scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 10:14:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fastboot: Add routines for unlock and lock device

Browse Source 
Add support for functions to request unlock and lock of devices in
response to fastboot oem unlock/lock commands. Unlock operation is
equivalent to enabling dev mode and lock operation is equivalent to
leaving dev mode. It is the responsibility of the caller to ensure
that user confirmation is obtained before unlock/lock operations.

BUG=chrome-os-partner:40196
BRANCH=None
TEST=Compiles successfully and fastboot lock/unlock operations work as
expected on smaug. Added tests to ensure lock/unlock operations are
covered. Verified using make -j runtests.

Change-Id: Ibafe75abdd1202473009208a414f3996d537db4f
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/273182
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
This commit is contained in:
Furquan Shaikh
2015-05-25 21:49:11 -07:00
committed by ChromeOS Commit Bot
parent d08a3435f8
commit 773b5ac3a6
4 changed files with 124 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -686,6 +686,7 @@ TEST_NAMES = \
tests/vboot_api_kernel3_tests \ tests/vboot_api_kernel3_tests \
tests/vboot_api_kernel4_tests \ tests/vboot_api_kernel4_tests \
tests/vboot_api_kernel5_tests \ tests/vboot_api_kernel5_tests \
tests/vboot_api_kernel6_tests \
tests/vboot_audio_tests \ tests/vboot_audio_tests \
tests/vboot_common_tests \ tests/vboot_common_tests \
tests/vboot_common2_tests \ tests/vboot_common2_tests \
@@ -1365,6 +1366,7 @@ runmisctests: test_setup
${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel3_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel3_tests
${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel4_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel4_tests
${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel5_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel5_tests
${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel6_tests
${RUNTEST} ${BUILD_RUN}/tests/vboot_audio_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_audio_tests
${RUNTEST} ${BUILD_RUN}/tests/vboot_common_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_common_tests
${RUNTEST} ${BUILD_RUN}/tests/vboot_common2_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vboot_common2_tests ${TEST_KEYS}

29
firmware/include/vboot_api.h
View File

@@ -1028,4 +1028,33 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
void *boot_image, void *boot_image,
size_t image_size); size_t image_size);
/**
* Fastboot API to enter dev mode.
*
* This routine is used by fastboot oem unlock command to switch the device into
* dev mode.
*
* NOTE: The caller MUST be in read-only firmware, and MUST have just obtained
* explicit physical confirmation from the user via a trusted input method
* before calling this function! Also, on successful return from this function,
* the caller needs to reboot the device immediately for changes to take effect.
*
* @return VBERROR_... error, VBERROR_SUCCESS on success.
*/
VbError_t VbUnlockDevice(void);
/**
* Fastboot API to enter normal mode.
*
* This routine is used by fastboot oem lock command to switch the device into
* normal mode.
*
* NOTE: On successful return from this function, the caller needs to reboot the
* device immediately for changes to take effect. This routine just stores a
* request, which will be handled by RO firmware on next reboot.
*
* @return VBERROR_... error, VBERROR_SUCCESS on success.
*/
VbError_t VbLockDevice(void);
#endif /* VBOOT_REFERENCE_VBOOT_API_H_ */ #endif /* VBOOT_REFERENCE_VBOOT_API_H_ */

31
firmware/lib/vboot_api_kernel.c
View File

@@ -1330,3 +1330,34 @@ fail:
VbExFree(kernel_subkey); VbExFree(kernel_subkey);
return retval; return retval;
} }
VbError_t VbUnlockDevice(void)
{
VBDEBUG(("%s() Enabling dev-mode...\n", __func__));
if (TPM_SUCCESS != SetVirtualDevMode(1))
return VBERROR_TPM_SET_BOOT_MODE_STATE;
VBDEBUG(("%s() Mode change will take effect on next reboot.\n",
__func__));
return VBERROR_SUCCESS;
}
VbError_t VbLockDevice(void)
{
VbExNvStorageRead(vnc.raw);
VbNvSetup(&vnc);
VBDEBUG(("%s() - Storing request to leave dev-mode.\n",
__func__));
VbNvSet(&vnc, VBNV_DISABLE_DEV_REQUEST,
1);
VbNvTeardown(&vnc);
if (vnc.raw_changed)
VbExNvStorageWrite(vnc.raw);
VBDEBUG(("%s() Mode change will take effect on next reboot.\n",
__func__));
return VBERROR_SUCCESS;
}

62
tests/vboot_api_kernel6_tests.c Normal file
View File

@@ -0,0 +1,62 @@
/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Tests for vboot_api_kernel.c
*/
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "test_common.h"
#include "vboot_api.h"
#include "vboot_nvstorage.h"
/* Mock data */
static uint32_t virtual_dev_mode_fail;
/**
* Reset mock data (for use before each test)
*/
static void ResetMocks(void)
{
virtual_dev_mode_fail = 0;
}
/* Mocks */
uint32_t SetVirtualDevMode(int val)
{
if (virtual_dev_mode_fail)
return VBERROR_SIMULATED;
return VBERROR_SUCCESS;
}
static void VbUnlockDeviceTest(void)
{
ResetMocks();
TEST_EQ(VbUnlockDevice(), 0, "unlock success");
ResetMocks();
virtual_dev_mode_fail = 1;
TEST_EQ(VbUnlockDevice(), VBERROR_TPM_SET_BOOT_MODE_STATE,
"set dev fail");
}
static void VbLockDeviceTest(void)
{
ResetMocks();
TEST_EQ(VbLockDevice(), 0, "lock success");
}
int main(void)
{
VbUnlockDeviceTest();
VbLockDeviceTest();
if (vboot_api_stub_check_memory())
return 255;
return gTestSuccess ? 0 : 255;
}