diff options
| author | Hung-Te Lin <hungte@chromium.org> | 2018-09-21 17:39:46 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-21 10:11:34 -0700 |
| commit | 5bc8f9c7f9ddda443d5d7214034192c5d9091887 (patch) | |
| tree | 80b09c37c107fe6a2a891b9ed002df92ca918e5e | |
| parent | cc77bb21ebf1e131a6a8333e89709a1b8f195817 (diff) | |
| download | vboot-5bc8f9c7f9ddda443d5d7214034192c5d9091887.tar.gz | |
futility: update: Skip TPM check if tpm_fwver is not valid.stabilize-11101.B
Ideally we should fail if `tpm_fwver` can't be retrieved, but if an user can
run the updater then his system is already up so it's more likely to be a
vboot library issue (especially in early proto devices) that the crossystem
values were not reported correctly.
As a result, it seems more reasonable to skip checking TPM anti-rollback if
`tpm_fwver` can't be retrieved.
BRANCH=None
BUG=b:115764295
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
Change-Id: I7b6bf72531edb334a465c730fe8b3fbafa469b3a
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1238099
Reviewed-by: Joel Kitching <kitching@chromium.org>
| -rw-r--r-- | futility/cmd_update.c | 18 | ||||
| -rwxr-xr-x | tests/futility/test_update.sh | 8 |
2 files changed, 20 insertions, 6 deletions
diff --git a/futility/cmd_update.c b/futility/cmd_update.c index 81fd8f41..c4897918 100644 --- a/futility/cmd_update.c +++ b/futility/cmd_update.c @@ -1400,10 +1400,20 @@ static int check_compatible_tpm_keys(struct updater_config *cfg, tpm_data_key_version = 0, tpm_firmware_version = 0, tpm_fwver = 0; + /* Fail if the given image does not look good. */ + if (get_key_versions(rw_image, FMAP_RW_VBLOCK_A, &data_key_version, + &firmware_version) != 0) + return -1; + tpm_fwver = get_system_property(SYS_PROP_TPM_FWVER, cfg); if (tpm_fwver <= 0) { - ERROR("Invalid tpm_fwver: %d.", tpm_fwver); - return -1; + ERROR("Invalid tpm_fwver: %#x (skipped checking).", tpm_fwver); + /* + * This is an error, but it may be common for early proto + * devices so we don't want to fail here. Just skip checking TPM + * if system tpm_fwver can't be fetched. + */ + return 0; } tpm_data_key_version = tpm_fwver >> 16; @@ -1411,10 +1421,6 @@ static int check_compatible_tpm_keys(struct updater_config *cfg, DEBUG("TPM: data_key_version = %d, firmware_version = %d", tpm_data_key_version, tpm_firmware_version); - if (get_key_versions(rw_image, FMAP_RW_VBLOCK_A, &data_key_version, - &firmware_version) != 0) - return -1; - if (tpm_data_key_version > data_key_version) { ERROR("Data key version rollback detected (%d->%d).", tpm_data_key_version, data_key_version); diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh index b74c7ea9..8c5e0d56 100755 --- a/tests/futility/test_update.sh +++ b/tests/futility/test_update.sh @@ -158,6 +158,14 @@ test_update "Full update (TPM Anti-rollback: kernel key)" \ "${FROM_IMAGE}" "!Firmware version rollback detected (5->4)" \ -i "${TO_IMAGE}" --wp=0 --sys_props 1,0x10005,1 +test_update "Full update (Skip TPM check due to invalid tpm_fwver)" \ + "${FROM_IMAGE}" "${TMP}.expected.full" \ + -i "${TO_IMAGE}" --wp=0 --sys_props 0,0x0,1 + +test_update "Full update (Skip TPM check due to tpm_fwver error)" \ + "${FROM_IMAGE}" "${TMP}.expected.full" \ + -i "${TO_IMAGE}" --wp=0 --sys_props 0,-1,1 + # Test RW-only update. test_update "RW update" \ "${FROM_IMAGE}" "${TMP}.expected.rw" \ |