mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-24 02:05:01 +00:00
Use VbSharedData instead of VbNvStorage for fwb_tries and kernkey_vfy
Change-Id: I5ed3509a9d4e578cd2e98f493dab59bc2fbd5827 R=dlaurie@chromium.org BUG=chrome-os-partner:2748 TEST=manual crossystem fwb_tries=3 (reboot) crossystem tried_fwb (should print 1) crossystem fwb_tries=0 (reboot) crossystem tried_fwb (should print 0) In dev mode... Boot a kernel signed with the same key as in the firmware crossystem kernkey_vfy (should print sig) Boot a kernel signed with a different key than the firmware crossystem kernkey_vfy (should print hash) Review URL: http://codereview.chromium.org/6711045
This commit is contained in:
Randall Spangler
@@ -47,13 +47,6 @@ typedef enum VbNvParam {
|
||||
VBNV_LOCALIZATION_INDEX,
|
||||
/* Field reserved for kernel/user-mode use; 32-bit value. */
|
||||
VBNV_KERNEL_FIELD,
|
||||
/* Firmware checked RW slot B before slot A on the current boot because
|
||||
* VBNV_TRY_B_COUNT was non-zero at that time. 0=no; 1=yes. */
|
||||
VBNV_TRIED_FIRMWARE_B,
|
||||
/* Firmware verified the kernel key block signature using the key stored
|
||||
* in the firmware. 0=no, just used the key block hash; 1=yes, used the
|
||||
* key block signature. */
|
||||
VBNV_FW_VERIFIED_KERNEL_KEY,
|
||||
/* Verified boot API function which should generate a test error, if
|
||||
* error number (below) is non-zero. */
|
||||
VBNV_TEST_ERROR_FUNC,
|
||||
|
||||
@@ -134,7 +134,6 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
||||
VbNvSet(vnc, VBNV_TRY_B_COUNT, try_b_count - 1);
|
||||
shared->flags |= VBSD_FWB_TRIED;
|
||||
}
|
||||
VbNvSet(vnc, VBNV_TRIED_FIRMWARE_B, try_b_count ? 1 : 0);
|
||||
|
||||
/* Allocate our internal data */
|
||||
lfi = (VbLoadFirmwareInternal*)Malloc(sizeof(VbLoadFirmwareInternal));
|
||||
|
||||
@@ -651,9 +651,6 @@ int LoadKernel(LoadKernelParams* params) {
|
||||
|
||||
LoadKernelExit:
|
||||
|
||||
/* Save whether the good partition's key block was fully verified */
|
||||
VbNvSet(vnc, VBNV_FW_VERIFIED_KERNEL_KEY, good_partition_key_block_valid);
|
||||
|
||||
/* Store recovery request, if any, then tear down non-volatile storage */
|
||||
VbNvSet(vnc, VBNV_RECOVERY_REQUEST, LOAD_KERNEL_RECOVERY == retval ?
|
||||
recovery : VBNV_RECOVERY_NOT_REQUESTED);
|
||||
|
||||
@@ -27,8 +27,6 @@
|
||||
#define LOCALIZATION_OFFSET 3
|
||||
|
||||
#define FIRMWARE_FLAGS_OFFSET 5
|
||||
#define FIRMWARE_TRIED_FIRMWARE_B 0x80
|
||||
#define FIRMWARE_FW_VERIFIED_KERNEL_KEY 0x40
|
||||
#define FIRMWARE_TEST_ERR_FUNC_MASK 0x38
|
||||
#define FIRMWARE_TEST_ERR_FUNC_SHIFT 3
|
||||
#define FIRMWARE_TEST_ERR_NUM_MASK 0x07
|
||||
@@ -128,15 +126,6 @@ int VbNvGet(VbNvContext* context, VbNvParam param, uint32_t* dest) {
|
||||
| (raw[KERNEL_FIELD_OFFSET + 3] << 24));
|
||||
return 0;
|
||||
|
||||
case VBNV_TRIED_FIRMWARE_B:
|
||||
*dest = (raw[FIRMWARE_FLAGS_OFFSET] & FIRMWARE_TRIED_FIRMWARE_B ? 1 : 0);
|
||||
return 0;
|
||||
|
||||
case VBNV_FW_VERIFIED_KERNEL_KEY:
|
||||
*dest = (raw[FIRMWARE_FLAGS_OFFSET] & FIRMWARE_FW_VERIFIED_KERNEL_KEY ?
