diff options
| author | Joel Kitching <kitching@google.com> | 2018-07-09 13:53:06 +0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2018-08-10 09:05:06 +0000 |
| commit | 6afc9fc7c8df2474dffe37d92b8dcbfb3a3cb407 (patch) | |
| tree | 9c0a48758c247da4cb247b4e93da05b5b2fc2a5c | |
| parent | e87a54e13e5f7a022408db750c007fea880ce01f (diff) | |
| download | vboot-6afc9fc7c8df2474dffe37d92b8dcbfb3a3cb407.tar.gz | |
vboot: changes to allow RW_LEGACY hash verification
- Externalize vb2_digest_buffer function to vb2api_digest_buffer.
- Add vb2_context as an argument to VbExLegacy function (so that
we know whether developer mode is running).
BUG=b:110721285
TEST=make runtests
Change-Id: I2401842cc044949d8cdfeb21edb7b400a3c32426
Reviewed-on: https://chromium-review.googlesource.com/1133598
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
| -rw-r--r-- | firmware/2lib/2api.c | 10 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 16 | ||||
| -rw-r--r-- | firmware/include/vboot_api.h | 4 | ||||
| -rw-r--r-- | firmware/lib/vboot_ui.c | 10 | ||||
| -rw-r--r-- | firmware/lib/vboot_ui_menu.c | 10 | ||||
| -rw-r--r-- | firmware/stub/vboot_api_stub.c | 2 | ||||
| -rw-r--r-- | tests/vboot_api_kernel2_tests.c | 2 |
7 files changed, 41 insertions, 13 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index c12a8051..c5997715 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -9,6 +9,7 @@ #include "2sysincludes.h" #include "2api.h" #include "2common.h" +#include "2crypto.h" #include "2misc.h" #include "2nvstorage.h" #include "2secdata.h" @@ -206,3 +207,12 @@ int vb2api_get_pcr_digest(struct vb2_context *ctx, return VB2_SUCCESS; } + +int vb2api_digest_buffer(const uint8_t *buf, + uint32_t size, + enum vb2_hash_algorithm hash_alg, + uint8_t *digest, + uint32_t digest_size) +{ + return vb2_digest_buffer(buf, size, hash_alg, digest, digest_size); +} diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 21865783..e2100516 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -670,4 +670,20 @@ int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size); */ int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size); +/** + * Calculate the digest of a buffer and store the result. + * + * @param buf Data to hash + * @param size Length of data in bytes + * @param hash_alg Hash algorithm + * @param digest Destination for digest + * @param digest_size Length of digest buffer in bytes. + * @return VB2_SUCCESS, or non-zero on error. + */ +int vb2api_digest_buffer(const uint8_t *buf, + uint32_t size, + enum vb2_hash_algorithm hash_alg, + uint8_t *digest, + uint32_t digest_size); + #endif /* VBOOT_2_API_H_ */ diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index 2f88a38a..2e593391 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -26,6 +26,8 @@ #include "gpt.h" +struct vb2_context; + /*****************************************************************************/ /* Error codes */ @@ -1117,7 +1119,7 @@ enum { /** * Execute legacy boot option. */ -int VbExLegacy(void); +int VbExLegacy(struct vb2_context *ctx); /* Regions for VbExRegionRead() */ enum vb_firmware_region { diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c index 799ffd7c..d037e7fc 100644 --- a/firmware/lib/vboot_ui.c +++ b/firmware/lib/vboot_ui.c @@ -50,14 +50,14 @@ static int VbWantShutdown(uint32_t gbb_flags) return !!shutdown_request; } -static void VbTryLegacy(int allowed) +static void VbTryLegacy(struct vb2_context *ctx, int allowed) { if (!allowed) VB2_DEBUG("VbBootDeveloper() - Legacy boot is disabled\n"); else if (0 != RollbackKernelLock(0)) VB2_DEBUG("Error locking kernel versions on legacy boot.