diff options
| author | edisonhello <edisonhello@google.com> | 2021-07-20 18:37:59 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-07-30 17:37:18 +0000 |
| commit | 6cebe52a33eba8bb82430a7ce5560c590aee99a0 (patch) | |
| tree | 7aa12fa2263b7b533490526f5518853b07a48ab3 | |
| parent | f975ab651e5364f2c59bca496779754b081e44ce (diff) | |
| download | vboot-6cebe52a33eba8bb82430a7ce5560c590aee99a0.tar.gz | |
vboot: Add DEV_BOOT_*ALLOWED in ctx->flags
Add DEV_BOOT_ALLOWED, DEV_BOOT_ALTFW_ALLOWED,
DEV_BOOT_EXTERNAL_ALLOWED in ctx->flags, which can be used by
external functions. These flags will be filled in
VbSelectAndLoadKernel, before calling any menu function.
In 2ui.c and 2ui_screen.c, all function calls to vb2_dev_boot_*allowed
are replaced with corresponding flags in ctx->flags.
Remove the parts of mocking these functions in unit tests, and set
ctx->flags instead in reset_common_data.
BUG=b:172339016
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=0; \
make -j32 test_setup && make -j32 runtests;
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=1; \
make -j32 test_setup && make -j32 runtests;
TEST=Hayato booted into developer mode
BRANCH=none
Signed-off-by: edisonhello <edisonhello@google.com>
Change-Id: Ida9f03557a92a1522d631fc04b281ce85f5049c7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3041498
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
| -rw-r--r-- | firmware/2lib/2kernel.c | 2 | ||||
| -rw-r--r-- | firmware/2lib/2misc.c | 45 | ||||
| -rw-r--r-- | firmware/2lib/2ui.c | 4 | ||||
| -rw-r--r-- | firmware/2lib/2ui_screens.c | 16 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 20 | ||||
| -rw-r--r-- | firmware/2lib/include/2misc.h | 35 | ||||
| -rw-r--r-- | tests/vb2_misc_tests.c | 116 | ||||
| -rw-r--r-- | tests/vb2_ui_action_tests.c | 30 | ||||
| -rw-r--r-- | tests/vb2_ui_tests.c | 45 |
9 files changed, 144 insertions, 169 deletions
diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c index 763214dd..b1b34a12 100644 --- a/firmware/2lib/2kernel.c +++ b/firmware/2lib/2kernel.c @@ -157,6 +157,8 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx) vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS); sd->kernel_version = sd->kernel_version_secdata; + vb2_fill_dev_boot_flags(ctx); + /* Find the key to use to verify the kernel keyblock */ if ((ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) { /* Load recovery key from GBB. */ diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index e30deb4f..29fcde75 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -537,12 +537,12 @@ enum vb2_dev_default_boot_target vb2api_get_dev_default_boot_target( switch (vb2_nv_get(ctx, VB2_NV_DEV_DEFAULT_BOOT)) { case VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL: - if (vb2_dev_boot_external_allowed(ctx)) + if (ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED) return VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL; break; case VB2_DEV_DEFAULT_BOOT_TARGET_ALTFW: - if (vb2_dev_boot_altfw_allowed(ctx)) + if (ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED) return VB2_DEV_DEFAULT_BOOT_TARGET_ALTFW; break; } @@ -550,33 +550,30 @@ enum vb2_dev_default_boot_target vb2api_get_dev_default_boot_target( return VB2_DEV_DEFAULT_BOOT_TARGET_INTERNAL; } -int vb2_dev_boot_allowed(struct vb2_context *ctx) +void vb2_fill_dev_boot_flags(struct vb2_context *ctx) { struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); - if (vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_DISABLE_BOOT)) - return !!(gbb->flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON); - - return 1; -} - -int vb2_dev_boot_altfw_allowed(struct vb2_context *ctx) -{ - struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); - - return vb2_nv_get(ctx, VB2_NV_DEV_BOOT_ALTFW) || - (gbb->flags & VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW) || - vb2_secdata_fwmp_get_flag(ctx, - VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW); -} + if (vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_DISABLE_BOOT) && + !