vboot: expose vb2api_secdatak_check and vb2api_secdatak_create

Previously vb2api_secdatak_check and vb2api_secdatak_create had headers in 2api.h, but no definitions. Merge identical internal/external functions: vb2api_secdata_create, vb2_secdata_create_crc vb2api_secdata_check, vb2_secdata_check_crc vb2api_secdatak_create, vb2_secdatak_create_crc vb2api_secdatak_check, vb2_secdatak_check_crc BUG=b:124141368, chromium:972956 TEST=make clean && make runtests BRANCH=none Change-Id: I64a14d65e5d856ca0f819ef3ded50b4719abc8b3 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1652874 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Julius Werner <jwerner@chromium.org>
author: Joel Kitching <kitching@google.com> 2019-06-11 16:27:08 +0800
committer: Commit Bot <commit-bot@chromium.org> 2019-06-13 19:45:59 +0000
commit: d15663d4f594e2c82ec73570b2a6772e719c0c3f (patch)
tree: 5122a60b34ae4a0fd53f93df6f74318195a8f541
parent: 70b3753d22dc0a1fead6f1cb65bc6e69e29a771e (diff)
download: vboot-d15663d4f594e2c82ec73570b2a6772e719c0c3f.tar.gz
16 files changed, 38 insertions, 94 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index 99bb9630..f2e7d6bb 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -16,16 +16,6 @@
 #include "2rsa.h"
 #include "2tpm_bootmode.h"
 
-int vb2api_secdata_check(const struct vb2_context *ctx)
-{
-	return vb2_secdata_check_crc(ctx);
-}
-
-int vb2api_secdata_create(struct vb2_context *ctx)
-{
-	return vb2_secdata_create(ctx);
-}
-
 void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
 {
 	/* Initialize the vboot context if it hasn't been yet */
diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c
index 3281f7c3..e4b42e44 100644
--- a/firmware/2lib/2secdata.c
+++ b/firmware/2lib/2secdata.c
@@ -11,7 +11,7 @@
 #include "2misc.h"
 #include "2secdata.h"
 
-int vb2_secdata_check_crc(const struct vb2_context *ctx)
+int vb2api_secdata_check(const struct vb2_context *ctx)
 {
 	const struct vb2_secdata *sec =
 		(const struct vb2_secdata *)ctx->secdata;
@@ -27,7 +27,7 @@ int vb2_secdata_check_crc(const struct vb2_context *ctx)
 	return VB2_SUCCESS;
 }
 
-int vb2_secdata_create(struct vb2_context *ctx)
+int vb2api_secdata_create(struct vb2_context *ctx)
 {
 	struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata;
 
@@ -48,7 +48,7 @@ int vb2_secdata_init(struct vb2_context *ctx)
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 	int rv;
 
-	rv = vb2_secdata_check_crc(ctx);
+	rv = vb2api_secdata_check(ctx);
 	if (rv)
 		return rv;
 
diff --git a/firmware/2lib/2secdatak.c b/firmware/2lib/2secdatak.c
index af11aef4..228312d8 100644
--- a/firmware/2lib/2secdatak.c
+++ b/firmware/2lib/2secdatak.c
@@ -11,7 +11,7 @@
 #include "2misc.h"
 #include "2secdata.h"
 
-int vb2_secdatak_check_crc(const struct vb2_context *ctx)
+int vb2api_secdatak_check(const struct vb2_context *ctx)
 {
 	const struct vb2_secdatak *sec =
 		(const struct vb2_secdatak *)ctx->secdatak;
@@ -23,7 +23,7 @@ int vb2_secdatak_check_crc(const struct vb2_context *ctx)
 	return VB2_SUCCESS;
 }
 
-int vb2_secdatak_create(struct vb2_context *ctx)
+int vb2api_secdatak_create(struct vb2_context *ctx)
 {
 	struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak;
 
@@ -48,7 +48,7 @@ int vb2_secdatak_init(struct vb2_context *ctx)
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 	int rv;
 
-	rv = vb2_secdatak_check_crc(ctx);
+	rv = vb2api_secdatak_check(ctx);
 	if (rv)
 		return rv;
 
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 341517d9..9cab74e9 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -393,12 +393,13 @@ enum vb2_pcr_digest {
  */
 
