified kernel to a file.
     86 
     87         @param section: The kernel to dump. May be A or B.
     88         @param kernel_path: The path to the kernel image.
     89         """
     90         dev = self.partition_map[section.upper()]['device']
     91         cmd = 'dd if=%s of=%s bs=%dM count=1' % (
     92                 dev, kernel_path, self.KERNEL_SIZE_MB)
     93         self.os_if.run_shell_command(cmd)
     94 
     95     def write_kernel(self, section, kernel_path):
     96         """Write a kernel image to the specified section.
     97 
     98         @param section: The kernel to write. May be A or B.
     99         @param kernel_path: The path to the kernel image to write.
    100         """
    101         dev = self.partition_map[section.upper()]['device']
    102         cmd = 'dd if=%s of=%s bs=%dM count=1' % (
    103                 kernel_path, dev, self.KERNEL_SIZE_MB)
    104         self.os_if.run_shell_command(cmd)
    105 
    106     def _modify_kernel(self, section,
    107                        delta,
    108                        modification_type=KERNEL_BODY_MOD,
    109                        key_path=None):
    110         """Modify kernel image on a disk partition.
    111 
    112         This method supports three types of kernel modification. KERNEL_BODY_MOD
    113         just adds the value of delta to the first byte of the kernel blob.
    114         This might leave the kernel corrupted (as required by the test).
    115 
    116         The second type, KERNEL_VERSION_MOD - will use 'delta' as the new
    117         version number, it will put it in the kernel header, and then will
    118         resign the kernel blob.
    119 
    120         The third type. KERNEL_RESIGN_MOD - will resign the kernel with keys in
    121         argument key_path. If key_path is None, choose dev_key_path as resign
    122         key directory.
    123         """
    124         self.dump_kernel(section, self.dump_file_name)
    125         data = list(self.os_if.read_file(self.dump_file_name))
    126         if modification_type == KERNEL_BODY_MOD:
    127             data[0] = '%c' % ((ord(data[0]) + delta) % 0x100)
    128             self.os_if.write_file(self.dump_file_name, ''.join(data))
    129             kernel_to_write = self.dump_file_name
    130         elif modification_type == KERNEL_VERSION_MOD:
    131             new_version = delta
    132             kernel_to_write = self.dump_file_name + '.new'
    133             self.os_if.run_shell_command(
    134                 'vbutil_kernel --repack %s --version %d '
    135                 '--signprivate %s --oldblob %s' % (
    136                     kernel_to_write, new_version,
    137                     os.path.join(self.dev_key_path, 'kernel_data_key.vbprivk'),
    138                     self.dump_file_name))
    139         elif modification_type == KERNEL_RESIGN_MOD:
    140             if key_path and self.os_if.is_dir(key_path):
    141                 resign_key_path = key_path
    142             else:
    143                 resign_key_path = self.dev_key_path
    144 
    145             kernel_to_write = self.dump_file_name + '.new'
    146             self.os_if.run_shell_command(
    147                 'vbutil_kernel --repack %s '
    148                 '--signprivate %s --oldblob %s --keyblock %s' % (
    149                     kernel_to_write,
    150                     os.path.join(resign_key_path, 'kernel_data_key.vbprivk'),
    151                     self.dump_file_name,
    152                     os.path.join(resign_key_path, 'kernel.keyblock')))
    153         else:
    154             return  # Unsupported mode, ignore.
    155         self.write_kernel(section, kernel_to_write)
    156 
    157     def corrupt_kernel(self, section):
    158         """Corrupt a kernel section (add DELTA to the first byte)."""
    159         self._modify_kernel(section.upper(), self.DELTA)
    160 
    161     def restore_kernel(self, section):
    162         """Restore the previously corrupted kernel."""
    163         self._modify_kernel(section.upper(), -self.DELTA)
    164 
    165     def get_version(self, section):
    166         """Return version read from this section blob's header."""
    167         return self.partition_map[section.upper()]['version']
    168 
    169     def get_datakey_version(self, section):
    170         """Return datakey version read from this section blob's header."""
    171         return self.partition_map[section.upper()]['datakey_version']
    172 
    173     def get_sha(self, section):
    174         """Return the SHA1 hash of the section blob."""
    175         s = hashlib.sha1()
    176         dev = self.partition_map[section.upper()]['device']
    177         s.update(self.os_if.read_file(dev))
    178         return s.hexdigest()
    179 
    180     def set_version(self, section, version):
    181         """Set version of this kernel blob and re-sign it."""
    182         if version < 0:
    183             raise KernelHandlerError('Bad version value %d' % version)
    184         self._modify_kernel(section.upper(), version, KERNEL_VERSION_MOD)
    185 
    186     def resign_kernel(self, section, key_path=None):
    187         """Resign kernel with original kernel version and keys in key_path."""
    188         self._modify_kernel(section.upper(),
    189                             self.get_version(section),
    190                             KERNEL_RESIGN_MOD,
    191                             key_path)
    192 
    193     def init(self, os_if, dev_key_path='.', internal_disk=True):
    194         """Initialize the kernel handler object.
    195 
    196         Input argument is an OS interface object reference.
    197         """
    198         self.os_if = os_if
    199         self.dev_key_path = dev_key_path
    200         self.root_dev = os_if.get_root_dev()
    201         self.dump_file_name = os_if.state_dir_file(TMP_FILE_NAME)
    202         self._get_partition_map(internal_disk)
    203