diff options
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2api.c | 63 | ||||
-rw-r--r-- | firmware/2lib/2auxfw_sync.c | 9 | ||||
-rw-r--r-- | firmware/2lib/2common.c | 19 | ||||
-rw-r--r-- | firmware/2lib/2ec_sync.c | 9 | ||||
-rw-r--r-- | firmware/2lib/2gbb.c | 24 | ||||
-rw-r--r-- | firmware/2lib/2misc.c | 15 | ||||
-rw-r--r-- | firmware/2lib/2secdata_firmware.c | 5 | ||||
-rw-r--r-- | firmware/2lib/2secdata_fwmp.c | 8 | ||||
-rw-r--r-- | firmware/2lib/2secdata_kernel.c | 5 | ||||
-rw-r--r-- | firmware/2lib/2sha_utility.c | 16 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 33 | ||||
-rw-r--r-- | firmware/lib/vboot_api_kernel.c | 65 | ||||
-rw-r--r-- | firmware/lib20/api_kernel.c | 32 | ||||
-rw-r--r-- | firmware/lib20/kernel.c | 62 | ||||
-rw-r--r-- | firmware/lib20/misc.c | 61 | ||||
-rw-r--r-- | firmware/lib20/packed_key.c | 5 |
16 files changed, 147 insertions, 284 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 0f57d78b..4492cf93 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -107,8 +107,6 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) vb2_error_t vb2api_fw_phase2(struct vb2_context *ctx) { - vb2_error_t rv; - /* * Use the slot from the last boot if this is a resume. Do not set * VB2_SD_STATUS_CHOSE_SLOT so the try counter is not decremented on @@ -132,18 +130,10 @@ vb2_error_t vb2api_fw_phase2(struct vb2_context *ctx) ctx->flags |= VB2_CONTEXT_CLEAR_RAM; /* Check for explicit request to clear TPM */ - rv = vb2_check_tpm_clear(ctx); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); - return rv; - } + VB2_TRY(vb2_check_tpm_clear(ctx), ctx, VB2_RECOVERY_TPM_CLEAR_OWNER); /* Decide which firmware slot to try this boot */ - rv = vb2_select_fw_slot(ctx); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_FW_SLOT, rv); - return rv; - } + VB2_TRY(vb2_select_fw_slot(ctx), ctx, VB2_RECOVERY_FW_SLOT); return VB2_SUCCESS; } @@ -207,21 +197,11 @@ vb2_error_t vb2api_get_pcr_digest(struct vb2_context *ctx, vb2_error_t vb2api_fw_phase3(struct vb2_context *ctx) { - vb2_error_t rv; - /* Verify firmware keyblock */ - rv = vb2_load_fw_keyblock(ctx); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); - return rv; - } + VB2_TRY(vb2_load_fw_keyblock(ctx), ctx, VB2_RECOVERY_RO_INVALID_RW); /* Verify firmware preamble */ - rv = vb2_load_fw_preamble(ctx); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); - return rv; - } + VB2_TRY(vb2_load_fw_preamble(ctx), ctx, VB2_RECOVERY_RO_INVALID_RW); return VB2_SUCCESS; } @@ -233,7 +213,6 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag) struct vb2_digest_context *dc; struct vb2_public_key key; struct vb2_workbuf wb; - vb2_error_t rv; vb2_workbuf_from_ctx(ctx, &wb); @@ -286,18 +265,16 @@ vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag) if (!sd->data_key_size) return VB2_ERROR_API_INIT_HASH_DATA_KEY; - rv = vb2_unpack_key_buffer(&key, - vb2_member_of(sd, sd->data_key_offset), - sd->data_key_size); - if (rv) - return rv; + VB2_TRY(vb2_unpack_key_buffer(&key, + vb2_member_of(sd, sd->data_key_offset), + sd->data_key_size)); sd->hash_tag = tag; sd->hash_remaining_size = pre->body_signature.data_size; if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) { - rv = vb2ex_hwcrypto_digest_init(key.hash_alg, - pre->body_signature.data_size); + vb2_error_t rv = vb2ex_hwcrypto_digest_init( + key.hash_alg, pre->body_signature.data_size); if (!rv) { VB2_DEBUG("Using HW crypto engine for hash_alg %d\n", key.hash_alg); @@ -330,7 +307,6 @@ vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx, struct vb2_fw_preamble *pre; struct vb2_public_key key; - vb2_error_t rv; vb2_workbuf_from_ctx(ctx, &wb); @@ -354,11 +330,9 @@ vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx, /* Finalize the digest */ if (dc->using_hwcrypto) - rv = vb2ex_hwcrypto_digest_finalize(digest, digest_size); + VB2_TRY(vb2ex_hwcrypto_digest_finalize(digest, digest_size)); else - rv = vb2_digest_finalize(dc, digest, digest_size); - if (rv) - return rv; + VB2_TRY(vb2_digest_finalize(dc, digest, digest_size)); /* The code below is specific to the body signature */ if (sd->hash_tag != VB2_HASH_TAG_FW_BODY) @@ -373,19 +347,16 @@ vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx, if (!sd->data_key_size) return VB2_ERROR_API_CHECK_HASH_DATA_KEY; - rv = vb2_unpack_key_buffer(&key, - vb2_member_of(sd, sd->data_key_offset), - sd->data_key_size); - if (rv) - return rv; + VB2_TRY(vb2_unpack_key_buffer(&key, + vb2_member_of(sd, sd->data_key_offset), + sd->data_key_size)); /* * Check digest vs. signature. Note that this destroys the signature. * That's ok, because we only check each signature once per boot. */ - rv = vb2_verify_digest(&key, &pre->body_signature, digest, &wb); - if (rv) - vb2api_fail(ctx, VB2_RECOVERY_FW_BODY, rv); + VB2_TRY(vb2_verify_digest(&key, &pre->body_signature, digest, &wb), + ctx, VB2_RECOVERY_FW_BODY); if (digest_out != NULL) { if (digest_out_size < digest_size) @@ -393,7 +364,7 @@ vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx, memcpy(digest_out, digest, digest_size); } - return rv; + return VB2_SUCCESS; } int vb2api_check_hash(struct vb2_context *ctx) diff --git a/firmware/2lib/2auxfw_sync.c b/firmware/2lib/2auxfw_sync.c index ec0c8345..d5182b36 100644 --- a/firmware/2lib/2auxfw_sync.c +++ b/firmware/2lib/2auxfw_sync.c @@ -98,12 +98,9 @@ static vb2_error_t auxfw_sync_check_update(struct vb2_context *ctx, vb2_error_t vb2api_auxfw_sync(struct vb2_context *ctx) { enum vb2_auxfw_update_severity fw_update = VB_AUX_FW_NO_UPDATE; - vb2_error_t rv; /* Check for update severity */ - rv = auxfw_sync_check_update(ctx, &fw_update); - if (rv) - return rv; + VB2_TRY(auxfw_sync_check_update(ctx, &fw_update)); /* If AUX FW update is slow display the wait screen */ if (fw_update == VB_AUX_FW_SLOW_UPDATE) { @@ -114,9 +111,7 @@ vb2_error_t vb2api_auxfw_sync(struct vb2_context *ctx) } if (fw_update > VB_AUX_FW_NO_UPDATE) { - rv = update_auxfw(ctx); - if (rv) - return rv; + VB2_TRY(update_auxfw(ctx)); /* * AUX FW Update is applied successfully. Request EC reboot to * RO, so that the chips that had FW update get reset to a diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index b05e7245..e51b84ff 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -176,7 +176,6 @@ vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, struct vb2_digest_context *dc; uint8_t *digest; uint32_t digest_size; - vb2_error_t rv; if (sig->data_size > size) { VB2_DEBUG("Data buffer smaller than length of signed data.