vboot: join vb2_fail and vb2api_fail

As previously discussed with jwerner@, API functions should not distinguish between "internal" and "external" versions. BUG=b:124141368 TEST=make clean && make runtests BRANCH=none Change-Id: Iea4fb430dbd56110639f52bdb7d8d3aaae7ee293 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1830240 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
author: Joel Kitching <kitching@google.com> 2019-09-28 14:09:29 +0800
committer: Commit Bot <commit-bot@chromium.org> 2019-10-02 21:48:15 +0000
commit: 873433516b3456222f10f726a000ae68c048b1ae (patch)
tree: 724d0767cb20d1c7ff935b9f02cc86c7e9020524
parent: b2c8984d37e378b2faad170d4ec9b378c0c2b145 (diff)
download: vboot-873433516b3456222f10f726a000ae68c048b1ae.tar.gz
11 files changed, 58 insertions, 69 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index 5be542bc..cc2c17bd 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -16,14 +16,6 @@
 #include "2sysincludes.h"
 #include "2tpm_bootmode.h"
 
-void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
-{
-	/* Initialize the vboot context if it hasn't been yet */
-	vb2_init_context(ctx);
-
-	vb2_fail(ctx, reason, subcode);
-}
-
 vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
 {
 	vb2_error_t rv;
@@ -50,7 +42,7 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
 		 * Fool me twice, shame on me.  Fail into recovery to avoid
 		 * a reboot loop.
 		 */
-		vb2_fail(ctx, VB2_RECOVERY_RO_TPM_REBOOT, 0);
+		vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_REBOOT, 0);
 	} else {
 		/* Reboot requested for the first time */
 		vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1);
@@ -60,12 +52,12 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
 	/* Initialize firmware secure data */
 	rv = vb2_secdata_firmware_init(ctx);
 	if (rv)
-		vb2_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv);
 
 	/* Load and parse the GBB header */
 	rv = vb2_fw_init_gbb(ctx);
 	if (rv)
-		vb2_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv);
 
 	/*
 	 * Check for recovery.  Note that this function returns void, since any
@@ -85,7 +77,7 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
 		 * to take a different path through the dev switch checking
 		 * code in that case.
 		 */
-		vb2_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv);
 		return rv;
 	}
 
@@ -145,14 +137,14 @@ vb2_error_t vb2api_fw_phase2(struct vb2_context *ctx)
 	/* Check for explicit request to clear TPM */
 	rv = vb2_check_tpm_clear(ctx);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
 		return rv;
 	}
 
 	/* Decide which firmware slot to try this boot */
 	rv = vb2_select_fw_slot(ctx);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_SLOT, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_SLOT, rv);
 		return rv;
 	}
 
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 396a1593..389a80d7 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -77,8 +77,11 @@ vb2_error_t vb2_read_gbb_header(struct vb2_context *ctx,
 	return VB2_SUCCESS;
 }
 
-void vb2_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
+void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
 {
+	/* Initialize the vboot context if it hasn't been yet */
+	vb2_init_context(ctx);
+
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 
 	/* If NV data hasn't been initialized, initialize it now */
@@ -337,7 +340,8 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx)
 				 * we don't have NVRAM space to store the full
 				 * 32-bit code.
 				 */
-				vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
+				vb2api_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER,
+					    rv);
 				return rv;
 			}
 
@@ -371,7 +375,7 @@ vb2_error_t vb2_check_tpm_clear(struct vb2_context *ctx)
 		 * useful as the full error code, but we don't have NVRAM space
 		 * to store the full 32-bit code.
 		 */
-		vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
 		return rv;
 	}
 
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 9a8a2228..982d4772 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -488,11 +488,15 @@ vb2_error_t vb2api_secdata_fwmp_check(struct vb2_context *ctx, uint8_t *size);
 /**
  * Report firmware failure to vboot.
  *
- * This may be called before vb2api_phase1() to indicate errors in the boot
- * process prior to the start of vboot.
+ * If the failure occurred after choosing a firmware slot, and the other
+ * firmware slot is not known-bad, try the other firmware slot after reboot.
+ *
+ * If the failure occurred before choosing a firmware slot, or both slots have
+ * failed in successive boots, request recovery.
  *
- * If this is called after vb2api_phase1(), on return, the calling firmware
- * should check for updates to secdata and/or nvdata, then reboot.
+ * This may be called before vb2api_phase1() to indicate errors in the boot
+ * process prior to the start of vboot.  On return, the calling firmware should
+ * check for updates to secdata and/or nvdata, then reboot.
  *
  * @param reason	Recovery reason
  * @param subcode	Recovery subcode
diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h
index b03df5f3..6b305169 100644
--- a/firmware/2lib/include/2misc.h
+++ b/firmware/2lib/include/2misc.h
@@ -73,20 +73,6 @@ vb2_error_t vb2_read_gbb_header(struct vb2_context *ctx,
 				struct vb2_gbb_header *gbb);
 
