diff options
| author | Joel Kitching <kitching@google.com> | 2019-08-27 17:13:55 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-08-31 20:49:16 +0000 |
| commit | fbde3aa0af045021c2bfd315ad59f10aab2543fc (patch) | |
| tree | abe4d0373a2a2b596f247a946aee5be51664ca0f | |
| parent | f4a9bfb303b034639469f1f1fcf18d61357bd4fe (diff) | |
| download | vboot-fbde3aa0af045021c2bfd315ad59f10aab2543fc.tar.gz | |
vboot/secdata: rename secdata and secdatak
For clarity's sake, rename:
secdata -> secdata_firmware
secdatak -> secdata_kernel
secdata is now the general term to refer to any secure data
spaces: firmware, kernel, and FWMP.
Once coreboot code has been updated, the sections in 2api.h
and 2constants.h may be removed.
BUG=b:124141368, chromium:972956
TEST=make clean && make runtests
BRANCH=none
Change-Id: I376acee552e8be37c75c340626a95462f81e198b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1773079
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
33 files changed, 869 insertions, 779 deletions
@@ -365,8 +365,8 @@ FWLIB2X_SRCS = \ firmware/2lib/2nvstorage.c \ firmware/2lib/2packed_key.c \ firmware/2lib/2rsa.c \ - firmware/2lib/2secdata.c \ - firmware/2lib/2secdatak.c \ + firmware/2lib/2secdata_firmware.c \ + firmware/2lib/2secdata_kernel.c \ firmware/2lib/2sha1.c \ firmware/2lib/2sha256.c \ firmware/2lib/2sha512.c \ @@ -726,8 +726,8 @@ TEST2X_NAMES = \ tests/vb2_misc_tests \ tests/vb2_nvstorage_tests \ tests/vb2_rsa_utility_tests \ - tests/vb2_secdata_tests \ - tests/vb2_secdatak_tests \ + tests/vb2_secdata_firmware_tests \ + tests/vb2_secdata_kernel_tests \ tests/vb2_sha_tests \ tests/hmac_test @@ -1317,8 +1317,8 @@ run2tests: test_setup ${RUNTEST} ${BUILD_RUN}/tests/vb2_misc_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_nvstorage_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_rsa_utility_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb2_secdata_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb2_secdatak_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb2_secdata_firmware_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb2_secdata_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_sha_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_api_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_api_kernel_tests diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index e6ed5eb0..e93894d7 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -57,10 +57,10 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) return VB2_ERROR_API_PHASE1_SECDATA_REBOOT; } - /* Initialize secure data */ - rv = vb2_secdata_init(ctx); + /* Initialize firmware secure data */ + rv = vb2_secdata_firmware_init(ctx); if (rv) - vb2_fail(ctx, VB2_RECOVERY_SECDATA_INIT, rv); + vb2_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv); /* Load and parse the GBB header */ rv = vb2_fw_parse_gbb(ctx); diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 28ca3689..98b5c33a 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -245,7 +245,7 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx) vb2_error_t rv; /* Read secure flags */ - rv = vb2_secdata_get(ctx, VB2_SECDATA_FLAGS, &flags); + rv = vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_FLAGS, &flags); if (rv) { if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) { /* @@ -265,7 +265,7 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx) /* Handle dev disable request */ if (use_secdata && vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST)) { - flags &= ~VB2_SECDATA_FLAG_DEV_MODE; + flags &= ~VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE; /* Clear the request */ vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 0); @@ -276,10 +276,10 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx) * that hardware switch and GBB flag will take precedence over this. */ if (ctx->flags & VB2_CONTEXT_DISABLE_DEVELOPER_MODE) - flags &= ~VB2_SECDATA_FLAG_DEV_MODE; + flags &= ~VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE; /* Check virtual dev switch */ - if (flags & VB2_SECDATA_FLAG_DEV_MODE) + if (flags & VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE) is_dev = 1; /* Check if GBB is forcing dev mode */ @@ -292,10 +292,10 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx) sd->flags |= VB2_SD_FLAG_DEV_MODE_ENABLED; ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - flags |= VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER; + flags |= VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER; } else { /* Normal mode */ - flags &= ~VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER; + flags &= ~VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER; /* * Disable dev_boot_* flags. This ensures they will be @@ -338,7 +338,8 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx) } /* Save new flags */ - rv = vb2_secdata_set(ctx, VB2_SECDATA_FLAGS, flags); + rv = vb2_secdata_firmware_set( + ctx, VB2_SECDATA_FIRMWARE_FLAGS, flags); if (rv) return rv; } diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c deleted file mode 100644 index 4493fbf3..00000000 --- a/firmware/2lib/2secdata.c +++ /dev/null @@ -1,131 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Secure storage APIs - */ - -#include "2sysincludes.h" -#include "2common.h" -#include "2crc8.h" -#include "2misc.h" -#include "2secdata.h" - -vb2_error_t vb2api_secdata_check(struct vb2_context *ctx) -{ - struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata; - - /* Verify CRC */ - if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata, crc8))) { - VB2_DEBUG("secdata_firmware: bad CRC\n"); - return VB2_ERROR_SECDATA_CRC; - } - - /* Verify version */ - if (sec->struct_version < VB2_SECDATA_VERSION) { - VB2_DEBUG("secdata_firmware: version incompatible\n"); - return VB2_ERROR_SECDATA_VERSION; - } - - return VB2_SUCCESS; -} - -vb2_error_t vb2api_secdata_create(struct vb2_context *ctx) -{ - struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata; - - /* Clear the entire struct */ - memset(sec, 0, sizeof(*sec)); - - /* Set to current version */ - sec->struct_version = VB2_SECDATA_VERSION; - - /* Calculate initial CRC */ - sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata, crc8)); - ctx->flags |= VB2_CONTEXT_SECDATA_CHANGED; - return VB2_SUCCESS; -} - -vb2_error_t vb2_secdata_init(struct vb2_context *ctx) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - vb2_error_t rv; - - rv = vb2api_secdata_check(ctx); - if (rv) - return rv; - - /* Set status flag */ - sd->status |= VB2_SD_STATUS_SECDATA_INIT; - - /* Read this now to make sure crossystem has it even in rec mode. */ - rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS, - &sd->fw_version_secdata); - if (rv) - return rv; - - return VB2_SUCCESS; -} - -vb2_error_t vb2_secdata_get(struct vb2_context *ctx, - enum vb2_secdata_param param, uint32_t *dest) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata; - - if (!(sd->status & VB2_SD_STATUS_SECDATA_INIT)) - return VB2_ERROR_SECDATA_GET_UNINITIALIZED; - - switch(param) { - case VB2_SECDATA_FLAGS: - *dest = sec->flags; - return VB2_SUCCESS; - - case VB2_SECDATA_VERSIONS: - *dest = sec->fw_versions; - return VB2_SUCCESS; - - default: - return VB2_ERROR_SECDATA_GET_PARAM; - } -} - -vb2_error_t vb2_secdata_set(struct vb2_context *ctx, - enum vb2_secdata_param param, uint32_t value) -{ - struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata; - uint32_t now; - - if (!(vb2_get_sd(ctx)->status & VB2_SD_STATUS_SECDATA_INIT)) - return VB2_ERROR_SECDATA_SET_UNINITIALIZED; - - /* If not changing the value, don't regenerate the CRC. */ - if (vb2_secdata_get(ctx, param, &now) == VB2_SUCCESS && now == value) - return VB2_SUCCESS; - - switch(param) { - case VB2_SECDATA_FLAGS: - /* Make sure flags is in valid range */ - if (value > 0xff) - return VB2_ERROR_SECDATA_SET_FLAGS; - - VB2_DEBUG("secdata flags updated from 0x%x to 0x%x\n", - sec->flags, value); - sec->flags = value; - break; - - case VB2_SECDATA_VERSIONS: - VB2_DEBUG("secdata versions updated from 0x%x to 0x%x\n", - sec->fw_versions, value); - sec->fw_versions = value; - break; - - default: - return VB2_ERROR_SECDATA_SET_PARAM; - } - - /* Regenerate CRC */ - sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata, crc8)); - ctx->flags |= VB2_CONTEXT_SECDATA_CHANGED; - return VB2_SUCCESS; -} diff --git a/firmware/2lib/2secdata_firmware.c b/firmware/2lib/2secdata_firmware.c new file mode 100644 index 00000000..1ce5b29b --- /dev/null +++ b/firmware/2lib/2secdata_firmware.c @@ -0,0 +1,143 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Secure storage APIs + */ + +#include "2sysincludes.h" +#include "2common.h" +#include "2crc8.h" +#include "2misc.h" +#include "2secdata.h" + +vb2_error_t vb2api_secdata_firmware_check(struct vb2_context *ctx) +{ + struct vb2_secdata_firmware *sec = + (struct vb2_secdata_firmware *)ctx->secdata_firmware; + + /* Verify CRC */ + if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata_firmware, + crc8))) { + VB2_DEBUG("secdata_firmware: bad CRC\n"); + return VB2_ERROR_SECDATA_FIRMWARE_CRC; + } + + /* Verify version */ + if (sec->struct_version < VB2_SECDATA_FIRMWARE_VERSION) { + VB2_DEBUG("secdata_firmware: version incompatible\n"); + return VB2_ERROR_SECDATA_FIRMWARE_VERSION; + } + + return VB2_SUCCESS; +} + +vb2_error_t vb2api_secdata_firmware_create(struct vb2_context *ctx) +{ + struct vb2_secdata_firmware *sec = + (struct vb2_secdata_firmware *)ctx->secdata_firmware; + + /* Clear the entire struct */ + memset(sec, 0, sizeof(*sec)); + + /* Set to current version */ + sec->struct_version = VB2_SECDATA_FIRMWARE_VERSION; + + /* Calculate initial CRC */ + sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_firmware, crc8)); + + /* Mark as changed */ + ctx->flags |= VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED; + + return VB2_SUCCESS; +} + +vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx) +{ + struct vb2_shared_data *sd = vb2_get_sd(ctx); + vb2_error_t rv; + + rv = vb2api_secdata_firmware_check(ctx); + if (rv) + return rv; + + /* Set status flag */ + sd->status |= VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; + + /* Read this now to make sure crossystem has it even in rec mode. */ + rv = vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_VERSIONS, + &sd->fw_version_secdata); + if (rv) + return rv; + + return VB2_SUCCESS; +} + +vb2_error_t vb2_secdata_firmware_get(struct vb2_context *ctx, + enum vb2_secdata_firmware_param param, + uint32_t *dest) +{ + struct vb2_shared_data *sd = vb2_get_sd(ctx); + struct vb2_secdata_firmware *sec = + (struct vb2_secdata_firmware *)ctx->secdata_firmware; + + if (!(sd->status & VB2_SD_STATUS_SECDATA_FIRMWARE_INIT)) + return VB2_ERROR_SECDATA_FIRMWARE_GET_UNINITIALIZED; + + switch (param) { + case VB2_SECDATA_FIRMWARE_FLAGS: + *dest = sec->flags; + return VB2_SUCCESS; + + case VB2_SECDATA_FIRMWARE_VERSIONS: + *dest = sec->fw_versions; + return VB2_SUCCESS; + + default: + return VB2_ERROR_SECDATA_FIRMWARE_GET_PARAM; + } +} + +vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx, + enum vb2_secdata_firmware_param param, + uint32_t value) +{ + struct vb2_secdata_firmware *sec = + (struct vb2_secdata_firmware *)ctx->secdata_firmware; + uint32_t now; + + if (!