8 files changed, 225 insertions, 96 deletions
diff --git a/firmware/include/load_firmware_fw.h b/firmware/include/load_firmware_fw.h
index 1e42f1c9..11fb0ce7 100644
--- a/firmware/include/load_firmware_fw.h
+++ b/firmware/include/load_firmware_fw.h
@@ -11,9 +11,7 @@
 
 #include "sysincludes.h"
 #include "vboot_nvstorage.h"
-
-/* Recommended size of shared_data_blob in bytes. */
-#define LOAD_FIRMWARE_SHARED_DATA_REC_SIZE 16384
+#include "vboot_struct.h"
 
 /* Return codes for LoadFirmware() and S3Resume(). */
 #define LOAD_FIRMWARE_SUCCESS 0   /* Success */
@@ -33,15 +31,19 @@ typedef struct LoadFirmwareParams {
   void* verification_block_1;    /* Key block + preamble for firmware 1 */
   uint64_t verification_size_0;  /* Verification block 0 size in bytes */
   uint64_t verification_size_1;  /* Verification block 1 size in bytes */
-  void* shared_data_blob;        /* Destination buffer for data shared between
-                                  * LoadFirmware() and LoadKernel().  Pass this
+
+  /* Shared data blob for data shared between LoadFirmware() and LoadKernel().
+   * This should be at least VB_SHARED_DATA_MIN_SIZE bytes long, and ideally
+   * is VB_SHARED_DATA_REC_SIZE bytes long. */
+  void* shared_data_blob;        /* Shared data blob buffer.  Pass this
                                   * data to LoadKernel() in
                                   * LoadKernelParams.shared_data_blob. */
-  uint64_t shared_data_size;     /* Size of shared data blob buffer, in bytes.
-                                  * On output, this will contain the actual
-                                  * data size placed into the buffer.  Caller
-                                  * need only pass this much data to
-                                  * LoadKernel().*/
+  uint64_t shared_data_size;     /* On input, set to size of shared data blob
+                                  * buffer, in bytes.  On output, this will
+                                  * contain the actual data size placed into
+                                  * the buffer.  Caller need only pass that
+                                  * much data to LoadKernel().*/
+
   uint64_t boot_flags;           /* Boot flags */
   VbNvContext* nv_context;       /* Context for NV storage.  nv_context->raw
                                   * must be filled before calling
diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
index bb47403b..f4364274 100644
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -131,10 +131,38 @@ typedef struct VbKernelPreambleHeader {
 
 #define EXPECTED_VBKERNELPREAMBLEHEADER_SIZE 96
 
+/* Magic number for recognizing VbSharedDataHeader ("VbSD") */
+#define VB_SHARED_DATA_MAGIC 0x44536256
+
 /* Minimum and recommended size of shared_data_blob in bytes. */
 #define VB_SHARED_DATA_MIN_SIZE 3072
 #define VB_SHARED_DATA_REC_SIZE 16384
 
