Add VbSharedData field parsing

R=reinauer@chromium.org BUG=chrome-os-partner:2578 TEST=manual crossystem vdat_timers should show 'LFS=0,0 LF=number1,number2 LK=number3,number4' where number1 < number2 < number3 < number4 crossystem vdat_lfdebug run from a dev mode console, should show 'check=12,0 index=0x00 tpmver=(hex number) lowestver=(hex number)' crossystem vdat_flags run from a dev mode console, flags should be 0x04. Review URL: http://codereview.chromium.org/6685068 Change-Id: Id7b958ae300d10cdcdc1b17a1bb17b7e5069166f
2025-11-24 02:05:01 +00:00 · 2011-03-17 16:10:21 -07:00
parent 83c3714ed3
commit f4ba19d81d
8 changed files with 227 additions and 98 deletions
--- a/firmware/include/load_firmware_fw.h
+++ b/firmware/include/load_firmware_fw.h
@@ -11,9 +11,7 @@
 #include "sysincludes.h"
 #include "vboot_nvstorage.h"
-
+#include "vboot_struct.h"
 /* Recommended size of shared_data_blob in bytes. */
 #define LOAD_FIRMWARE_SHARED_DATA_REC_SIZE 16384
 /* Return codes for LoadFirmware() and S3Resume(). */
 #define LOAD_FIRMWARE_SUCCESS 0   /* Success */
@@ -33,15 +31,19 @@ typedef struct LoadFirmwareParams {
  void* verification_block_1;    /* Key block + preamble for firmware 1 */
  uint64_t verification_size_0;  /* Verification block 0 size in bytes */
  uint64_t verification_size_1;  /* Verification block 1 size in bytes */
-  void* shared_data_blob;        /* Destination buffer for data shared between
+
-                                  * LoadFirmware() and LoadKernel().  Pass this
+  /* Shared data blob for data shared between LoadFirmware() and LoadKernel().
   * This should be at least VB_SHARED_DATA_MIN_SIZE bytes long, and ideally
   * is VB_SHARED_DATA_REC_SIZE bytes long. */
  void* shared_data_blob;        /* Shared data blob buffer.  Pass this
                                  * data to LoadKernel() in
                                  * LoadKernelParams.shared_data_blob. */
-  uint64_t shared_data_size;     /* Size of shared data blob buffer, in bytes.
+  uint64_t shared_data_size;     /* On input, set to size of shared data blob
-                                  * On output, this will contain the actual
+                                  * buffer, in bytes.  On output, this will
-                                  * data size placed into the buffer.  Caller
+                                  * contain the actual data size placed into
-                                  * need only pass this much data to
+                                  * the buffer.  Caller need only pass that
-                                  * LoadKernel().*/
+                                  * much data to LoadKernel().*/
  uint64_t boot_flags;           /* Boot flags */
  VbNvContext* nv_context;       /* Context for NV storage.  nv_context->raw
                                  * must be filled before calling
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -131,10 +131,38 @@ typedef struct VbKernelPreambleHeader {
 #define EXPECTED_VBKERNELPREAMBLEHEADER_SIZE 96
 /* Magic number for recognizing VbSharedDataHeader ("VbSD") */
 #define VB_SHARED_DATA_MAGIC 0x44536256
 /* Minimum and recommended size of shared_data_blob in bytes. */
 #define VB_SHARED_DATA_MIN_SIZE 3072
 #define VB_SHARED_DATA_REC_SIZE 16384
 /* Flags for VbSharedDataHeader */
 /* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries */
 #define VBSD_FWB_TRIED                  0x00000001
 /* LoadKernel() verified the kernel keyblock using the kernel subkey from
 * the firmware.  If this flag is not present, it just used the hash of the
 * kernel keyblock. */
 #define VBSD_KERNEL_KEY_VERIFIED        0x00000002
 /* LoadFirmware() was told the developer switch was on */
 #define VBSD_LF_DEV_SWITCH_ON           0x00000004
 /* Result codes for checking firmware A and B */
 #define VBSD_LF_CHECK_NOT_DONE          0
 #define VBSD_LF_CHECK_DEV_MISMATCH      1
 #define VBSD_LF_CHECK_REC_MISMATCH      2
 #define VBSD_LF_CHECK_VERIFY_KEYBLOCK   3
 #define VBSD_LF_CHECK_KEY_ROLLBACK      4
 #define VBSD_LF_CHECK_DATA_KEY_PARSE    5
 #define VBSD_LF_CHECK_VERIFY_PREAMBLE   6
 #define VBSD_LF_CHECK_FW_ROLLBACK       7
 #define VBSD_LF_CHECK_HEADER_VALID      8
 #define VBSD_LF_CHECK_GET_FW_BODY       9
 #define VBSD_LF_CHECK_HASH_WRONG_SIZE   10
 #define VBSD_LF_CHECK_VERIFY_BODY       11
 #define VBSD_LF_CHECK_VALID             12
 /* Data shared between LoadFirmware(), LoadKernel(), and OS.