|
||||
1 : 0);
|
||||
return 0;
|
||||
|
||||
case VBNV_TEST_ERROR_FUNC:
|
||||
*dest = (raw[FIRMWARE_FLAGS_OFFSET] & FIRMWARE_TEST_ERR_FUNC_MASK)
|
||||
>> FIRMWARE_TEST_ERR_FUNC_SHIFT;
|
||||
@@ -213,20 +202,6 @@ int VbNvSet(VbNvContext* context, VbNvParam param, uint32_t value) {
|
||||
raw[KERNEL_FIELD_OFFSET + 3] = (uint8_t)(value >> 24);
|
||||
break;
|
||||
|
||||
case VBNV_TRIED_FIRMWARE_B:
|
||||
if (value)
|
||||
raw[FIRMWARE_FLAGS_OFFSET] |= FIRMWARE_TRIED_FIRMWARE_B;
|
||||
else
|
||||
raw[FIRMWARE_FLAGS_OFFSET] &= ~FIRMWARE_TRIED_FIRMWARE_B;
|
||||
break;
|
||||
|
||||
case VBNV_FW_VERIFIED_KERNEL_KEY:
|
||||
if (value)
|
||||
raw[FIRMWARE_FLAGS_OFFSET] |= FIRMWARE_FW_VERIFIED_KERNEL_KEY;
|
||||
else
|
||||
raw[FIRMWARE_FLAGS_OFFSET] &= ~FIRMWARE_FW_VERIFIED_KERNEL_KEY;
|
||||
break;
|
||||
|
||||
case VBNV_TEST_ERROR_FUNC:
|
||||
raw[FIRMWARE_FLAGS_OFFSET] &= ~FIRMWARE_TEST_ERR_FUNC_MASK;
|
||||
raw[FIRMWARE_FLAGS_OFFSET] |= (value << FIRMWARE_TEST_ERR_FUNC_SHIFT)
|
||||
|
||||
@@ -103,7 +103,10 @@ typedef enum VdatStringField {
|
||||
typedef enum VdatIntField {
|
||||
VDAT_INT_FLAGS = 0, /* Flags */
|
||||
VDAT_INT_FW_VERSION_TPM, /* Current firmware version in TPM */
|
||||
VDAT_INT_KERNEL_VERSION_TPM /* Current kernel version in TPM */
|
||||
VDAT_INT_KERNEL_VERSION_TPM, /* Current kernel version in TPM */
|
||||
VDAT_INT_TRIED_FIRMWARE_B, /* Tried firmware B due to fwb_tries */
|
||||
VDAT_INT_KERNEL_KEY_VERIFIED /* Kernel key verified using
|
||||
* signature, not just hash */
|
||||
} VdatIntField;
|
||||
|
||||
|
||||
@@ -678,6 +681,12 @@ int GetVdatInt(VdatIntField field) {
|
||||
case VDAT_INT_KERNEL_VERSION_TPM:
|
||||
value = (int)sh->kernel_version_tpm;
|
||||
break;
|
||||
case VDAT_INT_TRIED_FIRMWARE_B:
|
||||
value = (sh->flags & VBSD_FWB_TRIED ? 1 : 0);
|
||||
break;
|
||||
case VDAT_INT_KERNEL_KEY_VERIFIED:
|
||||
value = (sh->flags & VBSD_KERNEL_KEY_VERIFIED ? 1 : 0);
|
||||
break;
|
||||
}
|
||||
|
||||
Free(ab);
|
||||
@@ -719,9 +728,7 @@ int VbGetSystemPropertyInt(const char* name) {
|
||||
return (-1 == ReadFileInt(ACPI_CHSW_PATH) ? -1 : 0x00100000);
|
||||
}
|
||||
/* NV storage values with no defaults for older BIOS. */
|
||||
else if (!strcasecmp(name,"tried_fwb")) {
|
||||
value = VbGetNvStorage(VBNV_TRIED_FIRMWARE_B);
|
||||
} else if (!strcasecmp(name,"kern_nv")) {
|
||||
else if (!strcasecmp(name,"kern_nv")) {
|
||||
value = VbGetNvStorage(VBNV_KERNEL_FIELD);
|
||||
} else if (!strcasecmp(name,"nvram_cleared")) {
|
||||
value = VbGetNvStorage(VBNV_KERNEL_SETTINGS_RESET);
|
||||
@@ -758,6 +765,8 @@ int VbGetSystemPropertyInt(const char* name) {
|
||||
value = GetVdatInt(VDAT_INT_FW_VERSION_TPM);
|
||||
} else if (!strcasecmp(name,"tpm_kernver")) {
|
||||
value = GetVdatInt(VDAT_INT_KERNEL_VERSION_TPM);
|
||||
} else if (!strcasecmp(name,"tried_fwb")) {
|
||||
value = GetVdatInt(VDAT_INT_TRIED_FIRMWARE_B);
|
||||
}
|
||||
|
||||
return value;
|
||||
@@ -798,7 +807,7 @@ const char* VbGetSystemPropertyString(const char* name, char* dest, int size) {
|
||||
return NULL;
|
||||
}
|
||||
} else if (!strcasecmp(name,"kernkey_vfy")) {
|
||||
switch(VbGetNvStorage(VBNV_FW_VERIFIED_KERNEL_KEY)) {
|
||||
switch(GetVdatInt(VDAT_INT_KERNEL_KEY_VERIFIED)) {
|
||||
case 0:
|
||||
return "hash";
|
||||
case 1:
|
||||
|
||||
@@ -29,8 +29,6 @@ static VbNvField nvfields[] = {
|
||||
{VBNV_RECOVERY_REQUEST, 0, 0x42, 0xED, "recovery request"},
|
||||
{VBNV_LOCALIZATION_INDEX, 0, 0x69, 0xB0, "localization index"},
|
||||
{VBNV_KERNEL_FIELD, 0, 0x12345678, 0xFEDCBA98, "kernel field"},
|
||||
{VBNV_TRIED_FIRMWARE_B, 0, 1, 0, "tried firmware B"},
|
||||
{VBNV_FW_VERIFIED_KERNEL_KEY, 0, 1, 0, "firmware verified kernel key"},
|
||||
{VBNV_TEST_ERROR_FUNC, 0, 1, 7, "verified boot test error func"},
|
||||
{VBNV_TEST_ERROR_NUM, 0, 3, 6, "verified boot test error number"},
|
||||
{0, 0, 0, 0, NULL}
|
||||
|
||||
Reference in New Issue
Block a user