+/* Flags for VbSharedDataHeader */
+/* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries */
+#define VBSD_FWB_TRIED                  0x00000001
+/* LoadKernel() verified the kernel keyblock using the kernel subkey from
+ * the firmware.  If this flag is not present, it just used the hash of the
+ * kernel keyblock. */
+#define VBSD_KERNEL_KEY_VERIFIED        0x00000002
+/* LoadFirmware() was told the developer switch was on */
+#define VBSD_LF_DEV_SWITCH_ON           0x00000004
+
+/* Result codes for checking firmware A and B */
+#define VBSD_LF_CHECK_NOT_DONE          0
+#define VBSD_LF_CHECK_DEV_MISMATCH      1
+#define VBSD_LF_CHECK_REC_MISMATCH      2
+#define VBSD_LF_CHECK_VERIFY_KEYBLOCK   3
+#define VBSD_LF_CHECK_KEY_ROLLBACK      4
+#define VBSD_LF_CHECK_DATA_KEY_PARSE    5
+#define VBSD_LF_CHECK_VERIFY_PREAMBLE   6
+#define VBSD_LF_CHECK_FW_ROLLBACK       7
+#define VBSD_LF_CHECK_HEADER_VALID      8
+#define VBSD_LF_CHECK_GET_FW_BODY       9
+#define VBSD_LF_CHECK_HASH_WRONG_SIZE   10
+#define VBSD_LF_CHECK_VERIFY_BODY       11
+#define VBSD_LF_CHECK_VALID             12
+
 /* Data shared between LoadFirmware(), LoadKernel(), and OS.
  *
  * The boot process is:
@@ -149,18 +177,19 @@ typedef struct VbKernelPreambleHeader {
  *      For example, via ACPI or ATAGs. */
 typedef struct VbSharedDataHeader {
   /* Fields present in version 1 */
+  uint32_t magic;                     /* Magic number for struct
+                                       * (VB_SHARED_DATA_MAGIC) */
   uint32_t struct_version;            /* Version of this structure */
   uint64_t struct_size;               /* Size of this structure in bytes */
   uint64_t data_size;                 /* Size of shared data buffer in bytes */
   uint64_t data_used;                 /* Amount of shared data used so far */
+  uint32_t flags;                     /* Flags */
 
   VbPublicKey kernel_subkey;          /* Kernel subkey, from firmware */
   uint64_t kernel_subkey_data_offset; /* Offset of kernel subkey data from
                                        * start of this struct */
   uint64_t kernel_subkey_data_size;   /* Size of kernel subkey data */
 
-  uint64_t flags;                     /* Flags */
-
   /* Timer values from VbGetTimer().  Unused values are set to 0.  If a
    * function is called mutiple times, these are the times from the
    * most recent call. */
@@ -171,6 +200,13 @@ typedef struct VbSharedDataHeader {
   uint64_t timer_load_kernel_enter;          /* LoadKernel() - enter */
   uint64_t timer_load_kernel_exit;           /* LoadKernel() - exit */
 
+  uint8_t check_fw_a_result;          /* Result of checking RW firmware A */
+  uint8_t check_fw_b_result;          /* Result of checking RW firmware B */
+  uint8_t firmware_index;             /* Firmware index returned by
+                                       * LoadFirmware() or 0xFF if failure */
+  uint32_t fw_version_tpm_start;      /* Firmware TPM version at start */
+  uint32_t fw_version_lowest;         /* Firmware lowest version found */
+
   /* After read-only firmware which uses version 1 is released, any additional
    * fields must be added below, and the struct version must be increased.
    * Before reading/writing those fields, make sure that the struct being
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index abba130b..edc6e163 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -381,6 +381,10 @@ int VerifyKernelPreamble(const VbKernelPreambleHeader* preamble,
 
 
 int VbSharedDataInit(VbSharedDataHeader* header, uint64_t size) {
+
+  VBDEBUG(("VbSharedDataInit, %d bytes, header %d bytes\n", (int)size,
+           sizeof(VbSharedDataHeader)));
+
   if (size < sizeof(VbSharedDataHeader)) {
     VBDEBUG(("Not enough data for header.\n"));
     return VBOOT_SHARED_DATA_INVALID;
@@ -397,10 +401,12 @@ int VbSharedDataInit(VbSharedDataHeader* header, uint64_t size) {
   Memset(header, 0, sizeof(VbSharedDataHeader));
 
   /* Initialize fields */
+  header->magic = VB_SHARED_DATA_MAGIC;
   header->struct_version = VB_SHARED_DATA_VERSION;
   header->struct_size = sizeof(VbSharedDataHeader);
   header->data_size = size;
   header->data_used = sizeof(VbSharedDataHeader);
+  header->firmware_index = 0xFF;
 
   /* Success */
   return VBOOT_SUCCESS;
@@ -410,6 +416,8 @@ int VbSharedDataInit(VbSharedDataHeader* header, uint64_t size) {
 uint64_t VbSharedDataReserve(VbSharedDataHeader* header, uint64_t size) {
   uint64_t offs = header->data_used;
 
