diff options
-rw-r--r-- | firmware/2lib/include/2recovery_reasons.h | 128 | ||||
-rw-r--r-- | firmware/lib/vboot_display.c | 77 | ||||
-rw-r--r-- | firmware/lib/vboot_kernel.c | 2 | ||||
-rw-r--r-- | firmware/lib/vboot_ui.c | 7 | ||||
-rw-r--r-- | host/arch/x86/lib/crossystem_arch.c | 4 | ||||
-rw-r--r-- | tests/vboot_api_kernel2_tests.c | 9 | ||||
-rw-r--r-- | tests/vboot_kernel_tests.c | 2 |
7 files changed, 94 insertions, 135 deletions
diff --git a/firmware/2lib/include/2recovery_reasons.h b/firmware/2lib/include/2recovery_reasons.h index 6d9a2727..b409e957 100644 --- a/firmware/2lib/include/2recovery_reasons.h +++ b/firmware/2lib/include/2recovery_reasons.h @@ -10,6 +10,10 @@ /* Recovery reason codes */ enum vb2_nv_recovery { + + /**********************************************************************/ + /**** Uncategorized errors ********************************************/ + /* Recovery not requested. */ VB2_RECOVERY_NOT_REQUESTED = 0x00, @@ -24,29 +28,31 @@ enum vb2_nv_recovery { /* User manually requested recovery via recovery button */ VB2_RECOVERY_RO_MANUAL = 0x02, - /* - * RW firmware failed signature check (neither RW firmware slot was - * valid) - */ + + + /**********************************************************************/ + /**** Firmware verification (RO) errors (and some EC stuff???) ********/ + + /* Unspecified RW verification error (when none of 0x10-0x1f fit) */ VB2_RECOVERY_RO_INVALID_RW = 0x03, - /* S3 resume failed */ - VB2_RECOVERY_RO_S3_RESUME = 0x04, + /* S3 resume failed (deprecated) */ + VB2_RECOVERY_DEPRECATED_RO_S3_RESUME = 0x04, - /* TPM error in read-only firmware (deprecated) */ - VB2_RECOVERY_DEP_RO_TPM_ERROR = 0x05, + /* TPM error in read-only firmware (deprecated, see 0x54+) */ + VB2_RECOVERY_DEPRECATED_RO_TPM_ERROR = 0x05, /* Shared data error in read-only firmware */ VB2_RECOVERY_RO_SHARED_DATA = 0x06, - /* Test error from S3Resume() */ - VB2_RECOVERY_RO_TEST_S3 = 0x07, + /* Test error from S3Resume() (deprecated) */ + VB2_RECOVERY_DEPRECATED_RO_TEST_S3 = 0x07, /* Test error from LoadFirmwareSetup() (deprecated) */ - VB2_RECOVERY_RO_TEST_LFS = 0x08, + VB2_RECOVERY_DEPRECATED_RO_TEST_LFS = 0x08, /* Test error from LoadFirmware() (deprecated) */ - VB2_RECOVERY_RO_TEST_LF = 0x09, + VB2_RECOVERY_DEPRECATED_RO_TEST_LF = 0x09, /* * RW firmware failed signature check (neither RW firmware slot was @@ -94,7 +100,7 @@ enum vb2_nv_recovery { VB2_RECOVERY_EC_UNKNOWN_IMAGE = 0x23, /* EC software sync - error obtaining EC image hash (deprecated) */ - VB2_RECOVERY_DEP_EC_HASH = 0x24, + VB2_RECOVERY_DEPRECATED_EC_HASH = 0x24, /* EC software sync - error obtaining expected EC image */ VB2_RECOVERY_EC_EXPECTED_IMAGE = 0x25, @@ -111,11 +117,8 @@ enum vb2_nv_recovery { /* EC software sync - error obtaining expected EC hash */ VB2_RECOVERY_EC_EXPECTED_HASH = 0x29, - /* EC software sync - expected EC image doesn't match hash */ - VB2_RECOVERY_EC_HASH_MISMATCH = 0x2a, - - /* New error codes from VB2 */ - /* TODO: may need to add strings for these in the original fwlib */ + /* EC software sync - expected EC image doesn't match hash (deprc.) */ + VB2_RECOVERY_DEPRECATED_EC_HASH_MISMATCH = 0x2a, /* Firmware secure data initialization error */ VB2_RECOVERY_SECDATA_FIRMWARE_INIT = 0x2b, @@ -138,32 +141,38 @@ enum vb2_nv_recovery { /* Unspecified/unknown error in read-only firmware */ VB2_RECOVERY_RO_UNSPECIFIED = 