Verified boot wrapper - replace utility functions

This is part 3 of the vboot wrapper API refactoring.  It replaces the
function calls to utility.c functions with new API calls.  (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)

This is a re-commit of the original; I've verified it compiles on both
x86-alex and tegra2, for both vboot_reference and
vboot_reference-firmware, now that the patch from
1c1a883bc746a6216bb634825d33d80562853020 is checked in.

BUG=chromium-os:17006
TEST=make && make runtests, and emerged on both x86-alex and tegra2

Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc)

Change-Id: Iefdbfb3d10eb9aa385fb6dfc3bf0896f637cb64b
Reviewed-on: http://gerrit.chromium.org/gerrit/3582
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>

15 files changed, 83 insertions, 137 deletions

diff --git a/firmware/include/utility.h b/firmware/include/utility.h
index 3de8bb8a..2ad853ed 100644
--- a/firmware/include/utility.h
+++ b/firmware/include/utility.h
@@ -14,7 +14,7 @@
 
 /* Debug and error output */
 #ifdef VBOOT_DEBUG
-#define VBDEBUG(params) debug params
+#define VBDEBUG(params) VbExDebug params
 #else
 #define VBDEBUG(params)
 #endif
@@ -35,16 +35,10 @@
 #define VBPERFEND(name)
 #endif
 
-/* Outputs an error message and quits. */
-void error(const char* format, ...);
-
-/* Outputs debug/warning messages. */
-void debug(const char* format, ...);
-
 #ifdef VBOOT_DEBUG
 #define VbAssert(expr) do { if (!(expr)) { \
-      error("assert fail: %s at %s:%d\n", \
-            #expr, __FILE__, __LINE__); }} while(0)
+    VbExError("assert fail: %s at %s:%d\n", \
+              #expr, __FILE__, __LINE__); }} while(0)
 #else
 #define VbAssert(expr)
 #endif
@@ -57,14 +51,6 @@ void debug(const char* format, ...);
 /* Return the minimum of (a) or (b). */
 #define Min(a, b) (((a) < (b)) ? (a) : (b))
 
-/* Allocate [size] bytes and return a pointer to the allocated memory. Abort
- * on error.
- */
-void* Malloc(size_t size);
-
-/* Free memory pointed by [ptr] previously allocated by Malloc(). */
-void Free(void* ptr);
-
 /* Compare [n] bytes in [src1] and [src2]
  * Returns an integer less than, equal to, or greater than zero if the first [n]
  * bytes of [src1] is found, respectively, to be less than, to match, or be
@@ -96,18 +82,4 @@ int SafeMemcmp(const void* s1, const void* s2, size_t n);
 #define memset _do_not_use_standard_memset
 #endif
 
-/* Read a high-resolution timer. */
-uint64_t VbGetTimer(void);
-
-/* Return the maximum frequency for the high-resolution timer, in Hz.
- *
- * Note that this call MUST be fast; the implementation must not
- * attempt to actually measure the frequency.  This function need only
- * return an upper bound for the timer frequency, so that minimum
- * delays can be established.  For example, if the same BIOS can run
- * on CPUs where the timer frequency varies between 1.2GHz and 1.8GHz,
- * return 1800000000 (or even 2000000000). */
-uint64_t VbGetTimerMaxFreq(void);
-
-
 #endif  /* VBOOT_REFERENCE_UTILITY_H_ */
diff --git a/firmware/lib/cgptlib/cgptlib.c b/firmware/lib/cgptlib/cgptlib.c
index e1da7f44..2dcb46df 100644
--- a/firmware/lib/cgptlib/cgptlib.c
+++ b/firmware/lib/cgptlib/cgptlib.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
@@ -8,6 +8,7 @@
 #include "crc32.h"
 #include "gpt.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 int GptInit(GptData *gpt) {
   int retval;
diff --git a/firmware/lib/cryptolib/include/sha.h b/firmware/lib/cryptolib/include/sha.h
index 8beb296b..a8164710 100644
--- a/firmware/lib/cryptolib/include/sha.h
+++ b/firmware/lib/cryptolib/include/sha.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
@@ -107,7 +107,7 @@ typedef struct DigestContext {
 
 /* Initialize a digest context for use with signature algorithm [algorithm]. */
 void DigestInit(DigestContext* ctx, int sig_algorithm);
-void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint64_t len);
+void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint32_t len);
 
