Add GBB flags to enable dev mode by default

And enable dev_boot_usb by default.
And disable rollback checks.

The first flag is necessary for factory to build with keyboard
controlled dev mode.  The other flags are really handy for development
on systems where you've defeated firmware WP and are installing custom
firmware.

BUG=chromium-os:31844
TEST=make && make runtests

Signed-off-by: Randall Spangler <rspangler@chromium.org>

Change-Id: I9d837fee676cb0186ea98f13005ad60a9ab86393
Reviewed-on: https://gerrit.chromium.org/gerrit/25265
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Ready: Randall Spangler <rspangler@chromium.org>

6 files changed, 62 insertions, 14 deletions

diff --git a/firmware/include/gbb_header.h b/firmware/include/gbb_header.h
index 7f9b0005..a3204e32 100644
--- a/firmware/include/gbb_header.h
+++ b/firmware/include/gbb_header.h
@@ -43,6 +43,13 @@
 /* The factory flow may need the BIOS to boot a non-ChromeOS kernel if the
  * dev-switch is on. This flag allows that. */
 #define GBB_FLAG_ENABLE_ALTERNATE_OS      0x00000004
+/* Force dev switch on, regardless of physical/keyboard dev switch position. */
+#define GBB_FLAG_FORCE_DEV_SWITCH_ON      0x00000008
+/* Allow booting from USB in dev mode even if dev_boot_usb=0. */
+#define GBB_FLAG_FORCE_DEV_BOOT_USB       0x00000010
+/* Disable firmware rollback protection. */
+#define GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK  0x00000020
+
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/firmware/lib/vboot_api_init.c b/firmware/lib/vboot_api_init.c
index bff57bd5..78f451fd 100644
--- a/firmware/lib/vboot_api_init.c
+++ b/firmware/lib/vboot_api_init.c
@@ -127,7 +127,9 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
     /* We may be asked to clear the virtual dev-switch at boot. */
     VbNvGet(&vnc, VBNV_DISABLE_DEV_REQUEST, &disable_dev_request);
 
-    /* FIXME: How about a GBB flag to force dev-switch on? */
+    /* Allow GBB flag to override dev switch */
+    if (gbb->flags & GBB_FLAG_FORCE_DEV_SWITCH_ON)
+      is_hw_dev = 1;
 
     VBPERFSTART("VB_TPMI");
     /* Initialize the TPM. If the developer mode state has changed since the
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index b0a04ac4..6e02380e 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -116,6 +116,7 @@ VbError_t VbBootNormal(VbCommonParams* cparams, LoadKernelParams* p) {
 
 /* Handle a developer-mode boot */
 VbError_t VbBootDeveloper(VbCommonParams* cparams, LoadKernelParams* p) {
+  GoogleBinaryBlockHeader* gbb = (GoogleBinaryBlockHeader*)cparams->gbb_data;
   uint32_t allow_usb = 0;
   VbAudioContext* audio = 0;
 
@@ -123,6 +124,9 @@ VbError_t VbBootDeveloper(VbCommonParams* cparams, LoadKernelParams* p) {
 
   /* Check if USB booting is allowed */
   VbNvGet(&vnc, VBNV_DEV_BOOT_USB, &allow_usb);
+  /* Handle GBB flag override */
+  if (gbb->flags & GBB_FLAG_FORCE_DEV_BOOT_USB)
+    allow_usb = 1;
 
   /* Show the dev mode warning screen */
   VbDisplayScreen(cparams, VB_SCREEN_DEVELOPER_WARNING, 0, &vnc);
diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c
index 3f9f64fc..ed9d3bc0 100644
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -131,17 +131,19 @@ int LoadFirmware(VbCommonParams* cparams, VbSelectFirmwareParams* fparams,
 
     /* Check for rollback of key version. */
     key_version = key_block->data_key.key_version;
-    if (key_version < (shared->fw_version_tpm >> 16)) {
-      VBDEBUG(("Key rollback detected.\n"));
-      *check_result = VBSD_LF_CHECK_KEY_ROLLBACK;
-      continue;
-    }
-    if (key_version > 0xFFFF) {
-      /* Key version is stored in 16 bits in the TPM, so key versions greater
-       * than 0xFFFF can't be stored properly. */
-      VBDEBUG(("Key version > 0xFFFF.\n"));
-      *check_result = VBSD_LF_CHECK_KEY_ROLLBACK;
-      continue;
+    if (!(gbb->flags & GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)) {
+      if (key_version < (shared->fw_version_tpm >> 16)) {
+        VBDEBUG(("Key rollback detected.\n"));
+        *check_result = VBSD_LF_CHECK_KEY_ROLLBACK;
+        continue;
+      }
+      if (key_version > 0xFFFF) {
+        /* Key version is stored in 16 bits in the TPM, so key versions greater
+         * than 0xFFFF can't be stored properly. */
+        VBDEBUG(("Key version > 0xFFFF.\n"));
+        *check_result = VBSD_LF_CHECK_KEY_ROLLBACK;
+        continue;
+      }
     }
 
