diff options
| author | ChromeOS Developer <rspangler@chromium.org> | 2014-12-03 12:19:22 -0800 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-12-04 04:02:05 +0000 |
| commit | 7aef90c14d9dc770b4e16876faf8bf6b9942ff2e (patch) | |
| tree | 0d6904fb26f9fde95d2fc614ad9864c2a7f159d1 | |
| parent | a5b69b02e039d7267390fea10266d45e14630559 (diff) | |
| download | vboot-7aef90c14d9dc770b4e16876faf8bf6b9942ff2e.tar.gz | |
vboot2: vb2_unpack_key2() no longer passes through to vb2_unpack_key()
At one point I thought I'd be able to support both vboot1 and vboot2.1
data structures and dynamically determine which verification path to
run. But space limitations on current platforms (e.g. pinky) mean
that's not feasible. Remove this vestigal support, so that it's
easier to make a clean break to the new data structures on appropriate
platforms.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And build firmware for veyron_pinky.
Change-Id: I9887e0c54114c475df81d5a2b701b9b52e95b017
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/232979
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 3 | ||||
| -rw-r--r-- | firmware/lib21/packed_key.c | 11 | ||||
| -rw-r--r-- | tests/vb2_common2_tests.c | 7 |
3 files changed, 6 insertions, 15 deletions
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 3d1c611a..f41d784e 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -226,6 +226,9 @@ enum vb2_return_code { /* Key algorithm doesn't match signature algorithm */ VB2_ERROR_VDATA_ALGORITHM_MISMATCH, + /* Bad magic number in vb2_unpack_key2() */ + VB2_ERROR_UNPACK_KEY_MAGIC, + /********************************************************************** * Keyblock verification errors (all in vb2_verify_keyblock()) */ diff --git a/firmware/lib21/packed_key.c b/firmware/lib21/packed_key.c index 4019213b..d872d446 100644 --- a/firmware/lib21/packed_key.c +++ b/firmware/lib21/packed_key.c @@ -51,16 +51,9 @@ int vb2_unpack_key2(struct vb2_public_key *key, uint32_t min_offset = 0; int rv; - /* - * Check magic number. - * - * If it doesn't match, pass through to the old packed key format. - * - * TODO: remove passthru when signing scripts have switched over to - * use the new format. - */ + /* Check magic number */ if (pkey->c.magic != VB2_MAGIC_PACKED_KEY2) - return vb2_unpack_key(key, buf, size); + return VB2_ERROR_UNPACK_KEY_MAGIC; rv = vb2_verify_common_header(buf, size); if (rv) diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c index 519d7f93..88dbf23e 100644 --- a/tests/vb2_common2_tests.c +++ b/tests/vb2_common2_tests.c @@ -87,11 +87,6 @@ static void test_unpack_key2(const struct vb2_packed_key *key1, /* Make a copy of the key for testing */ key2 = (struct vb2_packed_key2 *)malloc(size); - /* Should be able to handle a vboot1-style key binary as well */ - TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key1, - key1->key_offset + key1->key_size), - "vb2_unpack_key2() passthru"); - memcpy(key2, key, size); TEST_SUCC(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), "vb2_unpack_key2() ok"); @@ -117,7 +112,7 @@ static void test_unpack_key2(const struct vb2_packed_key *key1, memcpy(key2, key, size); key2->c.magic++; TEST_EQ(vb2_unpack_key2(&pubk, (uint8_t *)key2, size), - VB2_ERROR_INSIDE_DATA_OUTSIDE, + VB2_ERROR_UNPACK_KEY_MAGIC, "vb2_unpack_key2() bad magic"); memcpy(key2, key, size); |