(gbb->flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON)) + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALLOWED; + else + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALLOWED; -int vb2_dev_boot_external_allowed(struct vb2_context *ctx) -{ - struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); + if (vb2_nv_get(ctx, VB2_NV_DEV_BOOT_EXTERNAL) || + (gbb->flags & VB2_GBB_FLAG_FORCE_DEV_BOOT_USB) || + vb2_secdata_fwmp_get_flag(ctx, + VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL)) + ctx->flags |= VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED; + else + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED; - return vb2_nv_get(ctx, VB2_NV_DEV_BOOT_EXTERNAL) || - (gbb->flags & VB2_GBB_FLAG_FORCE_DEV_BOOT_USB) || - vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL); + if (vb2_nv_get(ctx, VB2_NV_DEV_BOOT_ALTFW) || + (gbb->flags & VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW) || + vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW)) + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; + else + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; } int vb2api_use_short_dev_screen_delay(struct vb2_context *ctx) diff --git a/firmware/2lib/2ui.c b/firmware/2lib/2ui.c index 1850b8f7..2582743c 100644 --- a/firmware/2lib/2ui.c +++ b/firmware/2lib/2ui.c @@ -420,7 +420,7 @@ vb2_error_t ui_loop(struct vb2_context *ctx, enum vb2_screen root_screen_id, vb2_error_t vb2_developer_menu(struct vb2_context *ctx) { enum vb2_screen root_screen_id = VB2_SCREEN_DEVELOPER_MODE; - if (!vb2_dev_boot_allowed(ctx)) { + if (!(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED)) { VB2_DEBUG("WARNING: Dev boot not allowed; forcing to-norm\n"); root_screen_id = VB2_SCREEN_DEVELOPER_TO_NORM; } @@ -434,7 +434,7 @@ vb2_error_t developer_action(struct vb2_ui_context *ui) return vb2_ui_screen_change(ui, VB2_SCREEN_DEBUG_INFO); /* Ignore other shortcuts */ - if (!vb2_dev_boot_allowed(ui->ctx)) + if (!(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED)) return VB2_REQUEST_UI_CONTINUE; if (ui->key == VB_KEY_CTRL('S')) diff --git a/firmware/2lib/2ui_screens.c b/firmware/2lib/2ui_screens.c index 7b48b842..c2ff7ee1 100644 --- a/firmware/2lib/2ui_screens.c +++ b/firmware/2lib/2ui_screens.c @@ -693,12 +693,12 @@ vb2_error_t developer_mode_init(struct vb2_ui_context *ui) DEVELOPER_MODE_ITEM_RETURN_TO_SECURE); /* Don't show "Boot from external disk" button if not allowed. */ - if (!vb2_dev_boot_external_allowed(ui->ctx)) + if (!(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED)) VB2_SET_BIT(ui->state->hidden_item_mask, DEVELOPER_MODE_ITEM_BOOT_EXTERNAL); /* Don't show "Select alternate bootloader" button if not allowed. */ - if (!vb2_dev_boot_altfw_allowed(ui->ctx)) + if (!(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED)) VB2_SET_BIT(ui->state->hidden_item_mask, DEVELOPER_MODE_ITEM_SELECT_ALTFW); @@ -725,7 +725,7 @@ vb2_error_t vb2_ui_developer_mode_boot_internal_action( struct vb2_ui_context *ui) { if (!(ui->ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) || - !vb2_dev_boot_allowed(ui->ctx)) { + !(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED)) { VB2_DEBUG("ERROR: Dev mode internal boot not allowed\n"); return VB2_SUCCESS; } @@ -741,8 +741,8 @@ vb2_error_t vb2_ui_developer_mode_boot_external_action( /* Validity check, should never happen. */ if (!(ui->ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) || - !vb2_dev_boot_allowed(ui->ctx) || - !vb2_dev_boot_external_allowed(ui->ctx)) { + !(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED) || + !