vboot: eradicate vboot1 data structures from kernel verification

VbSelectAndLoadKernel no longer takes a vboot1-style VBSD data
structure.  Conversion of vboot 2->1 data structure is moved
into an API function called vb2api_export_vbsd() for use by
depthcharge.  VbSharedDataHeader type is now opaque to the
caller, and only a raw data buffer is exposed.

BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none

Change-Id: Id11f663f6e3296e947c519581d428b0c8fb60be5
Cq-Depend: chromium:2056343
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2054270
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>

8 files changed, 68 insertions, 67 deletions

diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 9eafdeec..e64f4380 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -452,3 +452,45 @@ uint32_t vb2api_get_recovery_reason(struct vb2_context *ctx)
 {
 	return vb2_get_sd(ctx)->recovery_reason;
 }
+
+void vb2api_export_vbsd(struct vb2_context *ctx, int wp_enabled, void *dest)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	VbSharedDataHeader *vbsd = (void *)dest;
+
+	/* Initialize with boilerplate fields. */
+	memset(vbsd, 0, VB2_VBSD_SIZE);
+	vbsd->magic = VB_SHARED_DATA_MAGIC;
+	vbsd->struct_version = VB_SHARED_DATA_VERSION;
+	vbsd->struct_size = VB2_VBSD_SIZE;
+	vbsd->data_size = VB2_VBSD_SIZE;
+	vbsd->data_used = VB2_VBSD_SIZE;
+	vbsd->flags |= VBSD_BOOT_FIRMWARE_VBOOT2;
+
+	/* Translate vboot2 flags and fields into vboot1. */
+	if (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED)
+		vbsd->flags |= VBSD_EC_SOFTWARE_SYNC;
+	if (ctx->flags & VB2_CONTEXT_NVDATA_V2)
+		vbsd->flags |= VBSD_NVDATA_V2;
+	if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
+		vbsd->flags |= VBSD_BOOT_DEV_SWITCH_ON;
+	if (ctx->flags & VB2_CONTEXT_FORCE_RECOVERY_MODE)
+		vbsd->flags |= VBSD_BOOT_REC_SWITCH_ON;
+	if (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED)
+		vbsd->flags |= VBSD_KERNEL_KEY_VERIFIED;
+	if (wp_enabled)
+		vbsd->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED;
+
+	vbsd->fw_version_tpm_start = sd->fw_version_secdata;
+	vbsd->fw_version_tpm = sd->fw_version;
+	vbsd->kernel_version_tpm_start = sd->kernel_version_secdata;
+	vbsd->kernel_version_tpm = sd->kernel_version;
+
+	vbsd->recovery_reason = sd->recovery_reason;
+	if (sd->recovery_reason)
+		vbsd->firmware_index = 0xff;
+	else
+		vbsd->firmware_index = sd->fw_slot;
+}
+_Static_assert(VB2_VBSD_SIZE == sizeof(VbSharedDataHeader),
+	       "VB2_VBSD_SIZE incorrect");
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index cab5d88c..af504584 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -470,6 +470,19 @@ vb2_error_t vb2api_relocate(void *new_workbuf, const void *cur_workbuf,
 			    uint32_t size, struct vb2_context **ctxptr);
 
 /**
+ * Export "VBSD" vboot1 data structure.
+ *
+ * Copy relevant fields from vboot2 data structures to VbSharedDataHeader
+ * format.  Takes a pointer to the memory space to be filled in.  Expects
+ * the memory available to be of size VB2_VBSD_SIZE.
+ *
+ * @param ctx		Context pointer
+ * @param wp_enabled	Whether or not write-protect is enabled at boot time
+ * @param dest		Target memory to store VbSharedDataHeader
+ */
+void vb2api_export_vbsd(struct vb2_context *ctx, int wp_enabled, void *dest);
+
+/**
  * Check the validity of firmware secure storage context.
  *
  * Checks version and CRC.
diff --git a/firmware/2lib/include/2constants.h b/firmware/2lib/include/2constants.h
index a6ccf3fb..47e121a0 100644
--- a/firmware/2lib/include/2constants.h
+++ b/firmware/2lib/include/2constants.h
@@ -76,4 +76,8 @@
 typedef uint32_t vb2_gbb_flags_t;
 #endif
 
+/* Size of legacy VbSharedDataHeader struct.  Defined here to avoid including
+   the struct definition as part of a vb2_api.h include. */
+#define VB2_VBSD_SIZE 1096
+
 #endif  /* VBOOT_REFERENCE_2CONSTANTS_H_ */
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index a5908d00..3e006ab6 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -232,10 +232,11 @@ struct vb2_shared_data {
 	 */
 
 	/*
-	 * Vboot1 shared data header.  This data should eventually get folded
-	 * directly into the kernel portion of this struct.
+	 * Formerly a pointer to vboot1 shared data header ("VBSD").  Caller
+	 * may now export a copy of VBSD via vb2api_export_vbsd().
+	 * TODO: Remove this field and bump struct_version_major.
 	 */
-	struct VbSharedDataHeader *vbsd;
+	uintptr_t reserved0;
 
 	/*
 	 * Offset and size of packed kernel key in work buffer.  Size is 0 if
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h
index 8f21fe03..0ad79159 100644
--- a/firmware/include/vboot_api.h
+++ b/firmware/include/vboot_api.h
@@ -39,15 +39,6 @@ typedef struct VbSharedDataHeader VbSharedDataHeader;
 /* Main entry points from firmware into vboot_reference */
 
