Makefile: Enable more warnings for host utilities / tests

This patch adds a bunch of more warnings that are already enabled in
coreboot and thus already enabled for firmware builds anyway (because
coreboot just passes its CFLAGS through). Enabling it in the vboot
Makefile means they also apply to host utilities and tests, which sounds
desirable for consistency.

Fix enough of the cruft and bad coding practices that accumulated over
the years of not having warnings enabled to get it to build again (this
includes making functions static, removing dead code, cleaning up
prototypes, etc.).

Also remove -fno-strict-aliasing from the x86 firmware build options,
because it's not clear why it's there (coreboot isn't doing this, so
presumably it's not needed).

BRANCH=None
BUG=None
TEST=make runtests

Change-Id: Ie4a42083c4770a4eca133b22725be9ba85b24184
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1598721
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>

13 files changed, 84 insertions, 54 deletions

diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index f54e83c3..5fda9599 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -13,6 +13,7 @@
 #include "2common.h"
 #include "2rsa.h"
 #include "2sha.h"
+#include "vboot_test.h"
 
 /**
  * a[] -= mod
@@ -312,6 +313,13 @@ static const uint8_t sha512_tail[] = {
 	0x05,0x00,0x04,0x40
 };
 
+/**
+ * Check pkcs 1.5 padding bytes
+ *
+ * @param sig		Signature to verify
+ * @param key		Key to take signature and hash algorithms from
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
 int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key)
 {
 	/* Determine padding to use depending on the signature type */
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 7e63a6a0..4357029a 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -51,15 +51,6 @@ uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg);
  */
 uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg);
 
-/**
- * Check pkcs 1.5 padding bytes
- *
- * @param sig		Signature to verify
- * @param key		Key to take signature and hash algorithms from
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key);
-
 /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
 #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024)
 
diff --git a/firmware/bdb/bdb.c b/firmware/bdb/bdb.c
index e102d7b4..30d10586 100644
--- a/firmware/bdb/bdb.c
+++ b/firmware/bdb/bdb.c
@@ -21,7 +21,7 @@
  * @param size		Size of string buffer in characters
  * @return 1 if string has a null terminator, 0 if not
  */
-int string_has_null(const char *s, size_t size)
+static int string_has_null(const char *s, size_t size)
 {
 	for (; size; size--) {
 		if (*s++ == 0)
@@ -327,9 +327,9 @@ const struct bdb_sig *bdb_get_data_sig(const void *buf)
 
 /*****************************************************************************/
 
-int bdb_verify_sig(const struct bdb_key *key,
-		   const struct bdb_sig *sig,
-		   const uint8_t *digest)
+static int bdb_verify_sig(const struct bdb_key *key,
+			  const struct bdb_sig *sig,
+			  const uint8_t *digest)
 {
 	/* Key and signature algorithms must match */
 	if (key->sig_alg != sig->sig_alg)
diff --git a/firmware/include/vboot_test.h b/firmware/include/vboot_test.h
new file mode 100644
index 00000000..b8e59a22
--- /dev/null
+++ b/firmware/include/vboot_test.h
@@ -0,0 +1,33 @@
+/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ */
+
+#ifndef VBOOT_REFERENCE_TEST_API_H_
+#define VBOOT_REFERENCE_TEST_API_H_
+
+/* This header is for APIs that are only used by test code. */
+
+/*
+ * Internal functions from 2rsa.c that have error conditions we can't trigger
+ * from the public APIs.  These include checks for bad algorithms where the
+ * next call level up already checks for bad algorithms, etc.
+ *
+ * These functions aren't in 2rsa.h because they're not part of the public
+ * APIs.
+ */
+struct vb2_public_key;
+int vb2_mont_ge(const struct vb2_public_key *key, uint32_t *a);
+int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key);
+
+enum VbEcBootMode_t;
+enum VbEcBootMode_t VbGetMode(void);
+
+struct RollbackSpaceFwmp;
+struct RollbackSpaceFwmp *VbApiKernelGetFwmp(void);
+
+struct LoadKernelParams;
+struct LoadKernelParams *VbApiKernelGetParams(void);
+
+#endif  /* VBOOT_REFERENCE_TEST_API_H_ */
diff --git a/firmware/lib/region-init.c b/firmware/lib/region-init.c
index 5cfd4eda..ef676873 100644
--- a/firmware/lib/region-init.c
+++ b/firmware/lib/region-init.c
@@ -18,8 +18,8 @@
 #include "vboot_api.h"
 #include "vboot_struct.h"
 