(vb2_get_sd(ctx)->status & VB2_SD_STATUS_SECDATA_FIRMWARE_INIT)) + return VB2_ERROR_SECDATA_FIRMWARE_SET_UNINITIALIZED; + + /* If not changing the value, don't regenerate the CRC. */ + if (vb2_secdata_firmware_get(ctx, param, &now) == VB2_SUCCESS && + now == value) + return VB2_SUCCESS; + + switch (param) { + case VB2_SECDATA_FIRMWARE_FLAGS: + /* Make sure flags is in valid range */ + if (value > 0xff) + return VB2_ERROR_SECDATA_FIRMWARE_SET_FLAGS; + + VB2_DEBUG("secdata_firmware flags updated from 0x%x to 0x%x\n", + sec->flags, value); + sec->flags = value; + break; + + case VB2_SECDATA_FIRMWARE_VERSIONS: + VB2_DEBUG("secdata_firmware versions updated from " + "0x%x to 0x%x\n", + sec->fw_versions, value); + sec->fw_versions = value; + break; + + default: + return VB2_ERROR_SECDATA_FIRMWARE_SET_PARAM; + } + + /* Regenerate CRC */ + sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_firmware, crc8)); + ctx->flags |= VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED; + return VB2_SUCCESS; +} diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c new file mode 100644 index 00000000..47c7100f --- /dev/null +++ b/firmware/2lib/2secdata_kernel.c @@ -0,0 +1,132 @@ +/* Copyright 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Secure storage APIs - kernel version space + */ + +#include "2sysincludes.h" +#include "2common.h" +#include "2crc8.h" +#include "2misc.h" +#include "2secdata.h" + +vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx) +{ + struct vb2_secdata_kernel *sec = + (struct vb2_secdata_kernel *)ctx->secdata_kernel; + + /* Verify CRC */ + if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata_kernel, + crc8))) { + VB2_DEBUG("secdata_kernel: bad CRC\n"); + return VB2_ERROR_SECDATA_KERNEL_CRC; + } + + /* Verify version */ + if (sec->struct_version < VB2_SECDATA_KERNEL_VERSION) { + VB2_DEBUG("secdata_firmware: version incompatible\n"); + return VB2_ERROR_SECDATA_KERNEL_VERSION; + } + + /* Verify UID */ + if (sec->uid != VB2_SECDATA_KERNEL_UID) { + VB2_DEBUG("secdata_kernel: bad UID\n"); + return VB2_ERROR_SECDATA_KERNEL_UID; + } + + return VB2_SUCCESS; +} + +vb2_error_t vb2api_secdata_kernel_create(struct vb2_context *ctx) +{ + struct vb2_secdata_kernel *sec = + (struct vb2_secdata_kernel *)ctx->secdata_kernel; + + /* Clear the entire struct */ + memset(sec, 0, sizeof(*sec)); + + /* Set to current version */ + sec->struct_version = VB2_SECDATA_KERNEL_VERSION; + + /* Set UID */ + sec->uid = VB2_SECDATA_KERNEL_UID; + + /* Calculate initial CRC */ + sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_kernel, crc8)); + + /* Mark as changed */ + ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED; + + return VB2_SUCCESS; +} + +vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx) +{ + struct vb2_shared_data *sd = vb2_get_sd(ctx); + vb2_error_t rv; + + rv = vb2api_secdata_kernel_check(ctx); + if (rv) + return rv; + + /* Set status flag */ + sd->status |= VB2_SD_STATUS_SECDATA_KERNEL_INIT; + + return VB2_SUCCESS; +} + +vb2_error_t vb2_secdata_kernel_get(struct vb2_context *ctx, + enum vb2_secdata_kernel_param param, + uint32_t *dest) +{ + struct vb2_shared_data *sd = vb2_get_sd(ctx); + struct vb2_secdata_kernel *sec = + (struct vb2_secdata_kernel *)ctx->secdata_kernel; + + if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT)) + return VB2_ERROR_SECDATA_KERNEL_GET_UNINITIALIZED; + + switch (param) { + case VB2_SECDATA_KERNEL_VERSIONS: + *dest = sec->kernel_versions; + return VB2_SUCCESS; + + default: + return VB2_ERROR_SECDATA_KERNEL_GET_PARAM; + } +} + +vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx, + enum vb2_secdata_kernel_param param, + uint32_t value) +{ + struct vb2_shared_data *sd = vb2_get_sd(ctx); + struct vb2_secdata_kernel *sec = + (struct vb2_secdata_kernel *)ctx->secdata_kernel; + uint32_t now; + + if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT)) + return VB2_ERROR_SECDATA_KERNEL_SET_UNINITIALIZED; + + /* If not changing the value, don't regenerate the CRC. */ + if (vb2_secdata_kernel_get(ctx, param, &now) == VB2_SUCCESS && + now == value) + return VB2_SUCCESS; + + switch (param) { + case VB2_SECDATA_KERNEL_VERSIONS: + VB2_DEBUG("secdata_kernel versions updated from 0x%x to 0x%x\n", + sec->kernel_versions, value); + sec->kernel_versions = value; + break; + + default: + return VB2_ERROR_SECDATA_KERNEL_SET_PARAM; + } + + /* Regenerate CRC */ + sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_kernel, crc8)); + ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED; + return VB2_SUCCESS; +} diff --git a/firmware/2lib/2secdatak.c b/firmware/2lib/2secdatak.c deleted file mode 100644 index f6bc4c82..00000000 --- a/firmware/2lib/2secdatak.c +++ /dev/null @@ -1,121 +0,0 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Secure storage APIs - kernel version space - */ - -#include "2sysincludes.h" -#include "2common.h" -#include "2crc8.h" -#include "2misc.h" -#include "2secdata.h" - -vb2_error_t vb2api_secdatak_check(struct vb2_context *ctx) -{ - struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak; - - /* Verify CRC */ - if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8))) { - VB2_DEBUG("secdata_kernel: bad CRC\n"); - return VB2_ERROR_SECDATAK_CRC; - } - - /* Verify version */ - if (sec->struct_version < VB2_SECDATAK_VERSION) { - VB2_DEBUG("secdata_firmware: version incompatible\n"); - return VB2_ERROR_SECDATAK_VERSION; - } - - /* Verify UID */ - if (sec->uid != VB2_SECDATAK_UID) { - VB2_DEBUG("secdata_kernel: bad UID\n"); - return VB2_ERROR_SECDATAK_UID; - } - - return VB2_SUCCESS; -} - -vb2_error_t vb2api_secdatak_create(struct vb2_context *ctx) -{ - struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak; - - /* Clear the entire struct */ - memset(sec, 0, sizeof(*sec)); - - /* Set to current version */ - sec->struct_version = VB2_SECDATAK_VERSION; - - /* Set UID */ - sec->uid = VB2_SECDATAK_UID; - - /* Calculate initial CRC */ - sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8)); - ctx->flags |= VB2_CONTEXT_SECDATAK_CHANGED; - return VB2_SUCCESS; -} - -vb2_error_t vb2_secdatak_init(struct vb2_context *ctx) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - vb2_error_t rv; - - rv = vb2api_secdatak_check(ctx); - if (rv) - return rv; - - /* Set status flag */ - sd->status |= VB2_SD_STATUS_SECDATAK_INIT; - - return VB2_SUCCESS; -} - -vb2_error_t vb2_secdatak_get(struct vb2_context *ctx, - enum vb2_secdatak_param param, uint32_t *dest) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak; - - if (!(sd->status & VB2_SD_STATUS_SECDATAK_INIT)) - return VB2_ERROR_SECDATAK_GET_UNINITIALIZED; - - switch(param) { - case VB2_SECDATAK_VERSIONS: - *dest = sec->kernel_versions; - return VB2_SUCCESS; - - default: - return VB2_ERROR_SECDATAK_GET_PARAM; - } -} - -vb2_error_t vb2_secdatak_set(struct vb2_context *ctx, - enum vb2_secdatak_param param, uint32_t value) -{ - struct vb2_shared_data *sd = vb2_get_sd(ctx); - struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak; - uint32_t now; - - if (!(sd->status & VB2_SD_STATUS_SECDATAK_INIT)) - return VB2_ERROR_SECDATAK_SET_UNINITIALIZED; - - /* If not changing the value, don't regenerate the CRC. */ - if (vb2_secdatak_get(ctx, param, &now) == VB2_SUCCESS && now == value) - return VB2_SUCCESS; - - switch(param) { - case VB2_SECDATAK_VERSIONS: - VB2_DEBUG("secdatak versions updated from 0x%x to 0x%x\n", - sec->kernel_versions, value); - sec->kernel_versions = value; - break; - - default: - return VB2_ERROR_SECDATAK_SET_PARAM; - } - - /* Regenerate CRC */ - sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8)); - ctx->flags |= VB2_CONTEXT_SECDATAK_CHANGED; - return VB2_SUCCESS; -} diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index b091731b..9ca01993 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -28,6 +28,14 @@ #include "2return_codes.h" #include "2secdata.h" +/* TODO(chromium:972956): Remove once coreboot is using updated names */ +#define secdata secdata_firmware +#define secdatak secdata_kernel +#define vb2api_secdata_check vb2api_secdata_firmware_check +#define vb2api_secdata_create vb2api_secdata_firmware_create +#define vb2api_secdatak_check vb2api_secdata_kernel_check +#define vb2api_secdatak_create vb2api_secdata_kernel_create + /* Modes for vb2ex_tpm_set_mode. */ enum vb2_tpm_mode { /* @@ -57,9 +65,12 @@ enum vb2_context_flags { VB2_CONTEXT_NVDATA_CHANGED = (1 << 0), /* - * Verified boot has changed secdata[]. Caller must save secdata[] - * back to its underlying storage, then may clear this flag. + * Verified boot has changed secdata_firmware[]. Caller must save + * secdata_firmware[] back to its underlying storage, then may clear + * this flag. */ + VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED = (1 << 1), + /* TODO: Remove once coreboot has switched over */ VB2_CONTEXT_SECDATA_CHANGED = (1 << 1), /* Recovery mode is requested this boot */ @@ -96,14 +107,16 @@ enum vb2_context_flags { VB2_CONTEXT_DISABLE_DEVELOPER_MODE = (1 << 9), /* - * Verified boot has changed secdatak[]. Caller must save secdatak[] - * back to its underlying storage, then may clear this flag. + * Verified boot has changed secdata_kernel[]. Caller must save + * secdata_kernel[] back to its underlying storage, then may clear + * this flag. */ - VB2_CONTEXT_SECDATAK_CHANGED = (1 << 10), + VB2_CONTEXT_SECDATA_KERNEL_CHANGED = (1 << 10), /* - * Allow kernel verification to roll forward the version in secdatak[]. - * Caller may set this flag before calling vb2api_kernel_phase3(). + * Allow kernel verification to roll forward the version in + * secdata_kernel[]. Caller may set this flag before calling + * vb2api_kernel_phase3(). */ VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD = (1 << 11), @@ -214,7 +227,7 @@ struct vb2_context { * caller must save the data back to the secure non-volatile location * and then clear the flag. */ - uint8_t secdata[VB2_SECDATA_SIZE]; + uint8_t secdata_firmware[VB2_SECDATA_FIRMWARE_SIZE]; /* * Context pointer for use by caller. Verified boot never looks at @@ -243,11 +256,11 @@ struct vb2_context { /* * Secure data for kernel verification stage. Caller must fill this * from some secure non-volatile location. If the - * VB2_CONTEXT_SECDATAK_CHANGED flag is set when a function returns, - * caller must save the data back to the secure non-volatile location - * and then clear the flag. + * VB2_CONTEXT_SECDATA_KERNEL_CHANGED flag is set when a function + * returns, caller must save the data back to the secure non-volatile + * location and then clear the flag. */ - uint8_t secdatak[VB2_SECDATAK_SIZE]; + uint8_t secdata_kernel[VB2_SECDATA_KERNEL_SIZE]; }; /* Resource index for vb2ex_read_resource() */ @@ -295,18 +308,18 @@ enum vb2_pcr_digest { * * Load nvdata from wherever you keep it. * - * Load secdata from wherever you keep it. + * Load secdata_firmware from wherever you keep it. * * If it wasn't there at all (for example, this is the first boot - * of a new system in the factory), call vb2api_secdata_create() - * to initialize the data. + * of a new system in the factory), call + * vb2api_secdata_firmware_create() to initialize the data. * * If access to your storage is unreliable (reads/writes may - * contain corrupt data), you may call vb2api_secdata_check() to - * determine if the data was valid, and retry reading if it - * wasn't. (In that case, you should also read back and check the - * data after any time you write it, to make sure it was written - * correctly.) + * contain corrupt data), you may call + * vb2api_secdata_firmware_check() to determine if the data was + * valid, and retry reading if it wasn't. (In that case, you + * should also read back and check the data after any time you + * write it, to make sure it was written correctly.) * * Call vb2api_fw_phase1(). At present, this nominally decides whether * recovery mode is needed this boot. @@ -317,8 +330,8 @@ enum vb2_pcr_digest { * Call vb2api_fw_phase3(). At present, this nominally verifies the * firmware keyblock and preamble. * - * Lock down wherever you keep secdata. It should no longer be writable - * this boot. + * Lock down wherever you keep secdata_firmware. It should no longer be + * writable this boot. * * Verify the hash of each section of code/data you need to boot the RW * firmware. For each section: @@ -342,18 +355,18 @@ enum vb2_pcr_digest { * done by the same firmware image, or may be done by the RW firmware. The * recommended order is: * - * Load secdatak from wherever you keep it. + * Load secdata_kernel from wherever you keep it. * * If it wasn't there at all (for example, this is the first boot - * of a new system in the factory), call vb2api_secdatak_create() - * to initialize the data. + * of a new system in the factory), call + * vb2api_secdata_kernel_create() to initialize the data. * * If access to your storage is unreliable (reads/writes may - * contain corrupt data), you may call vb2api_secdatak_check() to - * determine if the data was valid, and retry reading if it - * wasn't. (In that case, you should also read back and check the - * data after any time you write it, to make sure it was written - * correctly.) + * contain corrupt data), you may call + * vb2api_secdata_kernel_check() to determine if the data was + * valid, and retry reading if it wasn't. (In that case, you + * should also read back and check the data after any time you +* write it, to make sure it was written correctly.) * * Call vb2api_kernel_phase1(). At present, this decides which key to * use to verify kernel data - the recovery key from the GBB, or the @@ -387,55 +400,55 @@ enum vb2_pcr_digest { * Call vb2api_kernel_phase3(). This cleans up from kernel verification * and updates the secure data if needed. * - * Lock down wherever you keep secdatak. It should no longer be writable - * this boot. + * Lock down wherever you keep secdata_kernel. It should no longer be + * writable this boot. */ /** - * Check the validity of the secure storage context. + * Check the validity of the firmware secure storage context. * * Checks version and CRC. * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2api_secdata_check(struct vb2_context *ctx); +vb2_error_t vb2api_secdata_firmware_check(struct vb2_context *ctx); /** - * Create fresh data in the secure storage context. + * Create fresh data in the firmware secure storage context. * * Use this only when initializing the secure storage context on a new machine - * the first time it boots. Do NOT simply use this if vb2api_secdata_check() - * (or any other API in this library) fails; that could allow the secure data - * to be rolled back to an insecure state. + * the first time it boots. Do NOT simply use this if + * vb2api_secdata_firmware_check() (or any other API in this library) fails; + * that could allow the secure data to be rolled back to an insecure state. * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2api_secdata_create(struct vb2_context *ctx); +vb2_error_t vb2api_secdata_firmware_create(struct vb2_context *ctx); /** - * Check the validity of the kernel version secure storage context. + * Check the validity of the kernel secure storage context. * * Checks version, UID, and CRC. * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2api_secdatak_check(struct vb2_context *ctx); +vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx); /** - * Create fresh data in the kernel version secure storage context. + * Create fresh data in the kernel secure storage context. * * Use this only when initializing the secure storage context on a new machine - * the first time it boots. Do NOT simply use this if vb2api_secdatak_check() - * (or any other API in this library) fails; that could allow the secure data - * to be rolled back to an insecure state. + * the first time it boots. Do NOT simply use this if + * vb2api_secdata_kernel_check() (or any other API in this library) fails; that + * could allow the secure data to be rolled back to an insecure state. * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2api_secdatak_create(struct vb2_context *ctx); +vb2_error_t vb2api_secdata_kernel_create(struct vb2_context *ctx); /** * Report firmware failure to vboot. diff --git a/firmware/2lib/include/2constants.h b/firmware/2lib/include/2constants.h index 4dadd8b6..f8d0d317 100644 --- a/firmware/2lib/include/2constants.h +++ b/firmware/2lib/include/2constants.h @@ -22,6 +22,10 @@ #define VB2_NVDATA_SIZE_V2 64 /* Size of secure data spaces used by vboot */ +#define VB2_SECDATA_FIRMWARE_SIZE 10 +#define VB2_SECDATA_KERNEL_SIZE 13 + +/* TODO(chromium:972956): Remove once coreboot is using updated names */ #define VB2_SECDATA_SIZE 10 #define VB2_SECDATAK_SIZE 13 diff --git a/firmware/2lib/include/2recovery_reasons.h b/firmware/2lib/include/2recovery_reasons.h index 3d1b3cfa..6d9a2727 100644 --- a/firmware/2lib/include/2recovery_reasons.h +++ b/firmware/2lib/include/2recovery_reasons.h @@ -117,8 +117,8 @@ enum vb2_nv_recovery { /* New error codes from VB2 */ /* TODO: may need to add strings for these in the original fwlib */ - /* Secure data inititalization error */ - VB2_RECOVERY_SECDATA_INIT = 0x2b, + /* Firmware secure data initialization error */ + VB2_RECOVERY_SECDATA_FIRMWARE_INIT = 0x2b, /* GBB header is bad */ VB2_RECOVERY_GBB_HEADER = 0x2c, @@ -210,8 +210,8 @@ enum vb2_nv_recovery { /* New error codes from VB2 */ /* TODO: may need to add strings for these in the original fwlib */ - /* Secure data inititalization error */ - VB2_RECOVERY_SECDATAK_INIT = 0x5d, + /* Kernel secure data initialization error */ + VB2_RECOVERY_SECDATA_KERNEL_INIT = 0x5d, /* Fastboot mode requested in firmware */ VB2_RECOVERY_DEPRECATED_FW_FASTBOOT = 0x5e, diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index f12f2c1a..865ea7cf 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -152,50 +152,50 @@ enum vb2_return_code { */ VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000, - /* Bad CRC in vb2api_secdata_check() */ - VB2_ERROR_SECDATA_CRC, + /* Bad CRC in vb2api_secdata_firmware_check() */ + VB2_ERROR_SECDATA_FIRMWARE_CRC, - /* Bad struct version in vb2_secdata_check() */ - VB2_ERROR_SECDATA_VERSION, + /* Bad struct version in vb2api_secdata_firmware_check() */ + VB2_ERROR_SECDATA_FIRMWARE_VERSION, - /* Invalid param in vb2_secdata_get() */ - VB2_ERROR_SECDATA_GET_PARAM, + /* Invalid param in vb2_secdata_firmware_get() */ + VB2_ERROR_SECDATA_FIRMWARE_GET_PARAM, - /* Invalid param in vb2_secdata_set() */ - VB2_ERROR_SECDATA_SET_PARAM, + /* Invalid param in vb2_secdata_firmware_set() */ + VB2_ERROR_SECDATA_FIRMWARE_SET_PARAM, - /* Invalid flags passed to vb2_secdata_set() */ - VB2_ERROR_SECDATA_SET_FLAGS, + /* Invalid flags passed to vb2_secdata_firmware_set() */ + VB2_ERROR_SECDATA_FIRMWARE_SET_FLAGS, - /* Called vb2_secdata_get() with uninitialized secdata */ - VB2_ERROR_SECDATA_GET_UNINITIALIZED, + /* Called vb2_secdata_firmware_get() with uninitialized secdata */ + VB2_ERROR_SECDATA_FIRMWARE_GET_UNINITIALIZED, - /* Called vb2_secdata_set() with uninitialized secdata */ - VB2_ERROR_SECDATA_SET_UNINITIALIZED, + /* Called vb2_secdata_firmware_set() with uninitialized secdata */ + VB2_ERROR_SECDATA_FIRMWARE_SET_UNINITIALIZED, - /* Bad CRC in vb2api_secdatak_check() */ - VB2_ERROR_SECDATAK_CRC, + /* Bad CRC in vb2api_secdata_kernel_check() */ + VB2_ERROR_SECDATA_KERNEL_CRC, - /* Bad struct version in vb2_secdatak_init() */ - VB2_ERROR_SECDATAK_VERSION, + /* Bad struct version in vb2_secdata_kernel_init() */ + VB2_ERROR_SECDATA_KERNEL_VERSION, - /* Bad uid in vb2_secdatak_init() */ - VB2_ERROR_SECDATAK_UID, + /* Bad uid in vb2_secdata_kernel_init() */ + VB2_ERROR_SECDATA_KERNEL_UID, - /* Invalid param in vb2_secdatak_get() */ - VB2_ERROR_SECDATAK_GET_PARAM, + /* Invalid param in vb2_secdata_kernel_get() */ + VB2_ERROR_SECDATA_KERNEL_GET_PARAM, - /* Invalid param in vb2_secdatak_set() */ - VB2_ERROR_SECDATAK_SET_PARAM, + /* Invalid param in vb2_secdata_kernel_set() */ + VB2_ERROR_SECDATA_KERNEL_SET_PARAM, - /* Invalid flags passed to vb2_secdatak_set() */ - VB2_ERROR_SECDATAK_SET_FLAGS, + /* Invalid flags passed to vb2_secdata_kernel_set() */ + VB2_ERROR_SECDATA_KERNEL_SET_FLAGS, - /* Called vb2_secdatak_get() with uninitialized secdatak */ - VB2_ERROR_SECDATAK_GET_UNINITIALIZED, + /* Called vb2_secdata_kernel_get() with uninitialized secdata_kernel */ + VB2_ERROR_SECDATA_KERNEL_GET_UNINITIALIZED, - /* Called vb2_secdatak_set() with uninitialized secdatak */ - VB2_ERROR_SECDATAK_SET_UNINITIALIZED, + /* Called vb2_secdata_kernel_set() with uninitialized secdata_kernel */ + VB2_ERROR_SECDATA_KERNEL_SET_UNINITIALIZED, /********************************************************************** * Common code errors diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h index 7acdb610..6931278c 100644 --- a/firmware/2lib/include/2secdata.h +++ b/firmware/2lib/include/2secdata.h @@ -15,31 +15,30 @@ typedef uint32_t vb2_error_t; /*****************************************************************************/ /* Firmware version space */ -#define VB2_SECDATA_VERSION 2 +#define VB2_SECDATA_FIRMWARE_VERSION 2 /* Flags for firmware space */ -enum vb2_secdata_flags { +enum vb2_secdata_firmware_flags { /* * Last boot was developer mode. TPM ownership is cleared when * transitioning to/from developer mode. Set/cleared by * vb2_check_dev_switch(). */ - VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER = (1 << 0), + VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER = (1 << 0), /* * Virtual developer mode switch is on. Set/cleared by the * keyboard-controlled dev screens in recovery mode. Cleared by * vb2_check_dev_switch(). */ - VB2_SECDATA_FLAG_DEV_MODE = (1 << 1), + VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1), }; -/* Secure data area (firmware space) */ -struct vb2_secdata { +struct vb2_secdata_firmware { /* Struct version, for backwards compatibility */ uint8_t struct_version; - /* Flags; see vb2_secdata_flags */ + /* Flags; see vb2_secdata_firmware_flags */ uint8_t flags; /* Firmware versions */ @@ -52,23 +51,23 @@ struct vb2_secdata { uint8_t crc8; } __attribute__((packed)); -/* Which param to get/set for vb2_secdata_get() / vb2_secdata_set() */ -enum vb2_secdata_param { - /* Flags; see vb2_secdata_flags */ - VB2_SECDATA_FLAGS = 0, +/* Which param to get/set for vb2_secdata_firmware_get/set() */ +enum vb2_secdata_firmware_param { + /* Flags; see vb2_secdata_firmware_flags */ + VB2_SECDATA_FIRMWARE_FLAGS = 0, /* Firmware versions */ - VB2_SECDATA_VERSIONS, + VB2_SECDATA_FIRMWARE_VERSIONS, }; /*****************************************************************************/ /* Kernel