diff options
author | Joel Kitching <kitching@google.com> | 2019-09-23 22:53:49 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-11-28 20:49:25 +0000 |
commit | adb418310d2e51e2f2a0f22607989fd3f66c4433 (patch) | |
tree | 52fd1dd508adead50871a3cd87cf7cb2ee3d226a /tests/vboot_kernel_tests.c | |
parent | 6ef33b990578a9583a3ac53f2c835d4e16219b25 (diff) | |
download | vboot-adb418310d2e51e2f2a0f22607989fd3f66c4433.tar.gz |
vboot/secdata: rewrite rollback_index and centralize reads/writes
In current kernel verification code, secdata reads and writes
are spread throughout the code. vboot2's design is to use
vb2_context.secdata_* for storing the state of secdata spaces,
and have the caller (depthcharge) read/save this field when
necessary.
Centralize secdata reads/writes into the functions of
secdata_tpm.c, previously known as rollback_index.c.
Functions which directly read/write to the TPM space are modified
to use vb2_secdata_*_get and vb2_secdata_*_set.
The secure spaces get read/flushed by functions in
vboot_api_kernel.c. These calls and the underlying functions
from secdata_tpm.c will eventually be relocated to depthcharge.
Create a new external function vb2ex_commit_data, which commits
any modified nvdata/secdata. Currently the depthcharge
implementation of this function only writes nvdata, but once
secdata TPM drivers have been migrated from vboot_reference to
depthcharge, it will also commit these data spaces.
This CL also removes the VbExNvStorageRead call from
vb2_kernel_setup, and the data is instead read in depthcharge
CL:1819379, right before calling VbSelectAndLoadKernel.
As such, both the VbExNvStorageRead and VbExNvStorageWrite
functions may be removed.
Finally, create a vb2_secdata_kernel_lock function, which should
be used right before attempting to leave vboot (by booting an OS
or chainloading to another firmware). This should eventually be
exposed as a vb2ex_ API function and relocated to depthcharge.
BUG=b:124141368, chromium:972956, chromium:1006689
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ifbfb21122af0bf85e22a6d3a0d48a1db7f7c25b7
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1819380, chromium:1939168
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1728298
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'tests/vboot_kernel_tests.c')
-rw-r--r-- | tests/vboot_kernel_tests.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index b43a2acd..86afcb8d 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -63,7 +63,7 @@ static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; static LoadKernelParams lkp; static struct vb2_keyblock kbh; static VbKernelPreambleHeader kph; -static struct RollbackSpaceFwmp fwmp; +static struct vb2_secdata_fwmp *fwmp; static uint8_t mock_disk[MOCK_SECTOR_SIZE * MOCK_SECTOR_COUNT]; static GptHeader *mock_gpt_primary = (GptHeader*)&mock_disk[MOCK_SECTOR_SIZE * 1]; @@ -164,9 +164,6 @@ static void ResetMocks(void) kph.bootloader_address = 0xbeadd008; kph.bootloader_size = 0x1234; - memset(&fwmp, 0, sizeof(fwmp)); - memcpy(fwmp.dev_key_hash, mock_digest, sizeof(fwmp.dev_key_hash)); - memset(mock_parts, 0, sizeof(mock_parts)); mock_parts[0].start = 100; mock_parts[0].size = 150; /* 75 KB */ @@ -181,6 +178,11 @@ static void ResetMocks(void) struct vb2_shared_data *sd = vb2_get_sd(ctx); sd->vbsd = shared; + /* CRC will be invalid after here, but nobody's checking */ + sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; + fwmp = (struct vb2_secdata_fwmp *)ctx->secdata_fwmp; + memcpy(&fwmp->dev_key_hash, mock_digest, sizeof(fwmp->dev_key_hash)); + // TODO: more workbuf fields - flags, secdata_firmware, secdata_kernel } @@ -670,8 +672,7 @@ static void LoadKernelTest(void) ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - lkp.fwmp = &fwmp; - fwmp.flags |= FWMP_DEV_ENABLE_OFFICIAL_ONLY; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY; keyblock_verify_fail = 1; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail keyblock dev sig fwmp"); @@ -761,17 +762,15 @@ static void LoadKernelTest(void) /* Check developer key hash - bad */ ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - lkp.fwmp = &fwmp; - fwmp.flags |= FWMP_DEV_USE_KEY_HASH; - fwmp.dev_key_hash[0]++; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH; + fwmp->dev_key_hash[0]++; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail keyblock dev fwmp hash"); /* Check developer key hash - good */ ResetMocks(); ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE; - lkp.fwmp = &fwmp; - fwmp.flags |= FWMP_DEV_USE_KEY_HASH; + fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH; TestLoadKernel(0, "Good keyblock dev fwmp hash"); ResetMocks(); |