+  VBDEBUG(("VbSharedDataReserve %d bytes at %d\n", (int)size, (int)offs));
+
   if (!header || size > header->data_size - header->data_used) {
     VBDEBUG(("VbSharedData buffer out of space.\n"));
     return 0;  /* Not initialized, or not enough space left. */
diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c
index 9172e5c8..dd006f3a 100644
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -109,6 +109,8 @@ int LoadFirmware(LoadFirmwareParams* params) {
 
   /* Parse flags */
   is_dev = (params->boot_flags & BOOT_FLAG_DEVELOPER ? 1 : 0);
+  if (is_dev)
+    shared->flags |= VBSD_LF_DEV_SWITCH_ON;
 
   /* Initialize the TPM and read rollback indices. */
   VBPERFSTART("VB_TPMI");
@@ -122,12 +124,15 @@ int LoadFirmware(LoadFirmwareParams* params) {
       recovery = VBNV_RECOVERY_RO_TPM_ERROR;
     goto LoadFirmwareExit;
   }
+  shared->fw_version_tpm_start = tpm_version;
   VBPERFEND("VB_TPMI");
 
   /* Read try-b count and decrement if necessary */
   VbNvGet(vnc, VBNV_TRY_B_COUNT, &try_b_count);
-  if (0 != try_b_count)
+  if (0 != try_b_count) {
     VbNvSet(vnc, VBNV_TRY_B_COUNT, try_b_count - 1);
+    shared->flags |= VBSD_FWB_TRIED;
+  }
   VbNvSet(vnc, VBNV_TRIED_FIRMWARE_B, try_b_count ? 1 : 0);
 
   /* Allocate our internal data */
@@ -146,15 +151,18 @@ int LoadFirmware(LoadFirmwareParams* params) {
     uint64_t key_version;
     uint64_t combined_version;
     uint8_t* body_digest;
+    uint8_t* check_result;
 
     /* If try B count is non-zero try firmware B first */
     index = (try_b_count ? 1 - i : i);
     if (0 == index) {
       key_block = (VbKeyBlockHeader*)params->verification_block_0;
       vblock_size = params->verification_size_0;
+      check_result = &shared->check_fw_a_result;
     } else {
       key_block = (VbKeyBlockHeader*)params->verification_block_1;
       vblock_size = params->verification_size_1;
+      check_result = &shared->check_fw_b_result;
     }
 
     /* Check the key block flags against the current boot mode.  Do this
@@ -164,11 +172,13 @@ int LoadFirmware(LoadFirmwareParams* params) {
           (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 :
            KEY_BLOCK_FLAG_DEVELOPER_0))) {
       VBDEBUG(("Developer flag mismatch.\n"));
+      *check_result = VBSD_LF_CHECK_DEV_MISMATCH;
       continue;
     }
     /* RW firmware never runs in recovery mode. */
     if (!(key_block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_0)) {
       VBDEBUG(("Recovery flag mismatch.\n"));
+      *check_result = VBSD_LF_CHECK_REC_MISMATCH;
       continue;
     }
 
@@ -176,6 +186,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
     VBPERFSTART("VB_VKB");
     if ((0 != KeyBlockVerify(key_block, vblock_size, root_key, 0))) {
       VBDEBUG(("Key block verification failed.\n"));
+      *check_result = VBSD_LF_CHECK_VERIFY_KEYBLOCK;
       VBPERFEND("VB_VKB");
       continue;
     }
@@ -185,6 +196,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
     key_version = key_block->data_key.key_version;
     if (key_version < (tpm_version >> 16)) {
       VBDEBUG(("Key rollback detected.\n"));
+      *check_result = VBSD_LF_CHECK_KEY_ROLLBACK;
       continue;
     }
 
@@ -192,6 +204,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
     data_key = PublicKeyToRSA(&key_block->data_key);
     if (!data_key) {
       VBDEBUG(("Unable to parse data key.\n"));
+      *check_result = VBSD_LF_CHECK_DATA_KEY_PARSE;
       continue;
     }
 