 *
 * The boot process is:
@@ -149,18 +177,19 @@ typedef struct VbKernelPreambleHeader {
 *      For example, via ACPI or ATAGs. */
 typedef struct VbSharedDataHeader {
  /* Fields present in version 1 */
  uint32_t magic;                     /* Magic number for struct
                                       * (VB_SHARED_DATA_MAGIC) */
  uint32_t struct_version;            /* Version of this structure */
  uint64_t struct_size;               /* Size of this structure in bytes */
  uint64_t data_size;                 /* Size of shared data buffer in bytes */
  uint64_t data_used;                 /* Amount of shared data used so far */
  uint32_t flags;                     /* Flags */
  VbPublicKey kernel_subkey;          /* Kernel subkey, from firmware */
  uint64_t kernel_subkey_data_offset; /* Offset of kernel subkey data from
                                       * start of this struct */
  uint64_t kernel_subkey_data_size;   /* Size of kernel subkey data */
  uint64_t flags;                     /* Flags */
  /* Timer values from VbGetTimer().  Unused values are set to 0.  If a
   * function is called mutiple times, these are the times from the
   * most recent call. */
@@ -171,6 +200,13 @@ typedef struct VbSharedDataHeader {
  uint64_t timer_load_kernel_enter;          /* LoadKernel() - enter */
  uint64_t timer_load_kernel_exit;           /* LoadKernel() - exit */
  uint8_t check_fw_a_result;          /* Result of checking RW firmware A */
  uint8_t check_fw_b_result;          /* Result of checking RW firmware B */
  uint8_t firmware_index;             /* Firmware index returned by
                                       * LoadFirmware() or 0xFF if failure */
  uint32_t fw_version_tpm_start;      /* Firmware TPM version at start */
  uint32_t fw_version_lowest;         /* Firmware lowest version found */
  /* After read-only firmware which uses version 1 is released, any additional
   * fields must be added below, and the struct version must be increased.
