diff options
| author | Joel Kitching <kitching@google.com> | 2020-04-16 13:18:52 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-04-17 12:52:37 +0000 |
| commit | 297ea05cf12ce31156f8648983431332b50c995c (patch) | |
| tree | 43b6b669e042e2609bcb54a836afe5b98f38f848 | |
| parent | 860328536239e78ec33c1c7132ac0e98121f07eb (diff) | |
| download | vboot-297ea05cf12ce31156f8648983431332b50c995c.tar.gz | |
vboot: remove VBERROR_TPM_SET_BOOT_MODE_STATE error code
Since secdata and nvdata get/set functions no longer return error
codes, and instead use VB2_ASSERT and VB2_DIE to abort on failure,
vb2_enable_developer_mode no longer has any error code to return.
Change the function return type to void, and remove checks around
the function call. As a result, VBERROR_TPM_SET_BOOT_MODE_STATE
becomes unused and we may remove it. Finally, move the
USB_BOOT_ON_DEV logic (enable USB boot when on transition to dev
mode) into vb2_enable_developer_mode. Also add unit tests.
BUG=b:124141368, chromium:988410
TEST=make clean && make runtests
BRANCH=none
Change-Id: I286d9343c4c751ff24bf4c149a26fbe5306e383a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2152212
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
| -rw-r--r-- | firmware/2lib/2misc.c | 7 | ||||
| -rw-r--r-- | firmware/2lib/include/2misc.h | 3 | ||||
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 2 | ||||
| -rw-r--r-- | firmware/lib/vboot_ui_legacy_clamshell.c | 7 | ||||
| -rw-r--r-- | firmware/lib/vboot_ui_legacy_menu.c | 9 | ||||
| -rw-r--r-- | tests/vb2_misc_tests.c | 24 | ||||
| -rw-r--r-- | tests/vboot_legacy_clamshell_tests.c | 18 | ||||
| -rw-r--r-- | tests/vboot_legacy_menu_tests.c | 18 |
8 files changed, 48 insertions, 40 deletions
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index de4b4241..5411ad1e 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -375,7 +375,7 @@ vb2_error_t vb2_select_fw_slot(struct vb2_context *ctx) return VB2_SUCCESS; } -vb2_error_t vb2_enable_developer_mode(struct vb2_context *ctx) +void vb2_enable_developer_mode(struct vb2_context *ctx) { uint32_t flags; @@ -385,9 +385,10 @@ vb2_error_t vb2_enable_developer_mode(struct vb2_context *ctx) flags |= VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE; vb2_secdata_firmware_set(ctx, VB2_SECDATA_FIRMWARE_FLAGS, flags); - VB2_DEBUG("Mode change will take effect on next reboot\n"); + if (USB_BOOT_ON_DEV) + vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 1); - return VB2_SUCCESS; + VB2_DEBUG("Mode change will take effect on next reboot\n"); } test_mockable diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index 94a93d40..ccdd832a 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -171,9 +171,8 @@ vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx); * done on the next boot. * * @param ctx Vboot context - * @return VB2_SUCCESS, or error code on error. */ -vb2_error_t vb2_enable_developer_mode(struct vb2_context *ctx); +void vb2_enable_developer_mode(struct vb2_context *ctx); /** * Check whether recovery is allowed or not. diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index c03ba7ac..3a303be1 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -40,8 +40,6 @@ enum vb2_return_code { * vboot1-style errors * TODO: deprecate these once they have all moved over to vboot2 style */ - /* Unable to set boot mode state in TPM */ - VBERROR_TPM_SET_BOOT_MODE_STATE = 0x10006, /* Calling firmware needs to perform a reboot. */ VBERROR_REBOOT_REQUIRED = 0x10007, /* Calling firmware requested shutdown via VbExIsShutdownRequested() */ diff --git a/firmware/lib/vboot_ui_legacy_clamshell.c b/firmware/lib/vboot_ui_legacy_clamshell.c index c510d58f..a759b931 100644 --- a/firmware/lib/vboot_ui_legacy_clamshell.c +++ b/firmware/lib/vboot_ui_legacy_clamshell.c @@ -499,12 +499,7 @@ static vb2_error_t recovery_ui(struct vb2_context *ctx) VB_CONFIRM_MUST_TRUST_KEYBOARD; switch (VbUserConfirms(ctx, vbc_flags)) { case 1: - VB2_DEBUG("Enabling dev-mode...