diff options
author | Julius Werner <jwerner@chromium.org> | 2015-05-15 12:50:07 -0700 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-05-16 01:42:20 +0000 |
commit | fb4e4080112d9005f83b57551ab19cbf478da36a (patch) | |
tree | 1d7f42ca5856dfc0bda6562c72f553f167df91db | |
parent | dc49a6827670abc0f2dc45178c2623e070ff5961 (diff) | |
download | vboot-fb4e4080112d9005f83b57551ab19cbf478da36a.tar.gz |
vboot2: Support VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
Looks like the DISABLE_FW_ROLLBACK_CHECK GBB flag (0x200) was forgotten
in the vboot2 implementation. It's too late for Veyron now, but let's at
least fix it for future devices.
BRANCH=none
BUG=None
TEST=make runtests
Change-Id: I867f7aada28be3897efda73a6bdc3b0848c23dca
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/271419
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
-rw-r--r-- | firmware/2lib/include/2struct.h | 4 | ||||
-rw-r--r-- | firmware/lib20/misc.c | 16 | ||||
-rw-r--r-- | firmware/lib21/misc.c | 16 | ||||
-rw-r--r-- | tests/vb20_misc_tests.c | 10 | ||||
-rw-r--r-- | tests/vb21_misc_tests.c | 10 |
5 files changed, 48 insertions, 8 deletions
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index cbf08901..ae01c5de 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -182,12 +182,16 @@ enum vb2_gbb_flag { * enable this ourselves because it executes non-verified code, but if * a customer wants to void their warranty and set this flag in the * read-only flash, they should be able to do so. + * + * (TODO: Currently not supported. Mark as deprecated/unused?) */ VB2_GBB_FLAG_LOAD_OPTION_ROMS = (1 << 1), /* * The factory flow may need the BIOS to boot a non-ChromeOS kernel if * the dev-switch is on. This flag allows that. + * + * (TODO: Currently not supported. Mark as deprecated/unused?) */ VB2_GBB_FLAG_ENABLE_ALTERNATE_OS = (1 << 2), diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index 0e61e858..83232b07 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -126,8 +126,12 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) /* Key version is the upper 16 bits of the composite firmware version */ if (kb->data_key.key_version > 0xffff) rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; - if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) - rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); return rv; @@ -238,8 +242,12 @@ int vb2_load_fw_preamble(struct vb2_context *ctx) rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE; /* Combine with the key version from vb2_load_fw_keyblock() */ sd->fw_version |= pre->firmware_version; - if (!rv && sd->fw_version < sd->fw_version_secdata) - rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + if (!rv && sd->fw_version < sd->fw_version_secdata) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); return rv; diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c index 92322a9c..c0143c04 100644 --- a/firmware/lib21/misc.c +++ b/firmware/lib21/misc.c @@ -117,8 +117,12 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) /* Key version is the upper 16 bits of the composite firmware version */ if (packed_key->key_version > 0xffff) rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; - if (!rv && packed_key->key_version < (sd->fw_version_secdata >> 16)) - rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + if (!rv && packed_key->key_version < (sd->fw_version_secdata >> 16)) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); return rv; @@ -205,8 +209,12 @@ int vb2_load_fw_preamble(struct vb2_context *ctx) rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE; /* Combine with the key version from vb2_load_fw_keyblock() */ sd->fw_version |= pre->fw_version; - if (!rv && sd->fw_version < sd->fw_version_secdata) - rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + if (!rv && sd->fw_version < sd->fw_version_secdata) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); return rv; diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 8021888c..e3a5123f 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -268,6 +268,11 @@ static void verify_keyblock_tests(void) TEST_EQ(vb2_load_fw_keyblock(&cc), VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK, "keyblock rollback"); + + reset_common_data(FOR_KEYBLOCK); + kb->data_key.key_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_keyblock(&cc), "keyblock rollback with GBB flag"); } static void verify_preamble_tests(void) @@ -346,6 +351,11 @@ static void verify_preamble_tests(void) "preamble version rollback"); reset_common_data(FOR_PREAMBLE); + pre->firmware_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_preamble(&cc), "version rollback with GBB flag"); + + reset_common_data(FOR_PREAMBLE); pre->firmware_version = 3; TEST_SUCC(vb2_load_fw_preamble(&cc), "preamble version roll forward"); diff --git a/tests/vb21_misc_tests.c b/tests/vb21_misc_tests.c index 826c3fb1..d70cabd5 100644 --- a/tests/vb21_misc_tests.c +++ b/tests/vb21_misc_tests.c @@ -274,6 +274,11 @@ static void load_keyblock_tests(void) TEST_EQ(vb2_load_fw_keyblock(&ctx), VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK, "keyblock rollback"); + + reset_common_data(FOR_KEYBLOCK); + dk->key_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_keyblock(&ctx), "keyblock rollback + GBB flag"); } static void load_preamble_tests(void) @@ -353,6 +358,11 @@ static void load_preamble_tests(void) "preamble version rollback"); reset_common_data(FOR_PREAMBLE); + pre->fw_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_preamble(&ctx), "version rollback with GBB flag"); + + reset_common_data(FOR_PREAMBLE); pre->fw_version = 3; TEST_SUCC(vb2_load_fw_preamble(&ctx), "preamble version roll forward"); |