(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED)) { VB2_DEBUG("ERROR: Dev mode external boot not allowed\n"); ui->error_beep = 1; return set_ui_error(ui, VB2_UI_ERROR_EXTERNAL_BOOT_DISABLED); @@ -853,7 +853,7 @@ static vb2_error_t developer_to_norm_init(struct vb2_ui_context *ui) } ui->state->selected_item = DEVELOPER_TO_NORM_ITEM_CONFIRM; /* Hide "Cancel" button if dev boot is not allowed */ - if (!vb2_dev_boot_allowed(ui->ctx)) + if (!(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED)) VB2_SET_BIT(ui->state->hidden_item_mask, DEVELOPER_TO_NORM_ITEM_CANCEL); return VB2_SUCCESS; @@ -953,8 +953,8 @@ vb2_error_t vb2_ui_developer_mode_boot_altfw_action( ARRAY_SIZE(developer_select_bootloader_items_before); if (!(ui->ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) || - !vb2_dev_boot_allowed(ui->ctx) || - !vb2_dev_boot_altfw_allowed(ui->ctx)) { + !(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED) || + !(ui->ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED)) { VB2_DEBUG("ERROR: Dev mode alternate bootloader not allowed\n"); return set_ui_error(ui, VB2_UI_ERROR_ALTFW_DISABLED); } diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index f59c2494..4219b3da 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -240,6 +240,23 @@ enum vb2_context_flags { * it doesn't jump to RW when this flag is set. */ VB2_CONTEXT_EC_TRUSTED = (1 << 24), + + /* + * Boot into developer mode is allowed by FWMP and GBB flags. + */ + VB2_CONTEXT_DEV_BOOT_ALLOWED = (1 << 25), + + /* + * Boot into developer mode from external disk is allowed by nvdata, + * FWMP and GBB flags. + */ + VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED = (1 << 26), + + /* + * Boot into developer mode from alternate bootloader is allowed by + * nvdata, FWMP and GBB flags. + */ + VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED = (1 << 27), }; /* Helper for aligning fields in vb2_context. */ @@ -915,7 +932,8 @@ enum vb2_dev_default_boot_target { }; /** - * Get the default boot target in developer mode. + * Get the default boot target in developer mode. This function must be called + * after vb2api_kernel_phase1. * * @param ctx Vboot context * @return The developer mode default boot target. diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index 3d96293b..98f169bd 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -210,38 +210,11 @@ int vb2_allow_recovery(struct vb2_context *ctx); void vb2_clear_recovery(struct vb2_context *ctx); /** - * Determine if developer mode is allowed. + * Fill VB2_CONTEXT_DEV_BOOT_ALLOWED, VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED and + * VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED flags in ctx->flags. * - * Developer boot is not allowed if and only if FWMP_DEV_DISABLE_BOOT is set and - * GBB_FORCE_DEV_SWITCH_ON is not set. - * - * @param ctx Vboot context - * @return 1 if allowed, or 0 otherwise. - */ -int vb2_dev_boot_allowed(struct vb2_context *ctx); - -/** - * Determine if booting from legacy BIOS is allowed. - * - * Legacy BIOS is allowed if any of these flags are set: - * VB2_NV_DEV_BOOT_ALTFW, VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW, and - * VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW. - * - * @param ctx Vboot context - * @return 1 if allowed, or 0 otherwise. - */ -int vb2_dev_boot_altfw_allowed(struct vb2_context *ctx); - -/** - * Determine if booting from external disk is allowed. - * - * Booting from external disk is allowed if any of these flags are set: - * VB2_NV_DEV_BOOT_EXTERNAL, VB2_GBB_FLAG_FORCE_DEV_BOOT_USB, and - * VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL. - * - * @param ctx Vboot context - * @return 1 if allowed, or 0 otherwise. + * @param ctx Vboot context. */ -int vb2_dev_boot_external_allowed(struct vb2_context *ctx); +void vb2_fill_dev_boot_flags(struct vb2_context *ctx); #endif /* VBOOT_REFERENCE_2MISC_H_ */ diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index