0x3f, + + + /**********************************************************************/ + /**** Kernel verification (RW) errors *********************************/ + /* * User manually requested recovery by pressing a key at developer - * warning screen + * warning screen (deprecated) */ - VB2_RECOVERY_RW_DEV_SCREEN = 0x41, + VB2_RECOVERY_DEPRECATED_RW_DEV_SCREEN = 0x41, - /* No OS kernel detected */ - VB2_RECOVERY_RW_NO_OS = 0x42, + /* No OS kernel detected (deprecated, now 0x5b) */ + VB2_RECOVERY_DEPRECATED_RW_NO_OS = 0x42, - /* OS kernel failed signature check */ + /* OS kernel failed signature check. Since the kernel corrupts itself + (DMVERROR) on a verity failure, may also indicate corrupt rootfs. */ VB2_RECOVERY_RW_INVALID_OS = 0x43, - /* TPM error in rewritable firmware (deprecated) */ - VB2_RECOVERY_DEP_RW_TPM_ERROR = 0x44, + /* TPM error in rewritable firmware (deprecated, see 0x54+) */ + VB2_RECOVERY_DEPRECATED_RW_TPM_ERROR = 0x44, - /* RW firmware in dev mode, but dev switch is off */ - VB2_RECOVERY_RW_DEV_MISMATCH = 0x45, + /* RW firmware in dev mode, but dev switch is off (deprecated) */ + VB2_RECOVERY_DEPRECATED_RW_DEV_MISMATCH = 0x45, /* Shared data error in rewritable firmware */ VB2_RECOVERY_RW_SHARED_DATA = 0x46, - /* Test error from LoadKernel() */ - VB2_RECOVERY_RW_TEST_LK = 0x47, + /* Test error from LoadKernel() (deprecated) */ + VB2_RECOVERY_DEPRECATED_RW_TEST_LK = 0x47, - /* No bootable disk found (deprecated)*/ - VB2_RECOVERY_DEP_RW_NO_DISK = 0x48, + /* No bootable disk found (deprecated, see 0x5a) */ + VB2_RECOVERY_DEPRECATED_RW_NO_DISK = 0x48, /* Rebooting did not correct TPM_E_FAIL or TPM_E_FAILEDSELFTEST */ VB2_RECOVERY_TPM_E_FAIL = 0x49, @@ -193,28 +202,25 @@ enum vb2_nv_recovery { VB2_RECOVERY_EC_HASH_FAILED = 0x57, /* EC software sync invalid image hash size */ - VB2_RECOVERY_EC_HASH_SIZE = 0x58, + VB2_RECOVERY_EC_HASH_SIZE = 0x58, /* Unspecified error while trying to load kernel */ - VB2_RECOVERY_LK_UNSPECIFIED = 0x59, + VB2_RECOVERY_LK_UNSPECIFIED = 0x59, /* No bootable storage device in system */ - VB2_RECOVERY_RW_NO_DISK = 0x5a, + VB2_RECOVERY_RW_NO_DISK = 0x5a, /* No bootable kernel found on disk */ - VB2_RECOVERY_RW_NO_KERNEL = 0x5b, - - /* BCB related error in RW firmware */ - VB2_RECOVERY_RW_BCB_ERROR = 0x5c, + VB2_RECOVERY_RW_NO_KERNEL = 0x5b, - /* New error codes from VB2 */ - /* TODO: may need to add strings for these in the original fwlib */ + /* BCB related error in RW firmware (deprecated) */ + VB2_RECOVERY_DEPRECATED_RW_BCB_ERROR = 0x5c, /* Kernel secure data initialization error */ VB2_RECOVERY_SECDATA_KERNEL_INIT = 0x5d, - /* Fastboot mode requested in firmware */ - VB2_RECOVERY_DEPRECATED_FW_FASTBOOT = 0x5e, + /* Fastboot mode requested in firmware (deprecated) */ + VB2_RECOVERY_DEPRECATED_FW_FASTBOOT = 0x5e, /* Recovery hash space lock error in RO firmware */ VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR = 0x5f, @@ -226,28 +232,44 @@ enum vb2_nv_recovery { VB2_RECOVERY_ALTFW_HASH_FAILED = 0x61, /* Unspecified/unknown error in rewritable firmware */ - VB2_RECOVERY_RW_UNSPECIFIED = 0x7f, + VB2_RECOVERY_RW_UNSPECIFIED = 0x7f, + + + + /**********************************************************************/ + /**** OS level (kernel) errors (deprecated) ***************************/ + + /* + * Note: we want to avoid having the kernel touch vboot NVRAM directly + * in the future, so this whole range