From 7aef90c14d9dc770b4e16876faf8bf6b9942ff2e Mon Sep 17 00:00:00 2001 From: ChromeOS Developer Date: Wed, 3 Dec 2014 12:19:22 -0800 Subject: [PATCH] vboot2: vb2_unpack_key2() no longer passes through to vb2_unpack_key() At one point I thought I'd be able to support both vboot1 and vboot2.1 data structures and dynamically determine which verification path to run. But space limitations on current platforms (e.g. pinky) mean that's not feasible. Remove this vestigal support, so that it's easier to make a clean break to the new data structures on appropriate platforms. BUG=chromium:423882 BRANCH=none TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag) And build firmware for veyron_pinky. Change-Id: I9887e0c54114c475df81d5a2b701b9b52e95b017 Signed-off-by: Randall Spangler Reviewed-on: https://chromium-review.googlesource.com/232979 Reviewed-by: Bill Richardson --- firmware/2lib/include/2return_codes.h | 3 +++ firmware/lib21/packed_key.c | 11 ++--------- tests/vb2_common2_tests.c | 7 +------ 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 3d1c611ae1..f41d784e10 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -226,6 +226,9 @@ enum vb2_return_code { /* Key algorithm doesn't match signature algorithm */ VB2_ERROR_VDATA_ALGORITHM_MISMATCH, + /* Bad magic number in vb2_unpack_key2() */ + VB2_ERROR_UNPACK_KEY_MAGIC, + /********************************************************************** * Keyblock verification errors (all in vb2_verify_keyblock()) */ diff --git a/firmware/lib21/packed_key.c b/firmware/lib21/packed_key.c index 4019213bc2..d872d446ae 100644 --- a/firmware/lib21/packed_key.c +++ b/firmware/lib21/packed_key.c @@ -51,16 +51,9 @@ int vb2_unpack_key2(struct vb2_public_key *key, uint32_t min_offset = 0; int rv; - /* - * Check magic number. - * - * If it doesn't match, pass through to the old packed key format. - * - * TODO: remove passthru when signing scripts have switched over to - * use the new format. - */ + /* Check magic number */ if (pkey->c.magic != VB2_MAGIC_PACKED_KEY2) - return vb2_unpack_key(key, buf, size); + return VB2_ERROR_UNPACK_KEY_MAGIC; rv = vb2_verify_common_header(buf, size); if (rv) diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c index 519d7f9329..88dbf23eed 100644 --- a/tests/vb2_common2_tests.c +++ b/tests/vb2_common2_tests.c @@ -87,11 +87,6 @@ static void test_unpack_key2(const struct vb2_packed_key *key1, /* Make a copy of the key for testing */ key2 = (struct vb2_packed_key2 *)malloc(size); - /* Should be able to handle a vboot1-style key binary as well */ - TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key1, - key1->key_offset + key1->key_size), - "vb2_unpack_key2() passthru"); - memcpy(key2, key, size); TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), "vb2_unpack_key2() ok"); @@ -117,7 +112,7 @@ static void test_unpack_key2(const struct vb2_packed_key *key1, memcpy(key2, key, size); key2->c.magic++; TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_INSIDE_DATA_OUTSIDE, + VB2_ERROR_UNPACK_KEY_MAGIC, "vb2_unpack_key2() bad magic"); memcpy(key2, key, size);