   * Before reading/writing those fields, make sure that the struct being
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -381,6 +381,10 @@ int VerifyKernelPreamble(const VbKernelPreambleHeader* preamble,
 int VbSharedDataInit(VbSharedDataHeader* header, uint64_t size) {
  VBDEBUG(("VbSharedDataInit, %d bytes, header %d bytes\n", (int)size,
           sizeof(VbSharedDataHeader)));
  if (size < sizeof(VbSharedDataHeader)) {
    VBDEBUG(("Not enough data for header.\n"));
    return VBOOT_SHARED_DATA_INVALID;
@@ -397,10 +401,12 @@ int VbSharedDataInit(VbSharedDataHeader* header, uint64_t size) {
  Memset(header, 0, sizeof(VbSharedDataHeader));
  /* Initialize fields */
  header->magic = VB_SHARED_DATA_MAGIC;
  header->struct_version = VB_SHARED_DATA_VERSION;
  header->struct_size = sizeof(VbSharedDataHeader);
  header->data_size = size;
  header->data_used = sizeof(VbSharedDataHeader);
  header->firmware_index = 0xFF;
  /* Success */
  return VBOOT_SUCCESS;
@@ -410,6 +416,8 @@ int VbSharedDataInit(VbSharedDataHeader* header, uint64_t size) {
 uint64_t VbSharedDataReserve(VbSharedDataHeader* header, uint64_t size) {
  uint64_t offs = header->data_used;
  VBDEBUG(("VbSharedDataReserve %d bytes at %d\n", (int)size, (int)offs));
  if (!header || size > header->data_size - header->data_used) {
    VBDEBUG(("VbSharedData buffer out of space.\n"));
    return 0;  /* Not initialized, or not enough space left. */
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -109,6 +109,8 @@ int LoadFirmware(LoadFirmwareParams* params) {
  /* Parse flags */
  is_dev = (params->boot_flags & BOOT_FLAG_DEVELOPER ? 1 : 0);
  if (is_dev)
    shared->flags |= VBSD_LF_DEV_SWITCH_ON;
  /* Initialize the TPM and read rollback indices. */
  VBPERFSTART("VB_TPMI");
@@ -122,12 +124,15 @@ int LoadFirmware(LoadFirmwareParams* params) {
      recovery = VBNV_RECOVERY_RO_TPM_ERROR;
    goto LoadFirmwareExit;
  }
  shared->fw_version_tpm_start = tpm_version;
  VBPERFEND("VB_TPMI");
  /* Read try-b count and decrement if necessary */
  VbNvGet(vnc, VBNV_TRY_B_COUNT, &try_b_count);
-  if (0 != try_b_count)
+  if (0 != try_b_count) {
    VbNvSet(vnc, VBNV_TRY_B_COUNT, try_b_count - 1);
    shared->flags |= VBSD_FWB_TRIED;
  }
  VbNvSet(vnc, VBNV_TRIED_FIRMWARE_B, try_b_count ? 1 : 0);
  /* Allocate our internal data */
@@ -146,15 +151,18 @@ int LoadFirmware(LoadFirmwareParams* params) {
    uint64_t key_version;
    uint64_t combined_version;
    uint8_t* body_digest;
    uint8_t* check_result;
    /* If try B count is non-zero try firmware B first */
    index = (try_b_count ? 1 - i : i);
    if (0 == index) {
      key_block = (VbKeyBlockHeader*)params->verification_block_0;
      vblock_size = params->verification_size_0;
      check_result = &shared->check_fw_a_result;
    } else {
      key_block = (VbKeyBlockHeader*)params->verification_block_1;
      vblock_size = params->verification_size_1;
      check_result = &shared->check_fw_b_result;
    }
    /* Check the key block flags against the current boot mode.  Do this
@@ -164,11 +172,13 @@ int LoadFirmware(LoadFirmwareParams* params) {
          (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 :
           KEY_BLOCK_FLAG_DEVELOPER_0))) {
      VBDEBUG(("Developer flag mismatch.\n"));
      *check_result = VBSD_LF_CHECK_DEV_MISMATCH;
      continue;
    }
    /* RW firmware never runs in recovery mode. */
    if (!(key_block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_0)) {
      VBDEBUG(("Recovery flag mismatch.\n"));
      *check_result = VBSD_LF_CHECK_REC_MISMATCH;
      continue;
    }
@@ -176,6 +186,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    VBPERFSTART("VB_VKB");
    if ((0 != KeyBlockVerify(key_block, vblock_size, root_key, 0))) {
      VBDEBUG(("Key block verification failed.\n"));
      *check_result = VBSD_LF_CHECK_VERIFY_KEYBLOCK;
      VBPERFEND("VB_VKB");
      continue;