\n"); @@ -197,17 +196,9 @@ vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, if (!dc) return VB2_ERROR_VDATA_WORKBUF_HASHING; - rv = vb2_digest_init(dc, key->hash_alg); - if (rv) - return rv; - - rv = vb2_digest_extend(dc, data, sig->data_size); - if (rv) - return rv; - - rv = vb2_digest_finalize(dc, digest, digest_size); - if (rv) - return rv; + VB2_TRY(vb2_digest_init(dc, key->hash_alg)); + VB2_TRY(vb2_digest_extend(dc, data, sig->data_size)); + VB2_TRY(vb2_digest_finalize(dc, digest, digest_size)); vb2_workbuf_free(&wblocal, sizeof(*dc)); @@ -277,9 +268,7 @@ vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, vb2_error_t rv; /* Sanity check keyblock before attempting signature check of data */ - rv = vb2_check_keyblock(block, size, sig); - if (rv) - return rv; + VB2_TRY(vb2_check_keyblock(block, size, sig)); VB2_DEBUG("Checking keyblock signature...\n"); rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb); diff --git a/firmware/2lib/2ec_sync.c b/firmware/2lib/2ec_sync.c index 1871b50c..e82366d9 100644 --- a/firmware/2lib/2ec_sync.c +++ b/firmware/2lib/2ec_sync.c @@ -472,7 +472,6 @@ static vb2_error_t ec_sync_phase2(struct vb2_context *ctx) vb2_error_t vb2api_ec_sync(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); - vb2_error_t rv; /* * If the status indicates that the EC has already gone through @@ -506,14 +505,10 @@ vb2_error_t vb2api_ec_sync(struct vb2_context *ctx) display_wait_screen(ctx); /* Phase 2; Applies update and/or jumps to the correct EC image */ - rv = ec_sync_phase2(ctx); - if (rv) - return rv; + VB2_TRY(ec_sync_phase2(ctx)); /* Phase 3; Let the platform know that EC software sync is now done */ - rv = vb2ex_ec_vboot_done(ctx); - if (rv) - return rv; + VB2_TRY(vb2ex_ec_vboot_done(ctx)); /* Establish that EC software sync is complete and successful */ sd->status |= VB2_SD_STATUS_EC_SYNC_COMPLETE; diff --git a/firmware/2lib/2gbb.c b/firmware/2lib/2gbb.c index a752c8ba..9238c30c 100644 --- a/firmware/2lib/2gbb.c +++ b/firmware/2lib/2gbb.c @@ -14,7 +14,6 @@ static vb2_error_t vb2_gbb_read_key(struct vb2_context *ctx, uint32_t offset, struct vb2_workbuf *wb) { struct vb2_workbuf wblocal = *wb; - vb2_error_t rv; /* Check offset and size. */ if (offset < sizeof(struct vb2_gbb_header)) @@ -27,14 +26,10 @@ static vb2_error_t vb2_gbb_read_key(struct vb2_context *ctx, uint32_t offset, *keyp = vb2_workbuf_alloc(&wblocal, sizeof(**keyp)); if (!*keyp) return VB2_ERROR_GBB_WORKBUF; - rv = vb2ex_read_resource(ctx, VB2_RES_GBB, offset, *keyp, - sizeof(**keyp)); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_GBB, offset, *keyp, + sizeof(**keyp))); - rv = vb2_verify_packed_key_inside(*keyp, *size, *keyp); - if (rv) - return rv; + VB2_TRY(vb2_verify_packed_key_inside(*keyp, *size, *keyp)); /* Deal with a zero-size key (used in testing). */ *size = (*keyp)->key_offset + (*keyp)->key_size; @@ -46,13 +41,12 @@ static vb2_error_t vb2_gbb_read_key(struct vb2_context *ctx, uint32_t offset, if (!