a7cc1155..11f4ea90 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -911,7 +911,7 @@ static void dev_default_boot_tests(void) /* Boot from external disk */ reset_common_data(); - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_EXTERNAL, 1); + ctx->flags |= VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED; vb2_nv_set(ctx, VB2_NV_DEV_DEFAULT_BOOT, VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL); TEST_EQ(vb2api_get_dev_default_boot_target(ctx), @@ -926,7 +926,7 @@ static void dev_default_boot_tests(void) VB2_DEV_DEFAULT_BOOT_TARGET_INTERNAL, "default boot external not allowed"); reset_common_data(); - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_ALTFW, 1); + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; vb2_nv_set(ctx, VB2_NV_DEV_DEFAULT_BOOT, VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL); TEST_EQ(vb2api_get_dev_default_boot_target(ctx), @@ -935,7 +935,7 @@ static void dev_default_boot_tests(void) /* Boot altfw */ reset_common_data(); - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_ALTFW, 1); + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; vb2_nv_set(ctx, VB2_NV_DEV_DEFAULT_BOOT, VB2_DEV_DEFAULT_BOOT_TARGET_ALTFW); TEST_EQ(vb2api_get_dev_default_boot_target(ctx), @@ -950,7 +950,7 @@ static void dev_default_boot_tests(void) VB2_DEV_DEFAULT_BOOT_TARGET_INTERNAL, "default boot altfw not allowed"); reset_common_data(); - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_EXTERNAL, 1); + ctx->flags |= VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED; vb2_nv_set(ctx, VB2_NV_DEV_DEFAULT_BOOT, VB2_DEV_DEFAULT_BOOT_TARGET_ALTFW); TEST_EQ(vb2api_get_dev_default_boot_target(ctx), @@ -958,84 +958,100 @@ static void dev_default_boot_tests(void) "default boot altfw not allowed"); } -static void dev_boot_allowed_tests(void) +static void fill_dev_boot_flags_tests(void) { /* Dev boot - allowed by default */ reset_common_data(); - TEST_EQ(vb2_dev_boot_allowed(ctx), 1, "dev boot - allowed by default"); + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED, + "dev boot - allowed by default"); /* Dev boot - disabled by FWMP */ reset_common_data(); fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; - TEST_EQ(vb2_dev_boot_allowed(ctx), 0, "dev boot - FWMP disabled"); + vb2_fill_dev_boot_flags(ctx); + TEST_FALSE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED, + "dev boot - FWMP disabled"); /* Dev boot - force enabled by GBB */ reset_common_data(); fwmp->flags |= VB2_SECDATA_FWMP_DEV_DISABLE_BOOT; gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON; - TEST_EQ(vb2_dev_boot_allowed(ctx), 1, "dev boot - GBB force dev on"); - - /* Legacy boot - not allowed by default */ - reset_common_data(); - TEST_EQ(vb2_dev_boot_altfw_allowed(ctx), 0, - "dev boot altfw - not allowed by default"); - - /* Legacy boot - enabled by nvdata */ - reset_common_data(); - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_ALTFW, 1); - TEST_EQ(vb2_dev_boot_altfw_allowed(ctx), 1, - "dev boot altfw - nvdata enabled"); - - /* Legacy boot - enabled by FWMP */ - reset_common_data(); - fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW; - TEST_EQ(vb2_dev_boot_altfw_allowed(ctx), 1, - "dev boot altfw - secdata enabled"); - - /* Legacy boot - force enabled by GBB */ - reset_common_data(); - gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW; - TEST_EQ(vb2_dev_boot_altfw_allowed(ctx), 1, - "dev boot altfw - GBB force enabled"); - - /* Legacy boot - set all flags */ - reset_common_data(); - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_ALTFW, 1); - fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW; - gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW; - TEST_EQ(vb2_dev_boot_altfw_allowed(ctx), 1, - "dev boot altfw - all flags set"); + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALLOWED, + "dev boot - GBB force dev