summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2020-04-16 12:21:57 -0700
committerCommit Bot <commit-bot@chromium.org>2020-04-21 02:25:17 +0000
commitaf0bb8ae26f9d646c485202a1bba1b56747b9ec4 (patch)
tree547fe3f19b057f23551c34c069d6927fd09bac47
parentecf8073bd306ca45d7b6551efe094f9a555f9985 (diff)
downloadvboot-af0bb8ae26f9d646c485202a1bba1b56747b9ec4.tar.gz
2api: Add kernel version getter and make dev-signed check fail soft
This patch adds a function to retrieve the kernel rollback version from secdata, which may be interesting to callers that have more advanced ways of retrieving bootable images and want to be able to spot check whether an image can be booted without passing the full thing to vboot. Also reduce the penalty from calling vb2api_is_developer_signed() out of turn from an immediate DIE() to an angry error message, to support a case in depthcharge where for all practical purposes the call should never happen too early, but the framework can't quite guarantee it. BRANCH=None BUG=b:153758197 TEST=None Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ic7c2fc62e1ba80f69f70421907b9686f0b3dae77 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2153592 Reviewed-by: Jes Klinke <jbk@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org> Tested-by: Jes Klinke <jbk@chromium.org>
Diffstat
-rw-r--r--firmware/2lib/2kernel.c2
-rw-r--r--firmware/2lib/2secdata_kernel.c5
-rw-r--r--firmware/2lib/include/2api.h9
3 files changed, 15 insertions, 1 deletions
diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c
index fc9158a4..e05726d7 100644
--- a/firmware/2lib/2kernel.c
+++ b/firmware/2lib/2kernel.c
@@ -100,7 +100,7 @@ int vb2api_is_developer_signed(struct vb2_context *ctx)
struct vb2_shared_data *sd = vb2_get_sd(ctx);
if (!sd->kernel_key_offset || !sd->kernel_key_size) {
- VB2_REC_OR_DIE(ctx, "Cannot call this before kernel_phase1!\n");
+ VB2_DEBUG("ERROR: Cannot call this before kernel_phase1!\n");
return 0;
}
diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c
index 8b3cf59c..de12ca04 100644
--- a/firmware/2lib/2secdata_kernel.c
+++ b/firmware/2lib/2secdata_kernel.c
@@ -306,3 +306,8 @@ void vb2_secdata_kernel_set_ec_hash(struct vb2_context *ctx,
return;
}
+
+uint32_t vb2api_get_kernel_rollback_version(struct vb2_context *ctx)
+{
+ return vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
+}
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 5c21989f..d75b9e4b 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -817,6 +817,15 @@ uint32_t vb2api_get_firmware_size(struct vb2_context *ctx);
int vb2api_is_developer_signed(struct vb2_context *ctx);
/**
+ * Return the current kernel rollback version from secdata.
+ *
+ * @param ctx Vboot context
+ *
+ * @return The rollback version number.
+ */
+uint32_t vb2api_get_kernel_rollback_version(struct vb2_context *ctx);
+
+/**
* If no display is available, set DISPLAY_REQUEST in nvdata.
*
* @param ctx Vboot2 context
View Lorry Controller Status