imageloader: read container key from PEM file

This will be stored on the rootfs as a PEM file. We need to
read it and then convert it to DER format so the crypto
verifier can use it.

BUG=chromium:697645
TEST=load a component signed with the container key

Change-Id: Ice12072a2406dfe52b294168a37c5ce347a9ff5d
Reviewed-on: https://chromium-review.googlesource.com/457803
Commit-Ready: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
2 files changed
tree: c153c522bee0640f64f76279c15f9b653f9fbe3d
  1. dbus_adaptors/
  2. dbus_permissions/
  3. dbus_service/
  4. public_keys/
  5. seccomp/
  6. testdata/
  7. .presubmitignore
  8. component.cc
  9. component.h
  10. component_unittest.cc
  11. helper_process.cc
  12. helper_process.h
  13. imageloader.cc
  14. imageloader.conf
  15. imageloader.gyp
  16. imageloader.h
  17. imageloader_impl.cc
  18. imageloader_impl.h
  19. imageloader_main.cc
  20. imageloader_unittest.cc
  21. imageloader_wrapper
  22. ipc.proto
  23. mock_helper_process.h
  24. mock_verity_mounter.h
  25. mount_helper.cc
  26. mount_helper.h
  27. README.md
  28. run_tests.cc
  29. test_utilities.cc
  30. test_utilities.h
  31. verity_mounter.cc
  32. verity_mounter.h
README.md

src/platform/imageloader

This aims to provide a generic utility to verify and load (mount) signed disk images through DBUS IPC.

Binaries

  • imageloader

imageloader handles the mounting of disk images. imageloader should be executed via the imageloader_wrapper script, which ensures that imageloader's storage exists and is owned by imageloaderd user. When imageloader is not running, DBus will automatically invoke it. After 20 seconds of inactivity, the service exits.