summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Kitching <kitching@google.com>2021-02-12 16:26:03 +0800
committerCommit Bot <commit-bot@chromium.org>2021-04-01 05:02:38 +0000
commit74214a331f2d703ca1d996c79632b2bd9b12d34a (patch)
tree54411724cf5b2f16f2af73a3dc892a4d872c7c48
parent21655916f255ed92ad27110f0a65d392f18f6280 (diff)
downloadvboot-74214a331f2d703ca1d996c79632b2bd9b12d34a.tar.gz
vboot/vboot_kernel: correct semantics of kernel_version_secdata
This CL is part of a series to merge vboot1 and vboot2.0 kernel verification code; see b/181739551. BUG=b:181739551 TEST=make clean && make runtests BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: Ib61f9bd726d2da9ef0fee3cd3a4039a6aa1063cc Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2780222 Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
-rw-r--r--firmware/lib/vboot_kernel.c21
-rw-r--r--tests/vboot_kernel_tests.c2
2 files changed, 11 insertions, 12 deletions
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index a1a336a3..5ba86141 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -125,7 +125,6 @@ static uint32_t get_body_offset(uint8_t *kbuf)
* @param kbuf Buffer containing the vblock
* @param kbuf_size Size of the buffer in bytes
* @param kernel_subkey Packed kernel subkey to use in validating keyblock
- * @param min_version Minimum kernel version
* @param shpart Destination for verification results
* @param wb Work buffer. Must be at least
* VB2_VERIFY_KERNEL_PREAMBLE_WORKBUF_BYTES bytes.
@@ -133,9 +132,11 @@ static uint32_t get_body_offset(uint8_t *kbuf)
*/
static vb2_error_t vb2_verify_kernel_vblock(
struct vb2_context *ctx, uint8_t *kbuf, uint32_t kbuf_size,
- const struct vb2_packed_key *kernel_subkey, uint32_t min_version,
+ const struct vb2_packed_key *kernel_subkey,
VbSharedDataKernelPart *shpart, struct vb2_workbuf *wb)
{
+ struct vb2_shared_data *sd = vb2_get_sd(ctx);
+
int need_keyblock_valid = need_valid_keyblock(ctx);
int keyblock_valid = 1; /* Assume valid */
@@ -201,14 +202,14 @@ static vb2_error_t vb2_verify_kernel_vblock(
enum vb2_boot_mode boot_mode = get_boot_mode(ctx);
uint32_t key_version = keyblock->data_key.key_version;
if (boot_mode != VB2_BOOT_MODE_RECOVERY) {
- if (key_version < (min_version >> 16)) {
+ if (key_version < (sd->kernel_version_secdata >> 16)) {
VB2_DEBUG("Key version too old.\n");
shpart->check_result = VBSD_LKP_CHECK_KEY_ROLLBACK;
keyblock_valid = 0;
if (need_keyblock_valid)
return VB2_ERROR_KERNEL_KEYBLOCK_VERSION_ROLLBACK;
}
- if (key_version > 0xFFFF) {
+ if (key_version > VB2_MAX_KEY_VERSION) {
/*
* Key version is stored in 16 bits in the TPM, so key
* versions greater than 0xFFFF can't be stored
@@ -287,7 +288,7 @@ static vb2_error_t vb2_verify_kernel_vblock(
(preamble->kernel_version & 0xFFFF);
shpart->combined_version = combined_version;
if (keyblock_valid && boot_mode != VB2_BOOT_MODE_RECOVERY) {
- if (combined_version < min_version) {
+ if (combined_version < sd->kernel_version_secdata) {
VB2_DEBUG("Kernel version too low.\n");
shpart->check_result = VBSD_LKP_CHECK_KERNEL_ROLLBACK;
/*
@@ -326,7 +327,6 @@ enum vb2_load_partition_flags {
* @param kernel_subkey Key to use to verify vblock
* @param flags Flags (one or more of vb2_load_partition_flags)
* @param params Load-kernel parameters
- * @param min_version Minimum kernel version from TPM
* @param shpart Destination for verification results
* @param wb Workbuf for data storage
* @return VB2_SUCCESS, or non-zero error code.
@@ -334,7 +334,7 @@ enum vb2_load_partition_flags {
static vb2_error_t vb2_load_partition(
struct vb2_context *ctx, VbExStream_t stream,
const struct vb2_packed_key *kernel_subkey, uint32_t flags,
- LoadKernelParams *params, uint32_t min_version,
+ LoadKernelParams *params,
VbSharedDataKernelPart *shpart, struct vb2_workbuf *wb)
{
uint32_t read_ms = 0, start_ts;
@@ -355,7 +355,7 @@ static vb2_error_t vb2_load_partition(
if (VB2_SUCCESS !=
vb2_verify_kernel_vblock(ctx, kbuf, KBUF_SIZE, kernel_subkey,
- min_version, shpart, &wblocal)) {
+ shpart, &wblocal)) {
return VB2_ERROR_LOAD_PARTITION_VERIFY_VBLOCK;
}
@@ -562,7 +562,6 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params)
kernel_subkey,
lpflags,
params,
- sd->kernel_version,
shpart,
&wb);
VbExStreamClose(stream);
@@ -631,7 +630,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params)
* Otherwise, we'll check all the other headers to see if they
* contain a newer key.
*/
- if (shpart->combined_version == sd->kernel_version) {
+ if (shpart->combined_version == sd->kernel_version_secdata) {
VB2_DEBUG("Same kernel version\n");
break;
}
@@ -652,7 +651,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params)
* just didn't look.
*/
if (lowest_version != LOWEST_TPM_VERSION &&
- lowest_version > sd->kernel_version)
+ lowest_version > sd->kernel_version_secdata)
sd->kernel_version = lowest_version;
/* Success! */
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index 631cd5be..01b8b342 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -168,7 +168,7 @@ static void ResetMocks(void)
vb2_nv_init(ctx);
sd = vb2_get_sd(ctx);
- sd->kernel_version = 0x20001;
+ sd->kernel_version_secdata = 0x20001;
/* CRC will be invalid after here, but nobody's checking */
sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT;