diff options
| author | Joel Kitching <kitching@google.com> | 2020-02-13 18:47:42 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-02-27 16:17:13 +0000 |
| commit | c0b6cfad7d669d706a278e8591571c4dff1c6075 (patch) | |
| tree | 1e8395c0a9f70c67dc0d0fd72b6bd03d92ea42af | |
| parent | 91300814d66aaa78f9b85295957d0a28dad7c4c7 (diff) | |
| download | vboot-c0b6cfad7d669d706a278e8591571c4dff1c6075.tar.gz | |
vboot: eradicate vboot1 data structures from kernel verification
VbSelectAndLoadKernel no longer takes a vboot1-style VBSD data
structure. Conversion of vboot 2->1 data structure is moved
into an API function called vb2api_export_vbsd() for use by
depthcharge. VbSharedDataHeader type is now opaque to the
caller, and only a raw data buffer is exposed.
BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none
Change-Id: Id11f663f6e3296e947c519581d428b0c8fb60be5
Cq-Depend: chromium:2056343
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2054270
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
| -rw-r--r-- | firmware/2lib/2misc.c | 42 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 13 | ||||
| -rw-r--r-- | firmware/2lib/include/2constants.h | 4 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 7 | ||||
| -rw-r--r-- | firmware/include/vboot_api.h | 10 | ||||
| -rw-r--r-- | firmware/include/vboot_struct.h | 4 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 47 | ||||
| -rw-r--r-- | firmware/lib/vboot_display.c | 8 | ||||
| -rw-r--r-- | tests/vboot_api_kernel4_tests.c | 6 |
9 files changed, 69 insertions, 72 deletions
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 9eafdeec..e64f4380 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -452,3 +452,45 @@ uint32_t vb2api_get_recovery_reason(struct vb2_context *ctx) { return vb2_get_sd(ctx)->recovery_reason; } + +void vb2api_export_vbsd(struct vb2_context *ctx, int wp_enabled, void *dest) +{ + struct vb2_shared_data *sd = vb2_get_sd(ctx); + VbSharedDataHeader *vbsd = (void *)dest; + + /* Initialize with boilerplate fields. */ + memset(vbsd, 0, VB2_VBSD_SIZE); + vbsd->magic = VB_SHARED_DATA_MAGIC; + vbsd->struct_version = VB_SHARED_DATA_VERSION; + vbsd->struct_size = VB2_VBSD_SIZE; + vbsd->data_size = VB2_VBSD_SIZE; + vbsd->data_used = VB2_VBSD_SIZE; + vbsd->flags |= VBSD_BOOT_FIRMWARE_VBOOT2; + + /* Translate vboot2 flags and fields into vboot1. */ + if (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED) + vbsd->flags |= VBSD_EC_SOFTWARE_SYNC; + if (ctx->flags & VB2_CONTEXT_NVDATA_V2) + vbsd->flags |= VBSD_NVDATA_V2; + if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) + vbsd->flags |= VBSD_BOOT_DEV_SWITCH_ON; + if (ctx->flags & VB2_CONTEXT_FORCE_RECOVERY_MODE) + vbsd->flags |= VBSD_BOOT_REC_SWITCH_ON; + if (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED) + vbsd->flags |= VBSD_KERNEL_KEY_VERIFIED; + if (wp_enabled) + vbsd->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED; + + vbsd->fw_version_tpm_start = sd->fw_version_secdata; + vbsd->fw_version_tpm = sd->fw_version; + vbsd->kernel_version_tpm_start = sd->kernel_version_secdata; + vbsd->kernel_version_tpm = sd->kernel_version; + + vbsd->recovery_reason = sd->recovery_reason; + if (sd->recovery_reason) + vbsd->firmware_index = 0xff; + else + vbsd->firmware_index = sd->fw_slot; +} +_Static_assert(VB2_VBSD_SIZE == sizeof(VbSharedDataHeader), + "VB2_VBSD_SIZE incorrect"); diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index cab5d88c..af504584 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -470,6 +470,19 @@ vb2_error_t vb2api_relocate(void *new_workbuf, const void *cur_workbuf, uint32_t size, struct vb2_context **ctxptr); /** + * Export "VBSD" vboot1 data structure. + * + * Copy relevant fields from vboot2 data structures to VbSharedDataHeader + * format. Takes a pointer