diff options
-rw-r--r-- | firmware/2lib/2api.c | 20 | ||||
-rw-r--r-- | firmware/2lib/2misc.c | 10 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 12 | ||||
-rw-r--r-- | firmware/2lib/include/2misc.h | 14 | ||||
-rw-r--r-- | firmware/lib/vboot_ui.c | 6 | ||||
-rw-r--r-- | firmware/lib20/api.c | 6 | ||||
-rw-r--r-- | firmware/lib20/api_kernel.c | 2 | ||||
-rw-r--r-- | firmware/lib20/misc.c | 8 | ||||
-rw-r--r-- | firmware/lib21/api.c | 8 | ||||
-rw-r--r-- | firmware/lib21/misc.c | 8 | ||||
-rw-r--r-- | tests/vb2_misc_tests.c | 33 |
11 files changed, 58 insertions, 69 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 5be542bc..cc2c17bd 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -16,14 +16,6 @@ #include "2sysincludes.h" #include "2tpm_bootmode.h" -void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) -{ - /* Initialize the vboot context if it hasn't been yet */ - vb2_init_context(ctx); - - vb2_fail(ctx, reason, subcode); -} - vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) { vb2_error_t rv; @@ -50,7 +42,7 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) * Fool me twice, shame on me. Fail into recovery to avoid * a reboot loop. */ - vb2_fail(ctx, VB2_RECOVERY_RO_TPM_REBOOT, 0); + vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_REBOOT, 0); } else { /* Reboot requested for the first time */ vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1); @@ -60,12 +52,12 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) /* Initialize firmware secure data */ rv = vb2_secdata_firmware_init(ctx); if (rv) - vb2_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv); + vb2api_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv); /* Load and parse the GBB header */ rv = vb2_fw_init_gbb(ctx); if (rv) - vb2_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv); + vb2api_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv); /* * Check for recovery. Note that this function returns void, since any @@ -85,7 +77,7 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) * to take a different path through the dev switch checking * code in that case. */ - vb2_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv); + vb2api_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv); return rv; } @@ -145,14 +137,14 @@ vb2_error_t vb2api_fw_phase2(struct vb2_context *ctx) /* Check for explicit request to clear TPM */ rv = vb2_check_tpm_clear(ctx); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); + vb2api_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); return rv; } /* Decide which firmware slot to try this boot */ rv = vb2_select_fw_slot(ctx); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_SLOT, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_SLOT, rv); return rv; } diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 396a1593..389a80d7 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -77,8 +77,11 @@ vb2_error_t vb2_read_gbb_header(struct vb2_context *ctx, return VB2_SUCCESS; } -void vb2_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) +void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) { + /* Initialize the vboot context if it hasn't been yet */ + vb2_init_context(ctx); + struct vb2_shared_data *sd = vb2_get_sd(ctx); /* If NV data hasn't been initialized, initialize it now */ @@ -337,7 +340,8 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx) * we don't have NVRAM space to store the full * 32-bit code. */ - vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); + vb2api_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, + rv); return rv; } @@ -371,7 +375,7 @@ vb2_error_t vb2_check_tpm_clear(struct vb2_context *ctx) * useful as the full error code, but we don't have NVRAM space * to store the full 32-bit code. */ - vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); + vb2api_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); return rv; } diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 9a8a2228..982d4772 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -488,11 +488,15 @@ vb2_error_t vb2api_secdata_fwmp_check(struct vb2_context *ctx, uint8_t *size); /** * Report firmware failure to vboot. * - * This may be called before vb2api_phase1() to indicate errors in the boot - * process prior to the start of vboot. + * If the failure occurred after choosing a firmware slot, and the other + * firmware slot is not known-bad, try the other firmware slot after reboot. + * + * If the failure occurred before choosing a firmware slot, or both slots have + * failed in successive boots, request recovery. * - * If this is called after vb2api_phase1(), on return, the calling firmware - * should check