is essentially deprecated until + * further notice. + */ + + /* DM-verity error (deprecated) */ + VB2_RECOVERY_DEPRECATED_KE_DM_VERITY = 0x81, + + /* Unspecified/unknown error in kernel (deprecated) */ + VB2_RECOVERY_DEPRECATED_KE_UNSPECIFIED = 0xbf, + - /* DM-verity error */ - VB2_RECOVERY_KE_DM_VERITY = 0x81, - /* Unspecified/unknown error in kernel */ - VB2_RECOVERY_KE_UNSPECIFIED = 0xbf, + /**********************************************************************/ + /**** OS level (userspace) errors *************************************/ /* Recovery mode test from user-mode */ - VB2_RECOVERY_US_TEST = 0xc1, + VB2_RECOVERY_US_TEST = 0xc1, - /* Recovery requested by user-mode via BCB */ - VB2_RECOVERY_BCB_USER_MODE = 0xc2, + /* Recovery requested by user-mode via BCB (deprecated) */ + VB2_RECOVERY_DEPRECATED_BCB_USER_MODE = 0xc2, - /* Fastboot mode requested by user-mode */ - VB2_RECOVERY_DEPRECATED_US_FASTBOOT = 0xc3, + /* Fastboot mode requested by user-mode (deprecated) */ + VB2_RECOVERY_DEPRECATED_US_FASTBOOT = 0xc3, /* User requested recovery for training memory and rebooting. */ VB2_RECOVERY_TRAIN_AND_REBOOT = 0xc4, /* Unspecified/unknown error in user-mode */ - VB2_RECOVERY_US_UNSPECIFIED = 0xff, + VB2_RECOVERY_US_UNSPECIFIED = 0xff, }; #endif /* VBOOT_REFERENCE_2RECOVERY_REASONS_H_ */ diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c index eb471484..218d66f7 100644 --- a/firmware/lib/vboot_display.c +++ b/firmware/lib/vboot_display.c @@ -118,46 +118,18 @@ const char *RecoveryReasonString(uint8_t code) return "recovery button pressed"; case VB2_RECOVERY_RO_INVALID_RW: return "RW firmware failed signature check"; - case VB2_RECOVERY_RO_S3_RESUME: - return "S3 resume failed"; - case VB2_RECOVERY_DEP_RO_TPM_ERROR: - return "TPM error in read-only firmware"; case VB2_RECOVERY_RO_SHARED_DATA: return "Shared data error in read-only firmware"; - case VB2_RECOVERY_RO_TEST_S3: - return "Test error from S3Resume()"; - case VB2_RECOVERY_RO_TEST_LFS: - return "Test error from LoadFirmwareSetup()"; - case VB2_RECOVERY_RO_TEST_LF: - return "Test error from LoadFirmware()"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_NOT_DONE: - return "RW firmware check not done"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_DEV_MISMATCH: - return "RW firmware developer flag mismatch"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_REC_MISMATCH: - return "RW firmware recovery flag mismatch"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + - VBSD_LF_CHECK_VERIFY_KEYBLOCK: + case VB2_RECOVERY_FW_KEYBLOCK: return "RW firmware unable to verify key block"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_KEY_ROLLBACK: + case VB2_RECOVERY_FW_KEY_ROLLBACK: return "RW firmware key version rollback detected"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + - VBSD_LF_CHECK_DATA_KEY_PARSE: - return "RW firmware unable to parse data key"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + - VBSD_LF_CHECK_VERIFY_PREAMBLE: + case VB2_RECOVERY_FW_PREAMBLE: return "RW firmware unable to verify preamble"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_FW_ROLLBACK: + case VB2_RECOVERY_FW_ROLLBACK: return "RW firmware version rollback detected"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_GET_FW_BODY: - return "RW firmware unable to get firmware body"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + - VBSD_LF_CHECK_HASH_WRONG_SIZE: - return "RW firmware hash is wrong size"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_VERIFY_BODY: + case VB2_RECOVERY_FW_BODY: return "RW firmware unable to verify firmware body"; - case VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN + VBSD_LF_CHECK_NO_RO_NORMAL: - return "RW firmware read-only normal path is not supported"; case VB2_RECOVERY_RO_FIRMWARE: return "Firmware problem outside of verified boot"; case VB2_RECOVERY_RO_TPM_REBOOT: @@ -166,23 +138,18 @@ const char *RecoveryReasonString(uint8_t code) return "EC software sync error"; case VB2_RECOVERY_EC_UNKNOWN_IMAGE: return "EC software sync unable to determine active EC image"; - case VB2_RECOVERY_DEP_EC_HASH: - return "EC software sync error obtaining EC image hash"; case VB2_RECOVERY_EC_EXPECTED_IMAGE: return "EC software sync error " "obtaining expected EC image from BIOS"; - case VB2_RECOVERY_EC_EXPECTED_HASH: - return "EC software sync error " - "obtaining expected EC hash from BIOS"; - case VB2_RECOVERY_EC_HASH_MISMATCH: - return "EC software sync error " - "comparing expected EC hash and image"; case VB2_RECOVERY_EC_UPDATE: return "EC software sync error updating EC"; case VB2_RECOVERY_EC_JUMP_RW: return "EC software sync unable to jump to EC-RW"; case VB2_RECOVERY_EC_PROTECT: return "EC software sync protection error"; + case VB2_RECOVERY_EC_EXPECTED_HASH: + return "EC software sync error " + "obtaining expected EC hash from BIOS"; case VB2_RECOVERY_SECDATA_FIRMWARE_INIT: return "Firmware secure NVRAM (TPM) initialization error"; case VB2_RECOVERY_GBB_HEADER: @@ -197,22 +164,10 @@ const char *RecoveryReasonString(uint8_t code) return "Error updating AUX firmware"; case VB2_RECOVERY_RO_UNSPECIFIED: return "Unspecified/unknown error in RO firmware"; - case VB2_RECOVERY_RW_DEV_SCREEN: - return "User requested recovery from dev-mode warning screen"; - case VB2_RECOVERY_RW_NO_OS: - return "No OS kernel detected (or kernel rollback attempt?)"; case VB2_RECOVERY_RW_INVALID_OS: - return "OS kernel failed signature check"; - case VB2_RECOVERY_DEP_RW_TPM_ERROR: - return "TPM error in rewritable firmware"; - case VB2_RECOVERY_RW_DEV_MISMATCH: - return "RW firmware in dev mode, but dev switch is off"; + return "OS kernel or rootfs failed signature check"; case VB2_RECOVERY_RW_SHARED_DATA: return "Shared data error in rewritable firmware"; - case VB2_RECOVERY_RW_TEST_LK: - return "Test error from LoadKernel()"; - case VB2_RECOVERY_DEP_RW_NO_DISK: - return "No bootable disk found"; case VB2_RECOVERY_TPM_E_FAIL: return "TPM error that was not fixed by reboot"; case VB2_RECOVERY_RO_TPM_S_ERROR: @@ -239,28 +194,24 @@ const char *RecoveryReasonString(uint8_t code) return "No bootable storage device in system"; case VB2_RECOVERY_RW_NO_KERNEL: return "No bootable kernel found on disk"; - case VB2_RECOVERY_RW_BCB_ERROR: - return "BCB partition error on disk"; case VB2_RECOVERY_SECDATA_KERNEL_INIT: return "Kernel secure NVRAM (TPM) initialization error"; case VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR: return "Recovery hash space lock error in RO firmware"; + case VB2_RECOVERY_TPM_DISABLE_FAILED: + return "Failed to disable TPM before running untrusted code"; + case VB2_RECOVERY_ALTFW_HASH_FAILED: + return "Verification of alternative firmware payload failed"; case VB2_RECOVERY_RW_UNSPECIFIED: return "Unspecified/unknown error in RW firmware"; - case