to the memory space to be filled in. Expects + * the memory available to be of size VB2_VBSD_SIZE. + * + * @param ctx Context pointer + * @param wp_enabled Whether or not write-protect is enabled at boot time + * @param dest Target memory to store VbSharedDataHeader + */ +void vb2api_export_vbsd(struct vb2_context *ctx, int wp_enabled, void *dest); + +/** * Check the validity of firmware secure storage context. * * Checks version and CRC. diff --git a/firmware/2lib/include/2constants.h b/firmware/2lib/include/2constants.h index a6ccf3fb..47e121a0 100644 --- a/firmware/2lib/include/2constants.h +++ b/firmware/2lib/include/2constants.h @@ -76,4 +76,8 @@ typedef uint32_t vb2_gbb_flags_t; #endif +/* Size of legacy VbSharedDataHeader struct. Defined here to avoid including + the struct definition as part of a vb2_api.h include. */ +#define VB2_VBSD_SIZE 1096 + #endif /* VBOOT_REFERENCE_2CONSTANTS_H_ */ diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index a5908d00..3e006ab6 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -232,10 +232,11 @@ struct vb2_shared_data { */ /* - * Vboot1 shared data header. This data should eventually get folded - * directly into the kernel portion of this struct. + * Formerly a pointer to vboot1 shared data header ("VBSD"). Caller + * may now export a copy of VBSD via vb2api_export_vbsd(). + * TODO: Remove this field and bump struct_version_major. */ - struct VbSharedDataHeader *vbsd; + uintptr_t reserved0; /* * Offset and size of packed kernel key in work buffer. Size is 0 if diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index 8f21fe03..0ad79159 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -39,15 +39,6 @@ typedef struct VbSharedDataHeader VbSharedDataHeader; /* Main entry points from firmware into vboot_reference */ /* - * Minimum and recommended size of shared_data_blob in bytes. Shared data blob - * is used to communicate data between calls to VbInit(), VbSelectFirmware(), - * the OS. Minimum size is enough to hold all required data for verified boot - * but may not be able to hold debug output. - */ -#define VB_SHARED_DATA_MIN_SIZE 3072 -#define VB_SHARED_DATA_REC_SIZE 16384 - -/* * We use disk handles rather than indices. Using indices causes problems if * a disk is removed/inserted in the middle of processing. */ @@ -91,7 +82,6 @@ typedef struct VbSelectAndLoadKernelParams { * Returns VB2_SUCCESS if success, non-zero if error; on error, caller * should reboot. */ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, - VbSharedDataHeader *shared, VbSelectAndLoadKernelParams *kparams); /*****************************************************************************/ diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h index 312165fc..bfdc1f0b 100644 --- a/firmware/include/vboot_struct.h +++ b/firmware/include/vboot_struct.h @@ -20,10 +20,6 @@ extern "C" { /* Magic number for recognizing VbSharedDataHeader ("VbSD") */ #define VB_SHARED_DATA_MAGIC 0x44536256 -/* Minimum and recommended size of shared_data_blob in bytes. */ -#define VB_SHARED_DATA_MIN_SIZE 3072 -#define VB_SHARED_DATA_REC_SIZE 16384 - /* * Flags for VbSharedDataHeader * diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index fce32a1b..2f0b4b70 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -222,36 +222,9 @@ vb2_error_t VbBootNormal(struct vb2_context *ctx) return rv; } -static vb2_error_t vb2_kernel_setup(struct vb2_context *ctx, - VbSharedDataHeader *shared, - VbSelectAndLoadKernelParams *kparams) +static vb2_error_t vb2_kernel_init_kparams(struct vb2_context *ctx, + VbSelectAndLoadKernelParams *kparams) { - struct vb2_shared_data *sd = vb2_get_sd(ctx); - - /* Translate vboot2 flags and fields into vboot1. */ - if (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED) - shared->flags |= VBSD_EC_SOFTWARE_SYNC; - if (ctx->flags & VB2_CONTEXT_NVDATA_V2) - shared->flags |= VBSD_NVDATA_V2; - if (sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED) - shared->flags |= VBSD_BOOT_DEV_SWITCH_ON; - - /* Translate recovery reason-related fields into vboot1 */ - shared->recovery_reason = sd->recovery_reason; - if (sd->recovery_reason) - shared->firmware_index = 0xff; - if (sd->flags & VB2_SD_FLAG_MANUAL_RECOVERY) - shared->flags |= VBSD_BOOT_REC_SWITCH_ON; - - /* - * Save a pointer to the old vboot1 shared data, since we haven't - * finished porting the library to use the new vb2 context and shared - * data. - * - * TODO: replace this with fields directly in vb2 shared data. - */ - sd->vbsd = shared; - /* Fill in params for calls to LoadKernel() */ memset(&lkp, 0, sizeof(lkp)); lkp.kernel_buffer = kparams->kernel_buffer; @@ -284,7 +257,6 @@ static void vb2_kernel_fill_kparams(struct vb2_context *ctx, } vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, - VbSharedDataHeader *shared, VbSelectAndLoadKernelParams *kparams) { struct vb2_shared_data *sd = vb2_get_sd(ctx); @@ -294,7 +266,7 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, to vb2_nv_get and vb2_nv_set. */ vb2_nv_init(ctx); - rv = vb2_kernel_setup(ctx, shared, kparams); + rv = vb2_kernel_init_kparams(ctx, kparams); if (rv) return rv; @@ -372,17 +344,8 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, rv = VbBootNormal(ctx); } - /* No need to fill kparams or convert vboot1 flags on failure. */ - if (rv) - return rv; - - vb2_kernel_fill_kparams(ctx, kparams); - - /* Translate vboot2 flags and fields into vboot1. */ - if (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED) - sd->vbsd->flags |= VBSD_KERNEL_KEY_VERIFIED; - sd->vbsd->kernel_version_tpm_start = sd->kernel_version_secdata; - sd->vbsd->kernel_version_tpm = sd->kernel_version; + if (rv == VB2_SUCCESS) + vb2_kernel_fill_kparams(ctx, kparams); return rv; } diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c index 3a5f602a..6e531988 100644 --- a/firmware/lib/vboot_display.c +++ b/firmware/lib/vboot_display.c @@ -252,14 +252,6 @@ vb2_error_t VbDisplayDebugInfo(struct vb2_context *ctx) RecoveryReasonString(sd->recovery_reason), DEBUG_INFO_SIZE - used); - /* Add VbSharedDataHeader flags if available */ - if (sd->vbsd) { - used += StrnAppend(buf + used, "\nVbSD.flags: 0x", - DEBUG_INFO_SIZE - used); - used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, - sd->vbsd->flags, 16, 8); - } - /* Add vb2_context and vb2_shared_data flags */ used += StrnAppend(buf + used, "\ncontext.flags: 0x", DEBUG_INFO_SIZE - used); diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c index b6807c20..1f20cb43 100644 --- a/tests/vboot_api_kernel4_tests.c +++ b/tests/vboot_api_kernel4_tests.c @@ -28,8 +28,6 @@ static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE] static struct vb2_context *ctx; static struct vb2_shared_data *sd; static VbSelectAndLoadKernelParams kparams; -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static struct vb2_gbb_header gbb; static uint32_t kernel_version; @@ -65,8 +63,6 @@ static void reset_common_data(void) vb2_nv_set(ctx, VB2_NV_KERNEL_MAX_ROLLFORWARD, 0xffffffff); commit_data_called = 0; - memset(&shared_data, 0, sizeof(shared_data)); - kernel_version = new_version = 0x10002; vbboot_retval = VB2_SUCCESS; secdata_kernel_init_retval = VB2_SUCCESS; @@ -85,7 +81,7 @@ static void test_slk(vb2_error_t retval, int recovery_reason, const char *desc) ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; expected_recovery_reason = recovery_reason; - TEST_EQ(VbSelectAndLoadKernel(ctx, shared, &kparams), retval, desc); + TEST_EQ(VbSelectAndLoadKernel(ctx, &kparams), retval, desc); TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST), recovery_reason, " recovery reason"); } |