scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 10:14:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot2: Add sd->fw_version_secdata field to communicate to crossystem

Browse Source 
This patchs adds a new vb2_shared_data field to store the current
rollback prevention version number stored in secdata (TPM). This
information needs to be retrieved from there by coreboot (current
hack) or vboot2 kernel verification (bright shiny future) so it can be
passed along to the operating system and user space.

BRANCH=veyron
BUG=chrome-os-partner:35941
TEST=make runtests. Booted Jerry in recovery mode (with corresponding
coreboot patch), ensured that crossystem tpm_fwver still shows the
correct value.

Change-Id: I2a0c3e51b158a35ac129d2abce19b40c6c6381a6
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/244601
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This commit is contained in:
Julius Werner
2015-01-29 14:49:17 -08:00
committed by ChromeOS Commit Bot
parent 62d482ecdd
commit 21aedee1ce
6 changed files with 21 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
firmware/lib20/misc.c
View File

@@ -27,7 +27,6 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx)
struct vb2_keyblock *kb;
uint32_t block_size;
uint32_t sec_version;
int rv;
vb2_workbuf_from_ctx(ctx, &wb);
@@ -78,15 +77,10 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx)
if (rv)
return rv;
/* Read the secure key version */
rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, &sec_version);
if (rv)
return rv;
/* Key version is the upper 16 bits of the composite firmware version */
if (kb->data_key.key_version > 0xffff)
return VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE;
if (kb->data_key.key_version < (sec_version >> 16))
if (kb->data_key.key_version < (sd->fw_version_secdata >> 16))
return VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
sd->fw_version = kb->data_key.key_version << 16;
@@ -140,7 +134,6 @@ int vb2_load_fw_preamble(struct vb2_context *ctx)
struct vb2_fw_preamble *pre;
uint32_t pre_size;
uint32_t sec_version;
int rv;
vb2_workbuf_from_ctx(ctx, &wb);
@@ -184,11 +177,6 @@ int vb2_load_fw_preamble(struct vb2_context *ctx)
if (rv)
return rv;
/* Read the secure key version */
rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, &sec_version);
if (rv)
return rv;
/*
* Firmware version is the lower 16 bits of the composite firmware
* version.
@@ -198,7 +186,7 @@ int vb2_load_fw_preamble(struct vb2_context *ctx)
/* Combine with the key version from vb2_load_fw_keyblock() */
sd->fw_version |= pre->firmware_version;
if (sd->fw_version < sec_version)
if (sd->fw_version < sd->fw_version_secdata)
return VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
/*
@@ -206,10 +194,11 @@ int vb2_load_fw_preamble(struct vb2_context *ctx)
* successfully booted the same slot last boot, roll forward the
* version in secure storage.
*/
if (sd->fw_version > sec_version &&
if (sd->fw_version > sd->fw_version_secdata &&
sd->last_fw_slot == sd->fw_slot &&
sd->last_fw_result == VB2_FW_RESULT_SUCCESS) {
sd->fw_version_secdata = sd->fw_version;
rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version);
if (rv)
return rv;