 /* Caller owns the returned digest and must free it. */
 uint8_t* DigestFinal(DigestContext* ctx);
diff --git a/firmware/lib/cryptolib/rsa.c b/firmware/lib/cryptolib/rsa.c
index 1dbf92c3..d552e13e 100644
--- a/firmware/lib/cryptolib/rsa.c
+++ b/firmware/lib/cryptolib/rsa.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
@@ -9,6 +9,7 @@
  */
 
 #include "cryptolib.h"
+#include "vboot_api.h"
 #include "utility.h"
 
 /* a[] -= mod */
@@ -77,9 +78,9 @@ static void montMul(const RSAPublicKey *key,
  */
 static void modpowF4(const RSAPublicKey *key,
                     uint8_t* inout) {
-  uint32_t* a = (uint32_t*) Malloc(key->len * sizeof(uint32_t));
-  uint32_t* aR = (uint32_t*) Malloc(key->len * sizeof(uint32_t));
-  uint32_t* aaR = (uint32_t*) Malloc(key->len * sizeof(uint32_t));
+  uint32_t* a = (uint32_t*) VbExMalloc(key->len * sizeof(uint32_t));
+  uint32_t* aR = (uint32_t*) VbExMalloc(key->len * sizeof(uint32_t));
+  uint32_t* aaR = (uint32_t*) VbExMalloc(key->len * sizeof(uint32_t));
 
   uint32_t* aaa = aaR;  /* Re-use location. */
   int i;
@@ -116,9 +117,9 @@ static void modpowF4(const RSAPublicKey *key,
     *inout++ = (uint8_t)(tmp >>  0);
   }
 
-  Free(a);
-  Free(aR);
-  Free(aaR);
+  VbExFree(a);
+  VbExFree(aR);
+  VbExFree(aaR);
 }
 
 /* Verify a RSA PKCS1.5 signature against an expected hash.
@@ -152,7 +153,7 @@ int RSAVerify(const RSAPublicKey *key,
     return 0;
   }
 
-  buf = (uint8_t*) Malloc(sig_len);
+  buf = (uint8_t*) VbExMalloc(sig_len);
   if (!buf)
     return 0;
   Memcpy(buf, sig, sig_len);
@@ -177,7 +178,7 @@ int RSAVerify(const RSAPublicKey *key,
     VBDEBUG(("In RSAVerify(): Hash check failed!\n"));
     success  = 0;
   }
-  Free(buf);
+  VbExFree(buf);
 
   return success;
 }
diff --git a/firmware/lib/cryptolib/rsa_utility.c b/firmware/lib/cryptolib/rsa_utility.c
index cc653c68..b227b060 100644
--- a/firmware/lib/cryptolib/rsa_utility.c
+++ b/firmware/lib/cryptolib/rsa_utility.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -8,11 +8,12 @@
 #include "cryptolib.h"
 #include "stateful_util.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 uint64_t RSAProcessedKeySize(uint64_t algorithm, uint64_t* out_size) {
-  uint64_t key_len; /* Key length in bytes. */
+  int key_len; /* Key length in bytes.  (int type matches siglen_map) */
   if (algorithm < kNumAlgorithms) {
-    key_len =  siglen_map[algorithm];
+    key_len = siglen_map[algorithm];
     /* Total size needed by a RSAPublicKey structure is =
      *  2 * key_len bytes for the  n and rr arrays
      *  + sizeof len + sizeof n0inv.
@@ -24,7 +25,7 @@ uint64_t RSAProcessedKeySize(uint64_t algorithm, uint64_t* out_size) {
 }
 
 RSAPublicKey* RSAPublicKeyNew(void) {
-  RSAPublicKey* key = (RSAPublicKey*) Malloc(sizeof(RSAPublicKey));
+  RSAPublicKey* key = (RSAPublicKey*) VbExMalloc(sizeof(RSAPublicKey));
   key->n = NULL;
   key->rr = NULL;
   return key;
@@ -32,9 +33,9 @@ RSAPublicKey* RSAPublicKeyNew(void) {
 
 void RSAPublicKeyFree(RSAPublicKey* key) {
   if (key) {
-    Free(key->n);
-    Free(key->rr);
-    Free(key);
+    VbExFree(key->n);
+    VbExFree(key->rr);
+    VbExFree(key);
   }
 }
 
@@ -59,8 +60,8 @@ RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, uint64_t len) {
     return NULL;
   }
 
-  key->n = (uint32_t*) Malloc(key_len);
-  key->rr = (uint32_t*) Malloc(key_len);
+  key->n = (uint32_t*) VbExMalloc(key_len);
+  key->rr = (uint32_t*) VbExMalloc(key_len);
 