*keyp) return VB2_ERROR_GBB_WORKBUF; - rv = vb2ex_read_resource(ctx, VB2_RES_GBB, - offset + sizeof(**keyp), - (void *)*keyp + sizeof(**keyp), - *size - sizeof(**keyp)); - if (!rv) - *wb = wblocal; - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_GBB, + offset + sizeof(**keyp), + (void *)*keyp + sizeof(**keyp), + *size - sizeof(**keyp))); + *wb = wblocal; + return VB2_SUCCESS; } vb2_error_t vb2_gbb_read_root_key(struct vb2_context *ctx, diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index ac9d0f24..30d6011c 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -52,17 +52,11 @@ test_mockable vb2_error_t vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) { - vb2_error_t rv; - /* Read the entire header */ - rv = vb2ex_read_resource(ctx, VB2_RES_GBB, 0, gbb, sizeof(*gbb)); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_GBB, 0, gbb, sizeof(*gbb))); /* Make sure it's really a GBB */ - rv = vb2_validate_gbb_signature(gbb->signature); - if (rv) - return rv; + VB2_TRY(vb2_validate_gbb_signature(gbb->signature)); /* Check for compatible version */ if (gbb->major_version != VB2_GBB_MAJOR_VER) @@ -176,7 +170,6 @@ vb2_error_t vb2_fw_init_gbb(struct vb2_context *ctx) struct vb2_shared_data *sd = vb2_get_sd(ctx); struct vb2_gbb_header *gbb; struct vb2_workbuf wb; - vb2_error_t rv; vb2_workbuf_from_ctx(ctx, &wb); @@ -185,9 +178,7 @@ vb2_error_t vb2_fw_init_gbb(struct vb2_context *ctx) if (!gbb) return VB2_ERROR_GBB_WORKBUF; - rv = vb2_read_gbb_header(ctx, gbb); - if (rv) - return rv; + VB2_TRY(vb2_read_gbb_header(ctx, gbb)); /* Keep on the work buffer permanently */ sd->gbb_offset = vb2_offset_of(sd, gbb); diff --git a/firmware/2lib/2secdata_firmware.c b/firmware/2lib/2secdata_firmware.c index 98e65b05..b5d9692a 100644 --- a/firmware/2lib/2secdata_firmware.c +++ b/firmware/2lib/2secdata_firmware.c @@ -56,11 +56,8 @@ uint32_t vb2api_secdata_firmware_create(struct vb2_context *ctx) vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); - vb2_error_t rv; - rv = vb2api_secdata_firmware_check(ctx); - if (rv) - return rv; + VB2_TRY(vb2api_secdata_firmware_check(ctx)); /* Set status flag */ sd->status |= VB2_SD_STATUS_SECDATA_FIRMWARE_INIT; diff --git a/firmware/2lib/2secdata_fwmp.c b/firmware/2lib/2secdata_fwmp.c index ec6cc6c3..a28b5bbf 100644 --- a/firmware/2lib/2secdata_fwmp.c +++ b/firmware/2lib/2secdata_fwmp.c @@ -65,14 +65,10 @@ vb2_error_t vb2_secdata_fwmp_init(struct vb2_context *ctx) struct vb2_shared_data *sd = vb2_get_sd(ctx); struct vb2_secdata_fwmp *sec = (struct vb2_secdata_fwmp *)&ctx->secdata_fwmp; - vb2_error_t rv; /* Skip checking if NO_SECDATA_FWMP is set. */ - if (!(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP)) { - rv = vb2api_secdata_fwmp_check(ctx, &sec->struct_size); - if (rv) - return rv; - } + if (!