    }
@@ -185,6 +196,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    key_version = key_block->data_key.key_version;
    if (key_version < (tpm_version >> 16)) {
      VBDEBUG(("Key rollback detected.\n"));
      *check_result = VBSD_LF_CHECK_KEY_ROLLBACK;
      continue;
    }
@@ -192,6 +204,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    data_key = PublicKeyToRSA(&key_block->data_key);
    if (!data_key) {
      VBDEBUG(("Unable to parse data key.\n"));
      *check_result = VBSD_LF_CHECK_DATA_KEY_PARSE;
      continue;
    }
@@ -203,6 +216,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
                                     vblock_size - key_block->key_block_size,
                                     data_key))) {
      VBDEBUG(("Preamble verfication failed.\n"));
      *check_result = VBSD_LF_CHECK_VERIFY_PREAMBLE;
      RSAPublicKeyFree(data_key);
      VBPERFEND("VB_VPB");
      continue;
@@ -214,10 +228,14 @@ int LoadFirmware(LoadFirmwareParams* params) {
                        (preamble->firmware_version & 0xFFFF));
    if (combined_version < tpm_version) {
      VBDEBUG(("Firmware version rollback detected.\n"));
      *check_result = VBSD_LF_CHECK_FW_ROLLBACK;
      RSAPublicKeyFree(data_key);
      continue;
    }
    /* Header for this firmware is valid */
    *check_result = VBSD_LF_CHECK_HEADER_VALID;
    /* Check for lowest key version from a valid header. */
    if (lowest_version > combined_version)
      lowest_version = combined_version;
@@ -234,6 +252,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    lfi->body_size_accum = 0;
    if (0 != GetFirmwareBody(params, index)) {
      VBDEBUG(("GetFirmwareBody() failed for index %d\n", index));
      *check_result = VBSD_LF_CHECK_GET_FW_BODY;
      RSAPublicKeyFree(data_key);
      VBPERFEND("VB_RFD");
      continue;
@@ -242,6 +261,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
      VBDEBUG(("Hash updated %d bytes but expected %d\n",
               (int)lfi->body_size_accum,
               (int)preamble->body_signature.data_size));
      *check_result = VBSD_LF_CHECK_HASH_WRONG_SIZE;
      RSAPublicKeyFree(data_key);
      VBPERFEND("VB_RFD");
      continue;
@@ -253,6 +273,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    body_digest = DigestFinal(&lfi->body_digest_context);
    if (0 != VerifyDigest(body_digest, &preamble->body_signature, data_key)) {
      VBDEBUG(("Firmware body verification failed.\n"));
      *check_result = VBSD_LF_CHECK_VERIFY_BODY;
      RSAPublicKeyFree(data_key);
      Free(body_digest);
      VBPERFEND("VB_VFD");
@@ -266,6 +287,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    /* If we're still here, the firmware is valid. */
    VBDEBUG(("Firmware %d is valid.\n", index));
    *check_result = VBSD_LF_CHECK_VALID;
    if (-1 == good_index) {
      /* Save the key we actually used */
      if (0 != VbSharedDataSetKernelKey(shared, &preamble->kernel_subkey)) {
@@ -312,6 +334,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
  if (good_index >= 0) {
    /* Update TPM if necessary */
    shared->fw_version_lowest = (uint32_t)lowest_version;
    if (lowest_version > tpm_version) {
      VBPERFSTART("VB_TPMU");
      status = RollbackFirmwareWrite((uint32_t)lowest_version);
@@ -341,6 +364,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
    /* Success */
    VBDEBUG(("Will boot firmware index %d\n", (int)params->firmware_index));
    shared->firmware_index = (uint8_t)params->firmware_index;
    retval = LOAD_FIRMWARE_SUCCESS;
  } else {
    /* No good firmware, so go to recovery mode. */
--- a/firmware/stub/load_firmware_stub.c
+++ b/firmware/stub/load_firmware_stub.c
@@ -99,8 +99,8 @@ int VerifyFirmwareDriver_stub(uint8_t* gbb_data,
  p.nv_context = &vnc;
  /* Allocate a shared data buffer */
-  p.shared_data_blob = Malloc(LOAD_FIRMWARE_SHARED_DATA_REC_SIZE);