version space */ /* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */ -#define VB2_SECDATAK_VERSION 2 -#define VB2_SECDATAK_UID 0x4752574c /* 'GRWL' */ +#define VB2_SECDATA_KERNEL_VERSION 2 +#define VB2_SECDATA_KERNEL_UID 0x4752574c /* 'GRWL' */ -struct vb2_secdatak { +struct vb2_secdata_kernel { /* Struct version, for backwards compatibility */ uint8_t struct_version; @@ -85,84 +84,88 @@ struct vb2_secdatak { uint8_t crc8; } __attribute__((packed)); -/* Which param to get/set for vb2_secdatak_get() / vb2_secdatak_set() */ -enum vb2_secdatak_param { +/* Which param to get/set for vb2_secdata_kernel_get/set() */ +enum vb2_secdata_kernel_param { /* Kernel versions */ - VB2_SECDATAK_VERSIONS = 0, + VB2_SECDATA_KERNEL_VERSIONS = 0, }; /*****************************************************************************/ -/* Firmware version space functions */ +/* Firmware secure storage space functions */ /** - * Initialize the secure storage context and verify its CRC. + * Initialize firmware secure storage context and verify its CRC. * - * This must be called before vb2_secdata_get() or vb2_secdata_set(). + * This must be called before vb2_secdata_firmware_get/set(). * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2_secdata_init(struct vb2_context *ctx); +vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx); /** - * Read a secure storage value. + * Read a firmware secure storage value. * * @param ctx Context pointer * @param param Parameter to read * @param dest Destination for value * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2_secdata_get(struct vb2_context *ctx, - enum vb2_secdata_param param, uint32_t *dest); +vb2_error_t vb2_secdata_firmware_get(struct vb2_context *ctx, + enum vb2_secdata_firmware_param param, + uint32_t *dest); /** - * Write a secure storage value. + * Write a firmware secure storage value. * * @param ctx Context pointer * @param param Parameter to write * @param value New value * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2_secdata_set(struct vb2_context *ctx, - enum vb2_secdata_param param, uint32_t value); +vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx, + enum vb2_secdata_firmware_param param, + uint32_t value); /*****************************************************************************/ -/* Kernel version space functions +/* Kernel secure storage space functions * * These are separate functions so that they don't bloat the size of the early * boot code which uses the firmware version space functions. */ /** - * Initialize the secure storage context and verify its CRC. + * Initialize kernel secure storage context and verify its CRC. * - * This must be called before vb2_secdatak_get() or vb2_secdatak_set(). + * This must be called before vb2_secdata_kernel_get/set(). * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2_secdatak_init(struct vb2_context *ctx); +vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx); /** - * Read a secure storage value. + * Read a kernel secure storage value. * * @param ctx Context pointer * @param param Parameter to read * @param dest Destination for value * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2_secdatak_get(struct vb2_context *ctx, - enum vb2_secdatak_param param, uint32_t *dest); +vb2_error_t vb2_secdata_kernel_get(struct vb2_context *ctx, + enum vb2_secdata_kernel_param param, + uint32_t *dest); /** - * Write a secure storage value. + * Write a kernel secure storage value. * * @param ctx Context pointer * @param param Parameter to write * @param value New value * @return VB2_SUCCESS, or non-zero error code if error. */ -vb2_error_t vb2_secdatak_set(struct vb2_context *ctx, - enum vb2_secdatak_param param, uint32_t value); +vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx, + enum vb2_secdata_kernel_param param, + uint32_t value); #endif /* VBOOT_REFERENCE_2SECDATA_H_ */ diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 17294ce6..4aff7ca7 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -72,13 +72,13 @@ enum vb2_shared_data_status { VB2_SD_STATUS_NV_INIT = (1 << 1), /* Secure data initialized */ - VB2_SD_STATUS_SECDATA_INIT = (1 << 2), + VB2_SD_STATUS_SECDATA_FIRMWARE_INIT = (1 << 2), /* Chose a firmware slot */ VB2_SD_STATUS_CHOSE_SLOT = (1 << 3), /* Secure data kernel version space initialized */ - VB2_SD_STATUS_SECDATAK_INIT = (1 << 4), + VB2_SD_STATUS_SECDATA_KERNEL_INIT = (1 << 4), }; /* "V2SD" = vb2_shared_data.magic */ @@ -126,7 +126,7 @@ struct vb2_shared_data { */ uint32_t fw_version; - /* Version stored in secdata (must be <= fw_version to boot). */ + /* Version from secdata_firmware (must be <= fw_version to boot). */ uint32_t fw_version_secdata; /* @@ -154,8 +154,8 @@ struct vb2_shared_data { */ uint32_t kernel_version; - /* Kernel version from secdatak (must be <= kernel_version to boot) */ - uint32_t kernel_version_secdatak; + /* Version from secdata_kernel (must be <= kernel_version to boot) */ + uint32_t kernel_version_secdata; /********************************************************************** * Temporary variables used during firmware verification. These don't diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c index e4493a4a..004d3ba0 100644 --- a/firmware/lib/rollback_index.c +++ b/firmware/lib/rollback_index.c @@ -64,16 +64,16 @@ uint32_t ReadSpaceFirmware(RollbackSpaceFirmware *rsf) r = TlclRead(FIRMWARE_NV_INDEX, rsf, sizeof(RollbackSpaceFirmware)); if (TPM_SUCCESS != r) { - VB2_DEBUG("TPM: read secdata returned 0x%x\n", r); + VB2_DEBUG("TPM: read secdata_firmware returned 0x%x\n", r); return r; } - PRINT_BYTES("TPM: read secdata", rsf); + PRINT_BYTES("TPM: read secdata_firmware", rsf); if (rsf->struct_version < ROLLBACK_SPACE_FIRMWARE_VERSION) return TPM_E_STRUCT_VERSION; if (rsf->crc8 != vb2_crc8(rsf, offsetof(RollbackSpaceFirmware, crc8))) { - VB2_DEBUG("TPM: bad secdata CRC\n"); + VB2_DEBUG("TPM: bad secdata_firmware CRC\n"); return TPM_E_CORRUPTED_STATE; } @@ -89,7 +89,7 @@ uint32_t WriteSpaceFirmware(RollbackSpaceFirmware *rsf) PRINT_BYTES("TPM: write secdata", rsf); r = SafeWrite(FIRMWARE_NV_INDEX, rsf, sizeof(RollbackSpaceFirmware)); if (TPM_SUCCESS != r) { - VB2_DEBUG("TPM: write secdata failure\n"); + VB2_DEBUG("TPM: write secdata_firmware failure\n"); return r; } @@ -146,10 +146,10 @@ uint32_t ReadSpaceKernel(RollbackSpaceKernel *rsk) r = TlclRead(KERNEL_NV_INDEX, rsk, sizeof(RollbackSpaceKernel)); if (TPM_SUCCESS != r) { - VB2_DEBUG("TPM: read secdatak returned 0x%x\n", r); + VB2_DEBUG("TPM: read secdata_kernel returned 0x%x\n", r); return r; } - PRINT_BYTES("TPM: read secdatak", rsk); + PRINT_BYTES("TPM: read secdata_kernel", rsk); if (rsk->struct_version < ROLLBACK_SPACE_FIRMWARE_VERSION) return TPM_E_STRUCT_VERSION; @@ -158,7 +158,7 @@ uint32_t ReadSpaceKernel(RollbackSpaceKernel *rsk) return TPM_E_CORRUPTED_STATE; if (rsk->crc8 != vb2_crc8(rsk, offsetof(RollbackSpaceKernel, crc8))) { - VB2_DEBUG("TPM: bad secdatak CRC\n"); + VB2_DEBUG("TPM: bad secdata_kernel CRC\n"); return TPM_E_CORRUPTED_STATE; } @@ -171,10 +171,10 @@ uint32_t WriteSpaceKernel(RollbackSpaceKernel *rsk) rsk->crc8 = vb2_crc8(rsk, offsetof(RollbackSpaceKernel, crc8)); - PRINT_BYTES("TPM: write secdatak", rsk); + PRINT_BYTES("TPM: write secdata_kernel", rsk); r = SafeWrite(KERNEL_NV_INDEX, rsk, sizeof(RollbackSpaceKernel)); if (TPM_SUCCESS != r) { - VB2_DEBUG("TPM: write secdatak failure\n"); + VB2_DEBUG("TPM: write secdata_kernel failure\n"); return r; } @@ -214,7 +214,7 @@ uint32_t RollbackKernelLock(int recovery_mode) if (TPM_SUCCESS == r) kernel_locked = 1; - VB2_DEBUG("TPM: lock secdatak returned 0x%x\n", r); + VB2_DEBUG("TPM: lock secdata_kernel returned 0x%x\n", r); return r; } diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c index 725e1aaa..9341e1e3 100644 --- a/firmware/lib/vboot_display.c +++ b/firmware/lib/vboot_display.c @@ -183,8 +183,8 @@ const char *RecoveryReasonString(uint8_t code) return "EC software sync unable to jump to EC-RW"; case VB2_RECOVERY_EC_PROTECT: return "EC software sync protection error"; - case VB2_RECOVERY_SECDATA_INIT: - return "Secure NVRAM (TPM) initialization error"; + case VB2_RECOVERY_SECDATA_FIRMWARE_INIT: + return "Firmware secure NVRAM (TPM) initialization error"; case VB2_RECOVERY_GBB_HEADER: return "Error parsing GBB header"; case VB2_RECOVERY_TPM_CLEAR_OWNER: @@ -241,6 +241,8 @@ const char *RecoveryReasonString(uint8_t code) return "No bootable kernel found on disk"; case VB2_RECOVERY_RW_BCB_ERROR: return "BCB partition error on disk"; + case VB2_RECOVERY_SECDATA_KERNEL_INIT: + return "Kernel secure NVRAM (TPM) initialization error"; case VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR: return "Recovery hash space lock error in RO firmware"; case VB2_RECOVERY_RW_UNSPECIFIED: @@ -345,7 +347,7 @@ vb2_error_t VbDisplayDebugInfo(struct vb2_context *ctx) sd->fw_version_secdata, 16, 8); used += StrnAppend(buf + used, " kernver=0x", DEBUG_INFO_SIZE - used); used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, - sd->kernel_version_secdatak, 16, 8); + sd->kernel_version_secdata, 16, 8); /* Add GBB flags */ used += StrnAppend(buf + used, diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c index 7737f260..88e2a0b8 100644 --- a/firmware/lib20/api_kernel.c +++ b/firmware/lib20/api_kernel.c @@ -26,18 +26,18 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx) vb2_workbuf_from_ctx(ctx, &wb); /* Initialize secure kernel data and read version */ - rv = vb2_secdatak_init(ctx); + rv = vb2_secdata_kernel_init(ctx); if (!rv) { - rv = vb2_secdatak_get(ctx, VB2_SECDATAK_VERSIONS, - &sd->kernel_version_secdatak); + rv = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS, + &sd->kernel_version_secdata); } if (rv) { if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) { /* Ignore failure to get kernel version in recovery */ - sd->kernel_version_secdatak = 0; + sd->kernel_version_secdata = 0; } else { - vb2_fail(ctx, VB2_RECOVERY_SECDATAK_INIT, rv); + vb2_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv); return rv; } } @@ -257,15 +257,15 @@ vb2_error_t vb2api_kernel_phase3(struct vb2_context *ctx) * kernel signature is valid, and we're not in recovery mode, and we're * allowed to, roll forward the version in secure storage. */ - if (sd->kernel_version > sd->kernel_version_secdatak && + if (sd->kernel_version > sd->kernel_version_secdata && (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED) && !