on"); /* External boot - not allowed by default */ reset_common_data(); - TEST_EQ(vb2_dev_boot_external_allowed(ctx), 0, - "dev boot external - not allowed by default"); + vb2_fill_dev_boot_flags(ctx); + TEST_FALSE(ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED, + "dev boot external - not allowed by default"); /* External boot - enabled by nvdata */ reset_common_data(); vb2_nv_set(ctx, VB2_NV_DEV_BOOT_EXTERNAL, 1); - TEST_EQ(vb2_dev_boot_external_allowed(ctx), 1, - "dev boot external - nvdata enabled"); + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED, + "dev boot external - nvdata enabled"); /* External boot - enabled by FWMP */ reset_common_data(); fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL; - TEST_EQ(vb2_dev_boot_external_allowed(ctx), 1, - "dev boot external - secdata enabled"); + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED, + "dev boot external - secdata enabled"); /* External boot - force enabled by GBB */ reset_common_data(); gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_BOOT_USB; - TEST_EQ(vb2_dev_boot_external_allowed(ctx), 1, - "dev boot external - GBB force enabled"); + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED, + "dev boot external - GBB force enabled"); /* External boot - set all flags */ reset_common_data(); vb2_nv_set(ctx, VB2_NV_DEV_BOOT_EXTERNAL, 1); fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL; gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_BOOT_USB; - TEST_EQ(vb2_dev_boot_external_allowed(ctx), 1, - "dev boot external - all flags set"); + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED, + "dev boot external - all flags set"); + + /* Alternate boot - not allowed by default */ + reset_common_data(); + vb2_fill_dev_boot_flags(ctx); + TEST_FALSE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED, + "dev boot altfw - not allowed by default"); + + /* Alternate boot - enabled by nvdata */ + reset_common_data(); + vb2_nv_set(ctx, VB2_NV_DEV_BOOT_ALTFW, 1); + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED, + "dev boot altfw - nvdata enabled"); + + /* Alternate boot - enabled by FWMP */ + reset_common_data(); + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW; + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED, + "dev boot altfw - secdata enabled"); + + /* Alternate boot - force enabled by GBB */ + reset_common_data(); + gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW; + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED, + "dev boot altfw - GBB force enabled"); + + /* Alternate boot - set all flags */ + reset_common_data(); + vb2_nv_set(ctx, VB2_NV_DEV_BOOT_ALTFW, 1); + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW; + gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW; + vb2_fill_dev_boot_flags(ctx); + TEST_TRUE(ctx->flags & VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED, + "dev boot altfw - all flags set"); } static void use_dev_screen_short_delay_tests(void) @@ -1068,7 +1084,7 @@ int main(int argc, char* argv[]) phone_recovery_enabled_tests(); diagnostic_ui_enabled_tests(); dev_default_boot_tests(); - dev_boot_allowed_tests(); + fill_dev_boot_flags_tests(); use_dev_screen_short_delay_tests(); return gTestSuccess ? 0 : 255; diff --git a/tests/vb2_ui_action_tests.c b/tests/vb2_ui_action_tests.c index 6db75bfd..44649ac6 100644 --- a/tests/vb2_ui_action_tests.c +++ b/tests/vb2_ui_action_tests.c @@ -65,9 +65,6 @@ static int mock_get_screen_info_called; static vb2_error_t mock_vbtlk_retval; static uint32_t mock_vbtlk_expected_flag; -static int mock_dev_boot_allowed; -static int mock_dev_boot_altfw_allowed; - static int mock_run_altfw_called; static uint32_t mock_altfw_last; static uint32_t mock_altfw_count; @@ -317,6 +314,9 @@ static void reset_common_data(void) sd = vb2_get_sd(ctx); + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALLOWED; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; + /* For