@@ -203,6 +216,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
                                      vblock_size - key_block->key_block_size,
                                      data_key))) {
       VBDEBUG(("Preamble verfication failed.\n"));
+      *check_result = VBSD_LF_CHECK_VERIFY_PREAMBLE;
       RSAPublicKeyFree(data_key);
       VBPERFEND("VB_VPB");
       continue;
@@ -214,10 +228,14 @@ int LoadFirmware(LoadFirmwareParams* params) {
                         (preamble->firmware_version & 0xFFFF));
     if (combined_version < tpm_version) {
       VBDEBUG(("Firmware version rollback detected.\n"));
+      *check_result = VBSD_LF_CHECK_FW_ROLLBACK;
       RSAPublicKeyFree(data_key);
       continue;
     }
 
+    /* Header for this firmware is valid */
+    *check_result = VBSD_LF_CHECK_HEADER_VALID;
+
     /* Check for lowest key version from a valid header. */
     if (lowest_version > combined_version)
       lowest_version = combined_version;
@@ -234,6 +252,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
     lfi->body_size_accum = 0;
     if (0 != GetFirmwareBody(params, index)) {
       VBDEBUG(("GetFirmwareBody() failed for index %d\n", index));
+      *check_result = VBSD_LF_CHECK_GET_FW_BODY;
       RSAPublicKeyFree(data_key);
       VBPERFEND("VB_RFD");
       continue;
@@ -242,6 +261,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
       VBDEBUG(("Hash updated %d bytes but expected %d\n",
                (int)lfi->body_size_accum,
                (int)preamble->body_signature.data_size));
+      *check_result = VBSD_LF_CHECK_HASH_WRONG_SIZE;
       RSAPublicKeyFree(data_key);
       VBPERFEND("VB_RFD");
       continue;
@@ -253,6 +273,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
     body_digest = DigestFinal(&lfi->body_digest_context);
     if (0 != VerifyDigest(body_digest, &preamble->body_signature, data_key)) {
       VBDEBUG(("Firmware body verification failed.\n"));
+      *check_result = VBSD_LF_CHECK_VERIFY_BODY;
       RSAPublicKeyFree(data_key);
       Free(body_digest);
       VBPERFEND("VB_VFD");
@@ -266,6 +287,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
 
     /* If we're still here, the firmware is valid. */
     VBDEBUG(("Firmware %d is valid.\n", index));
+    *check_result = VBSD_LF_CHECK_VALID;
     if (-1 == good_index) {
       /* Save the key we actually used */
       if (0 != VbSharedDataSetKernelKey(shared, &preamble->kernel_subkey)) {
@@ -312,6 +334,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
   if (good_index >= 0) {
 
     /* Update TPM if necessary */
+    shared->fw_version_lowest = (uint32_t)lowest_version;
     if (lowest_version > tpm_version) {
       VBPERFSTART("VB_TPMU");
       status = RollbackFirmwareWrite((uint32_t)lowest_version);
@@ -341,6 +364,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
 
     /* Success */
     VBDEBUG(("Will boot firmware index %d\n", (int)params->firmware_index));
+    shared->firmware_index = (uint8_t)params->firmware_index;
     retval = LOAD_FIRMWARE_SUCCESS;
   } else {
     /* No good firmware, so go to recovery mode. */
diff --git a/firmware/stub/load_firmware_stub.c b/firmware/stub/load_firmware_stub.c
index 0b0671aa..26ce3d50 100644
--- a/firmware/stub/load_firmware_stub.c
+++ b/firmware/stub/load_firmware_stub.c
@@ -99,8 +99,8 @@ int VerifyFirmwareDriver_stub(uint8_t* gbb_data,
   p.nv_context = &vnc;
 
   /* Allocate a shared data buffer */
-  p.shared_data_blob = Malloc(LOAD_FIRMWARE_SHARED_DATA_REC_SIZE);
-  p.shared_data_size = LOAD_FIRMWARE_SHARED_DATA_REC_SIZE;
+  p.shared_data_blob = Malloc(VB_SHARED_DATA_REC_SIZE);
+  p.shared_data_size = VB_SHARED_DATA_REC_SIZE;
 
