diff options
author | Joel Kitching <kitching@google.com> | 2020-02-13 17:13:04 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-02-19 10:29:53 +0000 |
commit | 83ab1908e8173cddc8405a341fe1dc79a2c8d911 (patch) | |
tree | 3bafb48b6bfd0ee691d5b28f80894b7ea2e61f0f | |
parent | 414f0078d2c57eb0bf6334d0b7486e1ebb36a499 (diff) | |
download | vboot-83ab1908e8173cddc8405a341fe1dc79a2c8d911.tar.gz |
vboot: use vboot2 for storing kernel rollback versions
Migrate to using vboot2 shared data fields for storing
kernel rollback versions:
kernel_version_tpm_start(1) --> kernel_version_secdata(2)
kernel_version_tpm(1) --> kernel_version(2)
kernel_version_lowest(1) --> [removed]
Also remove VBSD from tests which no longer need it.
BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none
Change-Id: I26c2ccede5fba52e1477b625ef5fc6181f60aadf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2053179
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
-rw-r--r-- | firmware/lib/vboot_api_kernel.c | 17 | ||||
-rw-r--r-- | firmware/lib/vboot_kernel.c | 10 | ||||
-rw-r--r-- | firmware/lib20/api_kernel.c | 3 | ||||
-rw-r--r-- | tests/vb20_api_kernel_tests.c | 17 | ||||
-rw-r--r-- | tests/vboot_api_kernel4_tests.c | 9 | ||||
-rw-r--r-- | tests/vboot_kernel_tests.c | 15 | ||||
-rw-r--r-- | tests/vboot_legacy_clamshell_tests.c | 5 | ||||
-rw-r--r-- | tests/vboot_legacy_menu_tests.c | 5 | ||||
-rw-r--r-- | tests/verify_kernel.c | 6 | ||||
-rw-r--r-- | utility/load_kernel_test.c | 6 |
10 files changed, 21 insertions, 72 deletions
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index e2c1a6c1..72224e19 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -168,7 +168,6 @@ static int vb2_reset_nv_requests(struct vb2_context *ctx) vb2_error_t VbBootNormal(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); - VbSharedDataHeader *shared = sd->vbsd; uint32_t max_rollforward = vb2_nv_get(ctx, VB2_NV_KERNEL_MAX_ROLLFORWARD); @@ -203,20 +202,20 @@ vb2_error_t VbBootNormal(struct vb2_context *ctx) * version to less than the version currently in the TPM. That is, * we're limiting rollforward, not allowing rollback. */ - if (max_rollforward < shared->kernel_version_tpm_start) - max_rollforward = shared->kernel_version_tpm_start; + if (max_rollforward < sd->kernel_version_secdata) + max_rollforward = sd->kernel_version_secdata; - if (shared->kernel_version_tpm > max_rollforward) { + if (sd->kernel_version > max_rollforward) { VB2_DEBUG("Limiting TPM kernel version roll-forward " "to %#x < %#x\n", - max_rollforward, shared->kernel_version_tpm); + max_rollforward, sd->kernel_version); - shared->kernel_version_tpm = max_rollforward; + sd->kernel_version = max_rollforward; } - if (shared->kernel_version_tpm > shared->kernel_version_tpm_start) { + if (sd->kernel_version > sd->kernel_version_secdata) { vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS, - shared->kernel_version_tpm); + sd->kernel_version); } return rv; @@ -381,6 +380,8 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, /* Translate vboot2 flags and fields into vboot1. */ if (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED) sd->vbsd->flags |= VBSD_KERNEL_KEY_VERIFIED; + sd->vbsd->kernel_version_tpm_start = sd->kernel_version_secdata; + sd->vbsd->kernel_version_tpm = sd->kernel_version; return rv; } diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 722b74de..8118599d 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -439,7 +439,6 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) { struct