(ctx->flags & VB2_CONTEXT_RECOVERY_MODE) && (ctx->flags & VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD)) { - rv = vb2_secdatak_set(ctx, VB2_SECDATAK_VERSIONS, - sd->kernel_version); + rv = vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS, + sd->kernel_version); if (rv) return rv; - sd->kernel_version_secdatak = sd->kernel_version; + sd->kernel_version_secdata = sd->kernel_version; } return VB2_SUCCESS; diff --git a/firmware/lib20/kernel.c b/firmware/lib20/kernel.c index 10cf158f..a78920ff 100644 --- a/firmware/lib20/kernel.c +++ b/firmware/lib20/kernel.c @@ -192,7 +192,7 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx) return VB2_ERROR_KERNEL_KEYBLOCK_VERSION_RANGE; } if (!rec_switch && kb->data_key.key_version < - (sd->kernel_version_secdatak >> 16)) { + (sd->kernel_version_secdata >> 16)) { keyblock_is_valid = 0; if (need_keyblock_valid) return VB2_ERROR_KERNEL_KEYBLOCK_VERSION_ROLLBACK; @@ -427,7 +427,7 @@ vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx) sd->kernel_version |= pre->kernel_version; if (vb2_need_signed_kernel(ctx) && - sd->kernel_version < sd->kernel_version_secdatak) + sd->kernel_version < sd->kernel_version_secdata) return VB2_ERROR_KERNEL_PREAMBLE_VERSION_ROLLBACK; /* Keep track of where we put the preamble */ diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index 0d681799..e95732ef 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -286,7 +286,8 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx) sd->last_fw_result == VB2_FW_RESULT_SUCCESS) { sd->fw_version_secdata = sd->fw_version; - rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version); + rv = vb2_secdata_firmware_set( + ctx, VB2_SECDATA_FIRMWARE_VERSIONS, sd->fw_version); if (rv) return rv; } diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c index 96071685..7c5def9b 100644 --- a/firmware/lib21/misc.c +++ b/firmware/lib21/misc.c @@ -232,7 +232,8 @@ vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx) sd->last_fw_result == VB2_FW_RESULT_SUCCESS) { sd->fw_version_secdata = sd->fw_version; - rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version); + rv = vb2_secdata_firmware_set( + ctx, VB2_SECDATA_FIRMWARE_VERSIONS, sd->fw_version); if (rv) return rv; } diff --git a/tests/vb20_api_kernel_tests.c b/tests/vb20_api_kernel_tests.c index cdb87e88..9f68a1fd 100644 --- a/tests/vb20_api_kernel_tests.c +++ b/tests/vb20_api_kernel_tests.c @@ -64,9 +64,9 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2api_secdatak_create(&ctx); - vb2_secdatak_init(&ctx); - vb2_secdatak_set(&ctx, VB2_SECDATAK_VERSIONS, 0x20002); + vb2api_secdata_kernel_create(&ctx); + vb2_secdata_kernel_init(&ctx); + vb2_secdata_kernel_set(&ctx, VB2_SECDATA_KERNEL_VERSIONS, 0x20002); mock_read_res_fail_on_call = 0; mock_unpack_key_retval = VB2_SUCCESS; @@ -144,7 +144,7 @@ static void reset_common_data(enum reset_type t) } else { /* Set flags and versions for roll-forward */ sd->kernel_version = 0x20004; - sd->kernel_version_secdatak = 0x20002; + sd->kernel_version_secdata = 0x20002; sd->flags |= VB2_SD_FLAG_KERNEL_SIGNED; ctx.flags |= VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD; } @@ -241,7 +241,8 @@ static void phase1_tests(void) TEST_EQ(k->key_size, sizeof(fw_kernel_key_data), " key_size"); TEST_EQ(memcmp((uint8_t *)k + k->key_offset, fw_kernel_key_data, k->key_size), 0, " key data"); - TEST_EQ(sd->kernel_version_secdatak, 0x20002, " secdatak version"); + TEST_EQ(sd->kernel_version_secdata, 0x20002, + " secdata_kernel version"); /* Test successful call in recovery mode */ reset_common_data(FOR_PHASE1); @@ -266,19 +267,20 @@ static void phase1_tests(void) TEST_EQ(memcmp((uint8_t *)k + k->key_offset, mock_gbb.recovery_key_data, k->key_size), 0, " key data"); - TEST_EQ(sd->kernel_version_secdatak, 0x20002, " secdatak version"); + TEST_EQ(sd->kernel_version_secdata, 0x20002, + " secdata_kernel version"); - /* Bad secdatak causes failure in normal mode only */ + /* Bad secdata_kernel causes failure in normal mode only */ reset_common_data(FOR_PHASE1); - ctx.secdatak[0] ^= 0x33; - TEST_EQ(vb2api_kernel_phase1(&ctx), VB2_ERROR_SECDATAK_CRC, + ctx.secdata_kernel[0] ^= 0x33; + TEST_EQ(vb2api_kernel_phase1(&ctx), VB2_ERROR_SECDATA_KERNEL_CRC, "phase1 bad secdata"); reset_common_data(FOR_PHASE1); - ctx.secdatak[0] ^= 0x33; + ctx.secdata_kernel[0] ^= 0x33; ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; TEST_SUCC(vb2api_kernel_phase1(&ctx), "phase1 bad secdata rec"); - TEST_EQ(sd->kernel_version_secdatak, 0, " secdatak version"); + TEST_EQ(sd->kernel_version_secdata, 0, " secdata_kernel version"); /* Failures while reading recovery key */ reset_common_data(FOR_PHASE1); @@ -415,37 +417,37 @@ static void phase3_tests(void) reset_common_data(FOR_PHASE3); TEST_SUCC(vb2api_kernel_phase3(&ctx), "phase3 good"); - vb2_secdatak_get(&ctx, VB2_SECDATAK_VERSIONS, &v); + vb2_secdata_kernel_get(&ctx, VB2_SECDATA_KERNEL_VERSIONS, &v); TEST_EQ(v, 0x20004, " version"); reset_common_data(FOR_PHASE3); sd->kernel_version = 0x20001; TEST_SUCC(vb2api_kernel_phase3(&ctx), "phase3 no rollback"); - vb2_secdatak_get(&ctx, VB2_SECDATAK_VERSIONS, &v); + vb2_secdata_kernel_get(&ctx, VB2_SECDATA_KERNEL_VERSIONS, &v); TEST_EQ(v, 0x20002, " version"); reset_common_data(FOR_PHASE3); sd->flags &= ~VB2_SD_FLAG_KERNEL_SIGNED; TEST_SUCC(vb2api_kernel_phase3(&ctx), "phase3 unsigned kernel"); - vb2_secdatak_get(&ctx, VB2_SECDATAK_VERSIONS, &v); + vb2_secdata_kernel_get(&ctx, VB2_SECDATA_KERNEL_VERSIONS, &v); TEST_EQ(v, 0x20002, " version"); reset_common_data(FOR_PHASE3); ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; TEST_SUCC(vb2api_kernel_phase3(&ctx), "phase3 recovery"); - vb2_secdatak_get(&ctx, VB2_SECDATAK_VERSIONS, &v); + vb2_secdata_kernel_get(&ctx, VB2_SECDATA_KERNEL_VERSIONS, &v); TEST_EQ(v, 0x20002, " version"); reset_common_data(FOR_PHASE3); ctx.flags &= ~VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD; TEST_SUCC(vb2api_kernel_phase3(&ctx), "phase3 no rollforward"); - vb2_secdatak_get(&ctx, VB2_SECDATAK_VERSIONS, &v); + vb2_secdata_kernel_get(&ctx, VB2_SECDATA_KERNEL_VERSIONS, &v); TEST_EQ(v, 0x20002, " version"); reset_common_data(FOR_PHASE3); - sd->status &= ~VB2_SD_STATUS_SECDATAK_INIT; + sd->status &= ~VB2_SD_STATUS_SECDATA_KERNEL_INIT; TEST_EQ(vb2api_kernel_phase3(&ctx), - VB2_ERROR_SECDATAK_SET_UNINITIALIZED, "phase3 set fail"); + VB2_ERROR_SECDATA_KERNEL_SET_UNINITIALIZED, "phase3 set fail"); } int main(int argc, char* argv[]) diff --git a/tests/vb20_api_tests.c b/tests/vb20_api_tests.c index c3b48b78..8db477e5 100644 --- a/tests/vb20_api_tests.c +++ b/tests/vb20_api_tests.c @@ -66,8 +66,8 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2api_secdata_create(&ctx); - vb2_secdata_init(&ctx); + vb2api_secdata_firmware_create(&ctx); + vb2_secdata_firmware_init(&ctx); retval_vb2_load_fw_keyblock = VB2_SUCCESS; retval_vb2_load_fw_preamble = VB2_SUCCESS; diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c index 52899cca..d182e4c3 100644 --- a/tests/vb20_kernel_tests.c +++ b/tests/vb20_kernel_tests.c @@ -90,8 +90,8 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2api_secdatak_create(&ctx); - vb2_secdatak_init(&ctx); + vb2api_secdata_kernel_create(&ctx); + vb2_secdata_kernel_init(&ctx); mock_read_res_fail_on_call = 0; mock_unpack_key_retval = VB2_SUCCESS; @@ -99,8 +99,8 @@ static void reset_common_data(enum reset_type t) mock_verify_preamble_retval = VB2_SUCCESS; /* Set up mock data for verifying keyblock */ - sd->kernel_version_secdatak = 0x20002; - vb2_secdatak_set(&ctx, VB2_SECDATAK_VERSIONS, 0x20002); + sd->kernel_version_secdata = 0x20002; + vb2_secdata_kernel_set(&ctx, VB2_SECDATA_KERNEL_VERSIONS, 0x20002); mock_gbb.recovery_key.algorithm = 11; mock_gbb.recovery_key.key_offset = diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 1d23a6d6..cc592226 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -76,8 +76,8 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2api_secdata_create(&ctx); - vb2_secdata_init(&ctx); + vb2api_secdata_firmware_create(&ctx); + vb2_secdata_firmware_init(&ctx); mock_read_res_fail_on_call = 0; mock_unpack_key_retval = VB2_SUCCESS; @@ -86,7 +86,8 @@ static void reset_common_data(enum reset_type t) /* Set up mock data for verifying keyblock */ sd->fw_version_secdata = 0x20002; - vb2_secdata_set(&ctx, VB2_SECDATA_VERSIONS, sd->fw_version_secdata); + vb2_secdata_firmware_set(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, + sd->fw_version_secdata); gbb.rootkey_offset = vb2_offset_of(&mock_gbb, &mock_gbb.rootkey); gbb.rootkey_size = sizeof(mock_gbb.rootkey_data); @@ -366,7 +367,7 @@ static void verify_preamble_tests(void) pre->firmware_version = 3; TEST_SUCC(vb2_load_fw_preamble(&ctx), "preamble version roll forward"); - vb2_secdata_get(&ctx, VB2_SECDATA_VERSIONS, &v); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, &v); TEST_EQ(v, 0x20003, "roll forward"); /* Newer version without result success doesn't roll forward */ @@ -375,7 +376,7 @@ static void verify_preamble_tests(void) sd->last_fw_result = VB2_FW_RESULT_UNKNOWN; TEST_SUCC(vb2_load_fw_preamble(&ctx), "preamble version no roll forward 1"); - vb2_secdata_get(&ctx, VB2_SECDATA_VERSIONS, &v); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, &v); TEST_EQ(v, 0x20002, "no roll forward"); /* Newer version with success but for other slot doesn't roll forward */ @@ -384,7 +385,7 @@ static void verify_preamble_tests(void) sd->last_fw_slot = 1; TEST_SUCC(vb2_load_fw_preamble(&ctx), "preamble version no roll forward 2"); - vb2_secdata_get(&ctx, VB2_SECDATA_VERSIONS, &v); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, &v); TEST_EQ(v, 0x20002, "no roll forward"); } diff --git a/tests/vb20_verify_fw.c b/tests/vb20_verify_fw.c index 850d4b01..5cf2b765 100644 --- a/tests/vb20_verify_fw.c +++ b/tests/vb20_verify_fw.c @@ -75,9 +75,9 @@ static void save_if_needed(struct vb2_context *c) c->flags &= ~VB2_CONTEXT_NVDATA_CHANGED; } - if (c->flags & VB2_CONTEXT_SECDATA_CHANGED) { + if (c->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED) { // TODO: implement - c->flags &= ~VB2_CONTEXT_SECDATA_CHANGED; + c->flags &= ~VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED; } } @@ -164,10 +164,11 @@ int main(int argc, char *argv[]) ctx.workbuf_size = sizeof(workbuf); /* Initialize secure context */ - rv = vb2api_secdata_create(&ctx); + rv = vb2api_secdata_firmware_create(&ctx); if (rv) { fprintf(stderr, - "error: vb2api_secdata_create() failed (%d)\n", rv); + "error: vb2api_secdata_firmware_create() failed (%d)\n", + rv); return 1; } diff --git a/tests/vb21_api_tests.c b/tests/vb21_api_tests.c index 8ea9bf3a..b7df9449 100644 --- a/tests/vb21_api_tests.c +++ b/tests/vb21_api_tests.c @@ -81,8 +81,8 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2api_secdata_create(&ctx); - vb2_secdata_init(&ctx); + vb2api_secdata_firmware_create(&ctx); + vb2_secdata_firmware_init(&ctx); memset(&hwcrypto_emulation_dc, 0, sizeof(hwcrypto_emulation_dc)); retval_hwcrypto = VB2_SUCCESS; diff --git a/tests/vb21_misc_tests.c b/tests/vb21_misc_tests.c index 383e3d02..fa65eb00 100644 --- a/tests/vb21_misc_tests.c +++ b/tests/vb21_misc_tests.c @@ -78,8 +78,8 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2api_secdata_create(&ctx); - vb2_secdata_init(&ctx); + vb2api_secdata_firmware_create(&ctx); + vb2_secdata_firmware_init(&ctx); mock_read_res_fail_on_call = 0; mock_unpack_key_retval = VB2_SUCCESS; @@ -88,7 +88,8 @@ static void reset_common_data(enum reset_type t) /* Set up mock data for verifying keyblock */ sd->fw_version_secdata = 0x20002; - vb2_secdata_set(&ctx, VB2_SECDATA_VERSIONS, sd->fw_version_secdata); + vb2_secdata_firmware_set(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, + sd->fw_version_secdata); gbb.rootkey_offset = vb2_offset_of(&mock_gbb, &mock_gbb.rootkey); gbb.rootkey_size = sizeof(mock_gbb.rootkey_data); @@ -373,7 +374,7 @@ static void load_preamble_tests(void) pre->fw_version = 3; TEST_SUCC(vb21_load_fw_preamble(&ctx), "preamble version roll forward"); - vb2_secdata_get(&ctx, VB2_SECDATA_VERSIONS, &v); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, &v); TEST_EQ(v, 0x20003, "roll