Checked reported component version against the signed manifest.

This checks the reported version of the component against the version in
the signed manifest. This is important because otherwise an attacker can
rollback a component by lying about the version.

BUG=chromium:667826
TEST=FEATURES=test emerge-${BOARD} imageloader

Change-Id: Ic84be0cd1f5f934c1abdd2f04b99688cc26d8673
Reviewed-on: https://chromium-review.googlesource.com/425707
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Greg Kerr <kerrnel@chromium.org>
Commit-Queue: Greg Kerr <kerrnel@chromium.org>
2 files changed
tree: 62c03a337dfb05fd3fda0cb51545b44045b68f7d
  1. .presubmitignore
  2. README.md
  3. component.cc
  4. component.h
  5. component_unittest.cc
  6. imageloadclient-glue.xml
  7. imageloadclient.cc
  8. imageloadclient.h
  9. imageloader-glue.xml
  10. imageloader-seccomp-amd64.policy
  11. imageloader-seccomp-arm.policy
  12. imageloader-seccomp-x86.policy
  13. imageloader.conf
  14. imageloader.gyp
  15. imageloader.h
  16. imageloader_common.cc
  17. imageloader_common.h
  18. imageloader_impl.cc
  19. imageloader_impl.h
  20. imageloader_main.cc
  21. imageloader_unittest.cc
  22. imageloader_wrapper
  23. mock_verity_mounter.h
  24. org.chromium.ImageLoader.conf
  25. org.chromium.ImageLoader.service
  26. public_keys/
  27. run_tests.cc
  28. test_utilities.cc
  29. test_utilities.h
  30. testdata/
  31. verity_mounter.cc
  32. verity_mounter.h
README.md

src/platform/imageloader

This aims to provide a generic utility to verify and load (mount) signed disk images through DBUS IPC.

Binaries

  • imageloader
  • imageloadclient

imageloader handles the mounting of disk images. imageloader should be executed via the imageloader_wrapper script, which applies a minijail sandbox to the imageloader binary, and runs it as an unprivileged user. When imageloader is not running, DBus can invoke it via the one time run option (imageloader -o) and get the task done.

imageloadclient is a simple client (intended to be run as chronos) that can talk to imageloader and ask it to mount images. It is not installed by default as it is for testing and debugging only.