diff options
Diffstat (limited to 'firmware/2lib')
| -rw-r--r-- | firmware/2lib/2api.c | 3 | ||||
| -rw-r--r-- | firmware/2lib/2misc.c | 21 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 62 | ||||
| -rw-r--r-- | firmware/2lib/include/2misc.h | 15 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 2 |
5 files changed, 102 insertions, 1 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 593a12cf..53e8e98e 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -89,6 +89,9 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) if (ctx->flags & VB2_CONTEXT_DISPLAY_INIT) sd->flags |= VB2_SD_FLAG_DISPLAY_AVAILABLE; + /* Decide the boot mode */ + vb2_set_boot_mode(ctx); + /* Return error if recovery is needed */ if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) { /* Always clear RAM when entering recovery mode */ diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 54150446..bd9ea8ad 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -734,3 +734,24 @@ char *vb2api_get_debug_info(struct vb2_context *ctx) buf[DEBUG_INFO_MAX_LENGTH] = '\0'; return buf; } + +void vb2_set_boot_mode(struct vb2_context *ctx) +{ + struct vb2_shared_data *sd = vb2_get_sd(ctx); + + /* Cast boot mode to non-constant and assign */ + enum vb2_boot_mode *boot_mode = (enum vb2_boot_mode *)&ctx->boot_mode; + *boot_mode = VB2_BOOT_MODE_NORMAL; + + if (sd->recovery_reason) { + if (vb2api_allow_recovery(ctx)) + *boot_mode = VB2_BOOT_MODE_MANUAL_RECOVERY; + else + *boot_mode = VB2_BOOT_MODE_BROKEN_SCREEN; + } else if (vb2api_diagnostic_ui_enabled(ctx) && + vb2_nv_get(ctx, VB2_NV_DIAG_REQUEST)) { + *boot_mode = VB2_BOOT_MODE_DIAGNOSTICS; + } else if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) { + *boot_mode = VB2_BOOT_MODE_DEVELOPER; + } +} diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 8cc9a923..19cbdb52 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -259,6 +259,58 @@ enum vb2_context_flags { VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED = (1 << 27), }; +/* Boot mode decided in vb2api_fw_phase1. + * + * Boot mode is a constant set by verified boot and may be read (but should not + * be set or cleared) by the caller. + * The boot modes are mutually exclusive. If a boot fulfill more than one + * constraints of the listing boot modes, it will be set to the most important + * one. The priority is the same as the listing order. + */ +enum vb2_boot_mode { + /* Undefined, The boot mode is not set. */ + VB2_BOOT_MODE_UNDEFINED = 0, + + /* + * Manual recovery boot, regardless of dev mode state. + * + * VB2_CONTEXT_RECOVERY_MODE is set and the recovery is physically + * requested (a.k.a. Manual recovery). All other recovery requests + * including manual recovery requested by a (compromised) host will end + * up with a broken screen. + */ + VB2_BOOT_MODE_MANUAL_RECOVERY = 1, + + /* + * Broken screen. + * + * If a recovery boot is not a manual recovery (a.k.a. not requested + * physically), the recovery is not allowed and will end up with + * broken screen. + */ + VB2_BOOT_MODE_BROKEN_SCREEN = 2, + + /* + * Diagnostic boot. + * + * If diagnostic boot is enabled (a.k.a. vb2api_diagnostic_ui_enabled) + * and the nvdata contains VB2_NV_DIAG_REQUEST from previous boot, it + * will boot to diagnostic mode. + */ + VB2_BOOT_MODE_DIAGNOSTICS = 3, + + /* + * Developer boot: self-signed kernel okay. + * + * The developer mode switch is set (a.k.a. VB2_CONTEXT_DEVELOPER_MODE) + * and we are in the developer boot mode. + */ + VB2_BOOT_MODE_DEVELOPER = 4, + + /* Normal boot: kernel must be verified. */ + VB2_BOOT_MODE_NORMAL = 5, +}; + /* Helper for aligning fields in vb2_context. */ #define VB2_PAD_STRUCT3(size, align, count) \ uint8_t _pad##count[align - (((size - 1) % align) + 1)] @@ -333,6 +385,16 @@ struct vb2_context { */ uint8_t secdata_fwmp[VB2_SECDATA_FWMP_MAX_SIZE]; VB2_PAD_STRUCT(VB2_SECDATA_FWMP_MAX_SIZE, 8); + + /********************************************************************** + * Fields below added in struct version 3.1. + */ + + /* + * Mutually exclusive boot mode. + * This constant is initialized after calling vb2api_fw_phase1(). + */ + const enum vb2_boot_mode boot_mode; }; /* Resource index for vb2ex_read_resource() */ diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index b36e1270..3d292872 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -191,4 +191,19 @@ void vb2_clear_recovery(struct vb2_context *ctx); */ void vb2_fill_dev_boot_flags(struct vb2_context *ctx); +/** + * Determine and set a mutually exclusive boot mode in the vboot context. + * + * Determine the most relevant boot mode for current boot, store into + * ctx->boot_mode, which is a ctx field introduced in struct version 3.1. + * + * This function should be only called by vb2api_fw_phase1. + * The vb2api_fw_phase1 should call this function at its end phase once and all + * the following steps should directly access ctx->boot_mode to retrieve the + * most relevant boot mode. + * + * @param ctx Vboot context. + */ +void vb2_set_boot_mode(struct vb2_context *ctx); + #endif /* VBOOT_REFERENCE_2MISC_H_ */ diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index ea193d74..f442b61f 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -92,7 +92,7 @@ enum vb2_shared_data_status { /* Current version of vb2_shared_data struct */ #define VB2_SHARED_DATA_VERSION_MAJOR 3 -#define VB2_SHARED_DATA_VERSION_MINOR 0 +#define VB2_SHARED_DATA_VERSION_MINOR 1 /* MAX_SIZE should not be changed without bumping up DATA_VERSION_MAJOR. */ #define VB2_CONTEXT_MAX_SIZE 384 |