vb2_shared_data *sd = vb2_get_sd(ctx); struct vb2_workbuf wb; - VbSharedDataHeader *shared = sd->vbsd; VbSharedDataKernelCall shcall; int found_partitions = 0; uint32_t lowest_version = LOWEST_TPM_VERSION; @@ -543,7 +542,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) kernel_subkey, lpflags, params, - shared->kernel_version_tpm, + sd->kernel_version, shpart, &wb); VbExStreamClose(stream); @@ -611,7 +610,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) * Otherwise, we'll check all the other headers to see if they * contain a newer key. */ - if (shpart->combined_version == shared->kernel_version_tpm) { + if (shpart->combined_version == sd->kernel_version) { VB2_DEBUG("Same kernel version\n"); break; } @@ -625,7 +624,6 @@ gpt_done: if (params->partition_number > 0) { VB2_DEBUG("Good partition %d\n", params->partition_number); shcall.check_result = VBSD_LKC_CHECK_GOOD_PARTITION; - shared->kernel_version_lowest = lowest_version; /* * Sanity check - only store a new TPM version if we found one. * If lowest_version is still at its initial value, we didn't @@ -633,8 +631,8 @@ gpt_done: * didn't look. */ if (lowest_version != LOWEST_TPM_VERSION && - lowest_version > shared->kernel_version_tpm) - shared->kernel_version_tpm = lowest_version; + lowest_version > sd->kernel_version) + sd->kernel_version = lowest_version; /* Success! */ rv = VB2_SUCCESS; diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c index 1e96f281..8b146093 100644 --- a/firmware/lib20/api_kernel.c +++ b/firmware/lib20/api_kernel.c @@ -72,8 +72,7 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx) /* Read kernel version from secdata. */ sd->kernel_version_secdata = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS); - sd->vbsd->kernel_version_tpm = sd->kernel_version_secdata; - sd->vbsd->kernel_version_tpm_start = sd->kernel_version_secdata; + sd->kernel_version = sd->kernel_version_secdata; /* Find the key to use to verify the kernel keyblock */ if ((ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) { diff --git a/tests/vb20_api_kernel_tests.c b/tests/vb20_api_kernel_tests.c index 5fba07e4..11f58817 100644 --- a/tests/vb20_api_kernel_tests.c +++ b/tests/vb20_api_kernel_tests.c @@ -23,8 +23,6 @@ static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE] __attribute__((aligned(VB2_WORKBUF_ALIGN))); static struct vb2_context *ctx; static struct vb2_shared_data *sd; -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static struct vb2_fw_preamble *fwpre; static struct vb2_kernel_preamble *kpre; static struct vb2_packed_key *kdkey; @@ -62,9 +60,6 @@ static void reset_common_data(enum reset_type t) "vb2api_init failed"); sd = vb2_get_sd(ctx); - memset(&shared_data, 0, sizeof(shared_data)); - sd->vbsd = shared; - vb2_nv_init(ctx); vb2api_secdata_kernel_create(ctx); @@ -253,10 +248,6 @@ static void phase1_tests(void) k->key_size), 0, " key data"); TEST_EQ(sd->kernel_version_secdata, 0x20002, " secdata_kernel version"); - TEST_EQ(sd->vbsd->kernel_version_tpm, 0x20002, - " secdata_kernel version (vboot1)"); - TEST_EQ(sd->vbsd->kernel_version_tpm_start, 0x20002, - " secdata_kernel version (vboot1)"); /* Test successful call in recovery mode */ reset_common_data(FOR_PHASE1); @@ -283,10 +274,6 @@ static void phase1_tests(void) " key data"); TEST_EQ(sd->kernel_version_secdata, 0x20002, " secdata_kernel version"); - TEST_EQ(sd->vbsd->kernel_version_tpm, 0x20002, - " secdata_kernel version (vboot1)"); - TEST_EQ(sd->vbsd->kernel_version_tpm_start, 