   StatefulMemcpy(&st, &key->n0inv, sizeof(key->n0inv));
   StatefulMemcpy(&st, key->n, key_len);
@@ -106,7 +107,7 @@ int RSAVerifyBinary_f(const uint8_t* key_blob,
   success = RSAVerify(verification_key, sig, (uint32_t)sig_size,
                       (uint8_t)algorithm, digest);
 
-  Free(digest);
+  VbExFree(digest);
   if (!key)
     RSAPublicKeyFree(verification_key);  /* Only free if we allocated it. */
   return success;
diff --git a/firmware/lib/cryptolib/sha_utility.c b/firmware/lib/cryptolib/sha_utility.c
index 4e266f7c..bec7209c 100644
--- a/firmware/lib/cryptolib/sha_utility.c
+++ b/firmware/lib/cryptolib/sha_utility.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -7,26 +7,27 @@
 
 #include "cryptolib.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 void DigestInit(DigestContext* ctx, int sig_algorithm) {
   ctx->algorithm = hash_type_map[sig_algorithm];
   switch(ctx->algorithm) {
     case SHA1_DIGEST_ALGORITHM:
-      ctx->sha1_ctx = (SHA1_CTX*) Malloc(sizeof(SHA1_CTX));
+      ctx->sha1_ctx = (SHA1_CTX*) VbExMalloc(sizeof(SHA1_CTX));
       SHA1_init(ctx->sha1_ctx);
       break;
     case SHA256_DIGEST_ALGORITHM:
-      ctx->sha256_ctx = (SHA256_CTX*) Malloc(sizeof(SHA256_CTX));
+      ctx->sha256_ctx = (SHA256_CTX*) VbExMalloc(sizeof(SHA256_CTX));
       SHA256_init(ctx->sha256_ctx);
       break;
     case SHA512_DIGEST_ALGORITHM:
-      ctx->sha512_ctx = (SHA512_CTX*) Malloc(sizeof(SHA512_CTX));
+      ctx->sha512_ctx = (SHA512_CTX*) VbExMalloc(sizeof(SHA512_CTX));
       SHA512_init(ctx->sha512_ctx);
       break;
   };
 }
 
-void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint64_t len) {
+void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint32_t len) {
   switch(ctx->algorithm) {
     case SHA1_DIGEST_ALGORITHM:
       SHA1_update(ctx->sha1_ctx, data, len);
@@ -44,26 +45,27 @@ uint8_t* DigestFinal(DigestContext* ctx) {
   uint8_t* digest = NULL;
   switch(ctx->algorithm) {
     case SHA1_DIGEST_ALGORITHM:
-      digest = (uint8_t*) Malloc(SHA1_DIGEST_SIZE);
+      digest = (uint8_t*) VbExMalloc(SHA1_DIGEST_SIZE);
       Memcpy(digest, SHA1_final(ctx->sha1_ctx), SHA1_DIGEST_SIZE);
-      Free(ctx->sha1_ctx);
+      VbExFree(ctx->sha1_ctx);
       break;
     case SHA256_DIGEST_ALGORITHM:
-      digest = (uint8_t*) Malloc(SHA256_DIGEST_SIZE);
+      digest = (uint8_t*) VbExMalloc(SHA256_DIGEST_SIZE);
       Memcpy(digest, SHA256_final(ctx->sha256_ctx), SHA256_DIGEST_SIZE);
-      Free(ctx->sha256_ctx);
+      VbExFree(ctx->sha256_ctx);
       break;
     case SHA512_DIGEST_ALGORITHM:
-      digest = (uint8_t*) Malloc(SHA512_DIGEST_SIZE);
+      digest = (uint8_t*) VbExMalloc(SHA512_DIGEST_SIZE);
       Memcpy(digest, SHA512_final(ctx->sha512_ctx), SHA512_DIGEST_SIZE);
-      Free(ctx->sha512_ctx);
+      VbExFree(ctx->sha512_ctx);
       break;
   };
   return digest;
 }
 
 uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm) {
-  uint8_t* digest = (uint8_t*) Malloc(SHA512_DIGEST_SIZE); /* Use the max. */
+  /* Allocate enough space for the largest digest */
+  uint8_t* digest = (uint8_t*) VbExMalloc(SHA512_DIGEST_SIZE);
   /* Define an array mapping [sig_algorithm] to function pointers to the
    * SHA{1|256|512} functions.
    */
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index 27b61650..153bce2d 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -7,11 +7,11 @@
  */
 
