summaryrefslogtreecommitdiff
path: root/firmware/lib20/api_kernel.c
diff options
context:
space:
mode:
Diffstat (limited to 'firmware/lib20/api_kernel.c')
-rw-r--r--firmware/lib20/api_kernel.c97
1 files changed, 0 insertions, 97 deletions
diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c
index 8b146093..36456f61 100644
--- a/firmware/lib20/api_kernel.c
+++ b/firmware/lib20/api_kernel.c
@@ -16,103 +16,6 @@
#include "vb2_common.h"
#include "vboot_struct.h"
-int vb2api_is_developer_signed(struct vb2_context *ctx)
-{
- struct vb2_shared_data *sd = vb2_get_sd(ctx);
-
- if (!sd->kernel_key_offset || !sd->kernel_key_size) {
- VB2_REC_OR_DIE(ctx, "Cannot call this before kernel_phase1!\n");
- return 0;
- }
-
- struct vb2_public_key key;
- if (vb2_unpack_key(&key, vb2_member_of(sd, sd->kernel_key_offset)))
- return 0;
-
- /* This is a debugging aid, not a security-relevant feature. There's no
- reason to hardcode the whole key or waste time computing a hash. Just
- spot check the starting bytes of the pseudorandom part of the key. */
- uint32_t devkey_n0inv = ctx->flags & VB2_CONTEXT_RECOVERY_MODE ?
- 0x18cebcf5 : /* recovery_key.vbpubk @0x24 */
- 0xe0cd87d9; /* kernel_subkey.vbpubk @0x24 */
-
- if (key.n0inv == devkey_n0inv)
- return 1;
-
- return 0;
-}
-
-vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx)
-{
- struct vb2_shared_data *sd = vb2_get_sd(ctx);
- struct vb2_workbuf wb;
- struct vb2_packed_key *packed_key;
- vb2_error_t rv;
-
- vb2_workbuf_from_ctx(ctx, &wb);
-
- /*
- * Init secdata_kernel and secdata_fwmp spaces. No need to init
- * secdata_firmware, since it was already read during firmware
- * verification. Ignore errors in recovery mode.
- */
- rv = vb2_secdata_kernel_init(ctx);
- if (rv && !(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) {
- VB2_DEBUG("TPM: init secdata_kernel returned %#x\n", rv);
- vb2api_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv);
- return rv;
- }
- rv = vb2_secdata_fwmp_init(ctx);
- if (rv && !(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) {
- VB2_DEBUG("TPM: init secdata_fwmp returned %#x\n", rv);
- vb2api_fail(ctx, VB2_RECOVERY_SECDATA_FWMP_INIT, rv);
- return rv;
- }
-
- /* Read kernel version from secdata. */
- sd->kernel_version_secdata =
- vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
- sd->kernel_version = sd->kernel_version_secdata;
-
- /* Find the key to use to verify the kernel keyblock */
- if ((ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) {
- /* Load recovery key from GBB. */
- rv = vb2_gbb_read_recovery_key(ctx, &packed_key, NULL, &wb);
- if (rv) {
- if (vb2_allow_recovery(ctx))
- VB2_DIE("GBB read recovery key failed.\n");
- else
- /*
- * If we're headed for the BROKEN screen,
- * we won't need the recovery key. Just
- * short-circuit with success.
- */
- return VB2_SUCCESS;
- }
- } else {
- /* Kernel subkey from firmware preamble */
- struct vb2_fw_preamble *pre;
-
- /* Make sure we have a firmware preamble loaded */
- if (!sd->preamble_size)
- return VB2_ERROR_API_KPHASE1_PREAMBLE;
-
- pre = (struct vb2_fw_preamble *)
- vb2_member_of(sd, sd->preamble_offset);
- packed_key = &pre->kernel_subkey;
- }
-
- sd->kernel_key_offset = vb2_offset_of(sd, packed_key);
- sd->kernel_key_size = packed_key->key_offset + packed_key->key_size;
-
- vb2_set_workbuf_used(ctx, vb2_offset_of(sd, wb.buf));
-
- if (vb2api_is_developer_signed(ctx))
- VB2_DEBUG("This is developer-signed firmware.\n");
-
- return VB2_SUCCESS;
-}
-
vb2_error_t vb2api_load_kernel_vblock(struct vb2_context *ctx)
{
vb2_error_t rv;
View Lorry Controller Status