\n"); else - VbExLegacy(); /* will not return if successful */ + VbExLegacy(ctx); /* will not return if successful */ /* If legacy boot fails, beep and return to calling UI loop. */ VbExBeep(120, 400); @@ -237,7 +237,7 @@ VbError_t vb2_alt_os_ui(struct vb2_context *ctx, VbCommonParams *cparams) if (boot_alt_os) { /* Will only return on failure */ - VbTryLegacy(1); + VbTryLegacy(ctx, 1); } /* Will only return on failure */ @@ -427,7 +427,7 @@ VbError_t vb2_developer_ui(struct vb2_context *ctx, VbCommonParams *cparams) case 0x0c: VB2_DEBUG("VbBootDeveloper() - " "user pressed Ctrl+L; Try legacy boot\n"); - VbTryLegacy(allow_legacy); + VbTryLegacy(ctx, allow_legacy); break; case VB_KEY_CTRL_ENTER: @@ -482,7 +482,7 @@ VbError_t vb2_developer_ui(struct vb2_context *ctx, VbCommonParams *cparams) /* If defaulting to legacy boot, try that unless Ctrl+D was pressed */ if (use_legacy && !ctrl_d_pressed) { VB2_DEBUG("VbBootDeveloper() - defaulting to legacy\n"); - VbTryLegacy(allow_legacy); + VbTryLegacy(ctx, allow_legacy); } if ((use_usb && !ctrl_d_pressed) && allow_usb) { diff --git a/firmware/lib/vboot_ui_menu.c b/firmware/lib/vboot_ui_menu.c index a481c035..d24cdcfd 100644 --- a/firmware/lib/vboot_ui_menu.c +++ b/firmware/lib/vboot_ui_menu.c @@ -53,14 +53,14 @@ static int VbWantShutdownMenu(uint32_t gbb_flags) return !!shutdown_request; } -static void VbTryLegacyMenu(int allowed) +static void VbTryLegacyMenu(struct vb2_context *ctx, int allowed) { if (!allowed) VB2_DEBUG("Legacy boot is disabled\n"); else if (0 != RollbackKernelLock(0)) VB2_DEBUG("Error locking kernel versions on legacy boot.\n"); else - VbExLegacy(); /* Will not return if successful */ + VbExLegacy(ctx); /* Will not return if successful */ /* If legacy boot fails, beep and return to calling UI loop. */ VbExBeep(120, 400); @@ -724,7 +724,7 @@ VbError_t vb2_developer_menu(struct vb2_context *ctx, VbCommonParams *cparams) break; case 0x0c: VB2_DEBUG("user pressed Ctrl+L; Try legacy boot\n"); - VbTryLegacyMenu(allow_legacy); + VbTryLegacyMenu(ctx, allow_legacy); break; case 0x15: /* Ctrl+U = try USB boot, or beep if failure */ @@ -824,7 +824,7 @@ VbError_t vb2_developer_menu(struct vb2_context *ctx, VbCommonParams *cparams) current_menu_idx == VB_DEV_LEGACY) { VB2_DEBUG("user pressed Ctrl+L; " "Try legacy boot\n"); - VbTryLegacyMenu(allow_legacy); + VbTryLegacyMenu(ctx, allow_legacy); } /* USB boot, or beep if failure */ @@ -904,7 +904,7 @@ fallout: /* If defaulting to legacy boot, try that unless Ctrl+D was pressed */ if (use_legacy && !ctrl_d_pressed) { VB2_DEBUG("defaulting to legacy\n"); - VbTryLegacyMenu(allow_legacy); + VbTryLegacyMenu(ctx, allow_legacy); } if ((use_usb && !ctrl_d_pressed) && allow_usb) { diff --git a/firmware/stub/vboot_api_stub.c b/firmware/stub/vboot_api_stub.c index 834bff1c..12b69716 100644 --- a/firmware/stub/vboot_api_stub.c +++ b/firmware/stub/vboot_api_stub.c @@ -203,7 +203,7 @@ enum VbEcBootMode_t VbGetMode(void) return vboot_mode; } -int VbExLegacy(void) +int VbExLegacy(struct vb2_context *ctx) { return 1; } diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c index cbad7827..44c53c92 100644 --- a/tests/vboot_api_kernel2_tests.c +++ b/tests/vboot_api_kernel2_tests.c @@ -146,7 +146,7 @@ uint32_t VbExGetSwitches(uint32_t request_mask) return 0; } -int VbExLegacy(void) +int VbExLegacy(struct vb2_context *ctx) { vbexlegacy_called++; return 0; |