(ctx->flags & VB2_CONTEXT_NO_SECDATA_FWMP)) + VB2_TRY(vb2api_secdata_fwmp_check(ctx, &sec->struct_size)); /* Mark as initialized */ sd->status |= VB2_SD_STATUS_SECDATA_FWMP_INIT; diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c index f4d1b825..04763a1f 100644 --- a/firmware/2lib/2secdata_kernel.c +++ b/firmware/2lib/2secdata_kernel.c @@ -166,11 +166,8 @@ vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); uint8_t size = VB2_SECDATA_KERNEL_MAX_SIZE; - vb2_error_t rv; - rv = vb2api_secdata_kernel_check(ctx, &size); - if (rv) - return rv; + VB2_TRY(vb2api_secdata_kernel_check(ctx, &size)); /* Set status flag */ sd->status |= VB2_SD_STATUS_SECDATA_KERNEL_INIT; diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c index 16a41f94..4c8d41ca 100644 --- a/firmware/2lib/2sha_utility.c +++ b/firmware/2lib/2sha_utility.c @@ -203,15 +203,9 @@ vb2_error_t vb2_digest_buffer(const uint8_t *buf, uint32_t size, uint32_t digest_size) { struct vb2_digest_context dc; - vb2_error_t rv; - rv = vb2_digest_init(&dc, hash_alg); - if (rv) - return rv; - - rv = vb2_digest_extend(&dc, buf, size); - if (rv) - return rv; + VB2_TRY(vb2_digest_init(&dc, hash_alg)); + VB2_TRY(vb2_digest_extend(&dc, buf, size)); return vb2_digest_finalize(&dc, digest, digest_size); } @@ -221,10 +215,8 @@ vb2_error_t vb2_hash_verify(const void *buf, uint32_t size, { uint8_t hash_buf[VB2_MAX_DIGEST_SIZE]; size_t hash_size = vb2_digest_size(hash->algo); - vb2_error_t rv = vb2_digest_buffer(buf, size, hash->algo, - hash_buf, hash_size); - if (rv) - return rv; + + VB2_TRY(vb2_digest_buffer(buf, size, hash->algo, hash_buf, hash_size)); if (memcmp(hash_buf, hash->raw, hash_size)) return VB2_ERROR_SHA_MISMATCH; else diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 6be8a8d4..d932dbe0 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -28,6 +28,39 @@ #include "2return_codes.h" #include "2secdata_struct.h" +#define _VB2_TRY_IMPL(expr, ctx, recovery_reason, ...) do { \ + vb2_error_t _vb2_try_rv = (expr); \ + struct vb2_context *_vb2_try_ctx = (ctx); \ + uint8_t _vb2_try_reason = (recovery_reason); \ + if (_vb2_try_rv != VB2_SUCCESS) { \ + vb2ex_printf(__func__, \ + "%s returned %#x\n", #expr, _vb2_try_rv); \ + if ((_vb2_try_ctx) && \ + (_vb2_try_reason) != VB2_RECOVERY_NOT_REQUESTED) \ + vb2api_fail(_vb2_try_ctx, _vb2_try_reason, \ + _vb2_try_rv); \ + return _vb2_try_rv; \ + } \ +} while (0) + +/* + * Evaluate an expression and return *from the caller* on failure. + * + * This macro supports two forms of usage: + * 1. VB2_TRY(expr) + * 2. VB2_TRY(expr, ctx, recovery_reason) + * + * When the second form is used, vb2api_fail() will be called on failure before + * return. Note that nvdata only holds one byte for recovery subcode, so any + * other more significant bytes will be truncated. + * + * @param expr An expression (such as a function call) of type + * vb2_error_t. + * @param ctx Vboot context. + * @param recovery_reason Recovery reason passed to vb2api_fail(). + */ +#define VB2_TRY(expr, ...) _VB2_TRY_IMPL(expr, ##__VA_ARGS__, NULL, 0) + /* Modes for vb2ex_tpm_set_mode. */ enum vb2_tpm_mode { /* diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 8b7aab9e..4f86046a 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -35,8 +35,6 @@ struct LoadKernelParams *VbApiKernelGetParams(void) static vb2_error_t handle_battery_cutoff(struct