for updates to secdata and/or nvdata, then reboot. + * This may be called before vb2api_phase1() to indicate errors in the boot + * process prior to the start of vboot. On return, the calling firmware should + * check for updates to secdata and/or nvdata, then reboot. * * @param reason Recovery reason * @param subcode Recovery subcode diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index b03df5f3..6b305169 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -73,20 +73,6 @@ vb2_error_t vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb); /** - * Handle vboot failure. - * - * If the failure occurred after choosing a firmware slot, and the other - * firmware slot is not known-bad, try the other firmware slot after reboot. - * - * If the failure occurred before choosing a firmware slot, or both slots have - * failed in successive boots, request recovery. - * - * @param reason Recovery reason - * @param subcode Recovery subcode - */ -void vb2_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode); - -/** * Set up the verified boot context data, if not already set up. * * This uses ctx->workbuf_used=0 as a flag to indicate that the data has not diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c index aa9a58cb..2b2c08ab 100644 --- a/firmware/lib/vboot_ui.c +++ b/firmware/lib/vboot_ui.c @@ -488,11 +488,11 @@ static vb2_error_t vb2_diagnostics_ui(struct vb2_context *ctx) if (RollbackKernelLock(0)) { VB2_DEBUG("Failed to lock TPM PP\n"); - vb2_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0); + vb2api_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0); } else if (vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED) != VB2_SUCCESS) { VB2_DEBUG("Failed to disable TPM\n"); - vb2_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0); + vb2api_fail(ctx, VB2_RECOVERY_TPM_DISABLE_FAILED, 0); } else { vb2_run_altfw(ctx, VB_ALTFW_DIAGNOSTIC); VB2_DEBUG("Diagnostic failed to run\n"); @@ -500,7 +500,7 @@ static vb2_error_t vb2_diagnostics_ui(struct vb2_context *ctx) * Assuming failure was due to bad hash, though * the rom could just be missing or invalid. */ - vb2_fail(ctx, VB2_RECOVERY_ALTFW_HASH_FAILED, 0); + vb2api_fail(ctx, VB2_RECOVERY_ALTFW_HASH_FAILED, 0); } } diff --git a/firmware/lib20/api.c b/firmware/lib20/api.c index 13f26bfd..f70e2625 100644 --- a/firmware/lib20/api.c +++ b/firmware/lib20/api.c @@ -22,14 +22,14 @@ vb2_error_t vb2api_fw_phase3(struct vb2_context *ctx) /* Verify firmware keyblock */ rv = vb2_load_fw_keyblock(ctx); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); + vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); return rv; } /* Verify firmware preamble */ rv = vb2_load_fw_preamble(ctx); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); + vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); return rv; } @@ -199,7 +199,7 @@ vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx, */ rv = vb2_verify_digest(&key, &pre->body_signature, digest, &wb); if (rv) - vb2_fail(ctx, VB2_RECOVERY_FW_BODY, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_BODY, rv); if (digest_out != NULL) { if (digest_out_size < digest_size) diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c index 555a7c47..3aad5967 100644 --- a/firmware/lib20/api_kernel.c +++ b/firmware/lib20/api_kernel.c @@ -37,7 +37,7 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx) /* Ignore failure to get kernel version in recovery */ sd->kernel_version_secdata = 0; } else { - vb2_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv); + vb2api_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv); return rv; } } diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index 01fd717f..330453b2 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -130,7 +130,7 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx) /* Verify the keyblock */ rv = vb2_verify_keyblock(kb, block_size, &root_key, &wb); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv); return rv; } @@ -144,7 +144,7 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx) rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; } if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); return rv; } @@ -247,7 +247,7 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx) /* Verify the preamble */ rv = vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv); return rv; } @@ -266,7 +266,7 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx) rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; } if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); return rv; } diff --git a/firmware/lib21/api.c b/firmware/lib21/api.c index 732982c4..b9fc5e4c 100644 --- a/firmware/lib21/api.c +++ b/firmware/lib21/api.c @@ -23,14 +23,14 @@ vb2_error_t vb21api_fw_phase3(struct vb2_context *ctx) /* Verify firmware keyblock */ rv = vb21_load_fw_keyblock(ctx); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); + vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); return rv; } /* Verify firmware preamble */ rv = vb21_load_fw_preamble(ctx); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); + vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); return rv; } @@ -160,8 +160,8 @@ vb2_error_t vb21api_check_hash(struct vb2_context *ctx) digest_size)) return VB2_ERROR_API_CHECK_HASH_SIG; - /* TODO: the old check-hash function called vb2_fail() on any mismatch. - * I don't think it should do that; the caller should. */ + /* TODO: The old check-hash function called vb2api_fail() on any + mismatch. I don't think it should do that; the caller should. */ return VB2_SUCCESS; } diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c index 982ee0e3..08f30d36 100644 --- a/firmware/lib21/misc.c +++ b/firmware/lib21/misc.c @@ -106,7 +106,7 @@ vb2_error_t vb21_load_fw_keyblock(struct vb2_context *ctx) /* Verify the keyblock */ rv = vb21_verify_keyblock(kb, kb->c.total_size, &root_key, &wb); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv); return rv; } @@ -125,7 +125,7 @@ vb2_error_t vb21_load_fw_keyblock(struct vb2_context *ctx) rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; } if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); return rv; } @@ -192,7 +192,7 @@ vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx) /* Verify the preamble */ rv = vb21_verify_fw_preamble(pre, pre->c.total_size, &data_key, &wb); if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv); return rv; } @@ -218,7 +218,7 @@ vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx) rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; } if (rv) { - vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); + vb2api_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); return rv; } diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index fb8d37fa..5e1383cd 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -256,19 +256,19 @@ static void fail_tests(void) /* Early fail (before even NV init) */ reset_common_data(); sd->status &= ~VB2_SD_STATUS_NV_INIT; - vb2_fail(&ctx, 1, 2); - TEST_NEQ(sd->status & VB2_SD_STATUS_NV_INIT, 0, "vb2_fail inits NV"); + vb2api_fail(&ctx, 1, 2); + TEST_NEQ(sd->status & VB2_SD_STATUS_NV_INIT, 0, "vb2api_fail inits NV"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), - 1, "vb2_fail request"); + 1, "vb2api_fail request"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_SUBCODE), - 2, "vb2_fail subcode"); + 2, "vb2api_fail subcode"); /* Repeated fail doesn't overwrite the error code */ - vb2_fail(&ctx, 3, 4); + vb2api_fail(&ctx, 3, 4); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), - 1, "vb2_fail repeat"); + 1, "vb2api_fail repeat"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_SUBCODE), - 2, "vb2_fail repeat2"); + 2, "vb2api_fail repeat2"); /* Fail with other slot good doesn't trigger recovery */ reset_common_data(); @@ -278,12 +278,14 @@ static void fail_tests(void) sd->fw_slot = 0; sd->last_fw_slot = 1; sd->last_fw_result = VB2_FW_RESULT_UNKNOWN; - vb2_fail(&ctx, 5, 6); + vb2api_fail(&ctx, 5, 6); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), 0, "vb2_failover"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_FW_RESULT), - VB2_FW_RESULT_FAILURE, "vb2_fail this fw"); - TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_COUNT), 0, "vb2_fail use up tries"); - TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 1, "vb2_fail try other slot"); + VB2_FW_RESULT_FAILURE, "vb2api_fail this fw"); + TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_COUNT), 0, + "vb2api_fail use up tries"); + TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 1, + "vb2api_fail try other slot"); /* Fail with other slot already failing triggers recovery */ reset_common_data(); @@ -291,12 +293,13 @@ static void fail_tests(void) sd->fw_slot = 1; sd->last_fw_slot = 0; sd->last_fw_result = VB2_FW_RESULT_FAILURE; - vb2_fail(&ctx, 7, 8); + vb2api_fail(&ctx, 7, 8); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), 7, - "vb2_fail both slots bad"); + "vb2api_fail both slots bad"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_FW_RESULT), - VB2_FW_RESULT_FAILURE, "vb2_fail this fw"); - TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 0, "vb2_fail try other slot"); + VB2_FW_RESULT_FAILURE, "vb2api_fail this fw"); + TEST_EQ(vb2_nv_get(&ctx, VB2_NV_TRY_NEXT), 0, + "vb2api_fail try other slot"); } static void recovery_tests(void) |