Issue 850155 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	xiaochu@chromium.org
Closed:	Jul 27
Cc:	norvez@chromium.org kerrnel@chromium.org adlr@chromium.org ejcaruso@chromium.org ahass...@chromium.org
Components:	Internals>Installer
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	3
Type:	Bug

verification for a CrOS DLC

Project Member Reported by xiaochu@chromium.org, Jun 6 2018

Issue description

Design proposal: go/dlc-verification

In a summary, we plan to leverage imageloader to verify a Chrome OS DLC (go/cros-dlc-design-proposal). This leverages rootfs to directly verify a DLC (instead of signature verification using async crypto). Works include:

1) a script to construct hash tree, imageloader.json, verity parameter, etc.
2) modify imageloader to do verification accordingly (a new API for this purpose).
3) appropriate testing

Comment 1 by xiaochu@chromium.org, Jun 7 2018

Cc: ejcaruso@chromium.org

Project Member

Comment 2 by bugdroid1@chromium.org, Jun 21 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0

commit c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0
Author: Xiaochu Liu <xiaochu@chromium.org>
Date: Thu Jun 21 19:17:57 2018

imageloader: add an Manifest class

This is a refactor change:
1. add Manifest class
2. move manifest parsing code from Component to Manifest class.

Reason to refactor:
Currently imageloader supports component only which has a unified code
path to parse manifest file and do operations. This is not an ideal
situation when we are adding support for DLC which skips signature
verification (for imageloader.json)&table hash verifications. So we
extract common code path
for parsing manifest file to a Manifest class that can be used by both
Components&DLC.

BUG= chromium:850155 
TEST=unittest, platform_AddPrinter.epson

Change-Id: Icbf29da6146674529fc88c6dc21c4bf1d746f447
Reviewed-on: https://chromium-review.googlesource.com/1106807
Commit-Ready: Xiaochu Liu <xiaochu@chromium.org>
Tested-by: Xiaochu Liu <xiaochu@chromium.org>
Reviewed-by: Xiaochu Liu <xiaochu@chromium.org>

[add] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/manifest.h
[modify] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/imageloader_impl.cc
[add] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/manifest.cc
[add] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/manifest_unittest.cc
[modify] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/component.h
[modify] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/imageloader.gyp
[modify] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/component.cc
[modify] https://crrev.com/c209aab1699243bf70b3fa24b9ba9f4e3cc7a6b0/imageloader/component_unittest.cc

Project Member

Comment 3 by bugdroid1@chromium.org, Jul 14

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/chromite/+/deed023a0f61dde315e6e13a7fb465e911c9a9bb

commit deed023a0f61dde315e6e13a7fb465e911c9a9bb
Author: Xiaochu Liu <xiaochu@chromium.org>
Date: Sat Jul 14 00:29:13 2018

script to generate a DLC artifact

The scripts take a folder which contains DLC files, then does a few
things:
1) package them into an ext4 or squashfs image.
2) generate verity hash tree and append to image.
3) generate table and imageloader.json which contains necessary metadata
for
on device verification.

BUG= chromium:850155 
TEST=./build_dlc.py --src_dir="${SRC_FOLDER_PATH}"
--dest_dir="${DEST_FOLDER_PATH}" --blocks=1000
--pre_allocated_blocks=2000 --version="0.0.1" --id="deadbeef"
--name="example dlc"

Change-Id: I61009cbc0eb558802905cc17ef5108e414014794
Reviewed-on: https://chromium-review.googlesource.com/1115343
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Xiaochu Liu <xiaochu@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[add] https://crrev.com/deed023a0f61dde315e6e13a7fb465e911c9a9bb/bin/build_dlc
[add] https://crrev.com/deed023a0f61dde315e6e13a7fb465e911c9a9bb/scripts/build_dlc_unittest.py
[add] https://crrev.com/deed023a0f61dde315e6e13a7fb465e911c9a9bb/scripts/build_dlc_unittest
[add] https://crrev.com/deed023a0f61dde315e6e13a7fb465e911c9a9bb/scripts/build_dlc.py

Project Member

Comment 4 by bugdroid1@chromium.org, Jul 20

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/83a51accc37262a27ecbbfcb31675b26afbb810e

commit 83a51accc37262a27ecbbfcb31675b26afbb810e
Author: Xiaochu Liu <xiaochu@chromium.org>
Date: Fri Jul 20 18:41:02 2018

imageloader: support mounting a DLC

This change allows mounting a DLC.
1. Add a few more fields (optional for components) in imageloader.json
2. Add DLC class that reads manifest&verity parameters from a fixed path
in rootfs and then mount an image from a fixed path in stateful
partition.
3. Add a new d-bus method: LoadDLCImage. It only takes one parameter 'id',
creates an DLC object and call mounts.
4. Unittest to exercise Loading the manifest file and sending Mount
command.
5. To make sure we load manifest/table from rootfs, we make sure ID is
alphanumerical to avoid malicious API calls. unittest+.

BUG= chromium:850155 
TEST=unittest, sudo -u chronos dbus-send --system --print-reply
--dest=org.chromium.ImageLoader /org/chromium/ImageLoader
org.chromium.ImageLoaderInterface.LoadImage "string:example"

Change-Id: I7b5f34bc58328556520906c5249bfb9304cf9b0f
Reviewed-on: https://chromium-review.googlesource.com/1112594
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Xiaochu Liu <xiaochu@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>

[add] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/testdata/example_dlc/imageloader.json
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/manifest.h
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/imageloader_impl.cc
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/.presubmitignore
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/manifest.cc
[add] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/dlc.cc
[add] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/dlc.h
[add] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/dlc_unittest.cc
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/imageloader.h
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/component.h
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/imageloader.gyp
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/component.cc
[add] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/testdata/example_dlc/table
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/imageloader.cc
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/imageloader_impl.h
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/dbus_permissions/org.chromium.ImageLoader.conf
[modify] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/dbus_adaptors/org.chromium.ImageLoaderInterface.xml
[add] https://crrev.com/83a51accc37262a27ecbbfcb31675b26afbb810e/imageloader/testdata/example_dlc/dlc.img

Comment 5 by xiaochu@chromium.org, Jul 27

Status: Fixed (was: Untriaged)

Project Member

Comment 6 by bugdroid1@chromium.org, Sep 2

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/chromite/+/c5ef976837546ace5cccf5d00361460ca1eee93e

commit c5ef976837546ace5cccf5d00361460ca1eee93e
Author: Mike Frysinger <vapier@chromium.org>
Date: Sun Sep 02 01:33:49 2018

build_dlc_unittest: fix bad mode/shebang usage

This is executed via the wrapper, not directly, so clean this up.

BUG= chromium:850155 
TEST=unittests still pass

Change-Id: I95b060d6f7dc1120302d3af219a1e371a363be42
Reviewed-on: https://chromium-review.googlesource.com/1199644
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Xiaochu Liu <xiaochu@chromium.org>

[modify] https://crrev.com/c5ef976837546ace5cccf5d00361460ca1eee93e/scripts/build_dlc_unittest.py

►

Issue 850155 link

Issue metadata

verification for a CrOS DLC

Issue description

Comment 1 by xiaochu@chromium.org, Jun 7 2018

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Jun 21 2018

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Jul 14

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Jul 20

Comment 4 Deleted

Comment 5 by xiaochu@chromium.org, Jul 27

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Sep 2

Comment 6 Deleted

Sign in to add a comment