 /**
- * Handle vboot failure.
- *
- * If the failure occurred after choosing a firmware slot, and the other
- * firmware slot is not known-bad, try the other firmware slot after reboot.
- *
- * If the failure occurred before choosing a firmware slot, or both slots have
- * failed in successive boots, request recovery.
- *
- * @param reason	Recovery reason
- * @param subcode	Recovery subcode
- */
-void vb2_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode);
-
-/**
  * Set up the verified boot context data, if not already set up.
  *
  * This uses ctx->workbuf_used=0 as a flag to indicate that the data has not
diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c
index aa9a58cb..2b2c08ab 100644
--- a/firmware/lib/vboot_ui.c
+++ b/firmware/lib/vboot_ui.c
@@ -488,11 +488,11 @@ static vb2_error_t vb2_diagnostics_ui(struct vb2_context *ctx)
 
 		if (RollbackKernelLock(0)) {
 			VB2_DEBUG("Failed to lock TPM PP\n");
-			vb2_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0);
+			vb2api_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0);
 		} else if (vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED) !=
 			   VB2_SUCCESS) {
 			VB2_DEBUG("Failed to disable TPM\n");
-			vb2_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0);
+			vb2api_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0);
 		} else {
 			vb2_run_altfw(ctx, VB_ALTFW_DIAGNOSTIC);
 			VB2_DEBUG("Diagnostic failed to run\n");
@@ -500,7 +500,7 @@ static vb2_error_t vb2_diagnostics_ui(struct vb2_context *ctx)
 			 * Assuming failure was due to bad hash, though
 			 * the rom could just be missing or invalid.
 			 */
-			vb2_fail(ctx, VB2_RECOVERY_ALTFW_HASH_FAILED, 0);
+			vb2api_fail(ctx, VB2_RECOVERY_ALTFW_HASH_FAILED, 0);
 		}
 	}
 
diff --git a/firmware/lib20/api.c b/firmware/lib20/api.c
index 13f26bfd..f70e2625 100644
--- a/firmware/lib20/api.c
+++ b/firmware/lib20/api.c
@@ -22,14 +22,14 @@ vb2_error_t vb2api_fw_phase3(struct vb2_context *ctx)
 	/* Verify firmware keyblock */
 	rv = vb2_load_fw_keyblock(ctx);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
 		return rv;
 	}
 
 	/* Verify firmware preamble */
 	rv = vb2_load_fw_preamble(ctx);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
 		return rv;
 	}
 
@@ -199,7 +199,7 @@ vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx,
 	 */
 	rv = vb2_verify_digest(&key, &pre->body_signature, digest, &wb);
 	if (rv)
-		vb2_fail(ctx, VB2_RECOVERY_FW_BODY, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_BODY, rv);
 
 	if (digest_out != NULL) {
 		if (digest_out_size < digest_size)
diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c
index 555a7c47..3aad5967 100644
--- a/firmware/lib20/api_kernel.c
+++ b/firmware/lib20/api_kernel.c
@@ -37,7 +37,7 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx)
 			/* Ignore failure to get kernel version in recovery */
 			sd->kernel_version_secdata = 0;
 		} else {
-			vb2_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv);
+			vb2api_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv);
 			return rv;
 		}
 	}
diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c
index 01fd717f..330453b2 100644
--- a/firmware/lib20/misc.c
+++ b/firmware/lib20/misc.c
@@ -130,7 +130,7 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx)
 	/* Verify the keyblock */
 	rv = vb2_verify_keyblock(kb, block_size, &root_key, &wb);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv);
 		return rv;
 	}
 
@@ -144,7 +144,7 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx)
 			rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
 	}
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
 		return rv;
 	}
 
@@ -247,7 +247,7 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx)
 	/* Verify the preamble */
 	rv = vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv);
 		return rv;
 	}
 
@@ -266,7 +266,7 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx)
 			rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
 	}
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
 		return rv;
 	}
 
diff --git a/firmware/lib21/api.c b/firmware/lib21/api.c
index 732982c4..b9fc5e4c 100644
--- a/firmware/lib21/api.c
+++ b/firmware/lib21/api.c
@@ -23,14 +23,14 @@ vb2_error_t vb21api_fw_phase3(struct vb2_context *ctx)
 	/* Verify firmware keyblock */
 	rv = vb21_load_fw_keyblock(ctx);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
 		return rv;
 	}
 
 	/* Verify firmware preamble */
 	rv = vb21_load_fw_preamble(ctx);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
 		return rv;
 	}
 
@@ -160,8 +160,8 @@ vb2_error_t vb21api_check_hash(struct vb2_context *ctx)
 			    digest_size))
 		return VB2_ERROR_API_CHECK_HASH_SIG;
 
