diff options
-rw-r--r-- | futility/cmd_update.c | 41 | ||||
-rwxr-xr-x | tests/futility/test_update.sh | 10 |
2 files changed, 35 insertions, 16 deletions
diff --git a/futility/cmd_update.c b/futility/cmd_update.c index c8553b70..ed9ee835 100644 --- a/futility/cmd_update.c +++ b/futility/cmd_update.c @@ -486,7 +486,7 @@ static void override_properties_from_list(const char *override_list, i++; wait_comma = 0; } - if (!isascii(c) || !isdigit(c)) + if (!isascii(c) || !(isdigit(c) || c == '-')) continue; if (i >= SYS_PROP_MAX) { ERROR("Too many fields (max is %d): %s.", @@ -1417,27 +1417,23 @@ static int legacy_needs_update(struct updater_config *cfg) * blocked by TPM's anti-rollback detection. * Returns 0 for success, otherwise failure. */ -static int check_compatible_tpm_keys(struct updater_config *cfg, - const struct firmware_image *rw_image) +static int do_check_compatible_tpm_keys(struct updater_config *cfg, + const struct firmware_image *rw_image) { unsigned int data_key_version = 0, firmware_version = 0, - tpm_data_key_version = 0, tpm_firmware_version = 0, - tpm_fwver = 0; + tpm_data_key_version = 0, tpm_firmware_version = 0; + int tpm_fwver = 0; /* Fail if the given image does not look good. */ if (get_key_versions(rw_image, FMAP_RW_VBLOCK_A, &data_key_version, &firmware_version) != 0) return -1; + /* The stored tpm_fwver can be 0 (b/116298359#comment3). */ tpm_fwver = get_system_property(SYS_PROP_TPM_FWVER, cfg); - if (tpm_fwver <= 0) { - ERROR("Invalid tpm_fwver: %#x (skipped checking).", tpm_fwver); - /* - * This is an error, but it may be common for early proto - * devices so we don't want to fail here. Just skip checking TPM - * if system tpm_fwver can't be fetched. - */ - return 0; + if (tpm_fwver < 0) { + ERROR("Invalid tpm_fwver: %d.", tpm_fwver); + return -1; } tpm_data_key_version = tpm_fwver >> 16; @@ -1459,6 +1455,25 @@ static int check_compatible_tpm_keys(struct updater_config *cfg, } /* + * Wrapper for do_check_compatible_tpm_keys. + * Will return 0 if do_check_compatible_tpm_keys success or if cfg.force_update + * is set; otherwise non-zero. + */ +static int check_compatible_tpm_keys(struct updater_config *cfg, + const struct firmware_image *rw_image) +{ + int r = do_check_compatible_tpm_keys(cfg, rw_image); + if (!r) + return r; + if (!cfg->force_update) { + ERROR("Add --force if you want to waive TPM checks."); + return r; + } + printf("TPM KEYS CHECK IS WAIVED BY --force. YOU ARE ON YOUR OWN.\n"); + return 0; +} + +/* * Quirk to enlarge a firmware image to match flash size. This is needed by * devices using multiple SPI flash with different sizes, for example 8M and * 16M. The image_to will be padded with 0xFF using the size of image_from. diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh index 8c5e0d56..c5615f0f 100755 --- a/tests/futility/test_update.sh +++ b/tests/futility/test_update.sh @@ -158,14 +158,18 @@ test_update "Full update (TPM Anti-rollback: kernel key)" \ "${FROM_IMAGE}" "!Firmware version rollback detected (5->4)" \ -i "${TO_IMAGE}" --wp=0 --sys_props 1,0x10005,1 -test_update "Full update (Skip TPM check due to invalid tpm_fwver)" \ +test_update "Full update (TPM Anti-rollback: 0 as tpm_fwver)" \ "${FROM_IMAGE}" "${TMP}.expected.full" \ -i "${TO_IMAGE}" --wp=0 --sys_props 0,0x0,1 -test_update "Full update (Skip TPM check due to tpm_fwver error)" \ - "${FROM_IMAGE}" "${TMP}.expected.full" \ +test_update "Full update (TPM check failure due to invalid tpm_fwver)" \ + "${FROM_IMAGE}" "!Invalid tpm_fwver: -1" \ -i "${TO_IMAGE}" --wp=0 --sys_props 0,-1,1 +test_update "Full update (Skip TPM check with --force)" \ + "${FROM_IMAGE}" "${TMP}.expected.full" \ + -i "${TO_IMAGE}" --wp=0 --sys_props 0,-1,1 --force + # Test RW-only update. test_update "RW update" \ "${FROM_IMAGE}" "${TMP}.expected.rw" \ |