scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-25 18:55:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ignore TPM return codes in recovery mode

Browse Source 
Review URL: http://codereview.chromium.org/2844024
This commit is contained in:
Randall Spangler
2010-06-24 14:01:34 -07:00
parent f6ddd64c3a
commit d6aad3a088
3 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
firmware/include/rollback_index.h → firmware/lib/include/rollback_index.h
View File

@@ -73,7 +73,8 @@ Call from LoadKernel()
/* These functions are callable from LoadFirmware(). They cannot use /* These functions are callable from LoadFirmware(). They cannot use
* global variables. */ * global variables. */
/* Setup must be called. */ /* Setup must be called. Pass developer_mode=nonzero if in developer
* mode. */
uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t RollbackFirmwareSetup(int developer_mode,
uint16_t* key_version, uint16_t* version); uint16_t* key_version, uint16_t* version);
/* Write may be called if the versions change */ /* Write may be called if the versions change */
@@ -85,7 +86,8 @@ uint32_t RollbackFirmwareLock(void);
* variables. */ * variables. */
/* Recovery may be called. If it is, this is the first time a /* Recovery may be called. If it is, this is the first time a
* rollback function has been called this boot, so it needs to know if * rollback function has been called this boot, so it needs to know if
* we're in developer mode. */ * we're in developer mode. Pass developer_mode=nonzero if in developer
* mode. */
uint32_t RollbackKernelRecovery(int developer_mode); uint32_t RollbackKernelRecovery(int developer_mode);
/* Read and write may be called if not in developer mode. If called in /* Read and write may be called if not in developer mode. If called in
* recovery mode, these are ignored and/or return 0 versions. */ * recovery mode, these are ignored and/or return 0 versions. */

31
firmware/lib/vboot_kernel.c
View File

@@ -124,10 +124,9 @@ int LoadKernel(LoadKernelParams* params) {
uint16_t tpm_kernel_version = 0; uint16_t tpm_kernel_version = 0;
uint64_t lowest_key_version = 0xFFFF; uint64_t lowest_key_version = 0xFFFF;
uint64_t lowest_kernel_version = 0xFFFF; uint64_t lowest_kernel_version = 0xFFFF;
int is_dev = ((BOOT_FLAG_DEVELOPER & params->boot_flags) && int is_dev = (BOOT_FLAG_DEVELOPER & params->boot_flags);
!(BOOT_FLAG_RECOVERY & params->boot_flags)); int is_rec = (BOOT_FLAG_RECOVERY & params->boot_flags);
int is_normal = (!(BOOT_FLAG_DEVELOPER & params->boot_flags) && int is_normal = (!is_dev && !is_rec);
!(BOOT_FLAG_RECOVERY & params->boot_flags));
/* Clear output params in case we fail */ /* Clear output params in case we fail */
params->partition_number = 0; params->partition_number = 0;
@@ -135,11 +134,11 @@ int LoadKernel(LoadKernelParams* params) {
params->bootloader_size = 0; params->bootloader_size = 0;
/* Let the TPM know if we're in recovery mode */ /* Let the TPM know if we're in recovery mode */
if (BOOT_FLAG_RECOVERY & params->boot_flags) { if (is_rec) {
if (0 != RollbackKernelRecovery(BOOT_FLAG_DEVELOPER & params->boot_flags if (0 != RollbackKernelRecovery(is_dev ? 1 : 0)) {
? 1 : 0)) {
VBDEBUG(("Error setting up TPM for recovery kernel\n")); VBDEBUG(("Error setting up TPM for recovery kernel\n"));
return LOAD_KERNEL_RECOVERY; /* Ignore return code, since we need to boot recovery mode to
* fix the TPM. */
} }
} }
@@ -150,7 +149,7 @@ int LoadKernel(LoadKernelParams* params) {
VBDEBUG(("Unable to get kernel versions from TPM\n")); VBDEBUG(("Unable to get kernel versions from TPM\n"));
return LOAD_KERNEL_RECOVERY; return LOAD_KERNEL_RECOVERY;
} }
} else if (is_dev) { } else if (is_dev && !is_rec) {
/* In developer mode, we ignore the kernel subkey, and just use /* In developer mode, we ignore the kernel subkey, and just use
* the SHA-512 hash to verify the key block. */ * the SHA-512 hash to verify the key block. */
kernel_subkey = NULL; kernel_subkey = NULL;
@@ -205,14 +204,14 @@ int LoadKernel(LoadKernelParams* params) {
/* Check the key block flags against the current boot mode */ /* Check the key block flags against the current boot mode */
if (!(key_block->key_block_flags && if (!(key_block->key_block_flags &&
((BOOT_FLAG_DEVELOPER & params->boot_flags) ? (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 :
KEY_BLOCK_FLAG_DEVELOPER_1 : KEY_BLOCK_FLAG_DEVELOPER_0))) { KEY_BLOCK_FLAG_DEVELOPER_0))) {
VBDEBUG(("Developer flag mismatch.\n")); VBDEBUG(("Developer flag mismatch.\n"));
continue; continue;
} }
if (!(key_block->key_block_flags && if (!(key_block->key_block_flags &&
((BOOT_FLAG_RECOVERY & params->boot_flags) ? (is_rec ? KEY_BLOCK_FLAG_RECOVERY_1 :
KEY_BLOCK_FLAG_RECOVERY_1 : KEY_BLOCK_FLAG_RECOVERY_0))) { KEY_BLOCK_FLAG_RECOVERY_0))) {
VBDEBUG(("Recovery flag mismatch.\n")); VBDEBUG(("Recovery flag mismatch.\n"));
continue; continue;
} }
@@ -374,10 +373,12 @@ int LoadKernel(LoadKernelParams* params) {
} }
} }
/* Lock the kernel versions, since we're about to boot the kernel */ /* Lock the kernel versions */
if (0 != RollbackKernelLock()) { if (0 != RollbackKernelLock()) {
VBDEBUG(("Error locking kernel versions.\n")); VBDEBUG(("Error locking kernel versions.\n"));
return LOAD_KERNEL_RECOVERY; /* Don't reboot to recovery mode if we're already there */
if (!is_rec)
return LOAD_KERNEL_RECOVERY;
} }
/* Success! */ /* Success! */

2
firmware/version.c
View File

@@ -1 +1 @@
char* VbootVersion = "VBOOv=8078f71c"; char* VbootVersion = "VBOOv=c6976ffa";