-VbError_t VbGbbReadData(struct vb2_context *ctx,
-			uint32_t offset, uint32_t size, void *buf)
+static VbError_t VbGbbReadData(struct vb2_context *ctx,
+			       uint32_t offset, uint32_t size, void *buf)
 {
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 
diff --git a/firmware/lib/tpm2_lite/marshaling.c b/firmware/lib/tpm2_lite/marshaling.c
index e20bcda6..1a3e84a2 100644
--- a/firmware/lib/tpm2_lite/marshaling.c
+++ b/firmware/lib/tpm2_lite/marshaling.c
@@ -125,7 +125,7 @@ static void unmarshal_TPM2B_MAX_NV_BUFFER(void **buffer,
 }
 
 static void unmarshal_authorization_section(void **buffer, int *size,
-					    char *cmd_name)
+					    const char *cmd_name)
 {
 	/*
 	 * Let's ignore the authorisation section. It should be 5 bytes total,
diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c
index 61c4c414..8705143a 100644
--- a/firmware/lib/tpm2_lite/tlcl.c
+++ b/firmware/lib/tpm2_lite/tlcl.c
@@ -38,7 +38,8 @@ static uint32_t tpm_get_response(TPM_CC command,
 {
 	/* Command/response buffer. */
 	static uint8_t cr_buffer[TPM_BUFFER_SIZE];
-	uint32_t out_size, in_size, res;
+	int out_size, res;
+	uint32_t in_size;
 
 	out_size = tpm_marshal_command(command, command_body,
 				       cr_buffer, sizeof(cr_buffer));
@@ -601,7 +602,7 @@ uint32_t TlclGetRandom(uint8_t *data, uint32_t length, uint32_t *size)
 // Converts TPM_PT_VENDOR_STRING_x |value| to an array of bytes in |buf|.
 // Returns the number of bytes in the array.
 // |buf| should be at least 4 bytes long.
-size_t tlcl_vendor_string_parse(uint32_t value, uint8_t* buf)
+static size_t tlcl_vendor_string_parse(uint32_t value, uint8_t* buf)
 {
 	size_t len = 0;
 	int shift = 24;
diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c
index c03e8695..41f7cad9 100644
--- a/firmware/lib/tpm_lite/tlcl.c
+++ b/firmware/lib/tpm_lite/tlcl.c
@@ -252,10 +252,10 @@ static uint32_t StartOSAPSession(
 /* Fills in the authentication block at the end of the command. The command body
  * should already be initialized in |command_buffer|, and the included command
  * size should account for the auth block that gets filled in. */
-uint32_t AddRequestAuthBlock(struct auth_session* auth_session,
-			     uint8_t* command_buffer,
-			     uint32_t command_buffer_size,
-			     uint8_t continue_auth_session)
+static uint32_t AddRequestAuthBlock(struct auth_session* auth_session,
+				    uint8_t* command_buffer,
+				    uint32_t command_buffer_size,
+				    uint8_t continue_auth_session)
 {
 	if (!auth_session->valid) {
 		return TPM_E_AUTHFAIL;
@@ -316,10 +316,10 @@ uint32_t AddRequestAuthBlock(struct auth_session* auth_session,
 	return TPM_SUCCESS;
 }
 
-uint32_t CheckResponseAuthBlock(struct auth_session* auth_session,
-				TPM_COMMAND_CODE ordinal,
-				uint8_t* response_buffer,
-				uint32_t response_buffer_size)
+static uint32_t CheckResponseAuthBlock(struct auth_session* auth_session,
+				       TPM_COMMAND_CODE ordinal,
+				       uint8_t* response_buffer,
+				       uint32_t response_buffer_size)
 {
 	if (!auth_session->valid) {
 		return TPM_E_AUTHFAIL;
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 11a16595..038622bf 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -22,6 +22,7 @@
 #include "vboot_api.h"
 #include "vboot_common.h"
 #include "vboot_kernel.h"
+#include "vboot_test.h"
 
 /* Global variables */
 static struct RollbackSpaceFwmp fwmp;
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 8d74f997..57ab53d4 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -128,14 +128,14 @@ static uint32_t get_body_offset(uint8_t *kbuf)
  *			VB2_VERIFY_KERNEL_PREAMBLE_WORKBUF_BYTES bytes.
  * @return VB2_SUCCESS, or non-zero error code.
  */
-int vb2_verify_kernel_vblock(struct vb2_context *ctx,
-			     uint8_t *kbuf,
-			     uint32_t kbuf_size,
-			     const struct vb2_packed_key *kernel_subkey,
-			     const LoadKernelParams *params,
-			     uint32_t min_version,
-			     VbSharedDataKernelPart *shpart,
-			     struct vb2_workbuf *wb)
+static int vb2_verify_kernel_vblock(struct vb2_context *ctx,
+				    uint8_t *kbuf,
+				    uint32_t kbuf_size,
+				    const struct vb2_packed_key *kernel_subkey,
+				    const LoadKernelParams *params,
+				    uint32_t min_version,
+				    VbSharedDataKernelPart *shpart,
+				    struct vb2_workbuf *wb)
 {
 	/* Unpack kernel subkey */
 	struct vb2_public_key kernel_subkey2;
@@ -312,13 +312,13 @@ enum vb2_load_partition_flags {
  * @param shpart	Destination for verification results
  * @return VB2_SUCCESS, or non-zero error code.
  */
-int vb2_load_partition(struct vb2_context *ctx,
-		       VbExStream_t stream,
-		       const struct vb2_packed_key *kernel_subkey,
-		       uint32_t flags,
-		       LoadKernelParams *params,
-		       uint32_t min_version,
-		       VbSharedDataKernelPart *shpart)
+static int vb2_load_partition(struct vb2_context *ctx,
+			      VbExStream_t stream,
+			      const struct vb2_packed_key *kernel_subkey,
+			      uint32_t flags,
+			      LoadKernelParams *params,
+			      uint32_t min_version,
+			      VbSharedDataKernelPart *shpart)
 {
 	struct vb2_workbuf wblocal;
 	vb2_workbuf_from_ctx(ctx, &wblocal);
diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c
index acffc6c0..5934d0c1 100644
--- a/firmware/lib/vboot_ui.c
+++ b/firmware/lib/vboot_ui.c
@@ -77,7 +77,7 @@ static int VbWantShutdown(struct vb2_context *ctx, uint32_t key)
 	return shutdown_request;
 }
 
