1 files changed, 13 insertions, 6 deletions

diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 351044b3..1f1647cc 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -63,8 +63,8 @@ static int require_official_os(struct vb2_context *ctx,
 		return 1;
 
 	/* FWMP can require developer mode to use official OS */
-	if (params->fwmp &&
-	    (params->fwmp->flags & FWMP_DEV_ENABLE_OFFICIAL_ONLY))
+	if (vb2_secdata_fwmp_get_flag(
+		ctx, VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY))
 		return 1;
 
 	/* Developer can request official OS via nvstorage */
@@ -210,7 +210,7 @@ static vb2_error_t vb2_verify_kernel_vblock(
 
 	/* If in developer mode and using key hash, check it */
 	if ((kBootDev == boot_mode) &&
-	    params->fwmp && (params->fwmp->flags & FWMP_DEV_USE_KEY_HASH)) {
+	    vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_USE_KEY_HASH)) {
 		struct vb2_packed_key *key = &keyblock->data_key;
 		uint8_t *buf = ((uint8_t *)key) + key->key_offset;
 		uint32_t buflen = key->key_size;
@@ -219,15 +219,22 @@ static vb2_error_t vb2_verify_kernel_vblock(
 		VB2_DEBUG("Checking developer key hash.\n");
 		vb2_digest_buffer(buf, buflen, VB2_HASH_SHA256,
 				  digest, sizeof(digest));
-		if (0 != vb2_safe_memcmp(digest, params->fwmp->dev_key_hash,
+
+		uint8_t *fwmp_dev_key_hash =
+			vb2_secdata_fwmp_get_dev_key_hash(ctx);
+		if (fwmp_dev_key_hash == NULL) {
+			VB2_DEBUG("Couldn't retrieve developer key hash.\n");
+			return VB2_ERROR_VBLOCK_DEV_KEY_HASH;
+		}
+
+		if (0 != vb2_safe_memcmp(digest, fwmp_dev_key_hash,
 					 VB2_SHA256_DIGEST_SIZE)) {
 			int i;
 
 			VB2_DEBUG("Wrong developer key hash.\n");
 			VB2_DEBUG("Want: ");
 			for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++)
-				VB2_DEBUG("%02x",
-					  params->fwmp->dev_key_hash[i]);
+				VB2_DEBUG("%02x", fwmp_dev_key_hash[i]);
 			VB2_DEBUG("\nGot:  ");
 			for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++)
 				VB2_DEBUG("%02x", digest[i]);