VB2_RECOVERY_KE_DM_VERITY: - return "DM-verity error"; - case VB2_RECOVERY_KE_UNSPECIFIED: - return "Unspecified/unknown error in kernel"; case VB2_RECOVERY_US_TEST: return "Recovery mode test from user-mode"; - case VB2_RECOVERY_BCB_USER_MODE: - return "User-mode requested recovery via BCB"; case VB2_RECOVERY_TRAIN_AND_REBOOT: return "User-mode requested DRAM train and reboot"; case VB2_RECOVERY_US_UNSPECIFIED: return "Unspecified/unknown error in user-mode"; } - return "We have no idea what this means"; + return "Unknown or deprecated error code"; } #define DEBUG_INFO_SIZE 512 diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index e2075e22..18661160 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -651,7 +651,7 @@ gpt_done: retval = VBERROR_INVALID_KERNEL_FOUND; } else { shcall->check_result = VBSD_LKC_CHECK_NO_PARTITIONS; - recovery = VB2_RECOVERY_RW_NO_OS; + recovery = VB2_RECOVERY_RW_NO_KERNEL; retval = VBERROR_NO_KERNEL_FOUND; } diff --git a/firmware/lib/vboot_ui.c b/firmware/lib/vboot_ui.c index 2b2c08ab..a2cdab46 100644 --- a/firmware/lib/vboot_ui.c +++ b/firmware/lib/vboot_ui.c @@ -655,13 +655,10 @@ static vb2_error_t vb2_developer_ui(struct vb2_context *ctx) vb2_audio_start(ctx); } } else { - /* - * No virtual dev-mode switch, so go directly - * to recovery mode. - */ + /* This should never happen. */ VB2_DEBUG("going to recovery\n"); vb2_nv_set(ctx, VB2_NV_RECOVERY_REQUEST, - VB2_RECOVERY_RW_DEV_SCREEN); + VB2_RECOVERY_RW_UNSPECIFIED); return VBERROR_LOAD_KERNEL_RECOVERY; } break; diff --git a/host/arch/x86/lib/crossystem_arch.c b/host/arch/x86/lib/crossystem_arch.c index c745e0b4..0f3ea8d2 100644 --- a/host/arch/x86/lib/crossystem_arch.c +++ b/host/arch/x86/lib/crossystem_arch.c @@ -467,12 +467,10 @@ static vb2_error_t VbGetRecoveryReason(void) return VB2_RECOVERY_NOT_REQUESTED; case BINF0_RECOVERY_BUTTON: return VB2_RECOVERY_RO_MANUAL; - case BINF0_RECOVERY_DEV_SCREEN_KEY: - return VB2_RECOVERY_RW_DEV_SCREEN; case BINF0_RECOVERY_RW_FW_BAD: return VB2_RECOVERY_RO_INVALID_RW; case BINF0_RECOVERY_NO_OS: - return VB2_RECOVERY_RW_NO_OS; + return VB2_RECOVERY_RW_NO_KERNEL; case BINF0_RECOVERY_BAD_OS: return VB2_RECOVERY_RW_INVALID_OS; case BINF0_RECOVERY_OS_INITIATED: diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c index a5c58633..3e2ae042 100644 --- a/tests/vboot_api_kernel2_tests.c +++ b/tests/vboot_api_kernel2_tests.c @@ -585,15 +585,6 @@ static void VbBootDevTest(void) VBERROR_SHUTDOWN_REQUESTED, "Shutdown requested by keyboard"); - /* Space goes straight to recovery if no virtual dev switch */ - ResetMocks(); - mock_keypress[0] = ' '; - TEST_EQ(VbBootDeveloper(&ctx), - VBERROR_LOAD_KERNEL_RECOVERY, - "Space = recovery"); - TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), - VB2_RECOVERY_RW_DEV_SCREEN, " recovery reason"); - /* Space asks to disable virtual dev switch */ ResetMocks(); shared->flags = VBSD_BOOT_DEV_SWITCH_ON; diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index c3ccb34c..b43d68b4 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -631,7 +631,7 @@ static void LoadKernelTest(void) mock_parts[0].size = 0; TestLoadKernel(VBERROR_NO_KERNEL_FOUND, "No kernels"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_RECOVERY_REQUEST), - VB2_RECOVERY_RW_NO_OS, " recovery request"); + VB2_RECOVERY_RW_NO_KERNEL, " recovery request"); /* Skip kernels which are too small */ ResetMocks(); |