diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2011-11-17 10:48:59 -0800 |
|---|---|---|
| committer | Bill Richardson <wfrichar@chromium.org> | 2011-11-18 13:39:37 -0800 |
| commit | 7272a6951107251a5c9b26330c506319a92a54b3 (patch) | |
| tree | 48778a28259905ae1f2033b98cb8f714c67d93c6 | |
| parent | b265c34321c01bd279f3a1df0a2fea3601f732ee (diff) | |
| download | vboot-7272a6951107251a5c9b26330c506319a92a54b3.tar.gz | |
Dev-mode allows booting self-signed kernels by default.
When you enter dev-mode,
Pressing Ctrl-U to boot from USB is DISABLED.
Booting any self-signed kernel from the SSD is ENABLED.
This replaces the "crossystem dev_boot_custom" argument with
"crossystem dev_boot_signed_only", which has the opposite polarity.
So if you want to dev-mode to only boot official kernels, you have to
explictly set it that way. If you leave dev-mode and then come back,
it will go back to the conditions shown above.
BUG=chrome-os-partner:5954
TEST=manual
Just run the factory flow. It was broken; this should fix it (except for any
workarounds that were added while it was broken; those may need to be
reverted).
Change-Id: I13e0edbc0e77c5d6ea609dabf771085006cd1805
Reviewed-on: https://gerrit.chromium.org/gerrit/11853
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Tested-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
| -rw-r--r-- | firmware/include/vboot_nvstorage.h | 4 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_init.c | 10 | ||||
| -rw-r--r-- | firmware/lib/vboot_display.c | 7 | ||||
| -rw-r--r-- | firmware/lib/vboot_kernel.c | 8 | ||||
| -rw-r--r-- | firmware/lib/vboot_nvstorage.c | 12 | ||||
| -rw-r--r-- | host/lib/crossystem.c | 8 | ||||
| -rw-r--r-- | tests/vboot_api_init_tests.c | 3 | ||||
| -rw-r--r-- | tests/vboot_nvstorage_test.c | 2 | ||||
| -rw-r--r-- | utility/crossystem_main.c | 4 |
9 files changed, 30 insertions, 28 deletions
diff --git a/firmware/include/vboot_nvstorage.h b/firmware/include/vboot_nvstorage.h index 28a1a62a..0f6e1fce 100644 --- a/firmware/include/vboot_nvstorage.h +++ b/firmware/include/vboot_nvstorage.h @@ -54,8 +54,8 @@ typedef enum VbNvParam { VBNV_TEST_ERROR_NUM, /* Allow booting from USB in developer mode. 0=no, 1=yes. */ VBNV_DEV_BOOT_USB, - /* Allow booting self-signed images in developer mode. 0=no, 1=yes. */ - VBNV_DEV_BOOT_CUSTOM, + /* Only boot Google-signed images in developer mode. 0=no, 1=yes. */ + VBNV_DEV_BOOT_SIGNED_ONLY, } VbNvParam; diff --git a/firmware/lib/vboot_api_init.c b/firmware/lib/vboot_api_init.c index f8c74909..b03c3d5a 100644 --- a/firmware/lib/vboot_api_init.c +++ b/firmware/lib/vboot_api_init.c @@ -22,7 +22,7 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) { uint32_t recovery = VBNV_RECOVERY_NOT_REQUESTED; int is_s3_resume = 0; uint32_t s3_debug_boot = 0; - uint32_t user_enabled_custom_os = 0; + uint32_t require_official_os = 0; VBDEBUG(("VbInit() input flags 0x%x\n", iparams->flags)); @@ -106,16 +106,16 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) { iparams->out_flags |= (VB_INIT_OUT_CLEAR_RAM | VB_INIT_OUT_ENABLE_DISPLAY | VB_INIT_OUT_ENABLE_USB_STORAGE); - /* ... which could include custom OSes */ - VbNvGet(&vnc, VBNV_DEV_BOOT_CUSTOM, &user_enabled_custom_os); - if (user_enabled_custom_os) + /* ... which may or may not include custom OSes */ + VbNvGet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &require_official_os); + if (!require_official_os) iparams->out_flags |= VB_INIT_OUT_ENABLE_ALTERNATE_OS; } else { /* Normal mode, so disable dev_boot_* flags. This ensures they will be * initially disabled if the user later transitions back into developer * mode. */ VbNvSet(&vnc, VBNV_DEV_BOOT_USB, 0); - VbNvSet(&vnc, VBNV_DEV_BOOT_CUSTOM, 0); + VbNvSet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, 0); } /* Allow BIOS to load arbitrary option ROMs? */ diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c index 120f7be6..7ec0c409 100644 --- a/firmware/lib/vboot_display.c +++ b/firmware/lib/vboot_display.c @@ -521,9 +521,10 @@ VbError_t VbDisplayDebugInfo(VbCommonParams* cparams, VbNvContext *vncptr) { used += Strncat(buf + used, "\ndev_boot_usb: ", DEBUG_INFO_SIZE - used); used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, i, 10, 0); - /* Add dev_boot_custom flag */ - VbNvGet(vncptr, VBNV_DEV_BOOT_CUSTOM, &i); - used += Strncat(buf + used, "\ndev_boot_custom: ", DEBUG_INFO_SIZE - used); + /* Add dev_boot_signed_only flag */ + VbNvGet(vncptr, VBNV_DEV_BOOT_SIGNED_ONLY, &i); + used += Strncat(buf + used, "\ndev_boot_signed_only: ", + DEBUG_INFO_SIZE - used); used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, i, 10, 0); /* Add TPM versions */ diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 83c5eca2..8a138242 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -140,7 +140,7 @@ VbError_t LoadKernel(LoadKernelParams* params) { int rec_switch, dev_switch; BootMode boot_mode; uint32_t test_err = 0; - uint32_t allow_self_signed = 0; + uint32_t require_official_os = 0; VbError_t retval = VBERROR_UNKNOWN; int recovery = VBNV_RECOVERY_RO_UNSPECIFIED; @@ -168,7 +168,7 @@ VbError_t LoadKernel(LoadKernelParams* params) { boot_mode = kBootRecovery; } else if (dev_switch) { boot_mode = kBootDev; - VbNvGet(vnc, VBNV_DEV_BOOT_CUSTOM, &allow_self_signed); + VbNvGet(vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &require_official_os); } else { boot_mode = kBootNormal; } @@ -297,8 +297,8 @@ VbError_t LoadKernel(LoadKernelParams* params) { if (kBootDev != boot_mode) goto bad_kernel; - /* In developer mode, we have to explictly allow self-signed kernels */ - if (!allow_self_signed) { + /* In developer mode, we can explictly disallow self-signed kernels */ + if (require_official_os) { VBDEBUG(("Self-signed custom kernels are not enabled.\n")); shpart->check_result = VBSD_LKP_CHECK_SELF_SIGNED; goto bad_kernel; diff --git a/firmware/lib/vboot_nvstorage.c b/firmware/lib/vboot_nvstorage.c index 75910ed0..e96a17fe 100644 --- a/firmware/lib/vboot_nvstorage.c +++ b/firmware/lib/vboot_nvstorage.c @@ -28,7 +28,7 @@ #define DEV_FLAGS_OFFSET 4 #define DEV_BOOT_USB_MASK 0x01 -#define DEV_BOOT_CUSTOM_MASK 0x02 +#define DEV_BOOT_SIGNED_ONLY_MASK 0x02 #define FIRMWARE_FLAGS_OFFSET 5 #define FIRMWARE_TEST_ERR_FUNC_MASK 0x38 @@ -143,8 +143,8 @@ int VbNvGet(VbNvContext* context, VbNvParam param, uint32_t* dest) { *dest = (raw[DEV_FLAGS_OFFSET] & DEV_BOOT_USB_MASK ? 1 : 0); return 0; - case VBNV_DEV_BOOT_CUSTOM: - *dest = (raw[DEV_FLAGS_OFFSET] & DEV_BOOT_CUSTOM_MASK ? 1 : 0); + case VBNV_DEV_BOOT_SIGNED_ONLY: + *dest = (raw[DEV_FLAGS_OFFSET] & DEV_BOOT_SIGNED_ONLY_MASK ? 