 /**
- * Sanity-check the contents of the secure storage context.
+ * Check the CRC of the secure storage context.
  *
  * Use this if reading from secure storage may be flaky, and you want to retry
  * reading it several times.
  *
- * This may be called before vb2api_phase1().
+ * This may be called before vb2api_phase1() (externally), and before
+ * vb2_context_init() (internally).
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
@@ -413,7 +414,8 @@ int vb2api_secdata_check(const struct vb2_context *ctx);
  * (or any other API in this library) fails; that could allow the secure data
  * to be rolled back to an insecure state.
  *
- * This may be called before vb2api_phase1().
+ * This may be called before vb2api_phase1() (externally), and before
+ * vb2_context_init() (internally).
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
@@ -421,12 +423,13 @@ int vb2api_secdata_check(const struct vb2_context *ctx);
 int vb2api_secdata_create(struct vb2_context *ctx);
 
 /**
- * Sanity-check the contents of the kernel version secure storage context.
+ * Check the CRC of the kernel version secure storage context.
  *
  * Use this if reading from secure storage may be flaky, and you want to retry
  * reading it several times.
  *
- * This may be called before vb2api_phase1().
+ * This may be called before vb2api_phase1() (externally), and before
+ * vb2_context_init() (internally).
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
@@ -441,7 +444,8 @@ int vb2api_secdatak_check(const struct vb2_context *ctx);
  * (or any other API in this library) fails; that could allow the secure data
  * to be rolled back to an insecure state.
  *
- * This may be called before vb2api_phase1().
+ * This may be called before vb2api_phase1() (externally), and before
+ * vb2_context_init() (internally).
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 15ec97f6..5126555b 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -90,10 +90,10 @@ enum vb2_return_code {
 	 */
 	VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000,
 
-	/* Bad CRC in vb2_secdata_check_crc() */
+	/* Bad CRC in vb2api_secdata_check() */
 	VB2_ERROR_SECDATA_CRC,
 
-	/* Secdata is all zeroes (uninitialized) in vb2_secdata_check_crc() */
+	/* Secdata is all zeroes (uninitialized) in vb2api_secdata_check() */
 	VB2_ERROR_SECDATA_ZERO,
 
 	/* Invalid param in vb2_secdata_get() */
@@ -111,7 +111,7 @@ enum vb2_return_code {
 	/* Called vb2_secdata_set() with uninitialized secdata */
 	VB2_ERROR_SECDATA_SET_UNINITIALIZED,
 
-	/* Bad CRC in vb2_secdatak_check_crc() */
+	/* Bad CRC in vb2api_secdatak_check() */
 	VB2_ERROR_SECDATAK_CRC,
 
 	/* Bad struct version in vb2_secdatak_init() */
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index d27432e8..2563b3fb 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -92,31 +92,6 @@ enum vb2_secdatak_param {
 /* Firmware version space functions */
 
 /**
- * Check the CRC of the secure storage context.
- *
- * Use this if reading from secure storage may be flaky, and you want to retry
- * reading it several times.
- *
- * This may be called before vb2_context_init().
- *
- * @param ctx		Context pointer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_secdata_check_crc(const struct vb2_context *ctx);
-
-/**
- * Create fresh data in the secure storage context.
- *
- * Use this only when initializing the secure storage context on a new machine
- * the first time it boots.  Do NOT simply use this if vb2_secdata_check_crc()
- * (or any other API in this library) fails; that could allow the secure data
- * to be rolled back to an insecure state.
- *
- * This may be called before vb2_context_init().
- */
-int vb2_secdata_create(struct vb2_context *ctx);
-
-/**
  * Initialize the secure storage context and verify its CRC.
  *
  * This must be called before vb2_secdata_get() or vb2_secdata_set().
@@ -158,31 +133,6 @@ int vb2_secdata_set(struct vb2_context *ctx,
  */
 
 /**
- * Check the CRC of the kernel version secure storage context.
- *
- * Use this if reading from secure storage may be flaky, and you want to retry
- * reading it several times.
- *
- * This may be called before vb2_context_init().
- *
- * @param ctx		Context pointer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_secdatak_check_crc(const struct vb2_context *ctx);
-
-/**
- * Create fresh data in the secure storage context.
- *
- * Use this only when initializing the secure storage context on a new machine
- * the first time it boots.  Do NOT simply use this if vb2_secdatak_check_crc()
- * (or any other API in this library) fails; that could allow the secure data
- * to be rolled back to an insecure state.
- *
- * This may be called before vb2_context_init().
- */
-int vb2_secdatak_create(struct vb2_context *ctx);
-
-/**
  * Initialize the secure storage context and verify its CRC.
  *
  * This must be called before vb2_secdatak_get() or vb2_secdatak_set().
diff --git a/tests/vb20_api_kernel_tests.c b/tests/vb20_api_kernel_tests.c
index 0d48c75c..64fb421f 100644
--- a/tests/vb20_api_kernel_tests.c
+++ b/tests/vb20_api_kernel_tests.c
@@ -64,7 +64,7 @@ static void reset_common_data(enum reset_type t)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdatak_create(&ctx);
+	vb2api_secdatak_create(&ctx);
 	vb2_secdatak_init(&ctx);
 	vb2_secdatak_set(&ctx, VB2_SECDATAK_VERSIONS, 0x20002);
 
