vboot: changes to allow RW_LEGACY hash verification

This is largely a cherry-pick of CL:1133598

- Externalize vb2_digest_buffer function to vb2api_digest_buffer.
- Change VbExLegacy()'s altfw_num parameter from int to enum so
  caller can specify which specific payload to run.

BUG=b:124358784
BRANCH=None
TEST=Local compile. Verified with subsequent change that legacy boot
still works and new functionality can opt-in to and utilize payload
verification.
CQ-DEPEND=CL:1471053

Change-Id: I9700c2e38c3cfa255eeff72ce416295af9d076fb
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1471051
Reviewed-by: Julius Werner <jwerner@chromium.org>

9 files changed, 55 insertions, 13 deletions

diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index c12a8051..707f2027 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -206,3 +206,12 @@ int vb2api_get_pcr_digest(struct vb2_context *ctx,
 
 	return VB2_SUCCESS;
 }
+
+int vb2api_digest_buffer(const uint8_t *buf,
+			 uint32_t size,
+			 enum vb2_hash_algorithm hash_alg,
+			 uint8_t *digest,
+			 uint32_t digest_size)
+{
+	return vb2_digest_buffer(buf, size, hash_alg, digest, digest_size);
+}
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index f228fb30..d8349831 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -683,4 +683,20 @@ int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size);
  */
 int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size);
 
+/**
+ * Calculate the digest of a buffer and store the result.
+ *
+ * @param buf		Data to hash
+ * @param size		Length of data in bytes
+ * @param hash_alg	Hash algorithm
+ * @param digest	Destination for digest
+ * @param digest_size	Length of digest buffer in bytes.
+ * @return VB2_SUCCESS, or non-zero on error.
+ */
+int vb2api_digest_buffer(const uint8_t *buf,
+			 uint32_t size,
+			 enum vb2_hash_algorithm hash_alg,
+			 uint8_t *digest,
+			 uint32_t digest_size);
+
 #endif  /* VBOOT_2_API_H_ */
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h
index fdb7615b..6e738dc4 100644
--- a/firmware/include/vboot_api.h
+++ b/firmware/include/vboot_api.h
@@ -1011,13 +1011,30 @@ enum {
 	MAX_COMPRESS,
 };
 
+enum VbAltFwIndex_t {
+	VB_ALTFW_DEFAULT = 0,
+	VB_ALTFW_FIRST = 1,
+	VB_ALTFW_SECOND,
+	VB_ALTFW_THIRD,
+	VB_ALTFW_FOURTH,
+	VB_ALTFW_FIFTH,
+	VB_ALTFW_SIXTH,
+	VB_ALTFW_SEVENTH,
+	VB_ALTFW_EIGHTH,
+	VB_ALTFW_NINTH,
+};
+
 /**
  * Execute legacy boot option.
  *
  * @param altfw_num	Bootloader sequence number to execute. Use
  *	0 to boot the default payload, if any
+ *     >0 (i.e., positive #) run a payload by # based in altfw/list file
+ *     <0 (i.e., negative #) run a specific payload by name without using
+ *        the altfw/list file.  Typically payloads in this category will be
+ *        verified before they are run. Currently no #s are defined.
  */
-int VbExLegacy(int altfw_num);
+int VbExLegacy(enum VbAltFwIndex_t altfw_num);
 
 /* Regions for VbExRegionRead() */
 enum vb_firmware_region {
diff --git a/firmware/lib/include/vboot_ui_common.h b/firmware/lib/include/vboot_ui_common.h
index cc130a67..8998229d 100644
--- a/firmware/lib/include/vboot_ui_common.h
+++ b/firmware/lib/include/vboot_ui_common.h
@@ -38,7 +38,7 @@ void vb2_error_notify(const char *print_msg,
  *
  * @altfw_num	Number of bootloader to start (0=any, 1=first, etc.)
  */
-void vb2_run_altfw(int altfw_num);
+void vb2_run_altfw(enum VbAltFwIndex_t altfw_num);
 
 /** Display an error and beep to indicate that altfw is not available */
 void vb2_error_no_altfw(void);
@@ -55,6 +55,6 @@ void vb2_error_no_altfw(void);
  * @allowed	1 if allowed, 0 if not allowed
  * @altfw_num	Number of bootloader to start (0=any, 1=first, etc.)
  */
-void vb2_try_alt_fw(int allowed, int altfw_num);
+void vb2_try_alt_fw(int allowed, enum VbAltFwIndex_t altfw_num);
 
 #endif  /* VBOOT_REFERENCE_VBOOT_UI_COMMON_H_ */
diff --git a/firmware/lib/vboot_ui_common.c b/firmware/lib/vboot_ui_common.c
index b15bf29d..01201ca5 100644
--- a/firmware/lib/vboot_ui_common.c
+++ b/firmware/lib/vboot_ui_common.c
@@ -43,7 +43,7 @@ void vb2_error_notify(const char *print_msg,
 	vb2_error_beep(beep);
 }
 