 #include "rollback_index.h"
-
 #include "tlcl.h"
 #include "tpm_bootmode.h"
 #include "tss_constants.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 static int g_rollback_recovery_mode = 0;
 
diff --git a/firmware/lib/tpm_bootmode.c b/firmware/lib/tpm_bootmode.c
index 13371c40..f9a9beca 100644
--- a/firmware/lib/tpm_bootmode.c
+++ b/firmware/lib/tpm_bootmode.c
@@ -9,6 +9,7 @@
 
 #include "tlcl.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 /* TPM PCR to use for storing boot mode measurements. */
 #define BOOT_MODE_PCR 0
diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c
index 3fbcd1e7..5c623b6f 100644
--- a/firmware/lib/tpm_lite/tlcl.c
+++ b/firmware/lib/tpm_lite/tlcl.c
@@ -19,6 +19,7 @@
 #include "tlcl_internal.h"
 #include "tlcl_structures.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 /* Sets the size field of a TPM command. */
 static INLINE void SetTpmCommandSize(uint8_t* buffer, uint32_t size) {
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index a20e16fb..81e2597b 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -7,6 +7,7 @@
  */
 
 
+#include "vboot_api.h"
 #include "vboot_common.h"
 #include "utility.h"
 
@@ -231,7 +232,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
                                 SHA512_DIGEST_ALGORITHM);
     rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig),
                     SHA512_DIGEST_SIZE);
-    Free(header_checksum);
+    VbExFree(header_checksum);
     if (rv) {
       VBDEBUG(("Invalid key block hash.\n"));
       return VBOOT_KEY_BLOCK_HASH;
diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c
index d56cba77..40ddf4cb 100644
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -11,6 +11,7 @@
 #include "rollback_index.h"
 #include "tpm_bootmode.h"
 #include "utility.h"
+#include "vboot_api.h"
 #include "vboot_common.h"
 #include "vboot_nvstorage.h"
 
@@ -77,7 +78,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
     recovery = VBNV_RECOVERY_RO_SHARED_DATA;
     goto LoadFirmwareExit;
   }
-  shared->timer_load_firmware_enter = VbGetTimer();
+  shared->timer_load_firmware_enter = VbExGetTimer();
 
   /* Handle test errors */
   VbNvGet(vnc, VBNV_TEST_ERROR_FUNC, &test_err);
@@ -136,7 +137,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
   }
 
   /* Allocate our internal data */
-  lfi = (VbLoadFirmwareInternal*)Malloc(sizeof(VbLoadFirmwareInternal));
+  lfi = (VbLoadFirmwareInternal*)VbExMalloc(sizeof(VbLoadFirmwareInternal));
   if (!lfi)
     return LOAD_FIRMWARE_RECOVERY;
 
@@ -275,7 +276,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
       VBDEBUG(("Firmware body verification failed.\n"));
       *check_result = VBSD_LF_CHECK_VERIFY_BODY;
       RSAPublicKeyFree(data_key);
-      Free(body_digest);
+      VbExFree(body_digest);
       VBPERFEND("VB_VFD");
       continue;
     }
@@ -283,7 +284,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
 
     /* Done with the digest and data key, so can free them now */
     RSAPublicKeyFree(data_key);
-    Free(body_digest);
+    VbExFree(body_digest);
 
     /* If we're still here, the firmware is valid. */
     VBDEBUG(("Firmware %d is valid.\n", index));
@@ -327,7 +328,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
   }
 
   /* Free internal data */
-  Free(lfi);
+  VbExFree(lfi);
   params->load_firmware_internal = NULL;
 
   /* Handle finding good firmware */
@@ -390,7 +391,7 @@ LoadFirmwareExit:
           recovery : VBNV_RECOVERY_NOT_REQUESTED);
   VbNvTeardown(vnc);
 
-  shared->timer_load_firmware_exit = VbGetTimer();
+  shared->timer_load_firmware_exit = VbExGetTimer();
 
   /* Note that we don't reduce params->shared_data_size to shared->data_used,
    * since we want to leave space for LoadKernel() to add to the shared data
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index a1ddd176..da9fb2c1 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -6,8 +6,6 @@
  * (Firmware portion)
  */
 
-#include "vboot_kernel.h"
-
 #include "boot_device.h"
 #include "cgptlib.h"
 #include "cgptlib_internal.h"
@@ -15,7 +13,9 @@
 #include "load_kernel_fw.h"
 #include "rollback_index.h"
 #include "utility.h"
+#include "vboot_api.h"
 #include "vboot_common.h"
+#include "vboot_kernel.h"
 
