futility: updater: Correct HWID digest when preserving HWID

Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.

In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.

`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.

Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.

BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none

Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1411949
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1588018
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1593204

4 files changed, 43 insertions, 13 deletions

diff --git a/futility/futility.h b/futility/futility.h
index f0635750..b31fd59d 100644
--- a/futility/futility.h
+++ b/futility/futility.h
@@ -108,6 +108,10 @@ int futil_looks_like_gbb(GoogleBinaryBlockHeader *gbb, uint32_t len);
 int futil_valid_gbb_header(GoogleBinaryBlockHeader *gbb, uint32_t len,
 			   uint32_t *maxlen);
 
+/* Updates HWID in GBB properly (and update digest if available). */
+struct vb2_gbb_header;
+int vb2_change_hwid(struct vb2_gbb_header *gbb, const char *hwid);
+
 /* For GBB v1.2 and later, update the hwid_digest */
 void update_hwid_digest(GoogleBinaryBlockHeader *gbb);
 
diff --git a/futility/misc.c b/futility/misc.c
index 1e91eb88..0ffe5f7e 100644
--- a/futility/misc.c
+++ b/futility/misc.c
@@ -24,6 +24,7 @@
 #include "file_type.h"
 #include "futility.h"
 #include "gbb_header.h"
+#include "2struct.h"
 
 /* Default is to support everything we can */
 enum vboot_version vboot_version = VBOOT_VERSION_ALL;
@@ -162,6 +163,7 @@ int print_hwid_digest(GoogleBinaryBlockHeader *gbb,
 	return is_valid;
 }
 
+/* Deprecated. Use vb2_change_hwid in future. */
 /* For GBB v1.2 and later, update the hwid_digest field. */
 void update_hwid_digest(GoogleBinaryBlockHeader *gbb)
 {
@@ -178,6 +180,25 @@ void update_hwid_digest(GoogleBinaryBlockHeader *gbb)
 	free(digest);
 }
 
+int vb2_change_hwid(struct vb2_gbb_header *gbb, const char *hwid)
+{
+	uint8_t *to = (uint8_t *)gbb + gbb->hwid_offset;
+	int len = strlen(hwid);
+	if (len >= gbb->hwid_size)
+		return -1;
+
+	/* Zero whole area so we won't have garbage after NUL. */
+	memset(to, 0, gbb->hwid_size);
+	memcpy(to, hwid, len);
+
+	/* HWID digest must be updated since v1.2. */
+	if (gbb->major_version == 1 && gbb->minor_version < 2)
+		return 0;
+
+	update_hwid_digest((struct GoogleBinaryBlockHeader *)gbb);
+	return 0;
+}
+
 /*
  * TODO: All sorts of race conditions likely here, and everywhere this is used.
  * Do we care? If so, fix it.
diff --git a/futility/updater.c b/futility/updater.c
index 8922e4ac..7160f611 100644
--- a/futility/updater.c
+++ b/futility/updater.c
@@ -907,8 +907,6 @@ static int preserve_gbb(const struct firmware_image *image_from,
 			struct firmware_image *image_to,
 			int preserve_flags)
 {
-	int len;
-	uint8_t *hwid_to, *hwid_from;
 	const struct vb2_gbb_header *gbb_from;
 	struct vb2_gbb_header *gbb_to;
 
@@ -923,18 +921,9 @@ static int preserve_gbb(const struct firmware_image *image_from,
 	if (preserve_flags)
 		gbb_to->flags = gbb_from->flags;
 
-	hwid_to = (uint8_t *)gbb_to + gbb_to->hwid_offset;
-	hwid_from = (uint8_t *)gbb_from + gbb_from->hwid_offset;
-
 	/* Preserve HWID. */
-	len = strlen((const char *)hwid_from);
-	if (len >= gbb_to->hwid_size)
-		return -1;
-
-	/* Zero whole area so we won't have garbage after NUL. */
-	memset(hwid_to, 0, gbb_to->hwid_size);
-	memcpy(hwid_to, hwid_from, len);
-	return 0;
+	return vb2_change_hwid(
+			gbb_to, (const char *)gbb_from + gbb_from->hwid_offset);
 }
 
 /*
diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh
index 740e53cf..dd09251f 100755
--- a/tests/futility/test_update.sh
+++ b/tests/futility/test_update.sh
@@ -91,6 +91,15 @@ cp -f "${FROM_IMAGE}" "${FROM_DIFFERENT_ROOTKEY_IMAGE}"
 cp -f "${FROM_IMAGE}" "${FROM_IMAGE}.large"
 truncate -s $((8388608 * 2)) "${FROM_IMAGE}.large"
 
+# Hack for GBB v1.2
+TO_IMAGE_GBB12="${TO_IMAGE}.gbb12"
+HWID_DIGEST="adf64d2a434b610506153da42440b0b498d7369c0e98b629ede65eb59f4784fa"
+cp -f "${TO_IMAGE}" "${TO_IMAGE_GBB12}"
+patch_file "${TO_IMAGE_GBB12}" GBB 6 "\x02"
+"${FUTILITY}" gbb -s --hwid="${TO_HWID}" "${TO_IMAGE_GBB12}"
+GBB_OUTPUT="$("${FUTILITY}" gbb --digest "${TO_IMAGE_GBB12}")"
+[ "${GBB_OUTPUT}" = "digest: ${HWID_DIGEST}   valid" ]
+
 # Generate expected results.
 cp -f "${TO_IMAGE}" "${TMP}.expected.full"
 cp -f "${FROM_IMAGE}" "${TMP}.expected.rw"
@@ -112,6 +121,9 @@ cp -f "${FROM_IMAGE}" "${TMP}.expected.legacy"
 	RW_SECTION_B:${TMP}.to/RW_SECTION_B
 "${FUTILITY}" load_fmap "${TMP}.expected.legacy" \
 	RW_LEGACY:${TMP}.to/RW_LEGACY
+cp -f "${TMP}.expected.full" "${TMP}.expected.full.gbb12"
+patch_file "${TMP}.expected.full.gbb12" GBB 6 "\x02"
+"${FUTILITY}" gbb -s --hwid="${FROM_HWID}" "${TMP}.expected.full.gbb12"
 cp -f "${TMP}.expected.full" "${TMP}.expected.full.gbb0"
 "${FUTILITY}" gbb -s --flags=0 "${TMP}.expected.full.gbb0"
 cp -f "${FROM_IMAGE}" "${FROM_IMAGE}.gbb0"
@@ -187,6 +199,10 @@ test_update "Full update (--host_only)" \
 	-i "${TO_IMAGE}" --wp=0 --sys_props 0,0x10001,1 \
 	--host_only --ec_image non-exist.bin --pd_image non_exist.bin
 
+test_update "Full update (GBB1.2 hwid digest)" \
+	"${FROM_IMAGE}" "${TMP}.expected.full.gbb12" \
+	-i "${TO_IMAGE_GBB12}" --wp=0 --sys_props 0,0x10001,1
+
 # Test RW-only update.
 test_update "RW update" \
 	"${FROM_IMAGE}" "${TMP}.expected.rw" \