-uint32_t VbTryUsb(struct vb2_context *ctx)
+static uint32_t VbTryUsb(struct vb2_context *ctx)
 {
 	uint32_t retval = VbTryLoadKernel(ctx, VB_DISK_FLAG_REMOVABLE);
 	if (VBERROR_SUCCESS == retval) {
@@ -177,7 +177,7 @@ int VbUserConfirms(struct vb2_context *ctx, uint32_t confirm_flags)
  * This shows the user a list of bootloaders and allows selection of one of
  * them. We loop forever until something is chosen or Escape is pressed.
  */
-VbError_t vb2_altfw_ui(struct vb2_context *ctx)
+static VbError_t vb2_altfw_ui(struct vb2_context *ctx)
 {
 	int active = 1;
 
@@ -235,7 +235,8 @@ static inline int is_vowel(uint32_t key) {
 /*
  * Prompt the user to enter the vendor data
  */
-VbError_t vb2_enter_vendor_data_ui(struct vb2_context *ctx, char *data_value)
+static VbError_t vb2_enter_vendor_data_ui(struct vb2_context *ctx,
+					  char *data_value)
 {
 	int len = 0;
 	VbScreenData data = {
@@ -314,7 +315,7 @@ VbError_t vb2_enter_vendor_data_ui(struct vb2_context *ctx, char *data_value)
 /*
  * User interface for setting the vendor data in VPD
  */
-VbError_t vb2_vendor_data_ui(struct vb2_context *ctx)
+static VbError_t vb2_vendor_data_ui(struct vb2_context *ctx)
 {
 	char data_value[VENDOR_DATA_LENGTH + 1];
 	VbScreenData data = {
@@ -399,7 +400,7 @@ static VbError_t vb2_check_diagnostic_key(struct vb2_context *ctx,
  * can press the power button to confirm or press escape. There is a 30-second
  * timeout which acts the same as escape.
  */
-VbError_t vb2_diagnostics_ui(struct vb2_context *ctx)
+static VbError_t vb2_diagnostics_ui(struct vb2_context *ctx)
 {
 	int active = 1;
 	int power_button_was_pressed = 0;
@@ -515,7 +516,7 @@ static const char dev_disable_msg[] =
 	"For more information, see http://dev.chromium.org/chromium-os/fwmp\n"
 	"\n";
 
-VbError_t vb2_developer_ui(struct vb2_context *ctx)
+static VbError_t vb2_developer_ui(struct vb2_context *ctx)
 {
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 	VbSharedDataHeader *shared = sd->vbsd;
diff --git a/firmware/stub/tpm_lite_stub.c b/firmware/stub/tpm_lite_stub.c
index 4eb0c528..e9994660 100644
--- a/firmware/stub/tpm_lite_stub.c
+++ b/firmware/stub/tpm_lite_stub.c
@@ -195,7 +195,7 @@ VbError_t VbExTpmClose(void)
 
 VbError_t VbExTpmOpen(void)
 {
-	char* device_path;
+	const char *device_path;
 	struct timespec delay;
 	int retries, saved_errno;
 
diff --git a/firmware/stub/vboot_api_stub.c b/firmware/stub/vboot_api_stub.c
index f62e9322..496d7204 100644
--- a/firmware/stub/vboot_api_stub.c
+++ b/firmware/stub/vboot_api_stub.c
@@ -14,6 +14,7 @@
 #include <sys/time.h>
 
 #include "vboot_api.h"
+#include "vboot_test.h"
 
 static enum VbEcBootMode_t vboot_mode;
 
@@ -80,12 +81,6 @@ VbError_t VbExEcJumpToRW(int devidx)
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcRebootToRO(int devidx)
-{
-	/* Nothing to reboot, so all we can do is return failure. */
-	return VBERROR_UNKNOWN;
-}
-
 VbError_t VbExEcDisableJump(int devidx)
 {
 	return VBERROR_SUCCESS;