forward"); /* Newer version without result success doesn't roll forward */ @@ -382,7 +383,7 @@ static void load_preamble_tests(void) sd->last_fw_result = VB2_FW_RESULT_UNKNOWN; TEST_SUCC(vb21_load_fw_preamble(&ctx), "preamble version no roll forward 1"); - vb2_secdata_get(&ctx, VB2_SECDATA_VERSIONS, &v); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, &v); TEST_EQ(v, 0x20002, "no roll forward"); /* Newer version with success but for other slot doesn't roll forward */ @@ -391,7 +392,7 @@ static void load_preamble_tests(void) sd->last_fw_slot = 1; TEST_SUCC(vb21_load_fw_preamble(&ctx), "preamble version no roll forward 2"); - vb2_secdata_get(&ctx, VB2_SECDATA_VERSIONS, &v); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_VERSIONS, &v); TEST_EQ(v, 0x20002, "no roll forward"); } diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c index b4db22b8..6429ca31 100644 --- a/tests/vb2_api_tests.c +++ b/tests/vb2_api_tests.c @@ -59,8 +59,8 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2api_secdata_create(&ctx); - vb2_secdata_init(&ctx); + vb2api_secdata_firmware_create(&ctx); + vb2_secdata_firmware_init(&ctx); force_dev_mode = 0; retval_vb2_fw_parse_gbb = VB2_SUCCESS; @@ -104,14 +104,17 @@ vb2_error_t vb2_select_fw_slot(struct vb2_context *c) static void misc_tests(void) { - /* Test secdata passthru functions */ + /* Test secdata_firmware passthru functions */ reset_common_data(FOR_MISC); - /* Corrupt secdata so initial check will fail */ - ctx.secdata[0] ^= 0x42; - TEST_EQ(vb2api_secdata_check(&ctx), VB2_ERROR_SECDATA_CRC, - "secdata check"); - TEST_SUCC(vb2api_secdata_create(&ctx), "secdata create"); - TEST_SUCC(vb2api_secdata_check(&ctx), "secdata check 2"); + /* Corrupt secdata_firmware so initial check will fail */ + ctx.secdata_firmware[0] ^= 0x42; + TEST_EQ(vb2api_secdata_firmware_check(&ctx), + VB2_ERROR_SECDATA_FIRMWARE_CRC, + "secdata_firmware check"); + TEST_SUCC(vb2api_secdata_firmware_create(&ctx), + "secdata_firmware create"); + TEST_SUCC(vb2api_secdata_firmware_check(&ctx), + "secdata_firmware check 2"); /* Test fail passthru */ reset_common_data(FOR_MISC); @@ -165,19 +168,19 @@ static void phase1_tests(void) 0, " display available SD flag"); reset_common_data(FOR_MISC); - ctx.secdata[0] ^= 0x42; + ctx.secdata_firmware[0] ^= 0x42; TEST_EQ(vb2api_fw_phase1(&ctx), VB2_ERROR_API_PHASE1_RECOVERY, - "phase1 secdata"); - TEST_EQ(sd->recovery_reason, VB2_RECOVERY_SECDATA_INIT, + "phase1 secdata_firmware"); + TEST_EQ(sd->recovery_reason, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, " recovery reason"); TEST_NEQ(ctx.flags & VB2_CONTEXT_RECOVERY_MODE, 0, " recovery flag"); TEST_NEQ(ctx.flags & VB2_CONTEXT_CLEAR_RAM, 0, " clear ram flag"); - /* Test secdata-requested reboot */ + /* Test secdata_firmware-requested reboot */ reset_common_data(FOR_MISC); ctx.flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; TEST_EQ(vb2api_fw_phase1(&ctx), VB2_ERROR_API_PHASE1_SECDATA_REBOOT, - "phase1 secdata reboot normal"); + "phase1 secdata_firmware reboot normal"); TEST_EQ(sd->recovery_reason, 0, " recovery reason"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TPM_REQUESTED_REBOOT), 1, " tpm reboot request"); @@ -186,7 +189,8 @@ static void phase1_tests(void) reset_common_data(FOR_MISC); vb2_nv_set(&ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1); - TEST_SUCC(vb2api_fw_phase1(&ctx), "phase1 secdata reboot back normal"); + TEST_SUCC(vb2api_fw_phase1(&ctx), + "phase1 secdata_firmware reboot back normal"); TEST_EQ(sd->recovery_reason, 0, " recovery reason"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TPM_REQUESTED_REBOOT), 0, " tpm reboot request"); @@ -195,9 +199,10 @@ static void phase1_tests(void) reset_common_data(FOR_MISC); ctx.flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; - memset(ctx.secdata, 0, sizeof(ctx.secdata)); + memset(ctx.secdata_firmware, 0, sizeof(ctx.secdata_firmware)); TEST_EQ(vb2api_fw_phase1(&ctx), VB2_ERROR_API_PHASE1_SECDATA_REBOOT, - "phase1 secdata reboot normal, secdata blank"); + "phase1 secdata_firmware reboot normal, " + "secdata_firmware blank"); TEST_EQ(sd->recovery_reason, 0, " recovery reason"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TPM_REQUESTED_REBOOT), 1, " tpm reboot request"); @@ -208,7 +213,7 @@ static void phase1_tests(void) ctx.flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; vb2_nv_set(&ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1); TEST_EQ(vb2api_fw_phase1(&ctx), VB2_ERROR_API_PHASE1_RECOVERY, - "phase1 secdata reboot normal again"); + "phase1 secdata_firmware reboot normal again"); TEST_EQ(sd->recovery_reason, VB2_RECOVERY_RO_TPM_REBOOT, " recovery reason"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TPM_REQUESTED_REBOOT), @@ -220,7 +225,7 @@ static void phase1_tests(void) ctx.flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; vb2_nv_set(&ctx, VB2_NV_RECOVERY_REQUEST, VB2_RECOVERY_RO_UNSPECIFIED); TEST_EQ(vb2api_fw_phase1(&ctx), VB2_ERROR_API_PHASE1_SECDATA_REBOOT, - "phase1 secdata reboot recovery"); + "phase1 secdata_firmware reboot recovery"); /* Recovery reason isn't set this boot because we're rebooting first */ TEST_EQ(sd->recovery_reason, 0, " recovery reason not set THIS boot"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TPM_REQUESTED_REBOOT), @@ -232,7 +237,7 @@ static void phase1_tests(void) vb2_nv_set(&ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1); vb2_nv_set(&ctx, VB2_NV_RECOVERY_REQUEST, VB2_RECOVERY_RO_UNSPECIFIED); TEST_EQ(vb2api_fw_phase1(&ctx), VB2_ERROR_API_PHASE1_RECOVERY, - "phase1 secdata reboot back recovery"); + "phase1 secdata_firmware reboot back recovery"); TEST_EQ(sd->recovery_reason, VB2_RECOVERY_RO_UNSPECIFIED, " recovery reason"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TPM_REQUESTED_REBOOT), @@ -245,7 +250,7 @@ static void phase1_tests(void) vb2_nv_set(&ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1); vb2_nv_set(&ctx, VB2_NV_RECOVERY_REQUEST, VB2_RECOVERY_RO_UNSPECIFIED); TEST_EQ(vb2api_fw_phase1(&ctx), VB2_ERROR_API_PHASE1_RECOVERY, - "phase1 secdata reboot recovery again"); + "phase1 secdata_firmware reboot recovery again"); TEST_EQ(sd->recovery_reason, VB2_RECOVERY_RO_UNSPECIFIED, " recovery reason"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TPM_REQUESTED_REBOOT), diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index 8e96f1c0..43c97e4e 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -44,8 +44,8 @@ static void reset_common_data(void) vb2_nv_init(&ctx); - vb2api_secdata_create(&ctx); - vb2_secdata_init(&ctx); + vb2api_secdata_firmware_create(&ctx); + vb2_secdata_firmware_init(&ctx); mock_tpm_clear_called = 0; mock_tpm_clear_retval = VB2_SUCCESS; @@ -355,9 +355,10 @@ static void dev_switch_tests(void) /* Dev mode */ reset_common_data(); - vb2_secdata_set(&ctx, VB2_SECDATA_FLAGS, - (VB2_SECDATA_FLAG_DEV_MODE | - VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER)); + vb2_secdata_firmware_set( + &ctx, VB2_SECDATA_FIRMWARE_FLAGS, + (VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE | + VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER)); TEST_SUCC(vb2_check_dev_switch(&ctx), "dev mode on"); TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd in dev"); TEST_NEQ(ctx.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx in dev"); @@ -381,28 +382,30 @@ static void dev_switch_tests(void) /* Normal-dev transition clears TPM */ reset_common_data(); - vb2_secdata_set(&ctx, VB2_SECDATA_FLAGS, VB2_SECDATA_FLAG_DEV_MODE); + vb2_secdata_firmware_set(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, + VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE); TEST_SUCC(vb2_check_dev_switch(&ctx), "to dev mode"); TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); - vb2_secdata_get(&ctx, VB2_SECDATA_FLAGS, &v); - TEST_EQ(v, (VB2_SECDATA_FLAG_DEV_MODE | - VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER), + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, &v); + TEST_EQ(v, (VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE | + VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER), " last boot developer now"); /* Dev-normal transition clears TPM too */ reset_common_data(); - vb2_secdata_set(&ctx, VB2_SECDATA_FLAGS, - VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER); + vb2_secdata_firmware_set(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, + VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER); TEST_SUCC(vb2_check_dev_switch(&ctx), "from dev mode"); TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); - vb2_secdata_get(&ctx, VB2_SECDATA_FLAGS, &v); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, &v); TEST_EQ(v, 0, " last boot not developer now"); /* Disable dev mode */ reset_common_data(); - vb2_secdata_set(&ctx, VB2_SECDATA_FLAGS, - (VB2_SECDATA_FLAG_DEV_MODE | - VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER)); + vb2_secdata_firmware_set( + &ctx, VB2_SECDATA_FIRMWARE_FLAGS, + (VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE | + VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER)); vb2_nv_set(&ctx, VB2_NV_DISABLE_DEV_REQUEST, 1); TEST_SUCC(vb2_check_dev_switch(&ctx), "disable dev request"); TEST_EQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd not in dev"); @@ -414,30 +417,32 @@ static void dev_switch_tests(void) gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON; TEST_SUCC(vb2_check_dev_switch(&ctx), "dev on via gbb"); TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd in dev"); - vb2_secdata_get(&ctx, VB2_SECDATA_FLAGS, &v); - TEST_EQ(v, VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER, - " doesn't set dev on in secdata but does set last boot dev"); + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, &v); + TEST_EQ(v, VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER, + " doesn't set dev on in secdata_firmware " + "but does set last boot dev"); TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); /* Request disable by ctx flag */ reset_common_data(); - vb2_secdata_set(&ctx, VB2_SECDATA_FLAGS, - (VB2_SECDATA_FLAG_DEV_MODE | - VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER)); + vb2_secdata_firmware_set( + &ctx, VB2_SECDATA_FIRMWARE_FLAGS, + (VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE | + VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER)); ctx.flags |= VB2_CONTEXT_DISABLE_DEVELOPER_MODE; TEST_SUCC(vb2_check_dev_switch(&ctx), "disable dev on ctx request"); TEST_EQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd not in dev"); /* Simulate clear owner failure */ reset_common_data(); - vb2_secdata_set(&ctx, VB2_SECDATA_FLAGS, - VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER); + vb2_secdata_firmware_set(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, + VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER); mock_tpm_clear_retval = VB2_ERROR_EX_TPM_CLEAR_OWNER; TEST_EQ(vb2_check_dev_switch(&ctx), VB2_ERROR_EX_TPM_CLEAR_OWNER, "tpm clear fail"); TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); - vb2_secdata_get(&ctx, VB2_SECDATA_FLAGS, &v); - TEST_EQ(v, VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER, + vb2_secdata_firmware_get(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, &v); + TEST_EQ(v, VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER, " last boot still developer"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), VB2_RECOVERY_TPM_CLEAR_OWNER, " requests recovery"); @@ -446,30 +451,33 @@ static void dev_switch_tests(void) /* * Secdata failure in normal mode fails and shows dev=0 even if dev - * mode was on in the (inaccessible) secdata. + * mode was on in the (inaccessible) secdata_firmware. */ reset_common_data(); - vb2_secdata_set(&ctx, VB2_SECDATA_FLAGS, VB2_SECDATA_FLAG_DEV_MODE); - sd->status &= ~VB2_SD_STATUS_SECDATA_INIT; - TEST_EQ(vb2_check_dev_switch(&ctx), VB2_ERROR_SECDATA_GET_UNINITIALIZED, - "secdata fail normal"); + vb2_secdata_firmware_set(&ctx, VB2_SECDATA_FIRMWARE_FLAGS, + VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE); + sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; + TEST_EQ(vb2_check_dev_switch(&ctx), + VB2_ERROR_SECDATA_FIRMWARE_GET_UNINITIALIZED, + "secdata_firmware fail normal"); TEST_EQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd not in dev"); TEST_EQ(ctx.