-void vb2_run_altfw(int altfw_num)
+void vb2_run_altfw(enum VbAltFwIndex_t altfw_num)
 {
 	if (RollbackKernelLock(0)) {
 		vb2_error_notify("Error locking kernel versions on legacy "
@@ -64,7 +64,7 @@ void vb2_error_no_altfw(void)
 	vb2_error_beep(VB_BEEP_NOT_ALLOWED);
 }
 
-void vb2_try_alt_fw(int allowed, int altfw_num)
+void vb2_try_alt_fw(int allowed, enum VbAltFwIndex_t altfw_num)
 {
 	if (allowed)
 		vb2_run_altfw(altfw_num);	/* will not return if found */
diff --git a/firmware/lib/vboot_ui_menu.c b/firmware/lib/vboot_ui_menu.c
index 96a24e0e..a15c8562 100644
--- a/firmware/lib/vboot_ui_menu.c
+++ b/firmware/lib/vboot_ui_menu.c
@@ -162,7 +162,7 @@ static VbError_t boot_legacy_action(struct vb2_context *ctx)
 		return VBERROR_KEEP_LOOPING;
 	}
 
-	vb2_run_altfw(0);
+	vb2_run_altfw(VB_ALTFW_DEFAULT);
 	vb2_flash_screen(ctx);
 	return VBERROR_KEEP_LOOPING;
 }
diff --git a/firmware/stub/vboot_api_stub.c b/firmware/stub/vboot_api_stub.c
index 3363aa4f..f62e9322 100644
--- a/firmware/stub/vboot_api_stub.c
+++ b/firmware/stub/vboot_api_stub.c
@@ -165,7 +165,7 @@ enum VbEcBootMode_t VbGetMode(void)
 	return vboot_mode;
 }
 
-int VbExLegacy(int altfw_num)
+int VbExLegacy(enum VbAltFwIndex_t altfw_num)
 {
 	return 1;
 }
diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c
index 9224725f..c878ce37 100644
--- a/tests/vboot_api_kernel2_tests.c
+++ b/tests/vboot_api_kernel2_tests.c
@@ -37,7 +37,7 @@ static int shutdown_request_power_held;
 static int audio_looping_calls_left;
 static uint32_t vbtlk_retval;
 static int vbexlegacy_called;
-static int altfw_num;
+static enum VbAltFwIndex_t altfw_num;
 static int trust_ec;
 static int virtdev_set;
 static uint32_t virtdev_retval;
@@ -82,7 +82,7 @@ static void ResetMocks(void)
 	audio_looping_calls_left = 30;
 	vbtlk_retval = 1000;
 	vbexlegacy_called = 0;
-	altfw_num = -1;
+	altfw_num = -100;
 	trust_ec = 0;
 	virtdev_set = 0;
 	virtdev_retval = 0;
@@ -149,7 +149,7 @@ uint32_t VbExGetSwitches(uint32_t request_mask)
 		return 0;
 }
 
-int VbExLegacy(int _altfw_num)
+int VbExLegacy(enum VbAltFwIndex_t _altfw_num)
 {
 	vbexlegacy_called++;
 	altfw_num = _altfw_num;
diff --git a/tests/vboot_detach_menu_tests.c b/tests/vboot_detach_menu_tests.c
index 4db4f3a4..3bfc0b27 100644
--- a/tests/vboot_detach_menu_tests.c
+++ b/tests/vboot_detach_menu_tests.c
@@ -41,7 +41,7 @@ static VbError_t vbtlk_last_retval;
 static int vbtlk_retval_count;
 static const VbError_t vbtlk_retval_fixed = 1002;
 static int vbexlegacy_called;
-static int altfw_num;
+static enum VbAltFwIndex_t altfw_num;
 static int debug_info_displayed;
 static int trust_ec;
 static int virtdev_set;
@@ -87,7 +87,7 @@ static void ResetMocks(void)
 	shutdown_request_calls_left = 301;
 	audio_looping_calls_left = 60;
 	vbexlegacy_called = 0;
-	altfw_num = -1;
+	altfw_num = -100;
 	debug_info_displayed = 0;
 	trust_ec = 0;
 	virtdev_set = 0;
@@ -174,7 +174,7 @@ uint32_t VbExGetSwitches(uint32_t request_mask)
 		return 0;
 }
 
-int VbExLegacy(int _altfw_num)
+int VbExLegacy(enum VbAltFwIndex_t _altfw_num)
 {
 	vbexlegacy_called++;
 	altfw_num = _altfw_num;