+  p.shared_data_blob = Malloc(VB_SHARED_DATA_REC_SIZE);
-  p.shared_data_size = LOAD_FIRMWARE_SHARED_DATA_REC_SIZE;
+  p.shared_data_size = VB_SHARED_DATA_REC_SIZE;
  /* TODO: YOU NEED TO SET THE BOOT FLAGS SOMEHOW */
  p.boot_flags = 0;
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c
@@ -16,6 +16,7 @@
 #include "utility.h"
 #include "vboot_common.h"
 #include "vboot_nvstorage.h"
 #include "vboot_struct.h"
 /* ACPI constants from Chrome OS Main Processor Firmware Spec */
 /* GPIO signal types */
@@ -87,10 +88,23 @@
 /* A structure to contain buffer data retrieved from the ACPI. */
 typedef struct {
  int buffer_size;
-  void* buffer;
+  uint8_t* buffer;
 } AcpiBuffer;
 /* Fields that GetVdatString() can get */
 typedef enum VdatStringField {
  VDAT_STRING_TIMERS = 0,          /* Timer values */
  VDAT_STRING_LOAD_FIRMWARE_DEBUG  /* LoadFirmware() debug information */
 } VdatStringField;
 /* Fields that GetVdatInt() can get */
 typedef enum VdatIntField {
  VDAT_INT_FLAGS = 0  /* Flags */
 } VdatIntField;
 /* Copy up to dest_size-1 characters from src to dest, ensuring null
   termination (which strncpy() doesn't do).  Returns the destination
   string. */
@@ -319,7 +333,7 @@ AcpiBuffer* VbGetBuffer(const char* filename)
  do {
    struct stat fs;
-    unsigned char* output_ptr;
+    uint8_t* output_ptr;
    int rv, i, real_size;
    rv = stat(filename, &fs);
@@ -334,23 +348,18 @@ AcpiBuffer* VbGetBuffer(const char* filename)
    if (!file_buffer)
      break;
    real_size = fread(file_buffer, 1, fs.st_size, f);
    if (!real_size)
      break;
    /* each byte in the output will replace two characters and a space in the
     *  input, so the output size does not exceed input side/3 (a little less
     *  if account for newline characters).
     */
    acpi_buffer = Malloc(sizeof(AcpiBuffer) + real_size/3);
    if (!acpi_buffer)
      break;
    file_buffer[real_size] = '\0';
-    acpi_buffer->buffer = acpi_buffer + 1;
+    /* Each byte in the output will replace two characters and a space
     * in the input, so the output size does not exceed input side/3
     * (a little less if account for newline characters). */
    acpi_buffer = Malloc(sizeof(AcpiBuffer) + real_size/3);
    if (!acpi_buffer)
      break;
    acpi_buffer->buffer = (uint8_t*)(acpi_buffer + 1);
    acpi_buffer->buffer_size = 0;
    output_ptr = acpi_buffer->buffer;
@@ -604,6 +613,71 @@ int VbGetCrosDebug(void) {
 }
 char* GetVdatString(char* dest, int size, VdatStringField field)
 {
  VbSharedDataHeader* sh;
  AcpiBuffer* ab = VbGetBuffer(ACPI_VDAT_PATH);
  if (!ab)
    return NULL;
  sh = (VbSharedDataHeader*)ab->buffer;
  switch (field) {
    case VDAT_STRING_TIMERS:
      snprintf(dest, size,
               "LFS=%" PRIu64 ",%" PRIu64
               " LF=%" PRIu64 ",%" PRIu64
               " LK=%" PRIu64 ",%" PRIu64,
               sh->timer_load_firmware_start_enter,
               sh->timer_load_firmware_start_exit,
               sh->timer_load_firmware_enter,
               sh->timer_load_firmware_exit,
               sh->timer_load_kernel_enter,
               sh->timer_load_kernel_exit);
      break;
    case VDAT_STRING_LOAD_FIRMWARE_DEBUG:
      snprintf(dest, size,
               "check=%d,%d index=0x%02x tpmver=0x%x lowestver=0x%x",
               sh->check_fw_a_result,
               sh->check_fw_b_result,
               sh->firmware_index,
               sh->fw_version_tpm_start,
               sh->fw_version_lowest);
      break;
    default:
      Free(ab);
      return NULL;
  }
  Free(ab);
  return dest;
 }
 int GetVdatInt(VdatIntField field) {
  VbSharedDataHeader* sh;
  AcpiBuffer* ab = VbGetBuffer(ACPI_VDAT_PATH);
  int value = -1;
  if (!ab)
    return -1;
  sh = (VbSharedDataHeader*)ab->buffer;
  switch (field) {
    case VDAT_INT_FLAGS:
      value = (int)sh->flags;
      break;
  }
  Free(ab);
  return value;
 }
 /* Read a system property integer.