0x20002, - " secdata_kernel version (vboot1)"); /* Bad secdata_kernel causes failure in normal mode only */ reset_common_data(FOR_PHASE1); @@ -301,10 +288,6 @@ static void phase1_tests(void) ctx->flags |= VB2_CONTEXT_RECOVERY_MODE; TEST_SUCC(vb2api_kernel_phase1(ctx), "phase1 bad secdata_kernel rec"); TEST_EQ(sd->kernel_version_secdata, 0, " secdata_kernel version"); - TEST_EQ(sd->vbsd->kernel_version_tpm, 0, - " secdata_kernel version (vboot1)"); - TEST_EQ(sd->vbsd->kernel_version_tpm_start, 0, - " secdata_kernel version (vboot1)"); TEST_EQ(vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST), VB2_RECOVERY_NOT_REQUESTED, " no recovery"); diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c index 7c314d0f..dd08c2fa 100644 --- a/tests/vboot_api_kernel4_tests.c +++ b/tests/vboot_api_kernel4_tests.c @@ -102,8 +102,7 @@ struct vb2_gbb_header *vb2_get_gbb(struct vb2_context *c) vb2_error_t vb2api_kernel_phase1(struct vb2_context *c) { sd->kernel_version_secdata = kernel_version; - shared->kernel_version_tpm_start = kernel_version; - shared->kernel_version_tpm = kernel_version; + sd->kernel_version = kernel_version; return kernel_phase1_retval; } @@ -133,7 +132,7 @@ void vb2_secdata_kernel_set(struct vb2_context *c, vb2_error_t VbTryLoadKernel(struct vb2_context *c, uint32_t get_info_flags) { - shared->kernel_version_tpm = new_version; + sd->kernel_version = new_version; if (vbboot_retval == -1) return VB2_ERROR_MOCK; @@ -143,8 +142,6 @@ vb2_error_t VbTryLoadKernel(struct vb2_context *c, uint32_t get_info_flags) vb2_error_t VbBootDeveloperLegacyClamshell(struct vb2_context *c) { - shared->kernel_version_tpm = new_version; - if (vbboot_retval == -2) return VB2_ERROR_MOCK; @@ -157,8 +154,6 @@ vb2_error_t VbBootRecoveryLegacyClamshell(struct vb2_context *c) " recovery reason"); TEST_TRUE(commit_data_called, " commit data"); - shared->kernel_version_tpm = new_version; - if (vbboot_retval == -3) return VB2_ERROR_MOCK; diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index 7a2c2699..87056ad2 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -55,8 +55,6 @@ static int gpt_flag_external; static struct vb2_gbb_header gbb; static VbExDiskHandle_t handle; -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static LoadKernelParams lkp; static struct vb2_keyblock kbh; static struct vb2_kernel_preamble kph; @@ -138,9 +136,6 @@ static void ResetMocks(void) gbb.minor_version = VB2_GBB_MINOR_VER; gbb.flags = 0; - memset(&shared_data, 0, sizeof(shared_data)); - shared->kernel_version_tpm = 0x20001; - memset(&lkp, 0, sizeof(lkp)); lkp.bytes_per_lba = 512; lkp.streaming_lba_count = 1024; @@ -166,14 +161,14 @@ static void ResetMocks(void) mock_parts[0].size = 150; /* 75 KB */ mock_part_next = 0; + memset(&mock_key, 0, sizeof(mock_key)); + TEST_SUCC(vb2api_init(workbuf, sizeof(workbuf), &ctx), "vb2api_init failed"); vb2_nv_init(ctx); - memset(&mock_key, 0, sizeof(mock_key)); - sd = vb2_get_sd(ctx); - sd->vbsd = shared; + sd->kernel_version = 0x20001; /* CRC will be invalid after here, but nobody's checking */ sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; @@ -718,7 +713,7 @@ static void LoadKernelTest(void) ResetMocks(); kbh.data_key.key_version = 3; TestLoadKernel(0, "Keyblock version roll forward"); - TEST_EQ(shared->kernel_version_tpm, 0x30001, " shared version"); + TEST_EQ(sd->kernel_version, 0x30001, " SD version"); ResetMocks(); kbh.data_key.key_version = 3; @@ -726,7 +721,7 @@ static void