scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-26 19:25:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot: use recovery button as dev mode switch confirmation

Browse Source 
We don't allow ENTER from a USB keyboard as the confirmation
in the switch from normal to developer mode.

For devices that have a physical recovery button, we require
a recovery button press instead.  For other devices, we
require that ENTER be pressed on the internal keyboard.

This prevents an "evil keyboard" attack in which a USB keyboard
(or other USB device pretending to be a keyboard) sends a
control-D/ENTER sequence shortly after every boot (followed
by more evil keys).  In that situation, when users power-on in
recovery mode, they will be forced to dev mode even if it
was not their intention.  Further attacks are easy at
that point.

TESTING.  On a panther device:

1. powered on with recovery button pressed -> booted in recovery mode
2. pressed control-D on external USB keyboard -> got to ToDev? screen
3. pressed ENTER -> system beeped
4. pressed recovery button -> system rebooted in DEV mode

... all as expected

Also:

1. powered on with recovery button pressed and HELD recovery button
2. pressed control-D -> system beeped

BUG=chrome-os-partner:21729
TEST=manual (see commit message)
BRANCH=none
CQ-DEPEND=CL:182420,CL:182946,CL:182357

Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7
Reviewed-on: https://chromium-review.googlesource.com/182241
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
This commit is contained in:
Luigi Semenzato
2014-01-10 16:26:08 -08:00
committed by chrome-internal-fetch
parent 46e00e6380
commit a53a0b040f
7 changed files with 178 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
firmware/lib/include/vboot_kernel.h
View File

@@ -44,6 +44,10 @@ void VbApiKernelFree(VbCommonParams *cparams);
uint32_t VbTryLoadKernel(VbCommonParams *cparams, LoadKernelParams *p,
uint32_t get_info_flags);
/* Flags for VbUserConfirms() */
#define VB_CONFIRM_MUST_TRUST_KEYBOARD (1 << 0)
#define VB_CONFIRM_SPACE_MEANS_NO (1 << 1)
/**
* Ask the user to confirm something.
*
@@ -52,9 +56,13 @@ uint32_t VbTryLoadKernel(VbCommonParams *cparams, LoadKernelParams *p,
* don't return until one of those keys is pressed, or until asked to shut
* down.
*
* Additionally, in some situations we don't accept confirmations from an
* untrusted keyboard (such as a USB device). In those cases, a recovery
* button press is needed for confirmation, instead of ENTER.
*
* Returns: 1=yes, 0=no, -1 = shutdown.
*/
int VbUserConfirms(VbCommonParams *cparams, int space_means_no);
int VbUserConfirms(VbCommonParams *cparams, uint32_t confirm_flags);
/**
* Handle a normal boot.