scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-25 02:35:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
18e03706df6ab4256a89f4e578ecf0f165641c8a
OpenCellular/firmware/lib/include/vboot_kernel.h
Luigi Semenzato a53a0b040f vboot: use recovery button as dev mode switch confirmation 
We don't allow ENTER from a USB keyboard as the confirmation
in the switch from normal to developer mode.

For devices that have a physical recovery button, we require
a recovery button press instead.  For other devices, we
require that ENTER be pressed on the internal keyboard.

This prevents an "evil keyboard" attack in which a USB keyboard
(or other USB device pretending to be a keyboard) sends a
control-D/ENTER sequence shortly after every boot (followed
by more evil keys).  In that situation, when users power-on in
recovery mode, they will be forced to dev mode even if it
was not their intention.  Further attacks are easy at
that point.

TESTING.  On a panther device:

1. powered on with recovery button pressed -> booted in recovery mode
2. pressed control-D on external USB keyboard -> got to ToDev? screen
3. pressed ENTER -> system beeped
4. pressed recovery button -> system rebooted in DEV mode

... all as expected

Also:

1. powered on with recovery button pressed and HELD recovery button
2. pressed control-D -> system beeped

BUG=chrome-os-partner:21729
TEST=manual (see commit message)
BRANCH=none
CQ-DEPEND=CL:182420,CL:182946,CL:182357

Change-Id: Ib986d00d4567c2d447f8bbff0e5ccfec94596aa7
Reviewed-on: https://chromium-review.googlesource.com/182241
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
2014-01-19 04:14:59 +00:00

88 lines
2.5 KiB
C
Raw Blame History

/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Data structure and API definitions for a verified boot kernel image.
* (Firmware Portion)
*/
#ifndef VBOOT_REFERENCE_VBOOT_KERNEL_H_
#define VBOOT_REFERENCE_VBOOT_KERNEL_H_
#include "cgptlib.h"
#include "load_firmware_fw.h"
#include "load_kernel_fw.h"
#include "vboot_api.h"
/**
* Allocate and read GPT data from the drive. The sector_bytes and
* drive_sectors fields should be filled on input. The primary and secondary
* header and entries are filled on output.
*
* Returns 0 if successful, 1 if error.
*/
int AllocAndReadGptData(VbExDiskHandle_t disk_handle, GptData *gptdata);
/**
* Write any changes for the GPT data back to the drive, then free the buffers.
*/
int WriteAndFreeGptData(VbExDiskHandle_t disk_handle, GptData *gptdata);
/**
* Accessors for unit tests only.
*/
VbNvContext *VbApiKernelGetVnc(void);
/**
* Exported for unit tests only - frees memory used by VbSelectAndLoadKernel()
*/
void VbApiKernelFree(VbCommonParams *cparams);
/**
* Try to load a kernel.
*/
uint32_t VbTryLoadKernel(VbCommonParams *cparams, LoadKernelParams *p,
uint32_t get_info_flags);
/* Flags for VbUserConfirms() */
#define VB_CONFIRM_MUST_TRUST_KEYBOARD (1 << 0)
#define VB_CONFIRM_SPACE_MEANS_NO (1 << 1)
/**
* Ask the user to confirm something.
*
* We should display whatever the question is first, then call this. ESC is
* always "no", ENTER is always "yes", and we'll specify what SPACE means. We
* don't return until one of those keys is pressed, or until asked to shut
* down.
*
* Additionally, in some situations we don't accept confirmations from an
* untrusted keyboard (such as a USB device). In those cases, a recovery
* button press is needed for confirmation, instead of ENTER.
*
* Returns: 1=yes, 0=no, -1 = shutdown.
*/
int VbUserConfirms(VbCommonParams *cparams, uint32_t confirm_flags);
/**
* Handle a normal boot.
*/
VbError_t VbBootNormal(VbCommonParams *cparams, LoadKernelParams *p);
/**
* Handle a developer-mode boot.
*/
VbError_t VbBootDeveloper(VbCommonParams *cparams, LoadKernelParams *p);
/**
* Handle a recovery-mode boot.
*/
VbError_t VbBootRecovery(VbCommonParams *cparams, LoadKernelParams *p);
/**
* Sync EC firmware to expected version.
*/
VbError_t VbEcSoftwareSync(VbCommonParams *cparams);
#endif /* VBOOT_REFERENCE_VBOOT_KERNEL_H_ */
Reference in New Issue View Git Blame Copy Permalink