diff --git a/tests/vb20_api_tests.c b/tests/vb20_api_tests.c
index 6c43391e..1c96efa1 100644
--- a/tests/vb20_api_tests.c
+++ b/tests/vb20_api_tests.c
@@ -66,7 +66,7 @@ static void reset_common_data(enum reset_type t)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdata_create(&ctx);
+	vb2api_secdata_create(&ctx);
 	vb2_secdata_init(&ctx);
 
 	retval_vb2_load_fw_keyblock = VB2_SUCCESS;
diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c
index ec70f4bb..c798f862 100644
--- a/tests/vb20_kernel_tests.c
+++ b/tests/vb20_kernel_tests.c
@@ -90,7 +90,7 @@ static void reset_common_data(enum reset_type t)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdatak_create(&ctx);
+	vb2api_secdatak_create(&ctx);
 	vb2_secdatak_init(&ctx);
 
 	mock_read_res_fail_on_call = 0;
diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c
index 4cd11b6f..9716ae2a 100644
--- a/tests/vb20_misc_tests.c
+++ b/tests/vb20_misc_tests.c
@@ -76,7 +76,7 @@ static void reset_common_data(enum reset_type t)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdata_create(&ctx);
+	vb2api_secdata_create(&ctx);
 	vb2_secdata_init(&ctx);
 
 	mock_read_res_fail_on_call = 0;
diff --git a/tests/vb21_api_tests.c b/tests/vb21_api_tests.c
index 18809400..cbe61086 100644
--- a/tests/vb21_api_tests.c
+++ b/tests/vb21_api_tests.c
@@ -81,7 +81,7 @@ static void reset_common_data(enum reset_type t)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdata_create(&ctx);
+	vb2api_secdata_create(&ctx);
 	vb2_secdata_init(&ctx);
 
 	memset(&hwcrypto_emulation_dc, 0, sizeof(hwcrypto_emulation_dc));
diff --git a/tests/vb21_misc_tests.c b/tests/vb21_misc_tests.c
index 7eaf0546..db7cd775 100644
--- a/tests/vb21_misc_tests.c
+++ b/tests/vb21_misc_tests.c
@@ -78,7 +78,7 @@ static void reset_common_data(enum reset_type t)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdata_create(&ctx);
+	vb2api_secdata_create(&ctx);
 	vb2_secdata_init(&ctx);
 
 	mock_read_res_fail_on_call = 0;
diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c
index c261f963..144102a6 100644
--- a/tests/vb2_api_tests.c
+++ b/tests/vb2_api_tests.c
@@ -59,7 +59,7 @@ static void reset_common_data(enum reset_type t)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdata_create(&ctx);
+	vb2api_secdata_create(&ctx);
 	vb2_secdata_init(&ctx);
 
 	force_dev_mode = 0;
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index 3c262633..85a6e697 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -44,7 +44,7 @@ static void reset_common_data(void)
 
 	vb2_nv_init(&ctx);
 
-	vb2_secdata_create(&ctx);
+	vb2api_secdata_create(&ctx);
 	vb2_secdata_init(&ctx);
 
 	mock_tpm_clear_called = 0;
diff --git a/tests/vb2_secdata_tests.c b/tests/vb2_secdata_tests.c
index 460bf831..99d7788a 100644
--- a/tests/vb2_secdata_tests.c
+++ b/tests/vb2_secdata_tests.c
@@ -43,7 +43,7 @@ static void secdata_test(void)
 