   /* TODO: YOU NEED TO SET THE BOOT FLAGS SOMEHOW */
   p.boot_flags = 0;
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c
index b43c502d..6ba67e64 100644
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c
@@ -16,6 +16,7 @@
 #include "utility.h"
 #include "vboot_common.h"
 #include "vboot_nvstorage.h"
+#include "vboot_struct.h"
 
 /* ACPI constants from Chrome OS Main Processor Firmware Spec */
 /* GPIO signal types */
@@ -87,10 +88,23 @@
 /* A structure to contain buffer data retrieved from the ACPI. */
 typedef struct {
   int buffer_size;
-  void* buffer;
+  uint8_t* buffer;
 } AcpiBuffer;
 
 
+/* Fields that GetVdatString() can get */
+typedef enum VdatStringField {
+  VDAT_STRING_TIMERS = 0,          /* Timer values */
+  VDAT_STRING_LOAD_FIRMWARE_DEBUG  /* LoadFirmware() debug information */
+} VdatStringField;
+
+
+/* Fields that GetVdatInt() can get */
+typedef enum VdatIntField {
+  VDAT_INT_FLAGS = 0  /* Flags */
+} VdatIntField;
+
+
 /* Copy up to dest_size-1 characters from src to dest, ensuring null
    termination (which strncpy() doesn't do).  Returns the destination
    string. */
@@ -319,7 +333,7 @@ AcpiBuffer* VbGetBuffer(const char* filename)
 
   do {
     struct stat fs;
-    unsigned char* output_ptr;
+    uint8_t* output_ptr;
     int rv, i, real_size;
 
     rv = stat(filename, &fs);
@@ -334,23 +348,18 @@ AcpiBuffer* VbGetBuffer(const char* filename)
     if (!file_buffer)
       break;
 
-
     real_size = fread(file_buffer, 1, fs.st_size, f);
     if (!real_size)
       break;
+    file_buffer[real_size] = '\0';
 
-    /* each byte in the output will replace two characters and a space in the
-     *  input, so the output size does not exceed input side/3 (a little less
-     *  if account for newline characters).
-     */
+    /* Each byte in the output will replace two characters and a space
+     * in the input, so the output size does not exceed input side/3
+     * (a little less if account for newline characters). */
     acpi_buffer = Malloc(sizeof(AcpiBuffer) + real_size/3);
-
     if (!acpi_buffer)
       break;
-
-    file_buffer[real_size] = '\0';
-
-    acpi_buffer->buffer = acpi_buffer + 1;
+    acpi_buffer->buffer = (uint8_t*)(acpi_buffer + 1);
     acpi_buffer->buffer_size = 0;
     output_ptr = acpi_buffer->buffer;
 
@@ -604,6 +613,71 @@ int VbGetCrosDebug(void) {
 }
 
 
+char* GetVdatString(char* dest, int size, VdatStringField field)
+{
+  VbSharedDataHeader* sh;
+  AcpiBuffer* ab = VbGetBuffer(ACPI_VDAT_PATH);
+  if (!ab)
+    return NULL;
+
+  sh = (VbSharedDataHeader*)ab->buffer;
+
+  switch (field) {
+    case VDAT_STRING_TIMERS:
+      snprintf(dest, size,
+               "LFS=%" PRIu64 ",%" PRIu64
+               " LF=%" PRIu64 ",%" PRIu64
+               " LK=%" PRIu64 ",%" PRIu64,
+               sh->timer_load_firmware_start_enter,
+               sh->timer_load_firmware_start_exit,
+               sh->timer_load_firmware_enter,
+               sh->timer_load_firmware_exit,
+               sh->timer_load_kernel_enter,
+               sh->timer_load_kernel_exit);
+      break;
+
+    case VDAT_STRING_LOAD_FIRMWARE_DEBUG:
+      snprintf(dest, size,
+               "check=%d,%d index=0x%02x tpmver=0x%x lowestver=0x%x",
+               sh->check_fw_a_result,
+               sh->check_fw_b_result,
+               sh->firmware_index,
+               sh->fw_version_tpm_start,
+               sh->fw_version_lowest);
+      break;
+
+    default:
+      Free(ab);
+      return NULL;
+  }
+
+  Free(ab);
+  return dest;
+}
+
+
+int GetVdatInt(VdatIntField field) {
+  VbSharedDataHeader* sh;
+  AcpiBuffer* ab = VbGetBuffer(ACPI_VDAT_PATH);
+  int value = -1;
+
+  if (!ab)
+    return -1;
+
+  sh = (VbSharedDataHeader*)ab->buffer;
+
+  switch (field) {
+    case VDAT_INT_FLAGS:
+      value = (int)sh->flags;
+      break;
+
+  }
+
+  Free(ab);
+  return value;
+}
+
+
 /* Read a system property integer.
  *
  * Returns the property value, or -1 if error. */
@@ -671,37 +745,13 @@ int VbGetSystemPropertyInt(const char* name) {
     value = ReadFileInt(ACPI_FMAP_PATH);
   } else if (!strcasecmp(name,"cros_debug")) {
     value = VbGetCrosDebug();
+  } else if (!strcasecmp(name,"vdat_flags")) {
+    value = GetVdatInt(VDAT_INT_FLAGS);
   }
 
   return value;
 }
 
-/* This function is just an example illustrating the use of VbGetBuffer(). It
- * converts the binary contents of the buffer into a space delimetered hex
- * string. It is expected to be replaced with a function which has knowledge
- * of the buffer data structure.
- */
-char* GetVdatBuffer(void)
-{
-  char* buffer, *src, *p;
-  int i;
-
-  AcpiBuffer* ab = VbGetBuffer(ACPI_VDAT_PATH);
-  if (!ab)
-    return NULL;
-
-  buffer = Malloc(ab->buffer_size * 3 + 2);
-  p = buffer;
-  src = ab->buffer;
-  for (i = 0; i < ab->buffer_size; i++) {
-    snprintf(p, 4, " %2.2x", *src++);
-    p += 3;
-  }
-  *p = '\0';
-  Free(ab);
-  return buffer;
-}
-
 /* Read a system property string into a destination buffer of the specified
  * size.
  *
@@ -745,8 +795,10 @@ const char* VbGetSystemPropertyString(const char* name, char* dest, int size) {
       default:
         return NULL;
     }
-  } else if (!strcasecmp(name, "vdat")) {
-    return GetVdatBuffer();
+  } else if (!strcasecmp(name, "vdat_timers")) {
+    return GetVdatString(dest, size, VDAT_STRING_TIMERS);
+  } else if (!strcasecmp(name, "vdat_lfdebug")) {
+    return GetVdatString(dest, size, VDAT_STRING_LOAD_FIRMWARE_DEBUG);
   } else
     return NULL;
 }
diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c
index abd41865..fb842837 100644
--- a/utility/crossystem_main.c
+++ b/utility/crossystem_main.c
@@ -11,10 +11,15 @@
 
 #include "crossystem.h"
 
