diff options
author | Joel Kitching <kitching@google.com> | 2021-02-12 16:47:28 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-05-09 19:28:22 +0000 |
commit | 92ab60911eb5c291184582192299005f7acc2b3f (patch) | |
tree | 1ae6e339decfb23486b14a92a48ea0488be61c51 | |
parent | 3d27fecc625d2ed5d5162f079c85b0dfbc93398b (diff) | |
download | vboot-92ab60911eb5c291184582192299005f7acc2b3f.tar.gz |
vboot/vboot_kernel: rewrite kernel version checking code
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I18790fefe7c4bf2126978c7a9bf1d412dfc8ac78
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2785809
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
-rw-r--r-- | firmware/lib/vboot_kernel.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 5ba86141..781868b3 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -281,23 +281,23 @@ static vb2_error_t vb2_verify_kernel_vblock( } /* - * If the keyblock is valid and we're not in recovery mode, check for - * rollback of the kernel version. + * Kernel preamble version is the lower 16 bits of the composite + * kernel version. */ - uint32_t combined_version = (key_version << 16) | - (preamble->kernel_version & 0xFFFF); - shpart->combined_version = combined_version; - if (keyblock_valid && boot_mode != VB2_BOOT_MODE_RECOVERY) { - if (combined_version < sd->kernel_version_secdata) { - VB2_DEBUG("Kernel version too low.\n"); - shpart->check_result = VBSD_LKP_CHECK_KERNEL_ROLLBACK; - /* - * If not in developer mode, kernel version - * must be valid. - */ - if (boot_mode != VB2_BOOT_MODE_DEVELOPER) - return VB2_ERROR_UNKNOWN; - } + if (preamble->kernel_version > VB2_MAX_PREAMBLE_VERSION) + return VB2_ERROR_KERNEL_PREAMBLE_VERSION_RANGE; + + /* Combine with the key version. */ + sd->kernel_version = key_version << 16 | preamble->kernel_version; + shpart->combined_version = sd->kernel_version; + + /* If not in recovery mode, check for rollback of the kernel version. */ + if (need_keyblock_valid && + boot_mode != VB2_BOOT_MODE_RECOVERY && + sd->kernel_version < sd->kernel_version_secdata) { + VB2_DEBUG("Kernel version too low.\n"); + shpart->check_result = VBSD_LKP_CHECK_KERNEL_ROLLBACK; + return VB2_ERROR_KERNEL_PREAMBLE_VERSION_ROLLBACK; } VB2_DEBUG("Kernel preamble is good.\n"); @@ -577,11 +577,11 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) if (keyblock_valid) { sd->flags |= VB2_SD_FLAG_KERNEL_SIGNED; /* Track lowest version from a valid header. */ - if (lowest_version > shpart->combined_version) - lowest_version = shpart->combined_version; + if (lowest_version > sd->kernel_version) + lowest_version = sd->kernel_version; } VB2_DEBUG("Keyblock valid: %d\n", keyblock_valid); - VB2_DEBUG("Combined version: %u\n", shpart->combined_version); + VB2_DEBUG("Combined version: %u\n", sd->kernel_version); /* * If we're only looking at headers, we're done with this @@ -630,7 +630,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) * Otherwise, we'll check all the other headers to see if they * contain a newer key. */ - if (shpart->combined_version == sd->kernel_version_secdata) { + if (sd->kernel_version == sd->kernel_version_secdata) { VB2_DEBUG("Same kernel version\n"); break; } |