vboot: deprecate legacy vboot1 FWB_TRIED flag

vboot1 FWB_TRIED flag is unused and replaced by vboot2
TRY_COUNT.

Remove related test cases.

Rewrite a special case for preventing kernel version roll-forward
with combined firmware+kernel updates.

BUG=b:124141368, chromium:1010389, b:35575422
TEST=make clean && make runtests
BRANCH=none

Change-Id: I9300def8bb426868b5e4d687d9c86e85c0c9b2c0
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1833369
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
(cherry picked from commit 3c00180ae2b7efbe7cf14eac7e62d649d0a30d3c)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1902831
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Auto-Submit: Hung-Te Lin <hungte@chromium.org>

4 files changed, 17 insertions, 39 deletions

diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
index 60a2edd2..355e8cb9 100644
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -197,8 +197,9 @@ typedef struct VbKernelPreambleHeader {
 #define VB_SHARED_DATA_REC_SIZE 16384
 
 /* Flags for VbSharedDataHeader */
-/* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries */
-#define VBSD_FWB_TRIED                  0x00000001
+/* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries;
+   Deprecated as part of chromium:1010389. */
+#define VBSD_DEPRECATED_FWB_TRIED        0x00000001
 /*
  * LoadKernel() verified the good kernel keyblock using the kernel subkey from
  * the firmware.  If this flag is not present, it just used the hash of the
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 95507665..5f8eeaf9 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -183,31 +183,17 @@ vb2_error_t VbBootNormal(struct vb2_context *ctx)
 
 	VB2_DEBUG("Checking if TPM kernel version needs advancing\n");
 
-	if ((1 == shared->firmware_index) && (shared->flags & VBSD_FWB_TRIED)) {
-		/*
-		 * Special cases for when we're trying a new firmware B.  These
-		 * are needed because firmware updates also usually change the
-		 * kernel key, which means that the B firmware can only boot a
-		 * new kernel, and the old firmware in A can only boot the
-		 * previous kernel.
-		 *
-		 * Don't advance the TPM if we're trying a new firmware B,
-		 * because we don't yet know if the new kernel will
-		 * successfully boot.  We still want to be able to fall back to
-		 * the previous firmware+kernel if the new firmware+kernel
-		 * fails.
-		 *
-		 * If we found only invalid kernels, reboot and try again.
-		 * This allows us to fall back to the previous firmware+kernel
-		 * instead of giving up and going to recovery mode right away.
-		 * We'll still go to recovery mode if we run out of tries and
-		 * the old firmware can't find a kernel it likes.
-		 */
-		if (rv == VBERROR_INVALID_KERNEL_FOUND) {
-			VB2_DEBUG("Trying FW B; only found invalid kernels.\n");
-			VbSetRecoveryRequest(ctx, VB2_RECOVERY_NOT_REQUESTED);
-		}
-
+	/*
+	 * Special case for when we're trying a slot with new firmware.
+	 * Firmware updates also usually change the kernel key, which means
+	 * that the new firmware can only boot a new kernel, and the old
+	 * firmware in the previous slot can only boot the previous kernel.
+	 *
+	 * Don't roll-forward the kernel version, because we don't yet know if
+	 * the new kernel will successfully boot.
+	 */
+	if (vb2_nv_get(ctx, VB2_NV_FW_RESULT) == VB2_FW_RESULT_TRYING) {
+		VB2_DEBUG("Trying new FW; skip kernel version roll-forward.\n");
 		return rv;
 	}
 
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c
index 126b228e..41274508 100644
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c
@@ -409,7 +409,7 @@ static int GetVdatInt(VdatIntField field)
 			value = sh->struct_version;
 			break;
 		case VDAT_INT_TRIED_FIRMWARE_B:
-			value = (sh->flags & VBSD_FWB_TRIED ? 1 : 0);
+			value = (sh->flags & VBSD_DEPRECATED_FWB_TRIED ? 1 : 0);
 			break;
 		case VDAT_INT_KERNEL_KEY_VERIFIED:
 			value = (sh->flags & VBSD_KERNEL_KEY_VERIFIED ? 1 : 0);
diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c
index 645b2049..a33c5bc2 100644
--- a/tests/vboot_api_kernel4_tests.c
+++ b/tests/vboot_api_kernel4_tests.c
@@ -219,10 +219,9 @@ static void VbSlkTest(void)
 	TEST_EQ(rkr_version, 0x20003, "  version");
 
 	ResetMocks();
+	vb2_nv_set(&ctx_nvram_backend, VB2_NV_FW_RESULT, VB2_FW_RESULT_TRYING);
 	new_version = 0x20003;
-	shared->flags |= VBSD_FWB_TRIED;
-	shared->firmware_index = 1;
-	test_slk(0, 0, "Don't roll forward during try B");
+	test_slk(0, 0, "Don't roll forward kernel when trying new FW");
 	TEST_EQ(rkr_version, 0x10002, "  version");
 
 	ResetMocks();
@@ -238,14 +237,6 @@ static void VbSlkTest(void)
 	TEST_EQ(rkr_version, 0x10002, "  version");
 
 	ResetMocks();
-	vbboot_retval = VBERROR_INVALID_KERNEL_FOUND;
-	vb2_nv_set(&ctx_nvram_backend, VB2_NV_RECOVERY_REQUEST, 123);
-	shared->flags |= VBSD_FWB_TRIED;
-	shared->firmware_index = 1;
-	test_slk(VBERROR_INVALID_KERNEL_FOUND,
-		 0, "Don't go to recovery if try b fails to find a kernel");
-
-	ResetMocks();
 	new_version = 0x20003;
 	rkw_retval = 123;
 	test_slk(VBERROR_TPM_WRITE_KERNEL,