 *
 * Returns the property value, or -1 if error. */
@@ -671,37 +745,13 @@ int VbGetSystemPropertyInt(const char* name) {
    value = ReadFileInt(ACPI_FMAP_PATH);
  } else if (!strcasecmp(name,"cros_debug")) {
    value = VbGetCrosDebug();
  } else if (!strcasecmp(name,"vdat_flags")) {
    value = GetVdatInt(VDAT_INT_FLAGS);
  }
  return value;
 }
 /* This function is just an example illustrating the use of VbGetBuffer(). It
 * converts the binary contents of the buffer into a space delimetered hex
 * string. It is expected to be replaced with a function which has knowledge
 * of the buffer data structure.
 */
 char* GetVdatBuffer(void)
 {
  char* buffer, *src, *p;
  int i;
  AcpiBuffer* ab = VbGetBuffer(ACPI_VDAT_PATH);
  if (!ab)
    return NULL;
  buffer = Malloc(ab->buffer_size * 3 + 2);
  p = buffer;
  src = ab->buffer;
  for (i = 0; i < ab->buffer_size; i++) {
    snprintf(p, 4, " %2.2x", *src++);
    p += 3;
  }
  *p = '\0';
  Free(ab);
  return buffer;
 }
 /* Read a system property string into a destination buffer of the specified
 * size.
 *
@@ -745,8 +795,10 @@ const char* VbGetSystemPropertyString(const char* name, char* dest, int size) {
      default:
        return NULL;
    }
-  } else if (!strcasecmp(name, "vdat")) {
+  } else if (!strcasecmp(name, "vdat_timers")) {
-    return GetVdatBuffer();
+    return GetVdatString(dest, size, VDAT_STRING_TIMERS);
  } else if (!strcasecmp(name, "vdat_lfdebug")) {
    return GetVdatString(dest, size, VDAT_STRING_LOAD_FIRMWARE_DEBUG);
  } else
    return NULL;
 }
--- a/utility/crossystem_main.c
+++ b/utility/crossystem_main.c
@@ -11,10 +11,15 @@
 #include "crossystem.h"
 /* Flags for Param */
 #define IS_STRING      0x01  /* String (not present = integer) */
 #define CAN_WRITE      0x02  /* Writable (not present = read-only */
 #define NO_PRINT_ALL   0x04  /* Don't print contents of parameter when
                              * doing a print-all */
 typedef struct Param {
  const char* name;  /* Parameter name */
-  int is_string;     /* 0 if integer, 1 if string */
+  int flags;         /* Flags (see above) */
  int can_write;     /* 0 if read-only, 1 if writable */
  const char* desc;  /* Human-readable description */
  const char* format; /* Format string, if non-NULL and 0==is_string*/
 } Param;
@@ -22,41 +27,41 @@ typedef struct Param {
 /* List of parameters, terminated with a param with NULL name */
 const Param sys_param_list[] = {
  /* Read-only integers */
-  {"devsw_cur",  0, 0, "Developer switch current position"},
+  {"devsw_cur",  0, "Developer switch current position"},
-  {"devsw_boot", 0, 0, "Developer switch position at boot"},
+  {"devsw_boot", 0, "Developer switch position at boot"},
-  {"recoverysw_cur", 0, 0, "Recovery switch current position"},
+  {"recoverysw_cur", 0, "Recovery switch current position"},