 /*
- * Minimum and recommended size of shared_data_blob in bytes.  Shared data blob
- * is used to communicate data between calls to VbInit(), VbSelectFirmware(),
- * the OS.  Minimum size is enough to hold all required data for verified boot
- * but may not be able to hold debug output.
- */
-#define VB_SHARED_DATA_MIN_SIZE 3072
-#define VB_SHARED_DATA_REC_SIZE 16384
-
-/*
  * We use disk handles rather than indices.  Using indices causes problems if
  * a disk is removed/inserted in the middle of processing.
  */
@@ -91,7 +82,6 @@ typedef struct VbSelectAndLoadKernelParams {
  * Returns VB2_SUCCESS if success, non-zero if error; on error, caller
  * should reboot. */
 vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
-				  VbSharedDataHeader *shared,
 				  VbSelectAndLoadKernelParams *kparams);
 
 /*****************************************************************************/
diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
index 312165fc..bfdc1f0b 100644
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -20,10 +20,6 @@ extern "C" {
 /* Magic number for recognizing VbSharedDataHeader ("VbSD") */
 #define VB_SHARED_DATA_MAGIC 0x44536256
 
-/* Minimum and recommended size of shared_data_blob in bytes. */
-#define VB_SHARED_DATA_MIN_SIZE 3072
-#define VB_SHARED_DATA_REC_SIZE 16384
-
 /*
  * Flags for VbSharedDataHeader
  *
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index fce32a1b..2f0b4b70 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -222,36 +222,9 @@ vb2_error_t VbBootNormal(struct vb2_context *ctx)
 	return rv;
 }
 
-static vb2_error_t vb2_kernel_setup(struct vb2_context *ctx,
-				    VbSharedDataHeader *shared,
-				    VbSelectAndLoadKernelParams *kparams)
+static vb2_error_t vb2_kernel_init_kparams(struct vb2_context *ctx,
+					   VbSelectAndLoadKernelParams *kparams)
 {
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-
-	/* Translate vboot2 flags and fields into vboot1. */
-	if (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED)
-		shared->flags |= VBSD_EC_SOFTWARE_SYNC;
-	if (ctx->flags & VB2_CONTEXT_NVDATA_V2)
-		shared->flags |= VBSD_NVDATA_V2;
-	if (sd->flags & VB2_SD_FLAG_DEV_MODE_ENABLED)
-		shared->flags |= VBSD_BOOT_DEV_SWITCH_ON;
-
-	/* Translate recovery reason-related fields into vboot1 */
-	shared->recovery_reason = sd->recovery_reason;
-	if (sd->recovery_reason)
-		shared->firmware_index = 0xff;
-	if (sd->flags & VB2_SD_FLAG_MANUAL_RECOVERY)
-		shared->flags |= VBSD_BOOT_REC_SWITCH_ON;
-
-	/*
-	 * Save a pointer to the old vboot1 shared data, since we haven't
-	 * finished porting the library to use the new vb2 context and shared
-	 * data.
-	 *
-	 * TODO: replace this with fields directly in vb2 shared data.
-	 */
-	sd->vbsd = shared;
-
 	/* Fill in params for calls to LoadKernel() */
 	memset(&lkp, 0, sizeof(lkp));
 	lkp.kernel_buffer = kparams->kernel_buffer;
@@ -284,7 +257,6 @@ static void vb2_kernel_fill_kparams(struct vb2_context *ctx,
 }
 
 vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
-				  VbSharedDataHeader *shared,
 				  VbSelectAndLoadKernelParams *kparams)
 {
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
@@ -294,7 +266,7 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
 	   to vb2_nv_get and vb2_nv_set. */
 	vb2_nv_init(ctx);
 
-	rv = vb2_kernel_setup(ctx, shared, kparams);
+	rv = vb2_kernel_init_kparams(ctx, kparams);
 	if (rv)
 		return rv;
 
@@ -372,17 +344,8 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
 		rv = VbBootNormal(ctx);
 	}
 
-	/* No need to fill kparams or convert vboot1 flags on failure. */
-	if (rv)
-		return rv;
-
-	vb2_kernel_fill_kparams(ctx, kparams);
-
-	/* Translate vboot2 flags and fields into vboot1. */
-	if (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED)
-		sd->vbsd->flags |= VBSD_KERNEL_KEY_VERIFIED;
-	sd->vbsd->kernel_version_tpm_start = sd->kernel_version_secdata;
-	sd->vbsd->kernel_version_tpm = sd->kernel_version;
+	if (rv == VB2_SUCCESS)
+		vb2_kernel_fill_kparams(ctx, kparams);
 
 	return rv;
 }
diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c
index 3a5f602a..6e531988 100644
--- a/firmware/lib/vboot_display.c
+++ b/firmware/lib/vboot_display.c
@@ -252,14 +252,6 @@ vb2_error_t VbDisplayDebugInfo(struct vb2_context *ctx)
 			RecoveryReasonString(sd->recovery_reason),
 			DEBUG_INFO_SIZE - used);
 
-	/* Add VbSharedDataHeader flags if available */
-	if (sd->vbsd) {
-		used += StrnAppend(buf + used, "\nVbSD.flags: 0x",
-				   DEBUG_INFO_SIZE - used);
-		used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used,
-				       sd->vbsd->flags, 16, 8);
-	}
-
 	/* Add vb2_context and vb2_shared_data flags */
 	used += StrnAppend(buf + used, "\ncontext.flags: 0x",
 			   DEBUG_INFO_SIZE - used);