 	/* Blank data is invalid */
 	memset(c.secdata, 0xa6, sizeof(c.secdata));
-	TEST_EQ(vb2_secdata_check_crc(&c),
+	TEST_EQ(vb2api_secdata_check(&c),
 		VB2_ERROR_SECDATA_CRC, "Check blank CRC");
 	TEST_EQ(vb2_secdata_init(&c),
 		 VB2_ERROR_SECDATA_CRC, "Init blank CRC");
@@ -53,19 +53,19 @@ static void secdata_test(void)
 	TEST_EQ(vb2_secdata_init(&c), VB2_ERROR_SECDATA_ZERO, "Zeroed buffer");
 
 	/* Create good data */
-	TEST_SUCC(vb2_secdata_create(&c), "Create");
-	TEST_SUCC(vb2_secdata_check_crc(&c), "Check created CRC");
+	TEST_SUCC(vb2api_secdata_create(&c), "Create");
+	TEST_SUCC(vb2api_secdata_check(&c), "Check created CRC");
 	TEST_SUCC(vb2_secdata_init(&c), "Init created CRC");
 	test_changed(&c, 1, "Create changes data");
 
 	/* Now corrupt it */
 	c.secdata[2]++;
-	TEST_EQ(vb2_secdata_check_crc(&c),
+	TEST_EQ(vb2api_secdata_check(&c),
 		VB2_ERROR_SECDATA_CRC, "Check invalid CRC");
 	TEST_EQ(vb2_secdata_init(&c),
 		 VB2_ERROR_SECDATA_CRC, "Init invalid CRC");
 
-	vb2_secdata_create(&c);
+	vb2api_secdata_create(&c);
 	c.flags = 0;
 
 	/* Read/write flags */
diff --git a/tests/vb2_secdatak_tests.c b/tests/vb2_secdatak_tests.c
index 6a4f9017..81eb0345 100644
--- a/tests/vb2_secdatak_tests.c
+++ b/tests/vb2_secdatak_tests.c
@@ -44,20 +44,20 @@ static void secdatak_test(void)
 
 	/* Blank data is invalid */
 	memset(c.secdatak, 0xa6, sizeof(c.secdatak));
-	TEST_EQ(vb2_secdatak_check_crc(&c),
+	TEST_EQ(vb2api_secdatak_check(&c),
 		VB2_ERROR_SECDATAK_CRC, "Check blank CRC");
 	TEST_EQ(vb2_secdatak_init(&c),
 		 VB2_ERROR_SECDATAK_CRC, "Init blank CRC");
 
 	/* Create good data */
-	TEST_SUCC(vb2_secdatak_create(&c), "Create");
-	TEST_SUCC(vb2_secdatak_check_crc(&c), "Check created CRC");
+	TEST_SUCC(vb2api_secdatak_create(&c), "Create");
+	TEST_SUCC(vb2api_secdatak_check(&c), "Check created CRC");
 	TEST_SUCC(vb2_secdatak_init(&c), "Init created CRC");
 	test_changed(&c, 1, "Create changes data");
 
 	/* Now corrupt it */
 	c.secdatak[2]++;
-	TEST_EQ(vb2_secdatak_check_crc(&c),
+	TEST_EQ(vb2api_secdatak_check(&c),
 		VB2_ERROR_SECDATAK_CRC, "Check invalid CRC");
 	TEST_EQ(vb2_secdatak_init(&c),
 		 VB2_ERROR_SECDATAK_CRC, "Init invalid CRC");
@@ -66,7 +66,7 @@ static void secdatak_test(void)
 	{
 		struct vb2_secdatak *sec = (struct vb2_secdatak *)c.secdatak;
 
-		vb2_secdatak_create(&c);
+		vb2api_secdatak_create(&c);
 		sec->uid++;
 		sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8));
 
@@ -75,7 +75,7 @@ static void secdatak_test(void)
 	}
 
 	/* Read/write versions */
-	vb2_secdatak_create(&c);
+	vb2api_secdatak_create(&c);
 	c.flags = 0;
 	TEST_SUCC(vb2_secdatak_get(&c, VB2_SECDATAK_VERSIONS, &v),
 		  "Get versions");
author	Joel Kitching <kitching@google.com>	2019-06-11 16:27:08 +0800
committer	Commit Bot <commit-bot@chromium.org>	2019-06-13 19:45:59 +0000
commit	d15663d4f594e2c82ec73570b2a6772e719c0c3f (patch)
tree	5122a60b34ae4a0fd53f93df6f74318195a8f541
parent	70b3753d22dc0a1fead6f1cb65bc6e69e29a771e (diff)
download	vboot-d15663d4f594e2c82ec73570b2a6772e719c0c3f.tar.gz