+/* Flags for Param */
+#define IS_STRING      0x01  /* String (not present = integer) */
+#define CAN_WRITE      0x02  /* Writable (not present = read-only */
+#define NO_PRINT_ALL   0x04  /* Don't print contents of parameter when
+                              * doing a print-all */
+
 typedef struct Param {
   const char* name;  /* Parameter name */
-  int is_string;     /* 0 if integer, 1 if string */
-  int can_write;     /* 0 if read-only, 1 if writable */
+  int flags;         /* Flags (see above) */
   const char* desc;  /* Human-readable description */
   const char* format; /* Format string, if non-NULL and 0==is_string*/
 } Param;
@@ -22,41 +27,41 @@ typedef struct Param {
 /* List of parameters, terminated with a param with NULL name */
 const Param sys_param_list[] = {
   /* Read-only integers */
-  {"devsw_cur",  0, 0, "Developer switch current position"},
-  {"devsw_boot", 0, 0, "Developer switch position at boot"},
-  {"recoverysw_cur", 0, 0, "Recovery switch current position"},
-  {"recoverysw_boot", 0, 0, "Recovery switch position at boot"},
-  {"recoverysw_ec_boot", 0, 0, "Recovery switch position at EC boot"},
-  {"wpsw_cur",  0, 0,
-   "Firmware write protect hardware switch current position"},
-  {"wpsw_boot", 0, 0,
-   "Firmware write protect hardware switch position at boot"},
-  {"recovery_reason",  0, 0, "Recovery mode reason for current boot"},
-  {"savedmem_base", 0, 0, "RAM debug data area physical address", "0x%08x"},
-  {"savedmem_size", 0, 0, "RAM debug data area size in bytes"},
-  {"fmap_base", 0, 0, "Main firmware flashmap physical address", "0x%08x"},
-  {"tried_fwb", 0, 0, "Tried firmware B before A this boot"},
-  {"cros_debug", 0, 0, "OS should allow debug features"},
+  {"devsw_cur",  0, "Developer switch current position"},
+  {"devsw_boot", 0, "Developer switch position at boot"},
+  {"recoverysw_cur", 0, "Recovery switch current position"},
+  {"recoverysw_boot", 0, "Recovery switch position at boot"},
+  {"recoverysw_ec_boot", 0, "Recovery switch position at EC boot"},
+  {"wpsw_cur", 0, "Firmware write protect hardware switch current position"},
+  {"wpsw_boot", 0, "Firmware write protect hardware switch position at boot"},
+  {"recovery_reason", 0, "Recovery mode reason for current boot"},
+  {"savedmem_base", 0, "RAM debug data area physical address", "0x%08x"},
+  {"savedmem_size", 0, "RAM debug data area size in bytes"},
+  {"fmap_base", 0, "Main firmware flashmap physical address", "0x%08x"},
+  {"tried_fwb", 0, "Tried firmware B before A this boot"},
+  {"cros_debug", 0, "OS should allow debug features"},
+  {"vdat_flags", 0, "Flags from VbSharedData", "0x%08x"},
   /* Read-only strings */
-  {"hwid", 1, 0, "Hardware ID"},
-  {"fwid", 1, 0, "Active firmware ID"},
-  {"ro_fwid", 1, 0, "Read-only firmware ID"},
-  {"mainfw_act", 1, 0, "Active main firmware"},
-  {"mainfw_type", 1, 0, "Active main firmware type"},
-  {"ecfw_act", 1, 0, "Active EC firmware"},
-  {"kernkey_vfy", 1, 0, "Type of verification done on kernel key block"},
+  {"hwid", IS_STRING, "Hardware ID"},
+  {"fwid", IS_STRING, "Active firmware ID"},
+  {"ro_fwid", IS_STRING, "Read-only firmware ID"},
+  {"mainfw_act", IS_STRING, "Active main firmware"},
+  {"mainfw_type", IS_STRING, "Active main firmware type"},
+  {"ecfw_act", IS_STRING, "Active EC firmware"},
+  {"kernkey_vfy", IS_STRING, "Type of verification done on kernel key block"},
+  {"vdat_timers", IS_STRING, "Timer values from VbSharedData"},
+  {"vdat_lfdebug", IS_STRING, "LoadFirmware() debug data VbSharedData"},
   /* Writable integers */
-  {"nvram_cleared", 0, 1, "Have NV settings been lost?  Write 0 to clear"},
-  {"kern_nv", 0, 1, "Non-volatile field for kernel use", "0x%08x"},
-  {"recovery_request", 0, 1, "Recovery mode request (writable)"},
-  {"dbg_reset", 0, 1, "Debug reset mode request (writable)"},
-  {"fwb_tries", 0, 1, "Try firmware B count (writable)"},
-  {"vbtest_errfunc", 0, 1, "Verified boot test error function (writable)"},
-  {"vbtest_errno", 0, 1, "Verified boot test error number (writable)"},
-  {"vdat", 1, 0, "Raw VDAT contents."},
+  {"nvram_cleared", CAN_WRITE, "Have NV settings been lost?  Write 0 to clear"},
+  {"kern_nv", CAN_WRITE, "Non-volatile field for kernel use", "0x%08x"},
+  {"recovery_request", CAN_WRITE, "Recovery mode request (writable)"},
+  {"dbg_reset", CAN_WRITE, "Debug reset mode request (writable)"},
+  {"fwb_tries", CAN_WRITE, "Try firmware B count (writable)"},
+  {"vbtest_errfunc", CAN_WRITE, "Verified boot test error function (writable)"},
+  {"vbtest_errno", CAN_WRITE, "Verified boot test error number (writable)"},
 
