diff options
-rw-r--r-- | firmware/lib/vboot_api_kernel.c | 14 | ||||
-rw-r--r-- | firmware/lib/vboot_kernel.c | 28 |
2 files changed, 22 insertions, 20 deletions
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index bde6f82e..7e48685a 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -471,11 +471,13 @@ VbError_t VbVerifyMemoryBootImage( int dev_switch; uint32_t allow_fastboot_full_cap = 0; struct vb2_workbuf wb; + VbError_t retval; + int rv; /* Allocate work buffer */ vb2_workbuf_from_ctx(ctx, &wb); - VbError_t retval = vb2_kernel_setup(ctx, shared, kparams); + retval = vb2_kernel_setup(ctx, shared, kparams); if (retval) goto fail; @@ -510,10 +512,10 @@ VbError_t VbVerifyMemoryBootImage( hash_only = 1; } else { /* Get recovery key. */ - retval = vb2_gbb_read_recovery_key(ctx, &kernel_subkey, - NULL, &wb); - if (VBERROR_SUCCESS != retval) { - VB2_DEBUG("Gbb Read Recovery key failed.\n"); + rv = vb2_gbb_read_recovery_key(ctx, &kernel_subkey, NULL, &wb); + if (VB2_SUCCESS != rv) { + VB2_DEBUG("GBB read recovery key failed.\n"); + retval = VBERROR_INVALID_GBB; goto fail; } } @@ -524,7 +526,7 @@ VbError_t VbVerifyMemoryBootImage( /* Verify the key block. */ key_block = (VbKeyBlockHeader *)kbuf; struct vb2_keyblock *keyblock2 = (struct vb2_keyblock *)kbuf; - int rv; + rv = VB2_SUCCESS; if (hash_only) { rv = vb2_verify_keyblock_hash(keyblock2, image_size, &wb); } else { diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 8ac409a6..5fdc6a4e 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -440,12 +440,11 @@ VbError_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) struct vb2_workbuf wb; VbSharedDataHeader *shared = sd->vbsd; VbSharedDataKernelCall *shcall = NULL; - struct vb2_packed_key *recovery_key = NULL; int found_partitions = 0; uint32_t lowest_version = LOWEST_TPM_VERSION; - VbError_t retval = VBERROR_UNKNOWN; int recovery = VB2_RECOVERY_LK_UNSPECIFIED; + int rv; vb2_workbuf_from_ctx(ctx, &wb); @@ -472,11 +471,12 @@ VbError_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) struct vb2_packed_key *kernel_subkey; if (kBootRecovery == shcall->boot_mode) { /* Use the recovery key to verify the kernel */ - retval = vb2_gbb_read_recovery_key(ctx, &recovery_key, - NULL, &wb); - if (VBERROR_SUCCESS != retval) + rv = vb2_gbb_read_recovery_key(ctx, &kernel_subkey, NULL, &wb); + if (VB2_SUCCESS != rv) { + VB2_DEBUG("GBB read recovery key failed.\n"); + retval = VBERROR_INVALID_GBB; goto load_kernel_exit; - kernel_subkey = recovery_key; + } } else { /* Use the kernel subkey passed from firmware verification */ kernel_subkey = (struct vb2_packed_key *)&shared->kernel_subkey; @@ -552,14 +552,14 @@ VbError_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) lpflags |= VB2_LOAD_PARTITION_VBLOCK_ONLY; } - int rv = vb2_load_partition(ctx, - stream, - kernel_subkey, - lpflags, - params, - shared->kernel_version_tpm, - shpart, - &wb); + rv = vb2_load_partition(ctx, + stream, + kernel_subkey, + lpflags, + params, + shared->kernel_version_tpm, + shpart, + &wb); VbExStreamClose(stream); if (rv != VB2_SUCCESS) { |