check_shutdown_request */ mock_calls_until_shutdown = 10; @@ -359,10 +359,6 @@ static void reset_common_data(void) mock_vbtlk_retval = VB2_ERROR_MOCK; mock_vbtlk_expected_flag = MOCK_IGNORE; - /* For dev_boot* in 2misc.h */ - mock_dev_boot_allowed = 1; - mock_dev_boot_altfw_allowed = 0; - /* For vb2ex_run_altfw */ mock_run_altfw_called = 0; mock_altfw_last = -100; @@ -488,16 +484,6 @@ vb2_error_t VbTryLoadKernel(struct vb2_context *c, uint32_t disk_flags) return mock_vbtlk_retval; } -int vb2_dev_boot_allowed(struct vb2_context *c) -{ - return mock_dev_boot_allowed; -} - -int vb2_dev_boot_altfw_allowed(struct vb2_context *c) -{ - return mock_dev_boot_altfw_allowed; -} - vb2_error_t vb2ex_run_altfw(uint32_t altfw_id) { mock_run_altfw_called++; @@ -755,7 +741,7 @@ static void vb2_ui_developer_mode_boot_altfw_action_tests(void) /* Not allowed: not in dev mode */ reset_common_data(); - mock_dev_boot_altfw_allowed = 1; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; TEST_EQ(vb2_ui_developer_mode_boot_altfw_action(&mock_ui_context), VB2_REQUEST_UI_CONTINUE, "not allowed: not in dev mode"); TEST_EQ(mock_ui_context.error_code, VB2_UI_ERROR_ALTFW_DISABLED, @@ -765,8 +751,8 @@ static void vb2_ui_developer_mode_boot_altfw_action_tests(void) /* Not allowed: dev boot not allowed */ reset_common_data(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - mock_dev_boot_allowed = 0; - mock_dev_boot_altfw_allowed = 1; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALLOWED; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; TEST_EQ(vb2_ui_developer_mode_boot_altfw_action(&mock_ui_context), VB2_REQUEST_UI_CONTINUE, "not allowed: dev boot not allowed"); TEST_EQ(mock_ui_context.error_code, VB2_UI_ERROR_ALTFW_DISABLED, @@ -785,7 +771,7 @@ static void vb2_ui_developer_mode_boot_altfw_action_tests(void) /* Allowed */ reset_common_data(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - mock_dev_boot_altfw_allowed = 1; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; mock_ui_context.state->selected_item = 2; TEST_EQ(vb2_ui_developer_mode_boot_altfw_action(&mock_ui_context), VB2_REQUEST_UI_CONTINUE, "allowed"); @@ -797,7 +783,7 @@ static void vb2_ui_developer_mode_boot_altfw_action_tests(void) /* CTRL+L = default bootloader */ reset_common_data(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - mock_dev_boot_altfw_allowed = 1; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; mock_ui_context.key = VB_KEY_CTRL('L'); mock_ui_context.state->selected_item = 4; /* Ignored */ TEST_EQ(vb2_ui_developer_mode_boot_altfw_action(&mock_ui_context), diff --git a/tests/vb2_ui_tests.c b/tests/vb2_ui_tests.c index 657ae5f8..51a8853d 100644 --- a/tests/vb2_ui_tests.c +++ b/tests/vb2_ui_tests.c @@ -73,9 +73,6 @@ static int mock_beep_count; static int mock_beep_total; static enum vb2_dev_default_boot_target mock_default_boot; -static int mock_dev_boot_allowed; -static int mock_dev_boot_altfw_allowed; -static int mock_dev_boot_external_allowed; static int mock_run_altfw_called; static uint32_t mock_altfw_last; @@ -281,6 +278,10 @@ static void reset_common_data(enum reset_type t) sd->flags |= VB2_SD_FLAG_DEV_MODE_ENABLED; } + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALLOWED; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED; + /* Mock ui_context based on real screens */ memset(&mock_ui_context, 0, sizeof(mock_ui_context)); mock_ui_context.ctx = ctx; @@ -318,9 +319,6 @@ static void reset_common_data(enum reset_type t) /* For dev_boot* in 2misc.h */ mock_default_boot = VB2_DEV_DEFAULT_BOOT_TARGET_INTERNAL; - mock_dev_boot_allowed = 1; - mock_dev_boot_altfw_allowed = 0; - mock_dev_boot_external_allowed = 1; /* For vb2ex_run_altfw */ mock_run_altfw_called = 0; @@ -489,21 +487,6 @@ enum vb2_dev_default_boot_target