futility: preserve preamble flags when resigning BIOS images

If we're re-signing a valid BIOS image, we want to be sure that
we preserve the original firmware preamble flags (RO_NORMAL and
so forth) if the --flags option does not specifically override
it.

This change adds a test for that case, and makes it happen.

BUG=chromium:224734
BRANCH=ToT
TEST=make runtests

Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: I8cbde66abaf96ec82adf0205bedf57b1fd1b82a1
Reviewed-on: https://chromium-review.googlesource.com/216714
Reviewed-by: Randall Spangler <rspangler@chromium.org>

2 files changed, 15 insertions, 7 deletions

diff --git a/futility/cmd_show.c b/futility/cmd_show.c
index ac43bbf8..0f5eecdf 100644
--- a/futility/cmd_show.c
+++ b/futility/cmd_show.c
@@ -166,8 +166,9 @@ int futil_cb_show_gbb(struct futil_traverse_state_s *state)
 
 	bmp = (BmpBlockHeader *)(buf + gbb->bmpfv_offset);
 	if (0 != memcmp(bmp, BMPBLOCK_SIGNATURE, BMPBLOCK_SIGNATURE_SIZE)) {
-		/* We don't support old formats, so it's not always an error */
 		printf("  BmpBlock:              <invalid>\n");
+		/* We don't support old formats, so it's not always an error */
+		/* TODO: Add a --strict option to make this fatal? */
 	} else {
 		printf("  BmpBlock:\n");
 		printf("    Version:             %d.%d\n",
@@ -332,7 +333,8 @@ int futil_cb_show_fw_preamble(struct futil_traverse_state_s *state)
 
 	if (!fv_data) {
 		printf("No firmware body available to verify.\n");
-		return 1;
+		/* TODO: Add a --strict option to make this fatal? */
+		return 0;
 	}
 
 	if (VBOOT_SUCCESS !=
@@ -350,7 +352,8 @@ done:
 			printf("Body verification succeeded.\n");
 		state->my_area->_flags |= AREA_IS_VALID;
 	} else {
-		printf("Body seems legit, but the signature is unverified.\n");
+		printf("Seems legit, but the signature is unverified.\n");
+		/* TODO: Add a --strict option to make this fatal? */
 	}
 
 	return 0;
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c
index 3a65b22e..f7481759 100644
--- a/futility/cmd_sign.c
+++ b/futility/cmd_sign.c
@@ -82,7 +82,6 @@ int futil_cb_sign_fw_preamble(struct futil_traverse_state_s *state)
 	if (state->component == CB_FW_PREAMBLE)
 		return futil_cb_sign_notyet(state);
 
-
 	/*
 	 * If we have a valid keyblock and fw_preamble, then we can use them to
 	 * determine the size of the firmware body. Otherwise, we'll have to
@@ -111,6 +110,9 @@ int futil_cb_sign_fw_preamble(struct futil_traverse_state_s *state)
 	switch (state->component) {
 	case CB_FMAP_VBLOCK_A:
 		fw_body_area = &state->cb_area[CB_FMAP_FW_MAIN_A];
+		/* Preserve the flags if they're not specified */
+		if (!option.flags)
+			option.flags = preamble->flags;
 		break;
 	case CB_FMAP_VBLOCK_B:
 		fw_body_area = &state->cb_area[CB_FMAP_FW_MAIN_B];
@@ -287,15 +289,18 @@ static const char usage[] = "\n"
 	"                                     DEV public firmware data key\n"
 	"\n"
 	"Optional OPTIONS:\n"
-	"  -v|--version     NUM             The firmware version number (%d)\n"
-	"  -f|--flags       NUM             The preamble flags value (%d)\n"
+	"  -v|--version     NUM             The firmware version number"
+	" (default %d)\n"
+	"  -f|--flags       NUM             The preamble flags value"
+	" (default is\n"
+	"                                     unchanged, or 0 if unknown)\n"
 	"  -d|--loemdir     DIR             Local OEM output vblock directory\n"
 	"  -l|--loemid      STRING          Local OEM vblock suffix\n"
 	"\n";
 
 static void help_and_quit(const char *prog)
 {
-	fprintf(stderr, usage, prog, option.version, option.flags);
+	fprintf(stderr, usage, prog, option.version);
 	exit(1);
 }