\n"); - if (VB2_SUCCESS != vb2_enable_developer_mode(ctx)) - return VBERROR_TPM_SET_BOOT_MODE_STATE; - VB2_DEBUG("Reboot so it will take effect\n"); - if (USB_BOOT_ON_DEV) - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 1); + vb2_enable_developer_mode(ctx); return VBERROR_EC_REBOOT_TO_RO_REQUIRED; case -1: VB2_DEBUG("Shutdown requested\n"); diff --git a/firmware/lib/vboot_ui_legacy_menu.c b/firmware/lib/vboot_ui_legacy_menu.c index 48eaabe9..66e4c9c7 100644 --- a/firmware/lib/vboot_ui_legacy_menu.c +++ b/firmware/lib/vboot_ui_legacy_menu.c @@ -358,15 +358,8 @@ static vb2_error_t to_dev_action(struct vb2_context *ctx) !vb2_allow_recovery(ctx)) return VBERROR_KEEP_LOOPING; - VB2_DEBUG("Enabling dev-mode...\n"); - if (VB2_SUCCESS != vb2_enable_developer_mode(ctx)) - return VBERROR_TPM_SET_BOOT_MODE_STATE; + vb2_enable_developer_mode(ctx); - /* This was meant for headless devices, shouldn't really matter here. */ - if (USB_BOOT_ON_DEV) - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 1); - - VB2_DEBUG("Reboot so it will take effect\n"); return VBERROR_REBOOT_REQUIRED; } diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index 493aab45..4c56c8f1 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -637,6 +637,29 @@ static void dev_switch_tests(void) TEST_EQ(vb2_nv_get(ctx, VB2_NV_REQ_WIPEOUT), 1, " nv wipeout"); } +static void enable_dev_tests(void) +{ + reset_common_data(); + vb2_enable_developer_mode(ctx); + TEST_NEQ(vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_FLAGS) & + VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE, 0, + "dev mode flag set"); + TEST_EQ(vb2_nv_get(ctx, VB2_NV_DEV_BOOT_USB), USB_BOOT_ON_DEV, + "NV_DEV_BOOT_USB set according to compile-time flag"); + + /* secdata_firmware not initialized, aborts */ + reset_common_data(); + sd->status &= ~VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; + TEST_ABORT(vb2_enable_developer_mode(ctx), + "secdata_firmware no init, enable dev mode aborted"); + sd->status |= VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; + TEST_EQ(vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_FLAGS) & + VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE, 0, + "dev mode flag not set"); + TEST_EQ(vb2_nv_get(ctx, VB2_NV_DEV_BOOT_USB), 0, + "NV_DEV_BOOT_USB not set"); +} + static void tpm_clear_tests(void) { /* No clear request */ @@ -929,6 +952,7 @@ int main(int argc, char* argv[]) fail_tests(); recovery_tests(); dev_switch_tests(); + enable_dev_tests(); tpm_clear_tests(); select_slot_tests(); need_reboot_for_display_tests(); diff --git a/tests/vboot_legacy_clamshell_tests.c b/tests/vboot_legacy_clamshell_tests.c index 48ae6add..054a2239 100644 --- a/tests/vboot_legacy_clamshell_tests.c +++ b/tests/vboot_legacy_clamshell_tests.c @@ -39,7 +39,7 @@ static enum VbAltFwIndex_t altfw_num; static uint64_t current_ticks; static int trust_ec; static int virtdev_set; -static uint32_t virtdev_retval; +static uint32_t virtdev_fail; static uint32_t mock_keypress[16]; static uint32_t mock_keyflags[8]; static uint32_t mock_keypress_count; @@ -108,7 +108,7 @@ static void ResetMocks(void) current_ticks = 0; trust_ec = 0; virtdev_set = 0; - virtdev_retval = 0; + virtdev_fail = 0; set_vendor_data_called = 0; memset(screens_displayed, 0, sizeof(screens_displayed)); @@ -267,10 +267,10 @@ vb2_error_t VbDisplayScreen(struct vb2_context *c, uint32_t screen, int force, return VB2_SUCCESS; } -vb2_error_t vb2_enable_developer_mode(struct vb2_context *c) +void vb2_enable_developer_mode(struct vb2_context *c) { + VB2_ASSERT(!virtdev_fail); virtdev_set = 1; - return virtdev_retval; } vb2_error_t VbExSetVendorData(const char *vendor_data_value) @@ -1438,7 +1438,7 @@ static void VbBootRecTest(void) VbBootRecTestGpio(GPIO_PRESENCE | GPIO_SHUTDOWN, GPIO_PRESENCE, 0, 0, "Ctrl+D todev confirm via both then presence"); - /* Handle TPM error in enabling dev mode */ + /* Don't handle TPM error in enabling dev mode */ ResetMocks(); sd->flags = VB2_SD_FLAG_MANUAL_RECOVERY; MockGpioAfter(10, GPIO_SHUTDOWN); @@ -1447,11 +1447,11 @@ static void VbBootRecTest(void) mock_keypress[0] = VB_KEY_CTRL('D'); mock_keypress[1] = VB_KEY_ENTER; mock_keyflags[1] = VB_KEY_FLAG_TRUSTED_KEYBOARD; - virtdev_retval = VB2_ERROR_MOCK; + virtdev_fail = 1; vbtlk_expect_removable = 1; - TEST_EQ(VbBootRecoveryLegacyClamshell(ctx), - VBERROR_TPM_SET_BOOT_MODE_STATE, - "Ctrl+D todev failure"); + TEST_ABORT(VbBootRecoveryLegacyClamshell(ctx), + "Ctrl+D todev failure"); + TEST_EQ(virtdev_set, 0, " virtual dev mode still off"); /* Test Diagnostic Mode via Ctrl-C - display available */ ResetMocks(); diff --git a/tests/vboot_legacy_menu_tests.c b/tests/vboot_legacy_menu_tests.c index 5e010a15..39eb0184 100644 --- a/tests/vboot_legacy_menu_tests.c +++ b/tests/vboot_legacy_menu_tests.c @@ -42,7 +42,7 @@ static enum VbAltFwIndex_t altfw_num; static int debug_info_displayed; static int trust_ec; static int virtdev_set; -static uint32_t virtdev_retval; +static uint32_t virtdev_fail; static uint32_t mock_keypress[64]; static uint32_t mock_keyflags[64]; static uint32_t mock_keypress_count; @@ -78,7 +78,7 @@ static void ResetMocks(void) debug_info_displayed = 0; trust_ec = 0; virtdev_set = 0; - virtdev_retval = 0; + virtdev_fail = 0; vbtlk_last_retval = vbtlk_retval_fixed - VB_DISK_FLAG_FIXED; memset(vbtlk_retval, 0, sizeof(vbtlk_retval)); @@ -226,10 +226,10 @@ vb2_error_t VbExBeep(uint32_t msec, uint32_t frequency) return VB2_SUCCESS; } -vb2_error_t vb2_enable_developer_mode(struct vb2_context *c) +void vb2_enable_developer_mode(struct vb2_context *c) { + VB2_ASSERT(!virtdev_fail); virtdev_set = 1; - return virtdev_retval; } /* Tests */ @@ -1705,7 +1705,7 @@ static void VbBootRecTest(void) TEST_EQ(beeps_played[0], 400, " first beep"); TEST_EQ(beeps_played[1], 400, " second beep"); - /* Handle TPM error in enabling dev mode */ + /* Don't handle TPM error in enabling dev mode */ ResetMocksForManualRecovery(); i = 0; mock_keyflags[i] = VB_KEY_FLAG_TRUSTED_KEYBOARD; @@ -1713,13 +1713,12 @@ static void VbBootRecTest(void) mock_keyflags[i] = VB_KEY_FLAG_TRUSTED_KEYBOARD; mock_keypress[i++] = VB_BUTTON_VOL_UP_SHORT_PRESS; // confirm enabling mock_keypress[i++] = VB_BUTTON_POWER_SHORT_PRESS; - virtdev_retval = VB2_ERROR_MOCK; - TEST_EQ(VbBootRecoveryLegacyMenu(ctx), VBERROR_TPM_SET_BOOT_MODE_STATE, - "todev TPM failure"); + virtdev_fail = 1; + TEST_ABORT(VbBootRecoveryLegacyMenu(ctx), "todev TPM failure"); TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST), 0, " no recovery"); TEST_EQ(debug_info_displayed, 0, " no debug info"); TEST_NEQ(shutdown_request_calls_left, 0, " aborted explicitly"); - TEST_EQ(virtdev_set, 1, " virtual dev mode on"); + TEST_EQ(virtdev_set, 0, " virtual dev mode still off"); i = 0; TEST_EQ(screens_displayed[i++], VB_SCREEN_RECOVERY_NO_GOOD, " nogood screen"); @@ -1727,7 +1726,6 @@ static void VbBootRecTest(void) " recovery to_dev menu: cancel"); TEST_EQ(screens_displayed[i++], VB_SCREEN_RECOVERY_TO_DEV_MENU, " recovery to_dev menu: confirm disabling os verification"); - TEST_EQ(screens_displayed[i++], VB_SCREEN_BLANK," final blank screen"); TEST_EQ(screens_count, i, " no extra screens"); TEST_EQ(beeps_count, 0, " no beeps"); |