-	/* TODO: the old check-hash function called vb2_fail() on any mismatch.
-	 * I don't think it should do that; the caller should. */
+	/* TODO: The old check-hash function called vb2api_fail() on any
+	   mismatch.  I don't think it should do that; the caller should. */
 
 	return VB2_SUCCESS;
 }
diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c
index 982ee0e3..08f30d36 100644
--- a/firmware/lib21/misc.c
+++ b/firmware/lib21/misc.c
@@ -106,7 +106,7 @@ vb2_error_t vb21_load_fw_keyblock(struct vb2_context *ctx)
 	/* Verify the keyblock */
 	rv = vb21_verify_keyblock(kb, kb->c.total_size, &root_key, &wb);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv);
 		return rv;
 	}
 
@@ -125,7 +125,7 @@ vb2_error_t vb21_load_fw_keyblock(struct vb2_context *ctx)
 			rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
 	}
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
 		return rv;
 	}
 
@@ -192,7 +192,7 @@ vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx)
 	/* Verify the preamble */
 	rv = vb21_verify_fw_preamble(pre, pre->c.total_size, &data_key, &wb);
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv);
 		return rv;
 	}
 
@@ -218,7 +218,7 @@ vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx)
 			rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
 	}
 	if (rv) {
-		vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
+		vb2api_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
 		return rv;
 	}
 
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index fb8d37fa..5e1383cd 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -256,19 +256,19 @@ static void fail_tests(void)
 	/* Early fail (before even NV init) */
 	reset_common_data();
 	sd->status &= ~VB2_SD_STATUS_NV_INIT;
-	vb2_fail(&ctx, 1, 2);
-	TEST_NEQ(sd->status & VB2_SD_STATUS_NV_INIT, 0, "vb2_fail inits NV");
+	vb2api_fail(&ctx, 1, 2);
+	TEST_NEQ(sd->status & VB2_SD_STATUS_NV_INIT, 0, "vb2api_fail inits NV");
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST),
-		1, "vb2_fail request");
+		1, "vb2api_fail request");
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_SUBCODE),
-		2, "vb2_fail subcode");
+		2, "vb2api_fail subcode");
 
 	/* Repeated fail doesn't overwrite the error code */
-	vb2_fail(&ctx, 3, 4);
+	vb2api_fail(&ctx, 3, 4);
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST),
-		1, "vb2_fail repeat");
+		1, "vb2api_fail repeat");
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_SUBCODE),
-		2, "vb2_fail repeat2");
+		2, "vb2api_fail repeat2");
 
 	/* Fail with other slot good doesn't trigger recovery */
 	reset_common_data();
@@ -278,12 +278,14 @@ static void fail_tests(void)
 	sd->fw_slot = 0;
 	sd->last_fw_slot = 1;
 	sd->last_fw_result = VB2_FW_RESULT_UNKNOWN;
-	vb2_fail(&ctx, 5, 6);
+	vb2api_fail(&ctx, 5, 6);
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), 0, "vb2_failover");
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_FW_RESULT),
-		VB2_FW_RESULT_FAILURE, "vb2_fail this fw");
-	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_COUNT), 0, "vb2_fail use up tries");
-	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 1, "vb2_fail try other slot");
+		VB2_FW_RESULT_FAILURE, "vb2api_fail this fw");
+	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_COUNT), 0,
+		"vb2api_fail use up tries");
+	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 1,
+		"vb2api_fail try other slot");
 
 	/* Fail with other slot already failing triggers recovery */
 	reset_common_data();
@@ -291,12 +293,13 @@ static void fail_tests(void)
 	sd->fw_slot = 1;
 	sd->last_fw_slot = 0;
 	sd->last_fw_result = VB2_FW_RESULT_FAILURE;
-	vb2_fail(&ctx, 7, 8);
+	vb2api_fail(&ctx, 7, 8);
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), 7,
-		"vb2_fail both slots bad");
+		"vb2api_fail both slots bad");
 	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_FW_RESULT),
-		VB2_FW_RESULT_FAILURE, "vb2_fail this fw");
-	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 0, "vb2_fail try other slot");
+		VB2_FW_RESULT_FAILURE, "vb2api_fail this fw");
+	TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 0,
+		"vb2api_fail try other slot");
 }
 
 static void recovery_tests(void)
author	Joel Kitching <kitching@google.com>	2019-09-28 14:09:29 +0800
committer	Commit Bot <commit-bot@chromium.org>	2019-10-02 21:48:15 +0000
commit	873433516b3456222f10f726a000ae68c048b1ae (patch)
tree	724d0767cb20d1c7ff935b9f02cc86c7e9020524
parent	b2c8984d37e378b2faad170d4ec9b378c0c2b145 (diff)
download	vboot-873433516b3456222f10f726a000ae68c048b1ae.tar.gz