diff options
author | edisonhello <edisonhello@google.com> | 2021-07-26 15:26:13 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-07-30 17:37:19 +0000 |
commit | c267a6908dcbffa8d683c25fc1ba87edf373acca (patch) | |
tree | 1ce72908970aed52522b8f9bdfee3abc47a7dc13 /firmware | |
parent | 6cebe52a33eba8bb82430a7ce5560c590aee99a0 (diff) | |
download | vboot-c267a6908dcbffa8d683c25fc1ba87edf373acca.tar.gz |
vboot: Publicize and create functions for UI migration
Publicize vb2api_enable_developer_mode, vb2api_allow_recovery and
VbTryLoadKernel, and modify corresponding parts in tests.
Create vb2api_disable_dev_request, vb2api_request_diagnostics for
wrapping vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 1) and
vb2_nv_set(ctx, VB2_NV_DIAG_REQUEST, 1).
BUG=b:172339016
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=0; \
make -j32 test_setup && make -j32 runtests;
TEST=export CC=x86_64-pc-linux-gnu-clang DEBUG=1 DETACHABLE=1; \
make -j32 test_setup && make -j32 runtests;
TEST=Hayato booted into developer mode
BRANCH=none
Change-Id: I0211a63ed58ce862ee3e17b4835c675544f773a4
Signed-off-by: edisonhello <edisonhello@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3053541
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2kernel.c | 4 | ||||
-rw-r--r-- | firmware/2lib/2misc.c | 23 | ||||
-rw-r--r-- | firmware/2lib/2ui.c | 1 | ||||
-rw-r--r-- | firmware/2lib/2ui_screens.c | 20 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 42 | ||||
-rw-r--r-- | firmware/2lib/include/2misc.h | 26 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 3 | ||||
-rw-r--r-- | firmware/include/vboot_api.h | 12 | ||||
-rw-r--r-- | firmware/lib/include/vboot_kernel.h | 31 | ||||
-rw-r--r-- | firmware/lib/include/vboot_struct.h | 2 | ||||
-rw-r--r-- | firmware/lib/vboot_api_kernel.c | 3 |
11 files changed, 88 insertions, 79 deletions
diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c index b1b34a12..86fb2863 100644 --- a/firmware/2lib/2kernel.c +++ b/firmware/2lib/2kernel.c @@ -11,7 +11,7 @@ #include "2nvstorage.h" #include "2rsa.h" #include "2secdata.h" -#include "vboot_kernel.h" +#include "vboot_api.h" /** * Reset any NVRAM requests. @@ -164,7 +164,7 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx) /* Load recovery key from GBB. */ rv = vb2_gbb_read_recovery_key(ctx, &packed_key, NULL, &wb); if (rv) { - if (vb2_allow_recovery(ctx)) + if (vb2api_allow_recovery(ctx)) VB2_DIE("GBB read recovery key failed.\n"); else /* diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 29fcde75..f2c6bb41 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -375,7 +375,7 @@ vb2_error_t vb2_select_fw_slot(struct vb2_context *ctx) return VB2_SUCCESS; } -void vb2_enable_developer_mode(struct vb2_context *ctx) +void vb2api_enable_developer_mode(struct vb2_context *ctx) { uint32_t flags; @@ -391,8 +391,25 @@ void vb2_enable_developer_mode(struct vb2_context *ctx) VB2_DEBUG("Mode change will take effect on next reboot\n"); } +vb2_error_t vb2api_disable_developer_mode(struct vb2_context *ctx) +{ + if (vb2api_gbb_get_flags(ctx) & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON) { + VB2_DEBUG("ERROR: dev mode forced by GBB flag\n"); + return VB2_ERROR_API_DISABLE_DEV_NOT_ALLOWED; + } + + VB2_DEBUG("Leaving dev mode\n"); + vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 1); + return VB2_SUCCESS; +} + +void vb2api_request_diagnostics(struct vb2_context *ctx) { + vb2_nv_set(ctx, VB2_NV_DIAG_REQUEST, 1); + VB2_DEBUG("Diagnostics requested\n"); +} + test_mockable -int vb2_allow_recovery(struct vb2_context *ctx) +int vb2api_allow_recovery(struct vb2_context *ctx) { if (ctx->flags & VB2_CONTEXT_NO_BOOT) return 0; @@ -432,7 +449,7 @@ void vb2_clear_recovery(struct vb2_context *ctx) /* But stow recovery reason as subcode for non-manual recovery. */ if ((ctx->flags & VB2_CONTEXT_RECOVERY_MODE) && - !vb2_allow_recovery(ctx)) { + !vb2api_allow_recovery(ctx)) { VB2_DEBUG("Stow recovery reason as subcode (%#x)\n", sd->recovery_reason); vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE, sd->recovery_reason); diff --git a/firmware/2lib/2ui.c b/firmware/2lib/2ui.c index 2582743c..fa78792a 100644 --- a/firmware/2lib/2ui.c +++ b/firmware/2lib/2ui.c @@ -13,7 +13,6 @@ #include "2ui.h" #include "2ui_private.h" #include "vboot_api.h" /* For VB_SHUTDOWN_REQUEST_POWER_BUTTON */ -#include "vboot_kernel.h" /*****************************************************************************/ /* Utility functions */ diff --git a/firmware/2lib/2ui_screens.c b/firmware/2lib/2ui_screens.c index c2ff7ee1..02dc14c4 100644 --- a/firmware/2lib/2ui_screens.c +++ b/firmware/2lib/2ui_screens.c @@ -12,7 +12,6 @@ #include "2ui.h" #include "2ui_private.h" #include "vboot_api.h" -#include "vboot_kernel.h" #define MENU_ITEMS(a) ((struct vb2_menu){ \ .num_items = ARRAY_SIZE(a), \ @@ -277,7 +276,7 @@ vb2_error_t advanced_options_init(struct vb2_ui_context *ui) { ui->state->selected_item = ADVANCED_OPTIONS_ITEM_DEVELOPER_MODE; if (vb2_get_sd(ui->ctx)->flags & VB2_SD_FLAG_DEV_MODE_ENABLED || - !vb2_allow_recovery(ui->ctx)) { + !vb2api_allow_recovery(ui->ctx)) { VB2_SET_BIT(ui->state->hidden_item_mask, ADVANCED_OPTIONS_ITEM_DEVELOPER_MODE); ui->state->selected_item = ADVANCED_OPTIONS_ITEM_DEBUG_INFO; @@ -420,8 +419,7 @@ static const struct vb2_screen_info firmware_log_screen = { /* Set VB2_NV_DIAG_REQUEST and reboot. */ static vb2_error_t launch_diagnostics_action(struct vb2_ui_context *ui) { - vb2_nv_set(ui->ctx, VB2_NV_DIAG_REQUEST, 1); - VB2_DEBUG("Diagnostics requested, rebooting\n"); + vb2api_request_diagnostics(ui->ctx); return VB2_REQUEST_REBOOT; } @@ -520,13 +518,13 @@ static vb2_error_t recovery_to_dev_finalize(struct vb2_ui_context *ui) /* Validity check, should never happen. */ if (ui->state->screen->id != VB2_SCREEN_RECOVERY_TO_DEV || (vb2_get_sd(ui->ctx)->flags & VB2_SD_FLAG_DEV_MODE_ENABLED) || - !vb2_allow_recovery(ui->ctx)) { + !vb2api_allow_recovery(ui->ctx)) { VB2_DEBUG("ERROR: Dev transition validity check failed\n"); return VB2_SUCCESS; } VB2_DEBUG("Enabling dev mode and rebooting...\n"); - vb2_enable_developer_mode(ui->ctx); + vb2api_enable_developer_mode(ui->ctx); return VB2_REQUEST_REBOOT_EC_TO_RO; } @@ -861,14 +859,10 @@ static vb2_error_t developer_to_norm_init(struct vb2_ui_context *ui) vb2_error_t developer_to_norm_action(struct vb2_ui_context *ui) { - if (vb2api_gbb_get_flags(ui->ctx) & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON) { - VB2_DEBUG("ERROR: dev mode forced by GBB flag\n"); + if (vb2api_disable_developer_mode(ui->ctx) == VB2_SUCCESS) + return VB2_REQUEST_REBOOT; + else return VB2_SUCCESS; - } - - VB2_DEBUG("Leaving dev mode\n"); - vb2_nv_set(ui->ctx, VB2_NV_DISABLE_DEV_REQUEST, 1); - return VB2_REQUEST_REBOOT; } static const struct vb2_menu_item developer_to_norm_items[] = { diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 4219b3da..54388bb5 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -949,6 +949,48 @@ enum vb2_dev_default_boot_target vb2api_get_dev_default_boot_target( */ int vb2api_use_short_dev_screen_delay(struct vb2_context *ctx); +/** + * Check whether recovery is allowed or not. + * + * The only way to pass this check and proceed to the recovery process is to + * physically request a recovery (a.k.a. manual recovery). All other recovery + * requests including manual recovery requested by a (compromised) host will + * end up with 'broken' screen. + * + * @param ctx Vboot context + * @return 1 if recovery is allowed; 0 if no or uncertain. + */ +int vb2api_allow_recovery(struct vb2_context *ctx); + +/** + * Request to enable developer mode. + * + * Enables the developer flag in vb2_context firmware secdata. Note that + * modified secdata must be saved for change to apply on reboot. + * + * NOTE: Doesn't update the LAST_BOOT_DEVELOPER secdata flag. That should be + * done on the next boot. + * + * @param ctx Vboot context + */ +void vb2api_enable_developer_mode(struct vb2_context *ctx); + +/** + * Request to disable developer mode by setting VB2_NV_DIAG_REQUEST. + * + * @param ctx Vboot context + * @return VB2_SUCCESS if success; other errors if the check of + * VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON failed. + */ +vb2_error_t vb2api_disable_developer_mode(struct vb2_context *ctx); + +/** + * Request diagnostics by setting VB2_NV_DIAG_REQUEST. + * + * @param ctx Vboot context + */ +void vb2api_request_diagnostics(struct vb2_context *ctx); + /*****************************************************************************/ /* APIs provided by the caller to verified boot */ diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index 98f169bd..b36e1270 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -162,32 +162,6 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx); vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx); /** - * Utility