diff options
| author | Joel Kitching <kitching@google.com> | 2021-02-12 17:28:02 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-05-09 19:28:24 +0000 |
| commit | 13793e1bdc6cebb478a1cc832ed4cea9549b4ef0 (patch) | |
| tree | e05835392ff26e557244aa2ff776a151dacb2518 | |
| parent | 92ab60911eb5c291184582192299005f7acc2b3f (diff) | |
| download | vboot-13793e1bdc6cebb478a1cc832ed4cea9549b4ef0.tar.gz | |
vboot/vboot_kernel: set VB2_SD_FLAG_KERNEL_SIGNED in vb2_verify_kernel_vblock
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Id4dad2b32d01c54818c27ef7ea65e94ca3924afd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2785810
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
| -rw-r--r-- | firmware/lib/vboot_kernel.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 781868b3..d4204078 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -152,6 +152,13 @@ static vb2_error_t vb2_verify_kernel_vblock( if (vb2_hwcrypto_allowed(ctx)) kernel_subkey2.allow_hwcrypto = 1; + /* + * Clear any previous keyblock-valid flag (for example, from a previous + * kernel where the keyblock was signed but the preamble failed + * verification). + */ + sd->flags &= ~VB2_SD_FLAG_KERNEL_SIGNED; + /* Verify the keyblock. */ struct vb2_keyblock *keyblock = get_keyblock(kbuf); rv = vb2_verify_keyblock(keyblock, kbuf_size, &kernel_subkey2, wb); @@ -259,6 +266,15 @@ static vb2_error_t vb2_verify_kernel_vblock( } } + /* + * At this point, we've checked everything. The kernel keyblock is at + * least self-consistent, and has either a valid signature or a valid + * hash. Track if it had a valid signature (that is, would we have + * been willing to boot it even if developer mode was off). + */ + if (keyblock_valid) + sd->flags |= VB2_SD_FLAG_KERNEL_SIGNED; + /* Get key for preamble verification from the keyblock. */ struct vb2_public_key data_key; rv = vb2_unpack_key(&data_key, &keyblock->data_key); @@ -572,13 +588,10 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) continue; } - int keyblock_valid = (shpart->flags & - VBSD_LKP_FLAG_KEYBLOCK_VALID); - if (keyblock_valid) { - sd->flags |= VB2_SD_FLAG_KERNEL_SIGNED; - /* Track lowest version from a valid header. */ - if (lowest_version > sd->kernel_version) - lowest_version = sd->kernel_version; + int keyblock_valid = sd->flags & VB2_SD_FLAG_KERNEL_SIGNED; + /* Track lowest version from a valid header. */ + if (keyblock_valid && lowest_version > sd->kernel_version) { + lowest_version = sd->kernel_version; } VB2_DEBUG("Keyblock valid: %d\n", keyblock_valid); VB2_DEBUG("Combined version: %u\n", sd->kernel_version); |