Detect GBB 1.1 also as impcompatible version

Older GBB headers (e.g. 1.0 and 1.1) do not have hwid_digest. In such cases,
PCR1 is currently extended from 0, causing a remote attestation failure.
This change makes all GBB headers older than 1.2 incompatible.

BUG=none
BRANCH=tot
TEST=make -j runtests

Change-Id: I7a3b19c2da325a3fa4b9c1fe06ed6f43cb51fb9e
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/270796
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

2 files changed, 4 insertions, 4 deletions

diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 8d2cbf3f..31884732 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -49,8 +49,8 @@ int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb)
 	if (gbb->major_version != VB2_GBB_MAJOR_VER)
 		return VB2_ERROR_GBB_VERSION;
 
-	/* Current code is not backwards-compatible to 1.0 headers */
-	if (gbb->minor_version == 0)
+	/* Current code is not backwards-compatible to 1.1 headers or older */
+	if (gbb->minor_version < VB2_GBB_MINOR_VER)
 		return VB2_ERROR_GBB_TOO_OLD;
 
 	/*
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index 437b247f..4d804509 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -166,8 +166,8 @@ static void gbb_tests(void)
 	TEST_SUCC(vb2_read_gbb_header(&cc, &gbbdest),
 		  "read gbb header minor++");
 	gbb.minor_version = 1;
-	TEST_SUCC(vb2_read_gbb_header(&cc, &gbbdest),
-		  "read gbb header 1.1");
+	TEST_EQ(vb2_read_gbb_header(&cc, &gbbdest),
+		VB2_ERROR_GBB_TOO_OLD, "read gbb header 1.1 fails");
 	gbb.minor_version = 0;
 	TEST_EQ(vb2_read_gbb_header(&cc, &gbbdest),
 		VB2_ERROR_GBB_TOO_OLD, "read gbb header 1.0 fails");