function to enable developer mode. - * - * Enables the developer flag in vb2_context firmware secdata. Note that - * modified secdata must be saved for change to apply on reboot. - * - * NOTE: Doesn't update the LAST_BOOT_DEVELOPER secdata flag. That should be - * done on the next boot. - * - * @param ctx Vboot context - */ -void vb2_enable_developer_mode(struct vb2_context *ctx); - -/** - * Check whether recovery is allowed or not. - * - * The only way to pass this check and proceed to the recovery process is to - * physically request a recovery (a.k.a. manual recovery). All other recovery - * requests including manual recovery requested by a (compromised) host will - * end up with 'broken' screen. - * - * @param ctx Vboot context - * @return 1 if recovery is allowed; 0 if no or uncertain. - */ -int vb2_allow_recovery(struct vb2_context *ctx); - -/** * Clear recovery request appropriately. * * To avoid the recovery request "sticking" and the user being in a permanent diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 33a258a5..f3bf50e0 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -701,6 +701,9 @@ enum vb2_return_code { /* Digest buffer passed into vb2api_check_hash incorrect. */ VB2_ERROR_API_CHECK_DIGEST_SIZE, + /* Disabling developer mode is not allowed by GBB flags */ + VB2_ERROR_API_DISABLE_DEV_NOT_ALLOWED, + /********************************************************************** * Errors which may be generated by implementations of vb2ex functions. * Implementation may also return its own specific errors, which should diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index 2b1d838b..04ee05b8 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -77,6 +77,18 @@ typedef struct VbSelectAndLoadKernelParams { vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, VbSelectAndLoadKernelParams *kparams); +/** + * Attempt loading a kernel from the specified type(s) of disks. + * + * If successful, sets kparams.disk_handle to the disk for the kernel and + * returns VB2_SUCCESS. + * + * @param ctx Vboot context + * @param disk_flags Flags to pass to VbExDiskGetInfo() + * @return VB2_SUCCESS or the most specific VB2_ERROR_LK error. + */ +vb2_error_t VbTryLoadKernel(struct vb2_context *ctx, uint32_t disk_flags); + /*****************************************************************************/ /* Disk access (previously in boot_device.h) */ diff --git a/firmware/lib/include/vboot_kernel.h b/firmware/lib/include/vboot_kernel.h deleted file mode 100644 index a9dc8242..00000000 --- a/firmware/lib/include/vboot_kernel.h +++ /dev/null @@ -1,31 +0,0 @@ -/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Data structure and API definitions for a verified boot kernel image. - * (Firmware Portion) - */ - -#ifndef VBOOT_REFERENCE_VBOOT_KERNEL_H_ -#define VBOOT_REFERENCE_VBOOT_KERNEL_H_ - -#include "cgptlib.h" -#include "gpt_misc.h" -#include "load_kernel_fw.h" -#include "vboot_api.h" - -struct vb2_context; - -/** - * Attempt loading a kernel from the specified type(s) of disks. - * - * If successful, sets lkp.disk_handle to the disk for the kernel and returns - * VB2_SUCCESS. - * - * @param ctx Vboot context - * @param disk_flags Flags to pass to VbExDiskGetInfo() - * @return VB2_SUCCESS or the most specific VB2_ERROR_LK error. - */ -vb2_error_t VbTryLoadKernel(struct vb2_context *ctx, uint32_t disk_flags); - -#endif /* VBOOT_REFERENCE_VBOOT_KERNEL_H_ */ diff --git a/firmware/lib/include/vboot_struct.h b/firmware/lib/include/vboot_struct.h index 8a068922..374dfd40 100644 --- a/firmware/lib/include/vboot_struct.h +++ b/firmware/lib/include/vboot_struct.h @@ -10,7 +10,7 @@ #include <stdint.h> -#include "vboot_kernel.h" +#include "2sysincludes.h" #ifdef __cplusplus extern "C" { diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 03025988..cab35636 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -16,7 +16,6 @@ #include "2ui.h" #include "load_kernel_fw.h" #include "vboot_api.h" -#include "vboot_kernel.h" #include "vboot_struct.h" #include "vboot_test.h" @@ -195,7 +194,7 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, VB2_DEBUG("NO_BOOT in RECOVERY mode\n"); /* Recovery boot. This has UI. */ - if (vb2_allow_recovery(ctx)) + if (vb2api_allow_recovery(ctx)) VB2_TRY(vb2_manual_recovery_menu(ctx)); else VB2_TRY(vb2_broken_recovery_menu(ctx)); |