   /* Terminate with null name */
-  {NULL, 0, 0, NULL}
+  {NULL, 0, NULL}
 };
 
 
@@ -98,10 +103,10 @@ const Param* FindParam(const char* name) {
  *
  * Returns 0 if success, non-zero if error. */
 int SetParam(const Param* p, const char* value) {
-  if (!p->can_write)
+  if (!(p->flags & CAN_WRITE))
     return 1;  /* Parameter is read-only */
 
-  if (p->is_string) {
+  if (p->flags & IS_STRING) {
     return (0 == VbSetSystemPropertyString(p->name, value) ? 0 : 1);
   } else {
     char* e;
@@ -117,7 +122,7 @@ int SetParam(const Param* p, const char* value) {
  *
  * Returns 0 if success (match), non-zero if error (mismatch). */
 int CheckParam(const Param* p, char* expect) {
-  if (p->is_string) {
+  if (p->flags & IS_STRING) {
     char buf[256];
     const char* v = VbGetSystemPropertyString(p->name, buf, sizeof(buf));
     if (!v || 0 != strcmp(v, expect))
@@ -139,7 +144,7 @@ int CheckParam(const Param* p, char* expect) {
  *
  * Returns 0 if success, non-zero if error. */
 int PrintParam(const Param* p) {
-  if (p->is_string) {
+  if (p->flags & IS_STRING) {
     char buf[256];
     const char* v = VbGetSystemPropertyString(p->name, buf, sizeof(buf));
     if (!v)
@@ -165,7 +170,9 @@ int PrintAllParams(void) {
   const char* value;
 
   for (p = sys_param_list; p->name; p++) {
-    if (p->is_string) {
+    if (p->flags & NO_PRINT_ALL)
+      continue;
+    if (p->flags & IS_STRING) {
       value = VbGetSystemPropertyString(p->name, buf, sizeof(buf));
     } else {
       int v = VbGetSystemPropertyInt(p->name);
@@ -176,7 +183,7 @@ int PrintAllParams(void) {
         value = buf;
       }
     }
-    printf("%-22s = %-20s # %s\n",
+    printf("%-22s = %-30s # %s\n",
            p->name, (value ? value : "(error)"), p->desc);
   }
   return retval;
diff --git a/utility/load_kernel_test.c b/utility/load_kernel_test.c
index d26c7cd4..73a3626a 100644
--- a/utility/load_kernel_test.c
+++ b/utility/load_kernel_test.c
@@ -171,8 +171,8 @@ int main(int argc, char* argv[]) {
   }
 
   /* Initialize the shared data area */
-  lkp.shared_data_blob = Malloc(LOAD_FIRMWARE_SHARED_DATA_REC_SIZE);
-  lkp.shared_data_size = LOAD_FIRMWARE_SHARED_DATA_REC_SIZE;
+  lkp.shared_data_blob = Malloc(VB_SHARED_DATA_REC_SIZE);
+  lkp.shared_data_size = VB_SHARED_DATA_REC_SIZE;
   shared = (VbSharedDataHeader*)lkp.shared_data_blob;
   if (0 != VbSharedDataInit(shared, lkp.shared_data_size)) {
     fprintf(stderr, "Unable to init shared data\n");