     /* Get the key for preamble/data verification from the key block. */
@@ -170,7 +172,8 @@ int LoadFirmware(VbCommonParams* cparams, VbSelectFirmwareParams* fparams,
     /* Check for rollback of firmware version. */
     combined_version = (uint32_t)((key_version << 16) |
                                   (preamble->firmware_version & 0xFFFF));
-    if (combined_version < shared->fw_version_tpm) {
+    if (combined_version < shared->fw_version_tpm &&
+        !(gbb->flags & GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)) {
       VBDEBUG(("Firmware version rollback detected.\n"));
       *check_result = VBSD_LF_CHECK_FW_ROLLBACK;
       RSAPublicKeyFree(data_key);
diff --git a/tests/vboot_api_init_tests.c b/tests/vboot_api_init_tests.c
index ec1e7fa9..28a43d88 100644
--- a/tests/vboot_api_init_tests.c
+++ b/tests/vboot_api_init_tests.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -211,6 +211,19 @@ static void VbInitTest(void) {
           VB_INIT_OUT_ENABLE_ALTERNATE_OS, "  out flags");
   TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, "  shared flags");
 
+  /* Developer mode forced by GBB flag */
+  ResetMocks();
+  iparams.flags = 0;
+  gbb.flags = GBB_FLAG_FORCE_DEV_SWITCH_ON;
+  TestVbInit(0, 0, "Dev mode via GBB");
+  TEST_EQ(shared->recovery_reason, 0, "  recovery reason");
+  TEST_EQ(iparams.out_flags,
+          VB_INIT_OUT_CLEAR_RAM |
+          VB_INIT_OUT_ENABLE_DISPLAY |
+          VB_INIT_OUT_ENABLE_USB_STORAGE |
+          VB_INIT_OUT_ENABLE_ALTERNATE_OS, "  out flags");
+  TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, "  shared flags");
+
   /* Recovery mode from NV storage */
   ResetMocks();
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
diff --git a/tests/vboot_firmware_tests.c b/tests/vboot_firmware_tests.c
index 7a023226..0443b061 100644
--- a/tests/vboot_firmware_tests.c
+++ b/tests/vboot_firmware_tests.c
@@ -253,6 +253,14 @@ static void LoadFirmwareTest(void) {
   TEST_EQ(shared->check_fw_b_result, VBSD_LF_CHECK_DATA_KEY_PARSE,
           "Data key invalid");
 
+  /* Test invalid key version with GBB bypass-rollback flag */
+  ResetMocks();
+  vblock[0].data_key.key_version = 1;  /* Simulate rollback */
+  gbb->flags = GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK;
+  TestLoadFirmware(VBERROR_SUCCESS, 0, "Key version check + GBB override");
+  TEST_EQ(shared->check_fw_a_result, VBSD_LF_CHECK_VALID,
+          "Key version rollback + GBB override");
+
   /* Test invalid preamble with A */
   ResetMocks();
   mpreamble[0].header_version_major = 1;  /* Simulate failure */
@@ -277,6 +285,17 @@ static void LoadFirmwareTest(void) {
   TEST_EQ(shared->check_fw_b_result, VBSD_LF_CHECK_FW_ROLLBACK,
           "Firmware version overflow");
 
+  /* Test invalid firmware versions with GBB bypass-rollback flag */
+  ResetMocks();
+  mpreamble[0].firmware_version = 3;  /* Simulate rollback */
+  mpreamble[1].firmware_version = 0x10001;  /* Check overflow */
+  gbb->flags = GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK;
+  TestLoadFirmware(VBERROR_SUCCESS, 0, "Firmware version check + GBB bypass");
+  TEST_EQ(shared->check_fw_a_result, VBSD_LF_CHECK_VALID,
+          "Firmware version rollback + GBB override");
+  TEST_EQ(shared->check_fw_b_result, VBSD_LF_CHECK_HEADER_VALID,
+          "Firmware version overflow + GBB override");
+
   /* Test RO normal with A */
   ResetMocks();
   mpreamble[0].flags = VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL;