scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-29 12:43:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot: Change VbExEc implementations to support RO update

Browse Source 
This change will be used to support EC-RO software sync by allowing for
access to the readonly region of firmware. Currently only the writable
section is accessed by vboot using VB_SELECT_FIRMWARE_A and B.

BUG=chrome-os-partner:48703
BRANCH=none
TEST=built on jerry and check that the RO hash can be read and the image
can be updated.
CQ-DEPEND=CL:319185,CL:320425,CL:320598

Change-Id: Ic3942d86b65da3123798cfd11a78056f5dab6699
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/319213
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This commit is contained in:
Mary Ruthven
2015-12-18 11:16:02 -08:00
committed by chrome-bot
parent 785343089c
commit 7e0728dfca
4 changed files with 50 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
firmware/include/vboot_api.h
View File

@@ -891,34 +891,37 @@ VbError_t VbExEcJumpToRW(int devidx);
VbError_t VbExEcDisableJump(int devidx); VbError_t VbExEcDisableJump(int devidx);
/** /**
* Read the SHA-256 hash of the rewriteable EC image. * Read the SHA-256 hash of the selected EC image.
*/ */
VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size); VbError_t VbExEcHashImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t **hash, int *hash_size);
/** /**
* Get the expected contents of the EC image associated with the main firmware * Get the expected contents of the EC image associated with the main firmware
* specified by the "select" argument. * specified by the "select" argument.
*/ */
VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select, VbError_t VbExEcGetExpectedImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t **image, int *image_size); const uint8_t **image, int *image_size);
/** /**
* Read the SHA-256 hash of the expected contents of the EC image associated * Read the SHA-256 hash of the expected contents of the EC image associated
* with the main firmware specified by the "select" argument. * with the main firmware specified by the "select" argument.
*/ */
VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select, VbError_t VbExEcGetExpectedImageHash(int devidx, enum VbSelectFirmware_t select,
const uint8_t **hash, int *hash_size); const uint8_t **hash, int *hash_size);
/** /**
* Update the EC rewritable image. * Update the selected EC image.
*/ */
VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size); VbError_t VbExEcUpdateImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t *image, int image_size);
/** /**
* Lock the EC code to prevent updates until the EC is rebooted. * Lock the selected EC code to prevent updates until the EC is rebooted.
* Subsequent calls to VbExEcUpdateRW() this boot will fail. * Subsequent calls to VbExEcUpdateImage() with the same region this boot will
* fail.
*/ */
VbError_t VbExEcProtectRW(int devidx); VbError_t VbExEcProtect(int devidx, enum VbSelectFirmware_t select);
/** /**
* Info the EC of the boot mode selected by the AP. * Info the EC of the boot mode selected by the AP.

