diff options
| -rw-r--r-- | firmware/lib/rollback_index.c | 12 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 36 | ||||
| -rw-r--r-- | tests/rollback_index2_tests.c | 12 |
3 files changed, 32 insertions, 28 deletions
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c index 306e9032..49b3a84b 100644 --- a/firmware/lib/rollback_index.c +++ b/firmware/lib/rollback_index.c @@ -667,10 +667,16 @@ uint32_t RollbackBackupWrite(uint8_t *raw) uint32_t RollbackKernelLock(int recovery_mode) { - if (recovery_mode) + static int kernel_locked = 0; + uint32_t r; + + if (recovery_mode || kernel_locked) return TPM_SUCCESS; - else - return TlclLockPhysicalPresence(); + + r = TlclLockPhysicalPresence(); + if (TPM_SUCCESS == r) + kernel_locked = 1; + return r; } #endif /* DISABLE_ROLLBACK_TPM */ diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index b28d4388..d01160af 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -64,6 +64,21 @@ static int VbWantShutdown(uint32_t gbb_flags) return !!shutdown_request; } +static void VbTryLegacy(int allowed) +{ + if (!allowed) + VBDEBUG(("VbBootDeveloper() - Legacy boot is disabled\n")); + else if (0 != RollbackKernelLock(0)) + VBDEBUG(("Error locking kernel versions on legacy boot.\n")); + else + VbExLegacy(); /* will not return if successful */ + + /* If legacy boot fails, beep and return to calling UI loop. */ + VbExBeep(120, 400); + VbExSleepMs(120); + VbExBeep(120, 400); +} + /** * Attempt loading a kernel from the specified type(s) of disks. * @@ -351,19 +366,7 @@ VbError_t VbBootDeveloper(VbCommonParams *cparams, LoadKernelParams *p) case 0x0c: VBDEBUG(("VbBootDeveloper() - " "user pressed Ctrl+L; Try legacy boot\n")); - /* - * If VbExLegacy() succeeds, it will never return. If - * it returns, beep. - */ - if (allow_legacy) - VbExLegacy(); - else - VBDEBUG(("VbBootDeveloper() - " - "Legacy boot is disabled\n")); - - VbExBeep(120, 400); - VbExSleepMs(120); - VbExBeep(120, 400); + VbTryLegacy(allow_legacy); break; case VB_KEY_CTRL_ENTER: @@ -434,12 +437,7 @@ VbError_t VbBootDeveloper(VbCommonParams *cparams, LoadKernelParams *p) if ((gbb->flags & GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY) && !ctrl_d_pressed) { VBDEBUG(("VbBootDeveloper() - defaulting to legacy\n")); - VbExLegacy(); - - /* If that fails, beep and fall through to fixed disk */ - VbExBeep(120, 400); - VbExSleepMs(120); - VbExBeep(120, 400); + VbTryLegacy(1); } /* Timeout or Ctrl+D; attempt loading from fixed disk */ diff --git a/tests/rollback_index2_tests.c b/tests/rollback_index2_tests.c index 853bfc86..84655fa3 100644 --- a/tests/rollback_index2_tests.c +++ b/tests/rollback_index2_tests.c @@ -945,12 +945,6 @@ static void RollbackKernelTest(void) "RollbackKernelWrite() error"); /* Test lock (recovery off) */ - ResetMocks(0, 0); - TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()"); - TEST_STR_EQ(mock_calls, - "TlclLockPhysicalPresence()\n", - "tlcl calls"); - ResetMocks(1, TPM_E_IOERROR); TEST_EQ(RollbackKernelLock(0), TPM_E_IOERROR, "RollbackKernelLock() error"); @@ -960,6 +954,12 @@ static void RollbackKernelTest(void) ResetMocks(0, 0); TEST_EQ(RollbackKernelLock(1), 0, "RollbackKernelLock() in recovery"); TEST_STR_EQ(mock_calls, "", "no tlcl calls"); + + ResetMocks(0, 0); + TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()"); + TEST_STR_EQ(mock_calls, + "TlclLockPhysicalPresence()\n", + "tlcl calls"); } /* Tests for RollbackS3Resume() */ |