diff options
Diffstat (limited to 'firmware/lib/vboot_kernel.c')
-rw-r--r-- | firmware/lib/vboot_kernel.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 351044b3..1f1647cc 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -63,8 +63,8 @@ static int require_official_os(struct vb2_context *ctx, return 1; /* FWMP can require developer mode to use official OS */ - if (params->fwmp && - (params->fwmp->flags & FWMP_DEV_ENABLE_OFFICIAL_ONLY)) + if (vb2_secdata_fwmp_get_flag( + ctx, VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY)) return 1; /* Developer can request official OS via nvstorage */ @@ -210,7 +210,7 @@ static vb2_error_t vb2_verify_kernel_vblock( /* If in developer mode and using key hash, check it */ if ((kBootDev == boot_mode) && - params->fwmp && (params->fwmp->flags & FWMP_DEV_USE_KEY_HASH)) { + vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_USE_KEY_HASH)) { struct vb2_packed_key *key = &keyblock->data_key; uint8_t *buf = ((uint8_t *)key) + key->key_offset; uint32_t buflen = key->key_size; @@ -219,15 +219,22 @@ static vb2_error_t vb2_verify_kernel_vblock( VB2_DEBUG("Checking developer key hash.\n"); vb2_digest_buffer(buf, buflen, VB2_HASH_SHA256, digest, sizeof(digest)); - if (0 != vb2_safe_memcmp(digest, params->fwmp->dev_key_hash, + + uint8_t *fwmp_dev_key_hash = + vb2_secdata_fwmp_get_dev_key_hash(ctx); + if (fwmp_dev_key_hash == NULL) { + VB2_DEBUG("Couldn't retrieve developer key hash.\n"); + return VB2_ERROR_VBLOCK_DEV_KEY_HASH; + } + + if (0 != vb2_safe_memcmp(digest, fwmp_dev_key_hash, VB2_SHA256_DIGEST_SIZE)) { int i; VB2_DEBUG("Wrong developer key hash.\n"); VB2_DEBUG("Want: "); for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++) - VB2_DEBUG("%02x", - params->fwmp->dev_key_hash[i]); + VB2_DEBUG("%02x", fwmp_dev_key_hash[i]); VB2_DEBUG("\nGot: "); for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++) VB2_DEBUG("%02x", digest[i]); |