diff options
-rw-r--r-- | firmware/2lib/include/2common.h | 1 | ||||
-rw-r--r-- | firmware/2lib/include/2struct.h | 4 | ||||
-rw-r--r-- | firmware/include/gbb_header.h | 4 | ||||
-rw-r--r-- | firmware/lib/include/vboot_common.h | 5 | ||||
-rw-r--r-- | firmware/lib/vboot_common.c | 9 | ||||
-rw-r--r-- | firmware/lib/vboot_ui.c | 2 | ||||
-rw-r--r-- | firmware/lib/vboot_ui_menu.c | 8 | ||||
-rw-r--r-- | scripts/image_signing/gbb_flags_common.sh | 2 | ||||
-rw-r--r-- | tests/vboot_api_kernel2_tests.c | 11 | ||||
-rw-r--r-- | tests/vboot_detach_menu_tests.c | 14 |
10 files changed, 46 insertions, 14 deletions
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 019a34ac..be5c484a 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -12,6 +12,7 @@ #include "2return_codes.h" #include "2sha.h" #include "2struct.h" +#include "2sysincludes.h" struct vb2_public_key; diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 3411de77..d1185593 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -296,8 +296,8 @@ enum vb2_gbb_flag { */ VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP = (1 << 13), - /* Enable serial */ - VB2_GBB_FLAG_ENABLE_SERIAL = (1 << 14), + /* Recovery mode always assumes manual recovery, even if EC_IN_RW=1 */ + VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY = (1 << 14), /* Disable FWMP */ VB2_GBB_FLAG_DISABLE_FWMP = (1 << 15), diff --git a/firmware/include/gbb_header.h b/firmware/include/gbb_header.h index 4503ffaa..11586e92 100644 --- a/firmware/include/gbb_header.h +++ b/firmware/include/gbb_header.h @@ -72,8 +72,8 @@ * dev_boot_fastboot_full_cap=0. */ #define GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP 0x00002000 -/* Enable serial console */ -#define GBB_FLAG_ENABLE_SERIAL 0x00004000 +/* Recovery mode always assumes manual recovery, even if EC_IN_RW=1 */ +#define GBB_FLAG_FORCE_MANUAL_RECOVERY 0x00004000 /* Disable using FWMP */ #define GBB_FLAG_DISABLE_FWMP 0x00008000 diff --git a/firmware/lib/include/vboot_common.h b/firmware/lib/include/vboot_common.h index acfb58b7..44dba262 100644 --- a/firmware/lib/include/vboot_common.h +++ b/firmware/lib/include/vboot_common.h @@ -8,6 +8,7 @@ #ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_ #define VBOOT_REFERENCE_VBOOT_COMMON_H_ +#include "2api.h" #include "vboot_struct.h" #ifndef ARRAY_SIZE @@ -145,9 +146,9 @@ int VbSharedDataSetKernelKey(VbSharedDataHeader *header, * requests including manual recovery requested by a (compromised) host will * end up with 'broken' screen. * - * @param flags Flags of VbSharedDataHeader. + * @param ctx vboot2 context pointer * @return 1: Yes. 0: No or not sure. */ -int vb2_allow_recovery(uint32_t flags); +int vb2_allow_recovery(struct vb2_context *ctx); #endif /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */ diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c index d3851940..f336f2c0 100644 --- a/firmware/lib/vboot_common.c +++ b/firmware/lib/vboot_common.c @@ -10,6 +10,7 @@ #include "2sysincludes.h" #include "2common.h" +#include "2misc.h" #include "2rsa.h" #include "2sha.h" #include "vboot_api.h" @@ -211,8 +212,12 @@ int VbSharedDataSetKernelKey(VbSharedDataHeader *header, const VbPublicKey *src) return PublicKeyCopy(kdest, src); } -int vb2_allow_recovery(uint32_t flags) +int vb2_allow_recovery(struct vb2_context *ctx) { + /* GBB_FLAG_FORCE_MANUAL_RECOVERY forces this to always return true. */ + if (vb2_get_sd(ctx)->gbb_flags & VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY) + return 1; + /* * If EC is in RW, it implies recovery wasn't manually requested. * On some platforms, EC_IN_RW can't be reset by the EC, thus, this may @@ -223,5 +228,5 @@ int vb2_allow_recovery(uint32_t flags) return 0; /* Now we confidently check the recovery switch state at boot */ - return !!(flags & VBSD_BOOT_REC_SWITCH_ON); + return !!