vboot: translate recovery reason info from vboot 2->1

Recovery reason should be passed into vboot kernel verification
API using vboot 2 data structures.  Upon arrival, translate to
vboot 1 data structures for legacy purposes.

Also switch to using vboot 2 recovery_reason field in other parts
of vboot code.

BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none

Change-Id: Ic590db46d57ffbd8829f8f3ad784ea46184ceabc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2008534
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>

3 files changed, 18 insertions, 13 deletions

diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index ee8080fa..3416a6fd 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -227,13 +227,15 @@ static vb2_error_t vb2_kernel_setup(struct vb2_context *ctx,
 				    VbSharedDataHeader *shared,
 				    VbSelectAndLoadKernelParams *kparams)
 {
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 	uint32_t tpm_rv;
 	vb2_error_t rv;
 
-	/* Translate vboot1 flags back to vboot2 */
-	if (shared->recovery_reason)
+	/* Set selected boot mode in context object.
+	   TODO: Confirm that this can be removed with persistent context. */
+	if (sd->recovery_reason)
 		ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
-	if (vb2_get_sd(ctx)->flags & VB2_SD_FLAG_DEV_MODE_ENABLED)
+	if (sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED)
 		ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 
 	/*
@@ -248,10 +250,14 @@ static vb2_error_t vb2_kernel_setup(struct vb2_context *ctx,
 	if (shared->flags & VBSD_NVDATA_V2)
 		ctx->flags |= VB2_CONTEXT_NVDATA_V2;
 
-	vb2_nv_init(ctx);
+	/* Translate recovery reason-related fields into vboot1 */
+	shared->recovery_reason = sd->recovery_reason;
+	if (sd->recovery_reason)
+		shared->firmware_index = 0xff;
+	if (sd->flags & VB2_SD_FLAG_MANUAL_RECOVERY)
+		shared->flags |= VBSD_BOOT_REC_SWITCH_ON;
 
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-	sd->recovery_reason = shared->recovery_reason;
+	vb2_nv_init(ctx);
 
 	/*
 	 * Save a pointer to the old vboot1 shared data, since we haven't
diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c
index d584ac8b..2c99884f 100644
--- a/firmware/lib/vboot_ui.c
+++ b/firmware/lib/vboot_ui.c
@@ -794,9 +794,8 @@ static vb2_error_t recovery_ui(struct vb2_context *ctx)
 		 * reboot to workaround a boot hiccup.
 		 */
 		VB2_DEBUG("VbBootRecovery() saving recovery reason (%#x)\n",
-			 shared->recovery_reason);
-		vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE,
-			   shared->recovery_reason);
+			  sd->recovery_reason);
+		vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE, sd->recovery_reason);
 
 		/*
 		 * Non-manual recovery mode is meant to be left via three-finger
diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c
index aaafcc39..d413024e 100644
--- a/tests/vboot_api_kernel4_tests.c
+++ b/tests/vboot_api_kernel4_tests.c
@@ -296,25 +296,25 @@ static void VbSlkTest(void)
 
 	/* Boot recovery */
 	ResetMocks();
-	shared->recovery_reason = 123;
+	sd->recovery_reason = 123;
 	vbboot_retval = -3;
 	test_slk(VB2_ERROR_MOCK, 0, "Recovery boot bad");
 
 	ResetMocks();
-	shared->recovery_reason = 123;
+	sd->recovery_reason = 123;
 	new_version = 0x20003;
 	test_slk(0, 0, "Recovery doesn't roll forward");
 	TEST_EQ(kernel_version, 0x10002, "  version");
 
 	ResetMocks();
-	shared->recovery_reason = 123;
+	sd->recovery_reason = 123;
 	kernel_read_retval = TPM_E_IOERROR;
 	kernel_write_retval = TPM_E_IOERROR;
 	kernel_lock_retval = TPM_E_IOERROR;
 	test_slk(0, 0, "Recovery ignore TPM errors");
 
 	ResetMocks();
-	shared->recovery_reason = VB2_RECOVERY_TRAIN_AND_REBOOT;
+	sd->recovery_reason = VB2_RECOVERY_TRAIN_AND_REBOOT;
 	test_slk(VBERROR_REBOOT_REQUIRED, 0, "Recovery train and reboot");
 
 	// todo: rkr/w/l fail ignored if recovery