1 : 0); return 0; default: @@ -232,11 +232,11 @@ int VbNvSet(VbNvContext* context, VbNvParam param, uint32_t value) { raw[DEV_FLAGS_OFFSET] &= ~DEV_BOOT_USB_MASK; break; - case VBNV_DEV_BOOT_CUSTOM: + case VBNV_DEV_BOOT_SIGNED_ONLY: if (value) - raw[DEV_FLAGS_OFFSET] |= DEV_BOOT_CUSTOM_MASK; + raw[DEV_FLAGS_OFFSET] |= DEV_BOOT_SIGNED_ONLY_MASK; else - raw[DEV_FLAGS_OFFSET] &= ~DEV_BOOT_CUSTOM_MASK; + raw[DEV_FLAGS_OFFSET] &= ~DEV_BOOT_SIGNED_ONLY_MASK; break; default: diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index 5bd4c62b..5c2addea 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -390,8 +390,8 @@ int VbGetSystemPropertyInt(const char* name) { value = VbGetNvStorage(VBNV_LOCALIZATION_INDEX); } else if (!strcasecmp(name,"dev_boot_usb")) { value = VbGetNvStorage(VBNV_DEV_BOOT_USB); - } else if (!strcasecmp(name,"dev_boot_custom")) { - value = VbGetNvStorage(VBNV_DEV_BOOT_CUSTOM); + } else if (!strcasecmp(name,"dev_boot_signed_only")) { + value = VbGetNvStorage(VBNV_DEV_BOOT_SIGNED_ONLY); } /* Other parameters */ else if (!strcasecmp(name,"cros_debug")) { @@ -471,8 +471,8 @@ int VbSetSystemPropertyInt(const char* name, int value) { return VbSetNvStorage(VBNV_LOCALIZATION_INDEX, value); } else if (!strcasecmp(name,"dev_boot_usb")) { return VbSetNvStorage(VBNV_DEV_BOOT_USB, value); - } else if (!strcasecmp(name,"dev_boot_custom")) { - return VbSetNvStorage(VBNV_DEV_BOOT_CUSTOM, value); + } else if (!strcasecmp(name,"dev_boot_signed_only")) { + return VbSetNvStorage(VBNV_DEV_BOOT_SIGNED_ONLY, value); } return -1; diff --git a/tests/vboot_api_init_tests.c b/tests/vboot_api_init_tests.c index 22010c63..09c210bf 100644 --- a/tests/vboot_api_init_tests.c +++ b/tests/vboot_api_init_tests.c @@ -192,7 +192,8 @@ static void VbInitTest(void) { TEST_EQ(iparams.out_flags, VB_INIT_OUT_CLEAR_RAM | VB_INIT_OUT_ENABLE_DISPLAY | - VB_INIT_OUT_ENABLE_USB_STORAGE, " out flags"); + VB_INIT_OUT_ENABLE_USB_STORAGE | + VB_INIT_OUT_ENABLE_ALTERNATE_OS, " out flags"); TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, " shared flags"); /* Recovery mode from NV storage */ diff --git a/tests/vboot_nvstorage_test.c b/tests/vboot_nvstorage_test.c index be600fa0..d3f431ef 100644 --- a/tests/vboot_nvstorage_test.c +++ b/tests/vboot_nvstorage_test.c @@ -32,7 +32,7 @@ static VbNvField nvfields[] = { {VBNV_TEST_ERROR_FUNC, 0, 1, 7, "verified boot test error func"}, {VBNV_TEST_ERROR_NUM, 0, 3, 6, "verified boot test error number"}, {VBNV_DEV_BOOT_USB, 0, 1, 0, "dev boot usb"}, - {VBNV_DEV_BOOT_CUSTOM, 0, 1, 0, "dev boot custom"}, + {VBNV_DEV_BOOT_SIGNED_ONLY, 0, 1, 0, "dev boot custom"}, {0, 0, 0, 0, NULL} }; diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c index 3972073f..b9c540e5 100644 --- a/utility/crossystem_main.c +++ b/utility/crossystem_main.c @@ -39,8 +39,8 @@ const Param sys_param_list[] = { {"dbg_reset", CAN_WRITE, "Debug reset mode request (writable)"}, {"dev_boot_usb", CAN_WRITE, "Enable developer mode boot from USB/SD (writable)"}, - {"dev_boot_custom", CAN_WRITE, - "Enable developer mode boot using self-signed kernels (writable)"}, + {"dev_boot_signed_only", CAN_WRITE, + "Enable developer mode boot only from official kernels (writable)"}, {"devsw_boot", 0, "Developer switch position at boot"}, {"devsw_cur", 0, "Developer switch current position"}, {"ecfw_act", IS_STRING, "Active EC firmware"}, |