vb2api_get_dev_default_boot_target( return mock_default_boot; } -int vb2_dev_boot_allowed(struct vb2_context *c) -{ - return mock_dev_boot_allowed; -} - -int vb2_dev_boot_altfw_allowed(struct vb2_context *c) -{ - return mock_dev_boot_altfw_allowed; -} - -int vb2_dev_boot_external_allowed(struct vb2_context *c) -{ - return mock_dev_boot_external_allowed; -} - vb2_error_t vb2ex_run_altfw(uint32_t altfw_id) { mock_run_altfw_called++; @@ -610,7 +593,7 @@ static void developer_tests(void) /* Don't proceed to internal disk after timeout (dev mode disallowed) */ reset_common_data(FOR_DEVELOPER); - mock_dev_boot_allowed = 0; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALLOWED; TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL), VB2_REQUEST_SHUTDOWN, "do not proceed to internal disk after timeout " @@ -701,13 +684,13 @@ static void developer_tests(void) /* Default boot from external not allowed, don't boot */ reset_common_data(FOR_DEVELOPER); mock_default_boot = VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL; - mock_dev_boot_external_allowed = 0; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED; TEST_EQ(vb2_developer_menu(ctx), VB2_REQUEST_SHUTDOWN, "default boot from external disk not allowed, don't boot"); /* Don't proceed to external disk after timeout (dev mode disallowed) */ reset_common_data(FOR_DEVELOPER); - mock_dev_boot_allowed = 0; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALLOWED; mock_default_boot = VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL; TEST_EQ(ui_loop(ctx, VB2_SCREEN_DEVELOPER_MODE, NULL), VB2_REQUEST_SHUTDOWN, @@ -731,7 +714,7 @@ static void developer_tests(void) /* Ctrl+L = boot altfw (allowed) */ reset_common_data(FOR_DEVELOPER); - mock_dev_boot_altfw_allowed = 1; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; add_mock_keypress(VB_KEY_CTRL('L')); TEST_EQ(vb2_developer_menu(ctx), VB2_REQUEST_SHUTDOWN, "ctrl+l = boot altfw"); @@ -766,7 +749,7 @@ static void developer_tests(void) /* Select to_norm in dev menu and confirm (dev mode disallowed) */ reset_common_data(FOR_DEVELOPER); - mock_dev_boot_allowed = 0; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_ALLOWED; add_mock_keypress(VB_KEY_UP); add_mock_keypress(VB_KEY_ENTER); add_mock_keypress(VB_KEY_ENTER); @@ -1307,7 +1290,7 @@ static void developer_screen_tests(void) /* Dev mode: disabled and hidden item mask */ reset_common_data(FOR_DEVELOPER); - mock_dev_boot_altfw_allowed = 1; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; add_mock_vbtlk(VB2_SUCCESS, VB_DISK_FLAG_FIXED); TEST_EQ(vb2_developer_menu(ctx), VB2_SUCCESS, "dev mode screen: no disabled or hidden item"); @@ -1315,7 +1298,7 @@ static void developer_screen_tests(void) MOCK_IGNORE, MOCK_IGNORE, 0x0, 0x0, MOCK_IGNORE); reset_common_data(FOR_DEVELOPER); - mock_dev_boot_altfw_allowed = 1; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; gbb.flags |= VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON; add_mock_vbtlk(VB2_SUCCESS, VB_DISK_FLAG_FIXED); TEST_EQ(vb2_developer_menu(ctx), VB2_SUCCESS, @@ -1325,8 +1308,8 @@ static void developer_screen_tests(void) reset_common_data(FOR_DEVELOPER); add_mock_vbtlk(VB2_SUCCESS, VB_DISK_FLAG_FIXED); - mock_dev_boot_external_allowed = 0; - mock_dev_boot_altfw_allowed = 1; + ctx->flags &= ~(uint64_t)VB2_CONTEXT_DEV_BOOT_EXTERNAL_ALLOWED; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; TEST_EQ(vb2_developer_menu(ctx), VB2_SUCCESS, "dev mode screen: hide boot external"); DISPLAYED_EQ("dev mode screen", VB2_SCREEN_DEVELOPER_MODE, @@ -1385,7 +1368,7 @@ static void developer_screen_tests(void) DISPLAYED_NO_EXTRA(); reset_common_data(FOR_DEVELOPER); /* Select #2 by default */ - mock_dev_boot_altfw_allowed = 1; + ctx->flags |= VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED; /* #4: Alternate boot */ add_mock_keypress(VB_KEY_DOWN); add_mock_keypress(VB_KEY_DOWN); |