diff options
| author | Randall Spangler <rspangler@chromium.org> | 2017-10-30 15:28:53 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-11-17 20:18:20 -0800 |
| commit | 17fb34b647a73bb55fac876a9b20c2c90844ea2e (patch) | |
| tree | a574ae9d7cfd9c680b19a7b79932e54c5af6c45f /firmware/lib/vboot_api_kernel.c | |
| parent | 4aaaeca130a701a06cb898d9a17eddf67daa3617 (diff) | |
| download | vboot-17fb34b647a73bb55fac876a9b20c2c90844ea2e.tar.gz | |
vboot: Use kernel max rollforward NV storage field
Kernel verification will now roll forward the minimum allowable
version in the TPM no farther than the kernel_max_rollforward setting.
Note that CL:765573 changes chromeos-setgoodkernel so it always sets
kernel_max_rollforward to 0xfffffffe when marking a kernel as good.
That ensures that firmware with this setting will behave the same for
now as existing firmware.
BUG=chromium:783997
BRANCH=none
CQ-DEPEND=CL:765573
TEST=make runtests
Manual testing:
crossystem tpm_kernvel --> print current kernel version in TPM
- Resign the kernel with a higher version
- Reboot
- Wait a minute for chromeos-setgoodkernel to run
crossystem kernel_max_rollforward=0
- Reboot
crossystem tpm_kernvel --> has not changed
- Wait a minute for chromeos-setgoodkernel to run
crossystem kernel_max_rollforward -> 0xfffffffe
- Reboot
crossystem tpm_kernvel --> has changed to the higher version
Change-Id: Ia32ecb7fa4078548cd311541ccbe120570cf1bc5
Reviewed-on: https://chromium-review.googlesource.com/765574
Commit-Ready: Randall Spangler <rspangler@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Diffstat (limited to 'firmware/lib/vboot_api_kernel.c')
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 2cc1a88b..1879b845 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -188,6 +188,7 @@ VbError_t VbBootNormal(struct vb2_context *ctx, VbCommonParams *cparams) { VbSharedDataHeader *shared = (VbSharedDataHeader *)cparams->shared_data_blob; + uint32_t max_rollforward; /* Boot from fixed disk only */ VB2_DEBUG("Entering\n"); @@ -224,6 +225,25 @@ VbError_t VbBootNormal(struct vb2_context *ctx, VbCommonParams *cparams) return rv; } + /* Limit kernel version rollforward if needed */ + if (0 == VbNvGet(&vnc, VBNV_KERNEL_MAX_ROLLFORWARD, &max_rollforward)) { + /* + * Can't limit kernel version to less than the version + * currently in the TPM. That is, we're limiting rollforward, + * not allowing rollback. + */ + if (max_rollforward < shared->kernel_version_tpm_start) + max_rollforward = shared->kernel_version_tpm_start; + + if (shared->kernel_version_tpm > max_rollforward) { + VB2_DEBUG("Limiting TPM kernel version roll-forward " + "to 0x%x < 0x%x\n", + max_rollforward, shared->kernel_version_tpm); + + shared->kernel_version_tpm = max_rollforward; + } + } + if ((shared->kernel_version_tpm > shared->kernel_version_tpm_start) && RollbackKernelWrite(shared->kernel_version_tpm)) { VB2_DEBUG("Error writing kernel versions to TPM.\n"); |