diff options
-rw-r--r-- | firmware/2lib/include/2struct.h | 4 | ||||
-rw-r--r-- | firmware/lib20/misc.c | 16 | ||||
-rw-r--r-- | firmware/lib21/misc.c | 16 | ||||
-rw-r--r-- | tests/vb20_misc_tests.c | 10 | ||||
-rw-r--r-- | tests/vb21_misc_tests.c | 10 |
5 files changed, 48 insertions, 8 deletions
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index cbf08901..ae01c5de 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -182,12 +182,16 @@ enum vb2_gbb_flag { * enable this ourselves because it executes non-verified code, but if * a customer wants to void their warranty and set this flag in the * read-only flash, they should be able to do so. + * + * (TODO: Currently not supported. Mark as deprecated/unused?) */ VB2_GBB_FLAG_LOAD_OPTION_ROMS = (1 << 1), /* * The factory flow may need the BIOS to boot a non-ChromeOS kernel if * the dev-switch is on. This flag allows that. + * + * (TODO: Currently not supported. Mark as deprecated/unused?) */ VB2_GBB_FLAG_ENABLE_ALTERNATE_OS = (1 << 2), diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index 0e61e858..83232b07 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -126,8 +126,12 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) /* Key version is the upper 16 bits of the composite firmware version */ if (kb->data_key.key_version > 0xffff) rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; - if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) - rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); return rv; @@ -238,8 +242,12 @@ int vb2_load_fw_preamble(struct vb2_context *ctx) rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE; /* Combine with the key version from vb2_load_fw_keyblock() */ sd->fw_version |= pre->firmware_version; - if (!rv && sd->fw_version < sd->fw_version_secdata) - rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + if (!rv && sd->fw_version < sd->fw_version_secdata) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); return rv; diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c index 92322a9c..c0143c04 100644 --- a/firmware/lib21/misc.c +++ b/firmware/lib21/misc.c @@ -117,8 +117,12 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) /* Key version is the upper 16 bits of the composite firmware version */ if (packed_key->key_version > 0xffff) rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE; - if (!rv && packed_key->key_version < (sd->fw_version_secdata >> 16)) - rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + if (!rv && packed_key->key_version < (sd->fw_version_secdata >> 16)) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv); return rv; @@ -205,8 +209,12 @@ int vb2_load_fw_preamble(struct vb2_context *ctx) rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE; /* Combine with the key version from vb2_load_fw_keyblock() */ sd->fw_version |= pre->fw_version; - if (!rv && sd->fw_version < sd->fw_version_secdata) - rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + if (!rv && sd->fw_version < sd->fw_version_secdata) { + if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK) + VB2_DEBUG("Ignoring FW rollback due to GBB flag\n"); + else + rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK; + } if (rv) { vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv); return rv; diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 8021888c..e3a5123f 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -268,6 +268,11 @@ static void verify_keyblock_tests(void) TEST_EQ(vb2_load_fw_keyblock(&cc), VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK, "keyblock rollback"); + + reset_common_data(FOR_KEYBLOCK); + kb->data_key.key_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_keyblock(&cc), "keyblock rollback with GBB flag"); } static void verify_preamble_tests(void) @@ -346,6 +351,11 @@ static void verify_preamble_tests(void) "preamble version rollback"); reset_common_data(FOR_PREAMBLE); + pre->firmware_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_preamble(&cc), "version rollback with GBB flag"); + + reset_common_data(FOR_PREAMBLE); pre->firmware_version = 3; TEST_SUCC(vb2_load_fw_preamble(&cc), "preamble version roll forward"); diff --git a/tests/vb21_misc_tests.c b/tests/vb21_misc_tests.c index 826c3fb1..d70cabd5 100644 --- a/tests/vb21_misc_tests.c +++ b/tests/vb21_misc_tests.c @@ -274,6 +274,11 @@ static void load_keyblock_tests(void) TEST_EQ(vb2_load_fw_keyblock(&ctx), VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK, "keyblock rollback"); + + reset_common_data(FOR_KEYBLOCK); + dk->key_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_keyblock(&ctx), "keyblock rollback + GBB flag"); } static void load_preamble_tests(void) @@ -353,6 +358,11 @@ static void load_preamble_tests(void) "preamble version rollback"); reset_common_data(FOR_PREAMBLE); + pre->fw_version = 1; + sd->gbb_flags |= VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK; + TEST_SUCC(vb2_load_fw_preamble(&ctx), "version rollback with GBB flag"); + + reset_common_data(FOR_PREAMBLE); pre->fw_version = 3; TEST_SUCC(vb2_load_fw_preamble(&ctx), "preamble version roll forward"); |