diff options
| author | Nicholas Bishop <nicholasbishop@google.com> | 2022-06-28 12:01:20 -0400 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-09-07 00:56:31 +0000 |
| commit | 3bd35108579db497b006b81e77794739b5118592 (patch) | |
| tree | 1d247c3f6124d8ae7454741bb984604602f43770 /firmware | |
| parent | b827ddb9b02228fc8064d7e03bdc6f05535d5e03 (diff) | |
| download | vboot-3bd35108579db497b006b81e77794739b5118592.tar.gz | |
2api: Add a new entry point for only loading and verifying the kernel
Add vb2api_inject_kernel_subkey for bootloaders that only want to use
vboot for loading and verifying the kernel. The intended usage is:
vb2api_init();
vb2api_inject_kernel_subkey();
vb2api_load_kernel();
BUG=b:237093169
BRANCH=none
TEST=make && make runtests
Change-Id: Iea6e31826f89ec754496427427d124a35285c463
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3732807
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'firmware')
| -rw-r--r-- | firmware/2lib/2api.c | 61 | ||||
| -rw-r--r-- | firmware/2lib/2misc.c | 6 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 16 |
3 files changed, 83 insertions, 0 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index ee63af3c..f6dcf5b8 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -16,6 +16,67 @@ #include "2sysincludes.h" #include "2tpm_bootmode.h" +vb2_error_t vb2api_inject_kernel_subkey( + struct vb2_context *ctx, + const uint8_t *kernel_packed_key_data, + uint32_t kernel_packed_key_data_size) +{ + struct vb2_shared_data *sd; + enum vb2_boot_mode *boot_mode; + struct vb2_workbuf wb; + struct vb2_packed_key *kernel_packed_key; + uint32_t kernel_packed_key_size; + void *dst_packed_key; + + sd = vb2_get_sd(ctx); + vb2_workbuf_from_ctx(ctx, &wb); + + /* Fully initialize the context and shared data. */ + sd->flags = 0; + /* Not in recovery. */ + sd->recovery_reason = 0; + /* FW not used. */ + sd->last_fw_slot = VB2_FW_SLOT_A; + sd->last_fw_result = VB2_FW_RESULT_UNKNOWN; + sd->fw_slot = VB2_FW_SLOT_A; + sd->fw_version = 0; + sd->fw_version_secdata = 0; + /* Clear status field. */ + sd->status = 0; + /* Invalid offset indicating GBB data is not available. */ + sd->gbb_offset = 0; + sd->kernel_version = 0; + sd->kernel_version_secdata = 0; + ctx->flags = 0; + boot_mode = (enum vb2_boot_mode *)&ctx->boot_mode; + *boot_mode = VB2_BOOT_MODE_NORMAL; + + /* Make sure passed buffer is big enough for the packed key. */ + kernel_packed_key = (struct vb2_packed_key *)kernel_packed_key_data; + VB2_TRY(vb2_verify_packed_key_inside(kernel_packed_key_data, + kernel_packed_key_data_size, + kernel_packed_key)); + + /* Allocate space in the workbuf in which to copy the key. */ + kernel_packed_key_size = + kernel_packed_key->key_offset + kernel_packed_key->key_size; + dst_packed_key = vb2_workbuf_alloc(&wb, kernel_packed_key_size); + if (!dst_packed_key) + return VB2_ERROR_WORKBUF_SMALL; + + /* Copy the packed key data into the workbuf. */ + memcpy(dst_packed_key, kernel_packed_key_data, kernel_packed_key_size); + + /* Set the location of the kernel key data in the context. */ + sd->kernel_key_offset = vb2_offset_of(sd, dst_packed_key); + sd->kernel_key_size = kernel_packed_key_size; + + vb2_set_workbuf_used(ctx, + sd->kernel_key_offset + kernel_packed_key_size); + + return VB2_SUCCESS; +} + vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) { vb2_error_t rv; diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 333e8064..e15d760b 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -754,10 +754,16 @@ void vb2_set_boot_mode(struct vb2_context *ctx) bool vb2api_hwcrypto_allowed(struct vb2_context *ctx) { + struct vb2_shared_data *sd = vb2_get_sd(ctx); + /* disable hwcrypto in recovery mode */ if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) return 0; + /* disable hwcrypto if secdata isn't initialized */ + if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT)) + return 0; + /* enable hwcrypto only if RW firmware set the flag */ return vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_FLAGS) & VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED; diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index f185ec4d..d145338d 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -386,6 +386,22 @@ vb2_error_t vb2api_secdata_fwmp_check(struct vb2_context *ctx, uint8_t *size); void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode); /** + * Entry point for setting up a context that can only load and verify a kernel. + * + * The only allowed usage is to call vb2api_init, then this entry point, + * then vb2api_load_kernel. + * + * @param ctx Vboot context + * @param kernel_packed_key_data Packed public key for kernel + * verification + * @param kernel_packed_key_data_size Size in bytes of kernel_packed_key_data + * @return VB2_SUCCESS, or error code on error. + */ +vb2_error_t vb2api_inject_kernel_subkey(struct vb2_context *ctx, + const uint8_t *kernel_packed_key_data, + uint32_t kernel_packed_key_data_size); + +/** * Firmware selection, phase 1. * * If the returned error is VB2_ERROR_API_PHASE1_RECOVERY, the calling firmware |