vb20: add vb2api_check_hash_get_digest() for retrieving hash result

For x86 systems, which resume through the boot reset vector, to
implement vboot verification of the memory init code one needs
check that the slot chosen on the resume path is the same as
the original boot path. That check is done by storing the
resulting hash of the slot. However, vb2api doesn't export
the resulting hash from vb2api_check_hash(). Thus, provide
a variant which saves the resulting digest in the supplied
buffer.

BUG=chrome-os-partner:46049
BRANCH=glados
TEST=Suspended and resumed on chell. Also, tested with an EC build
     which returns a bad hash to ensure that is properly caught.

Change-Id: Ic20be2024afedabc2d8bc767f1b794376348523c
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/323460
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>

1 files changed, 13 insertions, 1 deletions

diff --git a/firmware/lib20/api.c b/firmware/lib20/api.c
index bee93285..7c253457 100644
--- a/firmware/lib20/api.c
+++ b/firmware/lib20/api.c
@@ -129,7 +129,8 @@ int vb2api_init_hash(struct vb2_context *ctx, uint32_t tag, uint32_t *size)
 	return vb2_digest_init(dc, key.hash_alg);
 }
 
-int vb2api_check_hash(struct vb2_context *ctx)
+int vb2api_check_hash_get_digest(struct vb2_context *ctx, void *digest_out,
+				uint32_t digest_out_size)
 {
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 	struct vb2_digest_context *dc = (struct vb2_digest_context *)
@@ -199,5 +200,16 @@ int vb2api_check_hash(struct vb2_context *ctx)
 	if (rv)
 		vb2_fail(ctx, VB2_RECOVERY_FW_BODY, rv);
 
+	if (digest_out != NULL) {
+		if (digest_out_size < digest_size)
+			return VB2_ERROR_API_CHECK_DIGEST_SIZE;
+		memcpy(digest_out, digest, digest_size);
+	}
+
 	return rv;
 }
+
+int vb2api_check_hash(struct vb2_context *ctx)
+{
+	return vb2api_check_hash_get_digest(ctx, NULL, 0);
+}