diff options
| author | Hung-Te Lin <hungte@chromium.org> | 2019-03-11 14:42:51 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-12 03:33:00 -0700 |
| commit | 2798b3bf39a3204385887c705ccfebc78fd07e48 (patch) | |
| tree | 469245e6a4064df11358e83e605d3d48e82cb3e0 | |
| parent | 3f02fc10e59fbbe77f831a047793849a205a5889 (diff) | |
| download | vboot-2798b3bf39a3204385887c705ccfebc78fd07e48.tar.gz | |
futility: updater: Report key hash on TPM failure
When write protection is not enabled and updater sees TPM Anti-Rollback
failure, the log will only report TPM failure (example: crbug.com/937961).
This is hard to figure out if the failure was caused by re-key or other
reasons.
In try-rw and rw update, the updater will always check rootkey
compatibility before checking TPM anti-rollback, so we should do the
same thing on full update (RO+RW). With this change, the updater will
report key mismatch before failing with TPM anti-rollback.
BUG=chromium:937961
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=None
Change-Id: I2f035450995387b198f990467e4f416e6c7b746e
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1514007
Reviewed-by: Joel Kitching <kitching@chromium.org>
| -rw-r--r-- | futility/updater.c | 4 | ||||
| -rwxr-xr-x | tests/futility/test_update.sh | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/futility/updater.c b/futility/updater.c index a4e8a996..c737f16f 100644 --- a/futility/updater.c +++ b/futility/updater.c @@ -1615,8 +1615,6 @@ static enum updater_error_codes update_whole_firmware( DEBUG("Failed to preserve some sections - ignore."); INFO("Checking compatibility..."); - if (check_compatible_tpm_keys(cfg, image_to)) - return UPDATE_ERR_TPM_ROLLBACK; if (!cfg->force_update) { /* Check if the image_to itself is broken */ enum rootkey_compat_result r = check_compatible_root_key( @@ -1644,6 +1642,8 @@ static enum updater_error_codes update_whole_firmware( return UPDATE_ERR_ROOT_KEY; } } + if (check_compatible_tpm_keys(cfg, image_to)) + return UPDATE_ERR_TPM_ROLLBACK; /* FMAP may be different so we should just update all. */ if (write_firmware(cfg, image_to, NULL) || diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh index 6c2d2ee7..6d57f674 100755 --- a/tests/futility/test_update.sh +++ b/tests/futility/test_update.sh @@ -255,8 +255,8 @@ test_update "RW update (TPM Anti-rollback: kernel key)" \ -i "${TO_IMAGE}" -t --wp=1 --sys_props 1,0x10005,1 test_update "RW update -> fallback to RO+RW Full update (TPM Anti-rollback)" \ - "${TO_IMAGE}" "!Firmware version rollback detected (4->2)" \ - -i "${FROM_IMAGE}" -t --wp=0 --sys_props 1,0x10004,1 + "${FROM_IMAGE}" "!Firmware version rollback detected (6->4)" \ + -i "${TO_IMAGE}" -t --wp=0 --sys_props 1,0x10006,1 # Test Try-RW update (vboot1). test_update "RW update (vboot1, A->B)" \ |