summaryrefslogtreecommitdiff
path: root/firmware/lib/vboot_kernel.c
diff options
context:
space:
mode:
Diffstat (limited to 'firmware/lib/vboot_kernel.c')
-rw-r--r--firmware/lib/vboot_kernel.c40
1 files changed, 6 insertions, 34 deletions
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 34a8a426..2c71d163 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -6,6 +6,7 @@
* (Firmware portion)
*/
+#include "2api.h"
#include "2common.h"
#include "2misc.h"
#include "2nvstorage.h"
@@ -31,34 +32,6 @@ enum vb2_load_partition_flags {
#define LOWEST_TPM_VERSION 0xffffffff
-enum vb2_boot_mode {
- /* Normal boot: kernel must be verified. */
- VB2_BOOT_MODE_NORMAL = 0,
-
- /* Recovery boot, regardless of dev mode state. */
- VB2_BOOT_MODE_RECOVERY = 1,
-
- /* Developer boot: self-signed kernel okay. */
- VB2_BOOT_MODE_DEVELOPER = 2,
-};
-
-/**
- * Return the current boot mode (normal, recovery, or dev).
- *
- * @param ctx Vboot context
- * @return Current boot mode (see vb2_boot_mode enum).
- */
-static enum vb2_boot_mode get_boot_mode(struct vb2_context *ctx)
-{
- if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
- return VB2_BOOT_MODE_RECOVERY;
-
- if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
- return VB2_BOOT_MODE_DEVELOPER;
-
- return VB2_BOOT_MODE_NORMAL;
-}
-
/**
* Check if a valid keyblock is required.
*
@@ -69,7 +42,7 @@ static enum vb2_boot_mode get_boot_mode(struct vb2_context *ctx)
static int need_valid_keyblock(struct vb2_context *ctx)
{
/* Normal and recovery modes always require official OS */
- if (get_boot_mode(ctx) != VB2_BOOT_MODE_DEVELOPER)
+ if (ctx->boot_mode != VB2_BOOT_MODE_DEVELOPER)
return 1;
/* FWMP can require developer mode to use signed kernels */
@@ -264,9 +237,8 @@ static vb2_error_t vb2_verify_kernel_vblock(
}
/* Check for rollback of key version except in recovery mode. */
- enum vb2_boot_mode boot_mode = get_boot_mode(ctx);
uint32_t key_version = keyblock->data_key.key_version;
- if (boot_mode != VB2_BOOT_MODE_RECOVERY) {
+ if (ctx->boot_mode != VB2_BOOT_MODE_MANUAL_RECOVERY) {
if (key_version < (sd->kernel_version_secdata >> 16)) {
keyblock_valid = 0;
if (need_keyblock_valid) {
@@ -288,7 +260,7 @@ static vb2_error_t vb2_verify_kernel_vblock(
}
/* If in developer mode and using key hash, check it. */
- if (boot_mode == VB2_BOOT_MODE_DEVELOPER &&
+ if (ctx->boot_mode == VB2_BOOT_MODE_DEVELOPER &&
vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_USE_KEY_HASH)) {
VB2_TRY(vb2_verify_kernel_dev_key_hash(ctx, keyblock));
}
@@ -356,7 +328,7 @@ static vb2_error_t vb2_verify_kernel_vblock(
/* If not in recovery mode, check for rollback of the kernel version. */
if (need_keyblock_valid &&
- boot_mode != VB2_BOOT_MODE_RECOVERY &&
+ ctx->boot_mode != VB2_BOOT_MODE_MANUAL_RECOVERY &&
sd->kernel_version < sd->kernel_version_secdata) {
VB2_DEBUG("Kernel version too low.\n");
return VB2_ERROR_KERNEL_PREAMBLE_VERSION_ROLLBACK;
@@ -739,7 +711,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx,
* non-officially-signed kernel, there's no rollback
* protection, so we can stop at the first valid kernel.
*/
- if (get_boot_mode(ctx) == VB2_BOOT_MODE_RECOVERY ||
+ if (ctx->boot_mode == VB2_BOOT_MODE_MANUAL_RECOVERY ||
!keyblock_valid) {
VB2_DEBUG("In recovery mode or dev-signed kernel\n");
break;
View Lorry Controller Status