diff options
| author | Shawn Nematbakhsh <shawnn@chromium.org> | 2015-02-02 14:36:47 -0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-02-03 04:19:12 +0000 |
| commit | bca307cc7d4224eadcc821b26e71e535fc0ba536 (patch) | |
| tree | cb674eaa5029ca2f45e526b178f26f3e23acd0b0 | |
| parent | 00cc1b34e97f5b5b7cfa254ed3c92a6c63a32369 (diff) | |
| download | vboot-bca307cc7d4224eadcc821b26e71e535fc0ba536.tar.gz | |
vboot2: Add sd->fw_version_secdata field to communicate to crossystem
Partial backport of Change-Id:
I2a0c3e51b158a35ac129d2abce19b40c6c6381a6.
This patchs adds a new vb2_shared_data field to store the current
rollback prevention version number stored in secdata (TPM). This
information needs to be retrieved from there by coreboot (current
hack) or vboot2 kernel verification (bright shiny future) so it can be
passed along to the operating system and user space.
BRANCH=none
BUG=chrome-os-partner:35941
TEST=Manual on Kitty. Boot in recovery mode, verify that fwver shows
correct non-zero value.
Change-Id: Ibc9ea75727689549c65e908504d62e90ae1da3c9
Reviewed-on: https://chromium-review.googlesource.com/245534
Tested-by: Shawn N <shawnn@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Shawn N <shawnn@chromium.org>
| -rw-r--r-- | firmware/2lib/2misc.c | 19 | ||||
| -rw-r--r-- | firmware/2lib/2secdata.c | 6 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 3 | ||||
| -rw-r--r-- | tests/vb2_misc2_tests.c | 3 |
4 files changed, 15 insertions, 16 deletions
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 504eb426..931c4f04 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -370,7 +370,6 @@ int vb2_verify_fw_keyblock(struct vb2_context *ctx) struct vb2_keyblock *kb; uint32_t block_size; - uint32_t sec_version; int rv; vb2_workbuf_from_ctx(ctx, &wb); @@ -421,15 +420,10 @@ int vb2_verify_fw_keyblock(struct vb2_context *ctx) if (rv) return rv; - /* Read the secure key version */ - rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, &sec_version); - if (rv) - return rv; - /* Key version is the upper 16 bits of the composite firmware version */ if (kb->data_key.key_version > 0xffff) return VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; - if (kb->data_key.key_version < (sec_version >> 16)) + if (kb->data_key.key_version < (sd->fw_version_secdata >> 16)) return VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; sd->fw_version = kb->data_key.key_version << 16; @@ -485,7 +479,6 @@ int vb2_verify_fw_preamble2(struct vb2_context *ctx) struct vb2_fw_preamble *pre; uint32_t pre_size; - uint32_t sec_version; int rv; vb2_workbuf_from_ctx(ctx, &wb); @@ -529,11 +522,6 @@ int vb2_verify_fw_preamble2(struct vb2_context *ctx) if (rv) return rv; - /* Read the secure key version */ - rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, &sec_version); - if (rv) - return rv; - /* * Firmware version is the lower 16 bits of the composite firmware * version. @@ -543,7 +531,7 @@ int vb2_verify_fw_preamble2(struct vb2_context *ctx) /* Combine with the key version from vb2_verify_fw_keyblock() */ sd->fw_version |= pre->firmware_version; - if (sd->fw_version < sec_version) + if (sd->fw_version < sd->fw_version_secdata) return VB2_ERROR_FW_PREAMBLE2_VERSION_ROLLBACK; /* @@ -551,10 +539,11 @@ int vb2_verify_fw_preamble2(struct vb2_context *ctx) * successfully booted the same slot last boot, roll forward the * version in secure storage. */ - if (sd->fw_version > sec_version && + if (sd->fw_version > sd->fw_version_secdata && sd->last_fw_slot == sd->fw_slot && sd->last_fw_result == VB2_FW_RESULT_SUCCESS) { + sd->fw_version_secdata = sd->fw_version; rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version); if (rv) return rv; diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c index 2987e037..0c5a34e4 100644 --- a/firmware/2lib/2secdata.c +++ b/firmware/2lib/2secdata.c @@ -53,6 +53,12 @@ int vb2_secdata_init(struct vb2_context *ctx) if (rv) return rv; + /* Read this now to make sure crossystem has it even in rec mode. */ + rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, + &sd->fw_version_secdata); + if (rv) + return rv; + /* Set status flag */ sd->status |= VB2_SD_STATUS_SECDATA_INIT; // TODO: unit test for that diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 560d5672..38979253 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -251,6 +251,9 @@ struct vb2_shared_data { */ uint32_t fw_version; + /* Version stored in secdata (must be <= fw_version to boot). */ + uint32_t fw_version_secdata; + /* * Status flags for this boot; see enum vb2_shared_data_status. Status * is "what we've done"; flags above are "decisions we've made". diff --git a/tests/vb2_misc2_tests.c b/tests/vb2_misc2_tests.c index 14526f70..8215dd48 100644 --- a/tests/vb2_misc2_tests.c +++ b/tests/vb2_misc2_tests.c @@ -81,7 +81,8 @@ static void reset_common_data(enum reset_type t) mock_verify_preamble_retval = VB2_SUCCESS; /* Set up mock data for verifying keyblock */ - vb2_secdata_set(&cc, VB2_SECDATA_VERSIONS, 0x20002); + sd->fw_version_secdata = 0x20002; + vb2_secdata_set(&cc, VB2_SECDATA_VERSIONS, sd->fw_version_secdata); sd->gbb_rootkey_offset = vb2_offset_of(&mock_gbb, &mock_gbb.rootkey); sd->gbb_rootkey_size = sizeof(mock_gbb.rootkey_data); |