diff options
author | Joel Kitching <kitching@google.com> | 2019-05-21 12:20:38 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-05-28 21:10:45 -0700 |
commit | de2cae6b4d6ae864f2c90e6be73f683bad5f2f2f (patch) | |
tree | 023d1581f9054c6a54b9631be45f5277b721a23c /firmware/lib20 | |
parent | 236bfb0bc3bd0aa37bd06702c25993446f9b6dba (diff) | |
download | vboot-de2cae6b4d6ae864f2c90e6be73f683bad5f2f2f.tar.gz |
vboot: save GBB header in workbuf during firmware verification
Since GBB header will be needed for subsequent GBB reads later on
(in kernel verification stage), and since GBB header is
relatively small (128 bytes), save the full GBB header onto
workbuf during firmware verification stage, and store an offset
pointer to it in vb2_shared_data. vb2_gbb_header object may be
accessed via the vb2_get_gbb function.
Additionally, update functions in firmware/lib/region-init.c to
read GBB data from flash, rather than using cparams passed in by
depthcharge, which is slated for deprecation.
BUG=b:124141368, chromium:954774
TEST=make clean && make runtests
BRANCH=none
Change-Id: I6e6218231299ce3a5b383663bc3480b20f929840
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1585500
Reviewed-on: https://chromium-review.googlesource.com/1627430
Commit-Ready: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'firmware/lib20')
-rw-r--r-- | firmware/lib20/kernel.c | 1 | ||||
-rw-r--r-- | firmware/lib20/misc.c | 11 |
2 files changed, 8 insertions, 4 deletions
diff --git a/firmware/lib20/kernel.c b/firmware/lib20/kernel.c index e06c20eb..f169e7eb 100644 --- a/firmware/lib20/kernel.c +++ b/firmware/lib20/kernel.c @@ -438,6 +438,7 @@ int vb2_load_kernel_preamble(struct vb2_context *ctx) * * Work buffer now contains: * - vb2_shared_data + * - vb2_gbb_header * - kernel key * - packed kernel data key * - kernel preamble diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index d7a905a9..bc479ab7 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -68,6 +68,7 @@ static void vb2_report_dev_firmware(struct vb2_public_key *root) int vb2_load_fw_keyblock(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); + struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); struct vb2_workbuf wb; uint8_t *key_data; @@ -83,12 +84,12 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) vb2_workbuf_from_ctx(ctx, &wb); /* Read the root key */ - key_size = sd->gbb_rootkey_size; + key_size = gbb->rootkey_size; key_data = vb2_workbuf_alloc(&wb, key_size); if (!key_data) return VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY; - rv = vb2ex_read_resource(ctx, VB2_RES_GBB, sd->gbb_rootkey_offset, + rv = vb2ex_read_resource(ctx, VB2_RES_GBB, gbb->rootkey_offset, key_data, key_size); if (rv) return rv; @@ -137,7 +138,7 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) if (kb->data_key.key_version > VB2_MAX_KEY_VERSION) rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) { - if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n"); else rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; @@ -194,6 +195,7 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) int vb2_load_fw_preamble(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); + struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); struct vb2_workbuf wb; uint8_t *key_data = ctx->workbuf + sd->workbuf_data_key_offset; @@ -258,7 +260,7 @@ int vb2_load_fw_preamble(struct vb2_context *ctx) /* Combine with the key version from vb2_load_fw_keyblock() */ sd->fw_version |= pre->firmware_version; if (!rv && sd->fw_version < sd->fw_version_secdata) { - if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) VB2_DEBUG("Ignoring FW rollback due to GBB flag\n"); else rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; @@ -298,6 +300,7 @@ int vb2_load_fw_preamble(struct vb2_context *ctx) * * Work buffer now contains: * - vb2_shared_data + * - vb2_gbb_header * - packed firmware data key * - firmware preamble * |