37
firmware/lib/vboot_api_kernel.c
View File

@@ -639,16 +639,16 @@ VbError_t VbBootRecovery(VbCommonParams *cparams, LoadKernelParams *p)
} }
/** /**
* Wrapper around VbExEcProtectRW() which sets recovery reason on error. * Wrapper around VbExEcProtect() which sets recovery reason on error.
*/ */
static VbError_t EcProtectRW(int devidx) static VbError_t EcProtect(int devidx, enum VbSelectFirmware_t select)
{ {
int rv = VbExEcProtectRW(devidx); int rv = VbExEcProtect(devidx, select);
if (rv == VBERROR_EC_REBOOT_TO_RO_REQUIRED) { if (rv == VBERROR_EC_REBOOT_TO_RO_REQUIRED) {
VBDEBUG(("VbExEcProtectRW() needs reboot\n")); VBDEBUG(("VbExEcProtect() needs reboot\n"));
} else if (rv != VBERROR_SUCCESS) { } else if (rv != VBERROR_SUCCESS) {
VBDEBUG(("VbExEcProtectRW() returned %d\n", rv)); VBDEBUG(("VbExEcProtect() returned %d\n", rv));
VbSetRecoveryRequest(VBNV_RECOVERY_EC_PROTECT); VbSetRecoveryRequest(VBNV_RECOVERY_EC_PROTECT);
} }
return rv; return rv;
@@ -658,6 +658,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
{ {
VbSharedDataHeader *shared = VbSharedDataHeader *shared =
(VbSharedDataHeader *)cparams->shared_data_blob; (VbSharedDataHeader *)cparams->shared_data_blob;
enum VbSelectFirmware_t rw;
int in_rw = 0; int in_rw = 0;
int rv; int rv;
const uint8_t *ec_hash = NULL; const uint8_t *ec_hash = NULL;
@@ -671,6 +672,8 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
int i; int i;
VBDEBUG(("VbEcSoftwareSync(devidx=%d)\n", devidx)); VBDEBUG(("VbEcSoftwareSync(devidx=%d)\n", devidx));
rw = shared->firmware_index ? VB_SELECT_FIRMWARE_B :
VB_SELECT_FIRMWARE_A;
/* Determine whether the EC is in RO or RW */ /* Determine whether the EC is in RO or RW */
rv = VbExEcRunningRW(devidx, &in_rw); rv = VbExEcRunningRW(devidx, &in_rw);
@@ -719,7 +722,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
} }
/* Protect the RW flash and stay in EC-RO */ /* Protect the RW flash and stay in EC-RO */
rv = EcProtectRW(devidx); rv = EcProtect(devidx, rw);
if (rv != VBERROR_SUCCESS) if (rv != VBERROR_SUCCESS)
return rv; return rv;
@@ -736,16 +739,16 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
} }
/* Get hash of EC-RW */ /* Get hash of EC-RW */
rv = VbExEcHashRW(devidx, &ec_hash, &ec_hash_size); rv = VbExEcHashImage(devidx, rw, &ec_hash, &ec_hash_size);
if (rv) { if (rv) {
VBDEBUG(("VbEcSoftwareSync() - " VBDEBUG(("VbEcSoftwareSync() - "
"VbExEcHashRW() returned %d\n", rv)); "VbExEcHashImage() returned %d\n", rv));
VbSetRecoveryRequest(VBNV_RECOVERY_EC_HASH_FAILED); VbSetRecoveryRequest(VBNV_RECOVERY_EC_HASH_FAILED);
return VBERROR_EC_REBOOT_TO_RO_REQUIRED; return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
} }
if (ec_hash_size != SHA256_DIGEST_SIZE) { if (ec_hash_size != SHA256_DIGEST_SIZE) {
VBDEBUG(("VbEcSoftwareSync() - " VBDEBUG(("VbEcSoftwareSync() - "
"VbExEcHashRW() says size %d, not %d\n", "VbExEcHashImage() says size %d, not %d\n",
ec_hash_size, SHA256_DIGEST_SIZE)); ec_hash_size, SHA256_DIGEST_SIZE));
VbSetRecoveryRequest(VBNV_RECOVERY_EC_HASH_SIZE); VbSetRecoveryRequest(VBNV_RECOVERY_EC_HASH_SIZE);
return VBERROR_EC_REBOOT_TO_RO_REQUIRED; return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
@@ -761,9 +764,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
* RO_NORMAL, so we know that the BIOS must be RW-A or RW-B, and * RO_NORMAL, so we know that the BIOS must be RW-A or RW-B, and
* therefore the EC must match. * therefore the EC must match.
*/ */
rv = VbExEcGetExpectedRWHash(devidx, shared->firmware_index ? rv = VbExEcGetExpectedImageHash(devidx, rw, &rw_hash, &rw_hash_size);
VB_SELECT_FIRMWARE_B : VB_SELECT_FIRMWARE_A,
&rw_hash, &rw_hash_size);
if (rv == VBERROR_EC_GET_EXPECTED_HASH_FROM_IMAGE) { if (rv == VBERROR_EC_GET_EXPECTED_HASH_FROM_IMAGE) {
/* /*
@@ -799,10 +800,8 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
*/ */
if (need_update || !rw_hash) { if (need_update || !rw_hash) {
/* Get expected EC-RW image */ /* Get expected EC-RW image */
rv = VbExEcGetExpectedRW(devidx, shared->firmware_index ? rv = VbExEcGetExpectedImage(devidx, rw, &expected,
VB_SELECT_FIRMWARE_B : &expected_size);
VB_SELECT_FIRMWARE_A,
&expected, &expected_size);
if (rv) { if (rv) {
VBDEBUG(("VbEcSoftwareSync() - " VBDEBUG(("VbEcSoftwareSync() - "
"VbExEcGetExpectedRW() returned %d\n", rv)); "VbExEcGetExpectedRW() returned %d\n", rv));
@@ -891,11 +890,11 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
VbDisplayScreen(cparams, VB_SCREEN_WAIT, 0, &vnc); VbDisplayScreen(cparams, VB_SCREEN_WAIT, 0, &vnc);
} }
rv = VbExEcUpdateRW(devidx, expected, expected_size); rv = VbExEcUpdateImage(devidx, rw, expected, expected_size);
if (rv != VBERROR_SUCCESS) { if (rv != VBERROR_SUCCESS) {
VBDEBUG(("VbEcSoftwareSync() - " VBDEBUG(("VbEcSoftwareSync() - "
"VbExEcUpdateRW() returned %d\n", rv)); "VbExEcUpdateImage() returned %d\n", rv));
/* /*
* The EC may know it needs a reboot. It may need to * The EC may know it needs a reboot. It may need to
@@ -919,7 +918,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
} }
/* Protect EC-RW flash */ /* Protect EC-RW flash */
rv = EcProtectRW(devidx); rv = EcProtect(devidx, rw);
if (rv != VBERROR_SUCCESS) if (rv != VBERROR_SUCCESS)
return rv; return rv;

