diff options
| author | Furquan Shaikh <furquan@google.com> | 2015-10-28 13:01:27 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2015-10-28 20:44:39 -0700 |
| commit | 55484550bcedc2b70d84504ec59932f441988838 (patch) | |
| tree | 11e104b115fa7920461044bf7e29c497f4a87b6b | |
| parent | d6723ed12b429834c2627c009aab58f0db20ce73 (diff) | |
| download | vboot-55484550bcedc2b70d84504ec59932f441988838.tar.gz | |
VbVerifyMemoryBootImage: Allow integrity-only check in dev mode with
FASTBOOT_FULL_CAP set
This change allows developers to boot dev-signed boot images in
unlocked mode if DEV_BOOT_FASTBOOT_FULL_CAP is set in VbNvStorage or
GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set.
BUG=chrome-os-partner:47002
BRANCH=None
TEST=Compiles successfully. make -j runtests
Change-Id: I56e3879594da1b57051dfe242ff347ac970c96bb
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/309606
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 18 | ||||
| -rw-r--r-- | tests/vboot_api_kernel5_tests.c | 17 |
2 files changed, 32 insertions, 3 deletions
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index fcec4cb7..94c2c8a7 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -1226,6 +1226,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams, uint64_t body_offset; int hash_only = 0; int dev_switch; + uint32_t allow_fastboot_full_cap = 0; if ((boot_image == NULL) || (image_size == 0)) return VBERROR_INVALID_PARAMETER; @@ -1252,13 +1253,24 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams, /* * We don't care verifying the image if: * 1. dev-mode switch is on and - * 2. GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set. + * 2a. GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set, or + * 2b. DEV_BOOT_FASTBOOT_FULL_CAP flag is set in NvStorage * * Check only the integrity of the image. */ dev_switch = shared->flags & VBSD_BOOT_DEV_SWITCH_ON; - if (dev_switch && (cparams->gbb->flags & - GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP)) { + + VbExNvStorageRead(vnc.raw); + VbNvSetup(&vnc); + VbNvGet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, + &allow_fastboot_full_cap); + + if (0 == allow_fastboot_full_cap) { + allow_fastboot_full_cap = !!(cparams->gbb->flags & + GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP); + } + + if (dev_switch && allow_fastboot_full_cap) { VBDEBUG(("Only performing integrity-check.\n")); hash_only = 1; } else { diff --git a/tests/vboot_api_kernel5_tests.c b/tests/vboot_api_kernel5_tests.c index 8c59622f..a372e178 100644 --- a/tests/vboot_api_kernel5_tests.c +++ b/tests/vboot_api_kernel5_tests.c @@ -145,6 +145,12 @@ int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig, return VBERROR_SUCCESS; } +VbError_t VbExNvStorageRead(uint8_t *buf) +{ + Memcpy(buf, vnc.raw, sizeof(vnc.raw)); + return VBERROR_SUCCESS; +} + static void VerifyMemoryBootImageTest(void) { uint32_t u; @@ -200,6 +206,17 @@ static void VerifyMemoryBootImageTest(void) VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); TEST_EQ(hash_only_check, 1, " hash check"); + /* Key Block Hash Failure -- VBNV */ + ResetMocks(); + shared->flags = VBSD_BOOT_DEV_SWITCH_ON; + key_block_verify_fail = 1; + VbNvSet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, 1); + VbNvTeardown(&vnc); + TEST_EQ(VbVerifyMemoryBootImage(&cparams, &kparams, kernel_buffer, + kernel_buffer_size), + VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); + TEST_EQ(hash_only_check, 1, " hash check -- VBNV flag"); + /* Developer flag mismatch - dev switch on */ ResetMocks(); kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 | |