-  {"recoverysw_boot", 0, 0, "Recovery switch position at boot"},
+  {"recoverysw_boot", 0, "Recovery switch position at boot"},
-  {"recoverysw_ec_boot", 0, 0, "Recovery switch position at EC boot"},
+  {"recoverysw_ec_boot", 0, "Recovery switch position at EC boot"},
-  {"wpsw_cur",  0, 0,
+  {"wpsw_cur", 0, "Firmware write protect hardware switch current position"},
-   "Firmware write protect hardware switch current position"},
+  {"wpsw_boot", 0, "Firmware write protect hardware switch position at boot"},
-  {"wpsw_boot", 0, 0,
+  {"recovery_reason", 0, "Recovery mode reason for current boot"},
-   "Firmware write protect hardware switch position at boot"},
+  {"savedmem_base", 0, "RAM debug data area physical address", "0x%08x"},
-  {"recovery_reason",  0, 0, "Recovery mode reason for current boot"},
+  {"savedmem_size", 0, "RAM debug data area size in bytes"},
-  {"savedmem_base", 0, 0, "RAM debug data area physical address", "0x%08x"},
+  {"fmap_base", 0, "Main firmware flashmap physical address", "0x%08x"},
-  {"savedmem_size", 0, 0, "RAM debug data area size in bytes"},
+  {"tried_fwb", 0, "Tried firmware B before A this boot"},
-  {"fmap_base", 0, 0, "Main firmware flashmap physical address", "0x%08x"},
+  {"cros_debug", 0, "OS should allow debug features"},
-  {"tried_fwb", 0, 0, "Tried firmware B before A this boot"},
+  {"vdat_flags", 0, "Flags from VbSharedData", "0x%08x"},
  {"cros_debug", 0, 0, "OS should allow debug features"},
  /* Read-only strings */
-  {"hwid", 1, 0, "Hardware ID"},
+  {"hwid", IS_STRING, "Hardware ID"},
-  {"fwid", 1, 0, "Active firmware ID"},
+  {"fwid", IS_STRING, "Active firmware ID"},
-  {"ro_fwid", 1, 0, "Read-only firmware ID"},
+  {"ro_fwid", IS_STRING, "Read-only firmware ID"},
-  {"mainfw_act", 1, 0, "Active main firmware"},
+  {"mainfw_act", IS_STRING, "Active main firmware"},
-  {"mainfw_type", 1, 0, "Active main firmware type"},
+  {"mainfw_type", IS_STRING, "Active main firmware type"},
-  {"ecfw_act", 1, 0, "Active EC firmware"},
+  {"ecfw_act", IS_STRING, "Active EC firmware"},
-  {"kernkey_vfy", 1, 0, "Type of verification done on kernel key block"},
+  {"kernkey_vfy", IS_STRING, "Type of verification done on kernel key block"},
  {"vdat_timers", IS_STRING, "Timer values from VbSharedData"},
  {"vdat_lfdebug", IS_STRING, "LoadFirmware() debug data VbSharedData"},
  /* Writable integers */
-  {"nvram_cleared", 0, 1, "Have NV settings been lost?  Write 0 to clear"},
+  {"nvram_cleared", CAN_WRITE, "Have NV settings been lost?  Write 0 to clear"},
-  {"kern_nv", 0, 1, "Non-volatile field for kernel use", "0x%08x"},
+  {"kern_nv", CAN_WRITE, "Non-volatile field for kernel use", "0x%08x"},
-  {"recovery_request", 0, 1, "Recovery mode request (writable)"},
+  {"recovery_request", CAN_WRITE, "Recovery mode request (writable)"},
-  {"dbg_reset", 0, 1, "Debug reset mode request (writable)"},
