diff options
author | Hsin-Te Yuan <yuanhsinte@google.com> | 2022-06-22 18:25:48 +0800 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-06-24 16:02:49 +0000 |
commit | 3bd83883a08fb16069e89c5f6c1b6353e313184a (patch) | |
tree | 7e98c2c499c5059572974c147586a5029525ba5a /firmware | |
parent | a729c3f95d6c6d98c4e4d3500cc7535bf2ceee8a (diff) | |
download | vboot-3bd83883a08fb16069e89c5f6c1b6353e313184a.tar.gz |
2kernel: add vb2api_kernel_finalize
Move the final part of VbSelectAndLoadKernel into vb2api_kernel_finalize
and call vb2api_kernel_finalize at the end of VbSelectAndLoadKernel.
BUG=b:172339016
BRANCH=none
TEST=make runtests
Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Ieef929f679e4703e6771313cdf34a9959cc1335f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3715882
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2kernel.c | 19 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 10 | ||||
-rw-r--r-- | firmware/lib/vboot_api_kernel.c | 14 |
3 files changed, 30 insertions, 13 deletions
diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c index 5b18cad5..350a1bf6 100644 --- a/firmware/2lib/2kernel.c +++ b/firmware/2lib/2kernel.c @@ -197,3 +197,22 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx) return VB2_SUCCESS; } + +vb2_error_t vb2api_kernel_finalize(struct vb2_context *ctx) +{ + vb2_gbb_flags_t gbb_flags = vb2api_gbb_get_flags(ctx); + + /* + * Disallow booting to kernel when NO_BOOT flag is set, except when + * GBB flag disables software sync. + */ + if (!(gbb_flags & VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC) + && (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED) + && (ctx->flags & VB2_CONTEXT_NO_BOOT)) { + VB2_DEBUG("Blocking escape from NO_BOOT mode.\n"); + vb2api_fail(ctx, VB2_RECOVERY_ESCAPE_NO_BOOT, 0); + return VB2_ERROR_ESCAPE_NO_BOOT; + } + + return VB2_SUCCESS; +} diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index b740f6dd..bd0d14ed 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -818,6 +818,16 @@ vb2_error_t vb2api_get_pcr_digest(struct vb2_context *ctx, vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx); /** + * Finalize for kernel verification stage. + * + * Handle NO_BOOT flag. + * + * @param ctx Vboot context + * @return VB2_SUCCESS, or error code on error. + */ +vb2_error_t vb2api_kernel_finalize(struct vb2_context *ctx); + +/** * Load the verified boot block (vblock) for a kernel. * * This function may be called multiple times, to load and verify the diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 3029852e..a46317e1 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -251,17 +251,5 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, return VB2_ERROR_ESCAPE_NO_BOOT; } - /* - * Stop all cases returning SUCCESS against NO_BOOT flag except when - * GBB flag disables software sync. - */ - if (!(gbb_flags & VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC) - && (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED) - && (ctx->flags & VB2_CONTEXT_NO_BOOT)) { - VB2_DEBUG("Blocking escape from NO_BOOT mode.\n"); - vb2api_fail(ctx, VB2_RECOVERY_ESCAPE_NO_BOOT, 0); - return VB2_ERROR_ESCAPE_NO_BOOT; - } - - return VB2_SUCCESS; + return vb2api_kernel_finalize(ctx); } |