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx not in dev"); /* Secdata failure in recovery mode continues */ reset_common_data(); ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; - sd->status &= ~VB2_SD_STATUS_SECDATA_INIT; - TEST_SUCC(vb2_check_dev_switch(&ctx), "secdata fail recovery"); + sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; + TEST_SUCC(vb2_check_dev_switch(&ctx), "secdata_firmware fail recovery"); TEST_EQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd not in dev"); TEST_EQ(ctx.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx not in dev"); /* And doesn't check or clear dev disable request */ reset_common_data(); ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; - sd->status &= ~VB2_SD_STATUS_SECDATA_INIT; + sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; vb2_nv_set(&ctx, VB2_NV_DISABLE_DEV_REQUEST, 1); - TEST_SUCC(vb2_check_dev_switch(&ctx), "secdata fail recovery disable"); + TEST_SUCC(vb2_check_dev_switch(&ctx), + "secdata_firmware fail recovery disable"); TEST_EQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd not in dev"); TEST_EQ(ctx.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx not in dev"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_DISABLE_DEV_REQUEST), @@ -478,9 +486,10 @@ static void dev_switch_tests(void) /* Can still override with GBB flag */ reset_common_data(); ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; - sd->status &= ~VB2_SD_STATUS_SECDATA_INIT; + sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON; - TEST_SUCC(vb2_check_dev_switch(&ctx), "secdata fail recovery gbb"); + TEST_SUCC(vb2_check_dev_switch(&ctx), + "secdata_firmware fail recovery gbb"); TEST_NEQ(sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED, 0, " sd in dev"); TEST_NEQ(ctx.flags & VB2_CONTEXT_DEVELOPER_MODE, 0, " ctx in dev"); TEST_EQ(mock_tpm_clear_called, 1, " tpm clear"); diff --git a/tests/vb2_secdata_firmware_tests.c b/tests/vb2_secdata_firmware_tests.c new file mode 100644 index 00000000..3564cfa5 --- /dev/null +++ b/tests/vb2_secdata_firmware_tests.c @@ -0,0 +1,150 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for firmware secure storage library. + */ + +#include "2api.h" +#include "2common.h" +#include "2crc8.h" +#include "2misc.h" +#include "2secdata.h" +#include "2sysincludes.h" +#include "test_common.h" +#include "vboot_common.h" + +static void test_changed(struct vb2_context *c, int changed, const char *why) +{ + if (changed) + TEST_NEQ(c->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED, + 0, why); + else + TEST_EQ(c->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED, + 0, why); + + c->flags &= ~VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED; +}; + +static void secdata_firmware_test(void) +{ + uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE] + __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); + struct vb2_context c = { + .flags = 0, + .workbuf = workbuf, + .workbuf_size = sizeof(workbuf), + }; + struct vb2_secdata_firmware *sec = + (struct vb2_secdata_firmware *)c.secdata_firmware; + struct vb2_shared_data *sd = vb2_get_sd(&c); + uint32_t v = 1; + + /* Check size constant */ + TEST_EQ(VB2_SECDATA_FIRMWARE_SIZE, sizeof(struct vb2_secdata_firmware), + "Struct size constant"); + + /* Blank data is invalid */ + memset(c.secdata_firmware, 0xa6, sizeof(c.secdata_firmware)); + TEST_EQ(vb2api_secdata_firmware_check(&c), + VB2_ERROR_SECDATA_FIRMWARE_CRC, "Check blank CRC"); + TEST_EQ(vb2_secdata_firmware_init(&c), + VB2_ERROR_SECDATA_FIRMWARE_CRC, "Init blank CRC"); + + /* Ensure zeroed buffers are invalid (coreboot relies on this) */ + memset(c.secdata_firmware, 0, sizeof(c.secdata_firmware)); + TEST_EQ(vb2_secdata_firmware_init(&c), + VB2_ERROR_SECDATA_FIRMWARE_VERSION, + "Zeroed buffer (invalid version)"); + + /* Try with bad version */ + TEST_SUCC(vb2api_secdata_firmware_create(&c), "Create"); + sec->struct_version -= 1; + sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_firmware, crc8)); + TEST_EQ(vb2api_secdata_firmware_check(&c), + VB2_ERROR_SECDATA_FIRMWARE_VERSION, "Check invalid version"); + TEST_EQ(vb2_secdata_firmware_init(&c), + VB2_ERROR_SECDATA_FIRMWARE_VERSION, "Init invalid version"); + + /* Create good data */ + TEST_SUCC(vb2api_secdata_firmware_create(&c), "Create"); + TEST_SUCC(vb2api_secdata_firmware_check(&c), "Check created CRC"); + TEST_SUCC(vb2_secdata_firmware_init(&c), "Init created CRC"); + TEST_NEQ(sd->status & VB2_SD_STATUS_SECDATA_FIRMWARE_INIT, 0, + "Init set SD status"); + sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; + test_changed(&c, 1, "Create changes data"); + + /* Now corrupt it */ + c.secdata_firmware[2]++; + TEST_EQ(vb2api_secdata_firmware_check(&c), + VB2_ERROR_SECDATA_FIRMWARE_CRC, "Check invalid CRC"); + TEST_EQ(vb2_secdata_firmware_init(&c), + VB2_ERROR_SECDATA_FIRMWARE_CRC, "Init invalid CRC"); + + /* Read/write flags */ + vb2api_secdata_firmware_create(&c); + vb2_secdata_firmware_init(&c); + c.flags = 0; + TEST_SUCC(vb2_secdata_firmware_get(&c, VB2_SECDATA_FIRMWARE_FLAGS, &v), + "Get flags"); + TEST_EQ(v, 0, "Flags created 0"); + test_changed(&c, 0, "Get doesn't change data"); + TEST_SUCC(vb2_secdata_firmware_set(&c, VB2_SECDATA_FIRMWARE_FLAGS, + 0x12), + "Set flags"); + test_changed(&c, 1, "Set changes data"); + TEST_SUCC(vb2_secdata_firmware_set(&c, VB2_SECDATA_FIRMWARE_FLAGS, + 0x12), + "Set flags 2"); + test_changed(&c, 0, "Set again doesn't change data"); + TEST_SUCC(vb2_secdata_firmware_get(&c, VB2_SECDATA_FIRMWARE_FLAGS, &v), + "Get flags 2"); + TEST_EQ(v, 0x12, "Flags changed"); + TEST_EQ(vb2_secdata_firmware_set(&c, VB2_SECDATA_FIRMWARE_FLAGS, 0x100), + VB2_ERROR_SECDATA_FIRMWARE_SET_FLAGS, "Bad flags"); + + /* Read/write versions */ + TEST_SUCC(vb2_secdata_firmware_get(&c, VB2_SECDATA_FIRMWARE_VERSIONS, + &v), + "Get versions"); + TEST_EQ(v, 0, "Versions created 0"); + test_changed(&c, 0, "Get doesn't change data"); + TEST_SUCC(vb2_secdata_firmware_set(&c, VB2_SECDATA_FIRMWARE_VERSIONS, + 0x123456ff), + "Set versions"); + test_changed(&c, 1, "Set changes data"); + TEST_SUCC(vb2_secdata_firmware_set(&c, VB2_SECDATA_FIRMWARE_VERSIONS, + 0x123456ff), + "Set versions 2"); + test_changed(&c, 0, "Set again doesn't change data"); + TEST_SUCC(vb2_secdata_firmware_get(&c, VB2_SECDATA_FIRMWARE_VERSIONS, &v), + "Get versions 2"); + TEST_EQ(v, 0x123456ff, "Versions changed"); + + /* Invalid field fails */ + TEST_EQ(vb2_secdata_firmware_get(&c, -1, &v), + VB2_ERROR_SECDATA_FIRMWARE_GET_PARAM, "Get invalid"); + TEST_EQ(vb2_secdata_firmware_set(&c, -1, 456), + VB2_ERROR_SECDATA_FIRMWARE_SET_PARAM, "Set invalid"); + test_changed(&c, 0, "Set invalid field doesn't change data"); + + /* Read/write uninitialized data fails */ + sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; + TEST_EQ(vb2_secdata_firmware_get(&c, VB2_SECDATA_FIRMWARE_VERSIONS, &v), + VB2_ERROR_SECDATA_FIRMWARE_GET_UNINITIALIZED, + "Get uninitialized"); + test_changed(&c, 0, "Get uninitialized doesn't change data"); + TEST_EQ(vb2_secdata_firmware_set(&c, VB2_SECDATA_FIRMWARE_VERSIONS, + 0x123456ff), + VB2_ERROR_SECDATA_FIRMWARE_SET_UNINITIALIZED, + "Set uninitialized"); + test_changed(&c, 0, "Set uninitialized doesn't change data"); +} + +int main(int argc, char* argv[]) +{ + secdata_firmware_test(); + + return gTestSuccess ? 0 : 255; +} diff --git a/tests/vb2_secdata_kernel_tests.c b/tests/vb2_secdata_kernel_tests.c new file mode 100644 index 00000000..c1ae2e16 --- /dev/null +++ b/tests/vb2_secdata_kernel_tests.c @@ -0,0 +1,135 @@ +/* Copyright 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for kernel secure storage library. + */ + +#include "2api.h" +#include "2common.h" +#include "2crc8.h" +#include "2misc.h" +#include "2secdata.h" +#include "2sysincludes.h" +#include "test_common.h" +#include "vboot_common.h" + +static void test_changed(struct vb2_context *c, int changed, const char *why) +{ + if (changed) + TEST_NEQ(c->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED, 0, why); + else + TEST_EQ(c->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED, 0, why); + + c->flags &= ~VB2_CONTEXT_SECDATA_KERNEL_CHANGED; +}; + +static void secdata_kernel_test(void) +{ + uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE] + __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); + struct vb2_context c = { + .flags = 0, + .workbuf = workbuf, + .workbuf_size = sizeof(workbuf), + }; + struct vb2_secdata_kernel *sec = + (struct vb2_secdata_kernel *)c.secdata_kernel; + struct vb2_shared_data *sd = vb2_get_sd(&c); + uint32_t v = 1; + + /* Check size constant */ + TEST_EQ(VB2_SECDATA_KERNEL_SIZE, sizeof(struct vb2_secdata_kernel), + "Struct size constant"); + + /* Blank data is invalid */ + memset(c.secdata_kernel, 0xa6, sizeof(c.secdata_kernel)); + TEST_EQ(vb2api_secdata_kernel_check(&c), + VB2_ERROR_SECDATA_KERNEL_CRC, "Check blank CRC"); + TEST_EQ(vb2_secdata_kernel_init(&c), + VB2_ERROR_SECDATA_KERNEL_CRC, "Init blank CRC"); + + /* Ensure zeroed buffers are invalid */ + memset(c.secdata_kernel, 0, sizeof(c.secdata_kernel)); + TEST_EQ(vb2_secdata_kernel_init(&c), VB2_ERROR_SECDATA_KERNEL_VERSION, + "Zeroed buffer (invalid version)"); + + /* Try with bad version */ + TEST_SUCC(vb2api_secdata_kernel_create(&c), "Create"); + sec->struct_version -= 1; + sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_kernel, crc8)); + TEST_EQ(vb2api_secdata_kernel_check(&c), + VB2_ERROR_SECDATA_KERNEL_VERSION, "Check invalid version"); + TEST_EQ(vb2_secdata_kernel_init(&c), + VB2_ERROR_SECDATA_KERNEL_VERSION, "Init invalid version"); + + /* Create good data */ + TEST_SUCC(vb2api_secdata_kernel_create(&c), "Create"); + TEST_SUCC(vb2api_secdata_kernel_check(&c), "Check created CRC"); + TEST_SUCC(vb2_secdata_kernel_init(&c), "Init created CRC"); + TEST_NEQ(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT, 0, + "Init set SD status"); + sd->status &= ~VB2_SD_STATUS_SECDATA_KERNEL_INIT; + test_changed(&c, 1, "Create changes data"); + + /* Now corrupt it */ + c.secdata_kernel[2]++; + TEST_EQ(vb2api_secdata_kernel_check(&c), + VB2_ERROR_SECDATA_KERNEL_CRC, "Check invalid CRC"); + TEST_EQ(vb2_secdata_kernel_init(&c), + VB2_ERROR_SECDATA_KERNEL_CRC, "Init invalid CRC"); + + /* Make sure UID is checked */ + + vb2api_secdata_kernel_create(&c); + sec->uid++; + sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_kernel, crc8)); + TEST_EQ(vb2_secdata_kernel_init(&c), VB2_ERROR_SECDATA_KERNEL_UID, + "Init invalid struct UID"); + + /* Read/write versions */ + vb2api_secdata_kernel_create(&c); + vb2_secdata_kernel_init(&c); + c.flags = 0; + TEST_SUCC(vb2_secdata_kernel_get(&c, VB2_SECDATA_KERNEL_VERSIONS, &v), + "Get versions"); + TEST_EQ(v, 0, "Versions created 0"); + test_changed(&c, 0, "Get doesn't change data"); + TEST_SUCC(vb2_secdata_kernel_set(&c, VB2_SECDATA_KERNEL_VERSIONS, + 0x123456ff), + "Set versions"); + test_changed(&c, 1, "Set changes data"); + TEST_SUCC(vb2_secdata_kernel_set(&c, VB2_SECDATA_KERNEL_VERSIONS, + 0x123456ff), + "Set versions 2"); + test_changed(&c, 0, "Set again doesn't change data"); + TEST_SUCC(vb2_secdata_kernel_get(&c, VB2_SECDATA_KERNEL_VERSIONS, &v), + "Get versions 2"); + TEST_EQ(v, 0x123456ff, "Versions changed"); + + /* Invalid field fails */ + TEST_EQ(vb2_secdata_kernel_get(&c, -1, &v), + VB2_ERROR_SECDATA_KERNEL_GET_PARAM, "Get invalid"); + TEST_EQ(vb2_secdata_kernel_set(&c, -1, 456), + VB2_ERROR_SECDATA_KERNEL_SET_PARAM, "Set invalid"); + test_changed(&c, 0, "Set invalid field doesn't change data"); + + /* Read/write uninitialized data fails */ + sd->status &= ~VB2_SD_STATUS_SECDATA_KERNEL_INIT; + TEST_EQ(vb2_secdata_kernel_get(&c, VB2_SECDATA_KERNEL_VERSIONS, &v), + VB2_ERROR_SECDATA_KERNEL_GET_UNINITIALIZED, + "Get uninitialized"); + test_changed(&c, 0, "Get uninitialized doesn't change data"); + TEST_EQ(vb2_secdata_kernel_set(&c, VB2_SECDATA_KERNEL_VERSIONS, + 0x123456ff), + VB2_ERROR_SECDATA_KERNEL_SET_UNINITIALIZED, + "Set uninitialized"); + test_changed(&c, 0, "Set uninitialized doesn't change data"); +} + +int main(int argc, char* argv[]) +{ + secdata_kernel_test(); + + return gTestSuccess ? 0 : 255; +} diff --git a/tests/vb2_secdata_tests.c b/tests/vb2_secdata_tests.c deleted file mode 100644 index fca31d4d..00000000 --- a/tests/vb2_secdata_tests.c +++ /dev/null @@ -1,134 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for firmware secure storage library. - */ - -#include "2api.h" -#include "2common.h" -#include "2crc8.h" -#include "2misc.h" -#include "2secdata.h" -#include "2sysincludes.h" -#include "test_common.h" -#include "vboot_common.h" - -static void test_changed(struct vb2_context *c, int changed, const char *why) -{ - if (changed) - TEST_NEQ(c->flags & VB2_CONTEXT_SECDATA_CHANGED, 0, why); - else - TEST_EQ(c->flags & VB2_CONTEXT_SECDATA_CHANGED, 0, why); - - c->flags &= ~VB2_CONTEXT_SECDATA_CHANGED; -}; - -static void secdata_test(void) -{ - uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE] - __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); - struct vb2_context c = { - .flags = 0, - .workbuf = workbuf, - .workbuf_size = sizeof(workbuf), - }; - struct vb2_secdata *sec = (struct vb2_secdata *)c.secdata; - struct vb2_shared_data *sd = vb2_get_sd(&c); - uint32_t v = 1; - - /* Check size constant */ - TEST_EQ(VB2_SECDATA_SIZE, sizeof(struct vb2_secdata), - "Struct size constant"); - - /* Blank data is invalid */ - memset(c.secdata, 0xa6, sizeof(c.secdata)); - TEST_EQ(vb2api_secdata_check(&c), - VB2_ERROR_SECDATA_CRC, "Check blank CRC"); - TEST_EQ(vb2_secdata_init(&c), - VB2_ERROR_SECDATA_CRC, "Init blank CRC"); - - /* Ensure zeroed buffers are invalid (coreboot relies on this) */ - memset(c.secdata, 0, sizeof(c.secdata)); - TEST_EQ(vb2_secdata_init(&c), VB2_ERROR_SECDATA_VERSION, - "Zeroed buffer (invalid version)"); - - /* Try with bad version */ - TEST_SUCC(vb2api_secdata_create(&c), "Create"); - sec->struct_version -= 1; - sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata, crc8)); - TEST_EQ(vb2api_secdata_check(&c), - VB2_ERROR_SECDATA_VERSION, "Check invalid version"); - TEST_EQ(vb2_secdata_init(&c), - VB2_ERROR_SECDATA_VERSION, "Init invalid version"); - - /* Create good data */ - TEST_SUCC(vb2api_secdata_create(&c), "Create"); - TEST_SUCC(vb2api_secdata_check(&c), "Check created CRC"); - TEST_SUCC(vb2_secdata_init(&c), "Init created CRC"); - TEST_NEQ(sd->status & VB2_SD_STATUS_SECDATA_INIT, 0, - "Init set SD status"); - sd->status &= ~VB2_SD_STATUS_SECDATA_INIT; - test_changed(&c, 1, "Create changes data"); - - /* Now corrupt it */ - c.secdata[2]++; - TEST_EQ(vb2api_secdata_check(&c), - VB2_ERROR_SECDATA_CRC, "Check invalid CRC"); - TEST_EQ(vb2_secdata_init(&c), - VB2_ERROR_SECDATA_CRC, "Init invalid CRC"); - - /* Read/write flags */ - vb2api_secdata_create(&c); - vb2_secdata_init(&c); - c.flags = 0; - TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags"); - TEST_EQ(v, 0, "Flags created 0"); - test_changed(&c, 0, "Get doesn't change data"); - TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags"); - test_changed(&c, 1, "Set changes data"); - TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x12), "Set flags 2"); - test_changed(&c, 0, "Set again doesn't change data"); - TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_FLAGS, &v), "Get flags 2"); - TEST_EQ(v, 0x12, "Flags changed"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_FLAGS, 0x100), - VB2_ERROR_SECDATA_SET_FLAGS, "Bad flags"); - - /* Read/write versions */ - TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), - "Get versions"); - TEST_EQ(v, 0, "Versions created 0"); - test_changed(&c, 0, "Get doesn't change data"); - TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), - "Set versions"); - test_changed(&c, 1, "Set changes data"); - TEST_SUCC(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), - "Set versions 2"); - test_changed(&c, 0, "Set again doesn't change data"); - TEST_SUCC(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), - "Get versions 2"); - TEST_EQ(v, 0x123456ff, "Versions changed"); - - /* Invalid field fails */ - TEST_EQ(vb2_secdata_get(&c, -1, &v), - VB2_ERROR_SECDATA_GET_PARAM, "Get invalid"); - TEST_EQ(vb2_secdata_set(&c, -1, 456), - VB2_ERROR_SECDATA_SET_PARAM, "Set invalid"); - test_changed(&c, 0, "Set invalid field doesn't change data"); - - /* Read/write uninitialized data fails */ - sd->status &= ~VB2_SD_STATUS_SECDATA_INIT; - TEST_EQ(vb2_secdata_get(&c, VB2_SECDATA_VERSIONS, &v), - VB2_ERROR_SECDATA_GET_UNINITIALIZED, "Get uninitialized"); - test_changed(&c, 0, "Get uninitialized doesn't change data"); - TEST_EQ(vb2_secdata_set(&c, VB2_SECDATA_VERSIONS, 0x123456ff), - VB2_ERROR_SECDATA_SET_UNINITIALIZED, "Set uninitialized"); - test_changed(&c, 0, "Set uninitialized doesn't change data"); -} - -int main(int argc, char* argv[]) -{ - secdata_test(); - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vb2_secdatak_tests.c b/tests/vb2_secdatak_tests.c deleted file mode 100644 index 45803866..00000000 --- a/tests/vb2_secdatak_tests.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for kernel secure storage library. - */ - -#include "2api.h" -#include "2common.h" -#include "2crc8.h" -#include "2misc.h" -#include "2secdata.h" -#include "2sysincludes.h" -#include "test_common.h" -#include "vboot_common.h" - -static void test_changed(struct vb2_context *c, int changed, const char *why) -{ - if (changed) - TEST_NEQ(c->flags & VB2_CONTEXT_SECDATAK_CHANGED, 0, why); - else - TEST_EQ(c->flags & VB2_CONTEXT_SECDATAK_CHANGED, 0, why); - - c->flags &= ~VB2_CONTEXT_SECDATAK_CHANGED; -}; - -static void secdatak_test(void) -{ - uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE] - __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); - struct vb2_context c = { - .flags = 0, - .workbuf = workbuf, - .workbuf_size = sizeof(workbuf), - }; - struct vb2_secdatak *sec = (struct vb2_secdatak *)c.secdatak; - struct vb2_shared_data *sd = vb2_get_sd(&c); - uint32_t v = 1; - - /* Check size constant */ - TEST_EQ(VB2_SECDATAK_SIZE, sizeof(struct vb2_secdatak), - "Struct size constant"); - - /* Blank data is invalid */ - memset(c.secdatak, 0xa6, sizeof(c.secdatak)); - TEST_EQ(vb2api_secdatak_check(&c), - VB2_ERROR_SECDATAK_CRC, "Check blank CRC"); - TEST_EQ(vb2_secdatak_init(&c), - VB2_ERROR_SECDATAK_CRC, "Init blank CRC"); - - /* Ensure zeroed buffers are invalid */ - memset(c.secdatak, 0, sizeof(c.secdatak)); - TEST_EQ(vb2_secdatak_init(&c), VB2_ERROR_SECDATAK_VERSION, - "Zeroed buffer (invalid version)"); - - /* Try with bad version */ - TEST_SUCC(vb2api_secdatak_create(&c), "Create"); - sec->struct_version -= 1; - sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8)); - TEST_EQ(vb2api_secdatak_check(&c), - VB2_ERROR_SECDATAK_VERSION, "Check invalid version"); - TEST_EQ(vb2_secdatak_init(&c), - VB2_ERROR_SECDATAK_VERSION, "Init invalid version"); - - /* Create good data */ - TEST_SUCC(vb2api_secdatak_create(&c), "Create"); - TEST_SUCC(vb2api_secdatak_check(&c), "Check created CRC"); - TEST_SUCC(vb2_secdatak_init(&c), "Init created CRC"); - TEST_NEQ(sd->status & VB2_SD_STATUS_SECDATAK_INIT, 0, - "Init set SD status"); - sd->status &= ~VB2_SD_STATUS_SECDATAK_INIT; - test_changed(&c, 1, "Create changes data"); - - /* Now corrupt it */ - c.secdatak[2]++; - TEST_EQ(vb2api_secdatak_check(&c), - VB2_ERROR_SECDATAK_CRC, "Check invalid CRC"); - TEST_EQ(vb2_secdatak_init(&c), - VB2_ERROR_SECDATAK_CRC, "Init invalid CRC"); - - /* Make sure UID is checked */ - vb2api_secdatak_create(&c); - sec->uid++; - sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8)); - TEST_EQ(vb2_secdatak_init(&c), VB2_ERROR_SECDATAK_UID, - "Init invalid struct UID"); - - /* Read/write versions */ - vb2api_secdatak_create(&c); - vb2_secdatak_init(&c); - c.flags = 0; - TEST_SUCC(vb2_secdatak_get(&c, VB2_SECDATAK_VERSIONS, &v), - "Get versions"); - TEST_EQ(v, 0, "Versions created 0"); - test_changed(&c, 0, "Get doesn't change data"); - TEST_SUCC(vb2_secdatak_set(&c, VB2_SECDATAK_VERSIONS, 0x123456ff), - "Set versions"); - test_changed(&c, 1, "Set changes data"); - TEST_SUCC(vb2_secdatak_set(&c, VB2_SECDATAK_VERSIONS, 0x123456ff), - "Set versions 2"); - test_changed(&c, 0, "Set again doesn't change data"); - TEST_SUCC(vb2_secdatak_get(&c, VB2_SECDATAK_VERSIONS, &v), - "Get versions 2"); - TEST_EQ(v, 0x123456ff, "Versions changed"); - - /* Invalid field fails */ - TEST_EQ(vb2_secdatak_get(&c, -1, &v), - VB2_ERROR_SECDATAK_GET_PARAM, "Get invalid"); - TEST_EQ(vb2_secdatak_set(&c, -1, 456), - VB2_ERROR_SECDATAK_SET_PARAM, "Set invalid"); - test_changed(&c, 0, "Set invalid field doesn't change data"); - - /* Read/write uninitialized data fails */ - sd->status &= ~VB2_SD_STATUS_SECDATAK_INIT; - TEST_EQ(vb2_secdatak_get(&c, VB2_SECDATAK_VERSIONS, &v), - VB2_ERROR_SECDATAK_GET_UNINITIALIZED, "Get uninitialized"); - test_changed(&c, 0, "Get uninitialized doesn't change data"); - TEST_EQ(vb2_secdatak_set(&c, VB2_SECDATAK_VERSIONS, 0x123456ff), - VB2_ERROR_SECDATAK_SET_UNINITIALIZED, "Set uninitialized"); - test_changed(&c, 0, "Set uninitialized doesn't change data"); -} - -int main(int argc, char* argv[]) -{ - secdatak_test(); - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index da169cd4..69789105 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -184,7 +184,7 @@ static void ResetMocks(void) struct vb2_shared_data *sd = vb2_get_sd(&ctx); sd->vbsd = shared; - // TODO: more workbuf fields - flags, secdata, secdatak + // TODO: more workbuf fields - flags, secdata_firmware, secdata_kernel } /* Mocks */ |