static bool SecureNSModeVerifyLoader(RK28BOOT_HEAD *hdr) { #define RSA_KEY_OFFSET 0x10//according to dumped data, the key is here. #define RSA_KEY_LEN 0x102//258, public key's length char buf[RK_BLK_SIZE]; memcpy(buf, (void *)hdr + hdr->uiFlashBootOffset, RK_BLK_SIZE); P_RC4((unsigned char *)buf, RK_BLK_SIZE); if (buf[RSA_KEY_OFFSET] != 0 || buf[RSA_KEY_OFFSET + 1] != 4) { PRINT_I("Unsigned loader!\n"); } if (gDrmKeyInfo.publicKeyLen == 0) { PRINT_I("NS Mode allow flash unsigned loader.\n"); return true; } #if 0 printf("dump new loader's key:\n"); for (i = 0; i < 32; i++) { for (j = 0; j < 16; j++) { printf("%02x", buf[RSA_KEY_OFFSET + i * 16 + j]); } printf("\n"); } #endif return !memcmp(buf + RSA_KEY_OFFSET, gDrmKeyInfo.publicKey, RSA_KEY_LEN); }
static bool SecureNSModeSignCheck(uint8 * rsaHash, uint8 *Hash, uint8 length) { uint8 decodedHash[40]; if(0 == rsaDecodeHash(decodedHash, rsaHash, (uint8*)RSK_KEY, length)) { if(0 == memcmp(Hash, decodedHash, 20)) { PRINT_I("Sign OK\n"); return true; } } return false; }
int main() { ASM_INIT(); // 0 1 2 COPY_IM('0', code+4); // 3 4 PRINT_I('X'); // 5 6 // PRINT_I('\n'); // 7 8 9 ADD_IMM(1, code+4, code+4); // 10 11 AND_IMM(0x7F, code+4, code+4); // 12 13 JUMP_I(code+3); // 14 TERMINATE(); ASM_RUN() }
static bool SecureNSModeVerifyUbootImageSign(second_loader_hdr* hdr) { /* verify uboot iamge. */ if (memcmp(hdr->magic, RK_UBOOT_MAGIC, sizeof(RK_UBOOT_MAGIC)) != 0) { PRINT_E("unrecognized image format!\n"); return false; } /* check image sha, make sure image is ok. */ if (!SecureNSModeUbootImageShaCheck(hdr)) { printf("uboot sha mismatch!\n"); return false; } /* signed image, check with signature. */ if (SecureBootEn) { if (gDrmKeyInfo.publicKeyLen == 0) { // check loader publickey PRINT_I("NS Mode allow flash unsigned loader.\n"); return false; } if (hdr->signTag != RK_UBOOT_SIGN_TAG) { // check image sign tag PRINT_E("unsigned image!\n"); return false; } /* check rsa sign here. */ if (SecureNSModeSignCheck(hdr->rsaHash, hdr->hash, hdr->signlen)) { return true; } else { PRINT_E("signature mismatch!\n"); return false; } } /* secureboot disable */ return true; }
static bool SecureNSModeVerifyBootImageSign(rk_boot_img_hdr* boothdr) { /* verify boot/recovery image */ if (memcmp(boothdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE) != 0) { return false; } /* check image sha, make sure image is ok. */ if (!SecureNSModeBootImageShaCheck(boothdr)) { printf("boot/recovery image sha mismatch!\n"); return false; } /* signed image, check with signature. */ if (SecureBootEn) { if (gDrmKeyInfo.publicKeyLen == 0) { // check loader publickey PRINT_I("NS Mode allow flash unsigned loader.\n"); return false; } if (boothdr->signTag != SECURE_BOOT_SIGN_TAG) { // check image sign tag return false; } /* check rsa sign here. */ if (SecureNSModeSignCheck((uint8 *)boothdr->rsaHash, (uint8 *)boothdr->id, boothdr->signlen)) { return true; } else { PRINT_E("signature mismatch!\n"); return false; } } /* secureboot disable */ return true; }