LoadKernelTest(void) mock_parts[1].size = 150; TestLoadKernel(0, "Two kernels roll forward"); TEST_EQ(mock_part_next, 2, " read both"); - TEST_EQ(shared->kernel_version_tpm, 0x30001, " shared version"); + TEST_EQ(sd->kernel_version, 0x30001, " SD version"); ResetMocks(); kbh.data_key.key_version = 1; diff --git a/tests/vboot_legacy_clamshell_tests.c b/tests/vboot_legacy_clamshell_tests.c index baf60827..f31adcd3 100644 --- a/tests/vboot_legacy_clamshell_tests.c +++ b/tests/vboot_legacy_clamshell_tests.c @@ -22,8 +22,6 @@ #include "vboot_ui_legacy_common.h" /* Mock data */ -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static LoadKernelParams lkp; static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE] __attribute__((aligned(VB2_WORKBUF_ALIGN))); @@ -86,8 +84,6 @@ static void ResetMocks(void) { vb2_reset_power_button(); - memset(&shared_data, 0, sizeof(shared_data)); - memset(&lkp, 0, sizeof(lkp)); TEST_SUCC(vb2api_init(workbuf, sizeof(workbuf), &ctx), @@ -95,7 +91,6 @@ static void ResetMocks(void) vb2_nv_init(ctx); sd = vb2_get_sd(ctx); - sd->vbsd = shared; sd->flags |= VB2_SD_FLAG_DISPLAY_AVAILABLE; /* CRC will be invalid after here, but nobody's checking */ diff --git a/tests/vboot_legacy_menu_tests.c b/tests/vboot_legacy_menu_tests.c index dfcaaedd..a6f10568 100644 --- a/tests/vboot_legacy_menu_tests.c +++ b/tests/vboot_legacy_menu_tests.c @@ -23,8 +23,6 @@ #include "vboot_ui_legacy_menu_private.h" /* Mock data */ -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static LoadKernelParams lkp; static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE] __attribute__((aligned(VB2_WORKBUF_ALIGN))); @@ -61,8 +59,6 @@ static int vbexaltfwmask_called; /* Reset mock data (for use before each test) */ static void ResetMocks(void) { - memset(&shared_data, 0, sizeof(shared_data)); - memset(&lkp, 0, sizeof(lkp)); TEST_SUCC(vb2api_init(workbuf, sizeof(workbuf), &ctx), @@ -70,7 +66,6 @@ static void ResetMocks(void) vb2_nv_init(ctx); sd = vb2_get_sd(ctx); - sd->vbsd = shared; /* CRC will be invalid after here, but nobody's checking */ sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; diff --git a/tests/verify_kernel.c b/tests/verify_kernel.c index ac4b45e6..28813c40 100644 --- a/tests/verify_kernel.c +++ b/tests/verify_kernel.c @@ -25,10 +25,6 @@ static struct vb2_shared_data *sd; static uint8_t *diskbuf; -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; - static LoadKernelParams params; vb2_error_t VbExDiskRead(VbExDiskHandle_t handle, uint64_t lba_start, @@ -111,9 +107,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "Can't initialize workbuf\n"); return 1; } - memset(&shared_data, 0, sizeof(shared_data)); sd = vb2_get_sd(ctx); - sd->vbsd = shared; /* Copy kernel subkey to workbuf */ { diff --git a/utility/load_kernel_test.c b/utility/load_kernel_test.c index 14e4e613..609a9a3a 100644 --- a/utility/load_kernel_test.c +++ b/utility/load_kernel_test.c @@ -24,10 +24,6 @@ static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]; static struct vb2_context *ctx; static struct vb2_shared_data *sd; -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; - /* Global variables for stub functions */ static LoadKernelParams lkp; static FILE *image_file = NULL; @@ -217,9 +213,7 @@ int main(int argc, char* argv[]) fprintf(stderr, "Can't initialize workbuf\n"); return 1; } - memset(&shared_data, 0, sizeof(shared_data)); sd = vb2_get_sd(ctx); - sd->vbsd = shared; /* Copy kernel subkey to workbuf, if any */ if (key_blob) { |