(vb2_get_sd(ctx)->vbsd->flags & VBSD_BOOT_REC_SWITCH_ON); } diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c index 1db0e4a7..5eb78f0a 100644 --- a/firmware/lib/vboot_ui.c +++ b/firmware/lib/vboot_ui.c @@ -403,7 +403,7 @@ static VbError_t recovery_ui(struct vb2_context *ctx) VB2_DEBUG("VbBootRecovery() start\n"); - if (!vb2_allow_recovery(shared->flags)) { + if (!vb2_allow_recovery(ctx)) { /* * We have to save the reason here so that it will survive * coming up three-finger-salute. We're saving it in diff --git a/firmware/lib/vboot_ui_menu.c b/firmware/lib/vboot_ui_menu.c index 050051ce..c050ec8e 100644 --- a/firmware/lib/vboot_ui_menu.c +++ b/firmware/lib/vboot_ui_menu.c @@ -231,7 +231,7 @@ static VbError_t enter_language_menu(struct vb2_context *ctx) static VbError_t enter_recovery_base_screen(struct vb2_context *ctx) { - if (!vb2_allow_recovery(vb2_get_sd(ctx)->vbsd->flags)) + if (!vb2_allow_recovery(ctx)) vb2_change_menu(VB_MENU_RECOVERY_BROKEN, 0); else if (usb_nogood) vb2_change_menu(VB_MENU_RECOVERY_NO_GOOD, 0); @@ -289,7 +289,7 @@ static VbError_t language_action(struct vb2_context *ctx) * Non-manual recovery mode is meant to be left via hard reset (into * manual recovery mode). Need to commit NVRAM changes immediately. */ - if (vbsd->recovery_reason && !vb2_allow_recovery(vbsd->flags)) + if (vbsd->recovery_reason && !vb2_allow_recovery(ctx)) vb2_nv_commit(ctx); /* Return to previous menu. */ @@ -319,7 +319,7 @@ static VbError_t to_dev_action(struct vb2_context *ctx) /* Sanity check, should never happen. */ if (!(vbsd_flags & VBSD_HONOR_VIRT_DEV_SWITCH) || (vbsd_flags & VBSD_BOOT_DEV_SWITCH_ON) || - !vb2_allow_recovery(vbsd_flags)) + !vb2_allow_recovery(ctx)) return VBERROR_KEEP_LOOPING; VB2_DEBUG("Enabling dev-mode...\n"); @@ -828,7 +828,7 @@ VbError_t VbBootRecoveryMenu(struct vb2_context *ctx) VbError_t retval = vb2_init_menus(ctx); if (VBERROR_SUCCESS != retval) return retval; - if (vb2_allow_recovery(vb2_get_sd(ctx)->vbsd->flags)) + if (vb2_allow_recovery(ctx)) retval = recovery_ui(ctx); else retval = broken_ui(ctx); diff --git a/scripts/image_signing/gbb_flags_common.sh b/scripts/image_signing/gbb_flags_common.sh index 9a8d1cb4..fed7ac61 100644 --- a/scripts/image_signing/gbb_flags_common.sh +++ b/scripts/image_signing/gbb_flags_common.sh @@ -33,7 +33,7 @@ GBBFLAGS_LIST=" GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC 0x00000800 GBB_FLAG_DISABLE_LID_SHUTDOWN 0x00001000 GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP 0x00002000 - GBB_FLAG_ENABLE_SERIAL 0x00004000 + GBB_FLAG_FORCE_MANUAL_RECOVERY 0x00004000 " GBBFLAGS_DESCRIPTION_SUFFIX=" diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c index 2a714baa..b9e05157 100644 --- a/tests/vboot_api_kernel2_tests.c +++ b/tests/vboot_api_kernel2_tests.c @@ -605,6 +605,17 @@ static void VbBootRecTest(void) TEST_EQ(screens_displayed[0], VB_SCREEN_OS_BROKEN, " broken screen"); + /* Force insert screen with GBB flag */ + ResetMocks(); + shutdown_request_calls_left = 100; + sd->gbb_flags |= VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY; + vbtlk_retval = VBERROR_NO_DISK_FOUND - VB_DISK_FLAG_REMOVABLE; + TEST_EQ(VbBootRecovery(&ctx), + VBERROR_SHUTDOWN_REQUESTED, + "Insert (forced by GBB)"); + TEST_EQ(screens_displayed[0], VB_SCREEN_RECOVERY_INSERT, + " insert screen"); + /* No removal if recovery button physically pressed */ ResetMocks(); shutdown_request_calls_left = 100; diff --git a/tests/vboot_detach_menu_tests.c b/tests/vboot_detach_menu_tests.c index 3d30683a..f494dc91 100644 --- a/tests/vboot_detach_menu_tests.c +++ b/tests/vboot_detach_menu_tests.c @@ -1333,6 +1333,20 @@ static void VbBootRecTest(void) TEST_EQ(screens_count, 2, " no extra screens"); TEST_EQ(beeps_count, 0, " no beep on shutdown"); + /* go to INSERT if forced by GBB flag */ + ResetMocks(); + vbtlk_retval[0] = VBERROR_NO_DISK_FOUND - VB_DISK_FLAG_REMOVABLE; + sd->gbb_flags |= GBB_FLAG_FORCE_MANUAL_RECOVERY; + TEST_EQ(VbBootRecoveryMenu(&ctx), VBERROR_SHUTDOWN_REQUESTED, + "Shutdown requested in INSERT forced by GBB flag"); + TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), 0, " no recovery"); + TEST_EQ(debug_info_displayed, 0, " no debug info"); + TEST_EQ(screens_displayed[0], VB_SCREEN_RECOVERY_INSERT, + " insert screen"); + TEST_EQ(screens_displayed[1], VB_SCREEN_BLANK, " final blank screen"); + TEST_EQ(screens_count, 2, " no extra screens"); + TEST_EQ(beeps_count, 0, " no beep on shutdown"); + /* Stay at BROKEN if recovery button not physically pressed */ ResetMocksForManualRecovery(); vbtlk_retval[0] = VBERROR_NO_DISK_FOUND - VB_DISK_FLAG_REMOVABLE; |