 #define KBUF_SIZE 65536  /* Bytes to read at start of kernel partition */
 #define LOWEST_TPM_VERSION 0xffffffff
@@ -40,10 +40,10 @@ int AllocAndReadGptData(GptData* gptdata) {
   gptdata->modified = 0;
 
   /* Allocate all buffers */
-  gptdata->primary_header = (uint8_t*)Malloc(gptdata->sector_bytes);
-  gptdata->secondary_header = (uint8_t*)Malloc(gptdata->sector_bytes);
-  gptdata->primary_entries = (uint8_t*)Malloc(TOTAL_ENTRIES_SIZE);
-  gptdata->secondary_entries = (uint8_t*)Malloc(TOTAL_ENTRIES_SIZE);
+  gptdata->primary_header = (uint8_t*)VbExMalloc(gptdata->sector_bytes);
+  gptdata->secondary_header = (uint8_t*)VbExMalloc(gptdata->sector_bytes);
+  gptdata->primary_entries = (uint8_t*)VbExMalloc(TOTAL_ENTRIES_SIZE);
+  gptdata->secondary_entries = (uint8_t*)VbExMalloc(TOTAL_ENTRIES_SIZE);
 
   if (gptdata->primary_header == NULL || gptdata->secondary_header == NULL ||
       gptdata->primary_entries == NULL || gptdata->secondary_entries == NULL)
@@ -79,7 +79,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
       if (0 != BootDeviceWriteLBA(1, 1, gptdata->primary_header))
         return 1;
     }
-    Free(gptdata->primary_header);
+    VbExFree(gptdata->primary_header);
   }
 
   if (gptdata->primary_entries) {
@@ -89,7 +89,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
                                   gptdata->primary_entries))
         return 1;
     }
-    Free(gptdata->primary_entries);
+    VbExFree(gptdata->primary_entries);
   }
 
   if (gptdata->secondary_entries) {
@@ -99,7 +99,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
                                   entries_sectors, gptdata->secondary_entries))
         return 1;
     }
-    Free(gptdata->secondary_entries);
+    VbExFree(gptdata->secondary_entries);
   }
 
   if (gptdata->secondary_header) {
@@ -109,7 +109,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
                                   gptdata->secondary_header))
         return 1;
     }
-    Free(gptdata->secondary_header);
+    VbExFree(gptdata->secondary_header);
   }
 
   /* Success */
@@ -142,7 +142,7 @@ int LoadKernel(LoadKernelParams* params) {
 
   int retval = LOAD_KERNEL_RECOVERY;
   int recovery = VBNV_RECOVERY_RO_UNSPECIFIED;
-  uint64_t timer_enter = VbGetTimer();
+  uint64_t timer_enter = VbExGetTimer();
 
   /* Setup NV storage */
   VbNvSetup(vnc);
@@ -300,7 +300,7 @@ int LoadKernel(LoadKernelParams* params) {
     }
 
     /* Allocate kernel header buffers */
-    kbuf = (uint8_t*)Malloc(KBUF_SIZE);
+    kbuf = (uint8_t*)VbExMalloc(KBUF_SIZE);
     if (!kbuf)
       break;
 
@@ -585,7 +585,7 @@ int LoadKernel(LoadKernelParams* params) {
 
   /* Free kernel buffer */
   if (kbuf)
-    Free(kbuf);
+    VbExFree(kbuf);
 
   /* Write and free GPT data */
   WriteAndFreeGptData(&gpt);
@@ -665,7 +665,7 @@ LoadKernelExit:
 
     /* Save timer values */
     shared->timer_load_kernel_enter = timer_enter;
-    shared->timer_load_kernel_exit = VbGetTimer();
+    shared->timer_load_kernel_exit = VbExGetTimer();
     /* Store how much shared data we used, if any */
     params->shared_data_size = shared->data_used;
   }
diff --git a/firmware/stub/load_firmware_stub.c b/firmware/stub/load_firmware_stub.c
index 26ce3d50..bdae981c 100644
--- a/firmware/stub/load_firmware_stub.c
+++ b/firmware/stub/load_firmware_stub.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -9,6 +9,7 @@
 
 #include "load_firmware_fw.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 #define  BOOT_FIRMWARE_A_CONTINUE 1
 #define  BOOT_FIRMWARE_B_CONTINUE 2
@@ -99,7 +100,7 @@ int VerifyFirmwareDriver_stub(uint8_t* gbb_data,
   p.nv_context = &vnc;
 
