vboot_api_kernel: Remove assumptions about EC-RW hash type and size

With newer PD chips and different update mechanisms, we can no longer guarantee that the "hash" (really just a sort of version identifier) of an EC-RW image will always be a SHA256. This patch removes any hardcoded assumptions about that from vboot, and instead accepts any hash size returned by VbExEcHashImage() and VbExEcGetExpectedImageHash(). It also removes the assumption that the hash can be regenerated by running SHA256 over the full image returned by VbExEcGetExpectedImage(). We can thus no longer support VBERROR_EC_GET_EXPECTED_HASH_FROM_IMAGE, which is fine since that functionality hasn't been needed for years and there would be no reason why we might need it in the future. This also allows simplifying the code flow of EcUpdateImage() a bit (since you can really just return very early if you already figured out that you don't need to update). BRANCH=None BUG=chrome-os-partner:53780 TEST=Tested software sync on Oak both after cold and warm boot. Change-Id: I498f3d39085a38740734fff9f2d1a186a0801489 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/348001 Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-12-16 21:07:26 +00:00 · 2016-05-27 13:27:18 -07:00
parent 31d756465d
commit e1867d26a1
2 changed files with 105 additions and 192 deletions
--- a/tests/vboot_api_kernel3_tests.c
+++ b/tests/vboot_api_kernel3_tests.c
@@ -47,7 +47,6 @@ static int mock_ec_rw_hash_size;
 static uint8_t want_ec_hash[32];
 static uint8_t update_hash;
 static int want_ec_hash_size;
-static uint8_t mock_sha[32];

 static uint32_t screens_displayed[8];
 static uint32_t screens_count = 0;
@@ -104,9 +103,6 @@ static void ResetMocks(void)

 	update_hash = 42;

-	Memset(mock_sha, 0, sizeof(want_ec_hash));
-	mock_sha[0] = 42;
-
 	// TODO: ensure these are actually needed

 	Memset(screens_displayed, 0, sizeof(screens_displayed));
@@ -182,16 +178,7 @@ VbError_t VbExEcGetExpectedImageHash(int devidx, enum VbSelectFirmware_t select,
 	*hash = want_ec_hash;
 	*hash_size = want_ec_hash_size;

-	if (want_ec_hash_size == -1)
-		return VBERROR_EC_GET_EXPECTED_HASH_FROM_IMAGE;
-	else
-		return want_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED;
-}
-
-uint8_t *internal_SHA256(const uint8_t *data, uint64_t len, uint8_t *digest)
-{
-	Memcpy(digest, mock_sha, sizeof(mock_sha));
-	return digest;
+	return want_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED;
 }

 VbError_t VbExEcUpdateImage(int devidx, enum VbSelectFirmware_t select,
@@ -296,28 +283,15 @@ static void VbSoftwareSyncTest(void)
 	ResetMocks();
 	want_ec_hash_size = 16;
 	test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED,
-		   VBNV_RECOVERY_EC_EXPECTED_HASH,
-		   "Bad precalculated hash size");
+		   VBNV_RECOVERY_EC_HASH_SIZE,
+		   "Hash size mismatch");

 	ResetMocks();
-	mock_in_rw = 1;
-	want_ec_hash_size = -1;
-	test_ssync(0, 0, "No precomputed hash");
-
-	ResetMocks();
-	want_ec_hash_size = -1;
-	get_expected_retval = VBERROR_SIMULATED;
-	test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED,
-		   VBNV_RECOVERY_EC_EXPECTED_IMAGE, "Can't fetch image");
+	want_ec_hash_size = 4;
+	mock_ec_rw_hash_size = 4;
+	test_ssync(0, 0, "Custom hash size");

 	/* Updates required */
-	ResetMocks();
-	mock_in_rw = 1;
-	want_ec_hash[0]++;
-	test_ssync(VBERROR_EC_REBOOT_TO_RO_REQUIRED,
-		   VBNV_RECOVERY_EC_HASH_MISMATCH,
-		   "Precalculated hash mismatch");
-
 	ResetMocks();
 	mock_in_rw = 1;
 	mock_ec_rw_hash[0]++;