+  {"dbg_reset", CAN_WRITE, "Debug reset mode request (writable)"},
-  {"fwb_tries", 0, 1, "Try firmware B count (writable)"},
+  {"fwb_tries", CAN_WRITE, "Try firmware B count (writable)"},
-  {"vbtest_errfunc", 0, 1, "Verified boot test error function (writable)"},
+  {"vbtest_errfunc", CAN_WRITE, "Verified boot test error function (writable)"},
-  {"vbtest_errno", 0, 1, "Verified boot test error number (writable)"},
+  {"vbtest_errno", CAN_WRITE, "Verified boot test error number (writable)"},
  {"vdat", 1, 0, "Raw VDAT contents."},
  /* Terminate with null name */
-  {NULL, 0, 0, NULL}
+  {NULL, 0, NULL}
 };
@@ -98,10 +103,10 @@ const Param* FindParam(const char* name) {
 *
 * Returns 0 if success, non-zero if error. */
 int SetParam(const Param* p, const char* value) {
-  if (!p->can_write)
+  if (!(p->flags & CAN_WRITE))
    return 1;  /* Parameter is read-only */
-  if (p->is_string) {
+  if (p->flags & IS_STRING) {
    return (0 == VbSetSystemPropertyString(p->name, value) ? 0 : 1);
  } else {
    char* e;
@@ -117,7 +122,7 @@ int SetParam(const Param* p, const char* value) {
 *
 * Returns 0 if success (match), non-zero if error (mismatch). */
 int CheckParam(const Param* p, char* expect) {
-  if (p->is_string) {
+  if (p->flags & IS_STRING) {
    char buf[256];
    const char* v = VbGetSystemPropertyString(p->name, buf, sizeof(buf));
    if (!v || 0 != strcmp(v, expect))
@@ -139,7 +144,7 @@ int CheckParam(const Param* p, char* expect) {
 *
 * Returns 0 if success, non-zero if error. */
 int PrintParam(const Param* p) {
-  if (p->is_string) {
+  if (p->flags & IS_STRING) {
    char buf[256];
    const char* v = VbGetSystemPropertyString(p->name, buf, sizeof(buf));
    if (!v)
@@ -165,7 +170,9 @@ int PrintAllParams(void) {
  const char* value;
  for (p = sys_param_list; p->name; p++) {
-    if (p->is_string) {
+    if (p->flags & NO_PRINT_ALL)
      continue;
    if (p->flags & IS_STRING) {
      value = VbGetSystemPropertyString(p->name, buf, sizeof(buf));
    } else {
      int v = VbGetSystemPropertyInt(p->name);
@@ -176,7 +183,7 @@ int PrintAllParams(void) {
        value = buf;
      }
    }
-    printf("%-22s = %-20s # %s\n",
+    printf("%-22s = %-30s # %s\n",
           p->name, (value ? value : "(error)"), p->desc);
  }
  return retval;
--- a/utility/load_kernel_test.c
+++ b/utility/load_kernel_test.c
@@ -171,8 +171,8 @@ int main(int argc, char* argv[]) {
  }
  /* Initialize the shared data area */
-  lkp.shared_data_blob = Malloc(LOAD_FIRMWARE_SHARED_DATA_REC_SIZE);
+  lkp.shared_data_blob = Malloc(VB_SHARED_DATA_REC_SIZE);
-  lkp.shared_data_size = LOAD_FIRMWARE_SHARED_DATA_REC_SIZE;
+  lkp.shared_data_size = VB_SHARED_DATA_REC_SIZE;
  shared = (VbSharedDataHeader*)lkp.shared_data_blob;
  if (0 != VbSharedDataInit(shared, lkp.shared_data_size)) {
    fprintf(stderr, "Unable to init shared data\n");