diff options
| author | Julius Werner <jwerner@chromium.org> | 2015-01-30 14:27:54 -0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-02-04 03:12:16 +0000 |
| commit | 1a3950f7fdedb2d1ec97ded3aef3b6ff4238fa5e (patch) | |
| tree | acf4b6893e3133d0b56fa5d6fc093bed97398aca /firmware/2lib/include/2return_codes.h | |
| parent | 33aaf5126a356244796334feaef7c443ed380c7a (diff) | |
| download | vboot-1a3950f7fdedb2d1ec97ded3aef3b6ff4238fa5e.tar.gz | |
vboot2: Fail vb2_secdata_(get|set) when secdata was not initializedfirmware-kitty-5771.61.B
This patch adds a check to vboot2 secdata accessor functions that
returns an error if vb2_secdata_init() has not yet been called or
failed for some reason. This avoids a problem where vboot may
misinterpret random garbage (e.g. from transient read failures) as
valid secdata in recovery mode and write it back to the TPM (bricking
the device in a way that requires manual repair).
Also removes VB2_ERROR_SECDATA_VERSION check. This check was not
terribly useful since there should be no way a vboot2 device could ever
have secdata version 1 (and if it did, it should still fail CRC checks).
This error can trigger for cases when secdata contains random garbage
(e.g. all zeroes) and prevent the much more appropriate
VB2_ERROR_SECDATA_CRC error from even being checked for, which just
creates confusion and makes it harder to determine the real problem.
BRANCH=veyron
BUG=chrome-os-partner:34871
TEST=Emulated TPM read errors by just manually memset()ing secdata to 0
in coreboot, verified that vboot does not write back to the TPM and the
device will start working fine again once the disruption is removed.
Change-Id: I76bcbdbcd8106a0d34717cc91a8f2d7cda303c3f
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/245981
Reviewed-by: Shawn N <shawnn@chromium.org>
Commit-Queue: Shawn N <shawnn@chromium.org>
Tested-by: Shawn N <shawnn@chromium.org>
Diffstat (limited to 'firmware/2lib/include/2return_codes.h')
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 4f56bdb0..0c368ded 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -102,6 +102,12 @@ enum vb2_return_code { /* Invalid flags passed to vb2_secdata_set() */ VB2_ERROR_SECDATA_SET_FLAGS, + /* Called vb2_secdata_get() with uninitialized secdata */ + VB2_ERROR_SECDATA_GET_UNINITIALIZED, + + /* Called vb2_secdata_set() with uninitialized secdata */ + VB2_ERROR_SECDATA_SET_UNINITIALIZED, + /********************************************************************** * Common code errors */ |