   /* Allocate a shared data buffer */
-  p.shared_data_blob = Malloc(VB_SHARED_DATA_REC_SIZE);
+  p.shared_data_blob = VbExMalloc(VB_SHARED_DATA_REC_SIZE);
   p.shared_data_size = VB_SHARED_DATA_REC_SIZE;
 
   /* TODO: YOU NEED TO SET THE BOOT FLAGS SOMEHOW */
diff --git a/firmware/stub/tpm_lite_stub.c b/firmware/stub/tpm_lite_stub.c
index ddb5d222..0317f933 100644
--- a/firmware/stub/tpm_lite_stub.c
+++ b/firmware/stub/tpm_lite_stub.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -10,6 +10,7 @@
 #include "tlcl.h"
 #include "tlcl_internal.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 #include <errno.h>
 #include <fcntl.h>
@@ -56,22 +57,22 @@ static void TpmExecute(const uint8_t *in, const uint32_t in_len,
                 uint8_t *out, uint32_t *pout_len) {
   uint8_t response[TPM_MAX_COMMAND_SIZE];
   if (in_len <= 0) {
-    error("invalid command length %d for command 0x%x\n", in_len, in[9]);
+    VbExError("invalid command length %d for command 0x%x\n", in_len, in[9]);
   } else if (tpm_fd < 0) {
-    error("the TPM device was not opened.  Forgot to call TlclLibInit?\n");
+    VbExError("the TPM device was not opened.  Forgot to call TlclLibInit?\n");
   } else {
     int n = write(tpm_fd, in, in_len);
     if (n != in_len) {
-      error("write failure to TPM device: %s\n", strerror(errno));
+      VbExError("write failure to TPM device: %s\n", strerror(errno));
     }
     n = read(tpm_fd, response, sizeof(response));
     if (n == 0) {
-      error("null read from TPM device\n");
+      VbExError("null read from TPM device\n");
     } else if (n < 0) {
-      error("read failure from TPM device: %s\n", strerror(errno));
+      VbExError("read failure from TPM device: %s\n", strerror(errno));
     } else {
       if (n > *pout_len) {
-        error("TPM response too long for output buffer\n");
+        VbExError("TPM response too long for output buffer\n");
       } else {
         *pout_len = n;
         Memcpy(out, response, n);
@@ -126,7 +127,8 @@ uint32_t TlclOpenDevice(void) {
 
   tpm_fd = open(device_path, O_RDWR);
   if (tpm_fd < 0) {
-    error("TPM: Cannot open TPM device %s: %s\n", device_path, strerror(errno));
+    VbExError("TPM: Cannot open TPM device %s: %s\n", device_path,
+              strerror(errno));
   }
 
   return 0;
diff --git a/firmware/stub/utility_stub.c b/firmware/stub/utility_stub.c
index 2d56f72b..489b0f72 100644
--- a/firmware/stub/utility_stub.c
+++ b/firmware/stub/utility_stub.c
@@ -15,50 +15,12 @@
 #include <string.h>
 #include <sys/time.h>
 
-void error(const char *format, ...) {
-  va_list ap;
-  va_start(ap, format);
-  fprintf(stderr, "ERROR: ");
-  vfprintf(stderr, format, ap);
-  va_end(ap);
-  exit(1);
-}
-
-void debug(const char *format, ...) {
-  va_list ap;
-  va_start(ap, format);
-  fprintf(stderr, "DEBUG: ");
-  vfprintf(stderr, format, ap);
-  va_end(ap);
-}
-
-void* Malloc(size_t size) {
-  void* p = malloc(size);
-  if (!p) {
-    /* Fatal Error. We must abort. */
-    abort();
-  }
-  return p;
-}
-
-void Free(void* ptr) {
-  free(ptr);
-}
 
 int Memcmp(const void* src1, const void* src2, size_t n) {
   return memcmp(src1, src2, n);
 }
 
+
 void* Memcpy(void* dest, const void* src, uint64_t n) {
   return memcpy(dest, src, (size_t)n);
 }
-
-uint64_t VbGetTimer(void) {
-  struct timeval tv;
-  gettimeofday(&tv, NULL);
-  return (uint64_t)tv.tv_sec * 1000000 + (uint64_t)tv.tv_usec;
-}
-
-uint64_t VbGetTimerMaxFreq(void) {
-  return UINT64_C(1000000);
-}