44
firmware/stub/vboot_api_stub.c
View File

@@ -115,25 +115,7 @@ VbError_t VbExEcDisableJump(int devidx)
#define SHA256_HASH_SIZE 32 #define SHA256_HASH_SIZE 32
VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size) VbError_t VbExEcHashImage(int devidx, enum VbSelectFirmware_t select,
{
static const uint8_t fake_hash[32] = {1, 2, 3, 4};
*hash = fake_hash;
*hash_size = sizeof(fake_hash);
return VBERROR_SUCCESS;
}
VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
const uint8_t **image, int *image_size)
{
static uint8_t fake_image[64] = {5, 6, 7, 8};
*image = fake_image;
*image_size = sizeof(fake_image);
return VBERROR_SUCCESS;
}
VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
const uint8_t **hash, int *hash_size) const uint8_t **hash, int *hash_size)
{ {
static const uint8_t fake_hash[32] = {1, 2, 3, 4}; static const uint8_t fake_hash[32] = {1, 2, 3, 4};
@@ -143,12 +125,32 @@ VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
return VBERROR_SUCCESS; return VBERROR_SUCCESS;
} }
VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size) VbError_t VbExEcGetExpectedImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t **image, int *image_size)
{
static uint8_t fake_image[64] = {5, 6, 7, 8};
*image = fake_image;
*image_size = sizeof(fake_image);
return VBERROR_SUCCESS;
}
VbError_t VbExEcGetExpectedImageHash(int devidx, enum VbSelectFirmware_t select,
const uint8_t **hash, int *hash_size)
{
static const uint8_t fake_hash[32] = {1, 2, 3, 4};
*hash = fake_hash;
*hash_size = sizeof(fake_hash);
return VBERROR_SUCCESS;
}
VbError_t VbExEcUpdateImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t *image, int image_size)
{ {
return VBERROR_SUCCESS; return VBERROR_SUCCESS;
} }
VbError_t VbExEcProtectRW(int devidx) VbError_t VbExEcProtect(int devidx, enum VbSelectFirmware_t select)
{ {
return VBERROR_SUCCESS; return VBERROR_SUCCESS;
} }

12
tests/vboot_api_kernel3_tests.c
View File

@@ -123,7 +123,7 @@ VbError_t VbExEcRunningRW(int devidx, int *in_rw)
return in_rw_retval; return in_rw_retval;
} }
VbError_t VbExEcProtectRW(int devidx) VbError_t VbExEcProtect(int devidx, enum VbSelectFirmware_t select)
{ {
ec_protected = 1; ec_protected = 1;
return protect_retval; return protect_retval;
@@ -140,14 +140,15 @@ VbError_t VbExEcJumpToRW(int devidx)
return run_retval; return run_retval;
} }
VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size) VbError_t VbExEcHashImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t **hash, int *hash_size)
{ {
*hash = mock_ec_hash; *hash = mock_ec_hash;
*hash_size = mock_ec_hash_size; *hash_size = mock_ec_hash_size;
return mock_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED; return mock_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED;
} }
VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select, VbError_t VbExEcGetExpectedImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t **image, int *image_size) const uint8_t **image, int *image_size)
{ {
static uint8_t fake_image[64] = {5, 6, 7, 8}; static uint8_t fake_image[64] = {5, 6, 7, 8};
@@ -156,7 +157,7 @@ VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
return get_expected_retval; return get_expected_retval;
} }
VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select, VbError_t VbExEcGetExpectedImageHash(int devidx, enum VbSelectFirmware_t select,
const uint8_t **hash, int *hash_size) const uint8_t **hash, int *hash_size)
{ {
*hash = want_ec_hash; *hash = want_ec_hash;
@@ -174,7 +175,8 @@ uint8_t *internal_SHA256(const uint8_t *data, uint64_t len, uint8_t *digest)
return digest; return digest;
} }
VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size) VbError_t VbExEcUpdateImage(int devidx, enum VbSelectFirmware_t select,
const uint8_t *image, int image_size)
{ {
ec_updated = 1; ec_updated = 1;
return update_retval; return update_retval;