vb2_context *ctx) { - vb2_error_t rv; - /* * Check if we need to cut-off battery. This should be done after EC * FW and Aux FW are updated, and before the kernel is started. This @@ -48,9 +46,7 @@ static vb2_error_t handle_battery_cutoff(struct vb2_context *ctx) vb2_nv_set(ctx, VB2_NV_BATTERY_CUTOFF_REQUEST, 0); /* May lose power immediately, so commit our update now. */ - rv = vb2ex_commit_data(ctx); - if (rv) - return rv; + VB2_TRY(vb2ex_commit_data(ctx)); vb2ex_ec_battery_cutoff(); return VBERROR_SHUTDOWN_REQUESTED; @@ -181,19 +177,14 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, VbSelectAndLoadKernelParams *kparams) { struct vb2_shared_data *sd = vb2_get_sd(ctx); - vb2_error_t rv; /* Init nvstorage space. TODO(kitching): Remove once we add assertions to vb2_nv_get and vb2_nv_set. */ vb2_nv_init(ctx); - rv = vb2_kernel_init_kparams(ctx, kparams); - if (rv) - return rv; + VB2_TRY(vb2_kernel_init_kparams(ctx, kparams)); - rv = vb2api_kernel_phase1(ctx); - if (rv) - return rv; + VB2_TRY(vb2api_kernel_phase1(ctx)); VB2_DEBUG("GBB flags are %#x\n", vb2_get_gbb(ctx)->flags); @@ -202,17 +193,9 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, * has UI but it's just a single non-interactive WAIT screen. */ if (!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) { - rv = vb2api_ec_sync(ctx); - if (rv) - return rv; - - rv = vb2api_auxfw_sync(ctx); - if (rv) - return rv; - - rv = handle_battery_cutoff(ctx); - if (rv) - return rv; + VB2_TRY(vb2api_ec_sync(ctx)); + VB2_TRY(vb2api_auxfw_sync(ctx)); + VB2_TRY(handle_battery_cutoff(ctx)); } /* Select boot path */ @@ -244,13 +227,13 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, /* Recovery boot. This has UI. */ if (MENU_UI) { if (vb2_allow_recovery(ctx)) - rv = vb2_manual_recovery_menu(ctx); + VB2_TRY(vb2_manual_recovery_menu(ctx)); else - rv = vb2_broken_recovery_menu(ctx); + VB2_TRY(vb2_broken_recovery_menu(ctx)); } else if (LEGACY_MENU_UI) { - rv = VbBootRecoveryLegacyMenu(ctx); + VB2_TRY(VbBootRecoveryLegacyMenu(ctx)); } else { - rv = VbBootRecoveryLegacyClamshell(ctx); + VB2_TRY(VbBootRecoveryLegacyClamshell(ctx)); } } else if (DIAGNOSTIC_UI && vb2_nv_get(ctx, VB2_NV_DIAG_REQUEST)) { vb2_nv_set(ctx, VB2_NV_DIAG_REQUEST, 0); @@ -261,36 +244,32 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, * needed. This mode is also 1-shot so it's placed * before developer mode. */ - rv = VbBootDiagnosticLegacyClamshell(ctx); + VB2_TRY(VbBootDiagnosticLegacyClamshell(ctx)); /* * The diagnostic menu should either boot a rom, or - * return either of reboot or shutdown. The following - * check is a safety precaution. + * return either of reboot or shutdown. */ - if (!rv) - rv = VBERROR_REBOOT_REQUIRED; + return VBERROR_REBOOT_REQUIRED; } else if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) { /* Developer boot. This has UI. */ if (MENU_UI) - rv = vb2_developer_menu(ctx); + VB2_TRY(vb2_developer_menu(ctx)); else if (LEGACY_MENU_UI) - rv = VbBootDeveloperLegacyMenu(ctx); + VB2_TRY(VbBootDeveloperLegacyMenu(ctx)); else - rv = VbBootDeveloperLegacyClamshell(ctx); + VB2_TRY(VbBootDeveloperLegacyClamshell(ctx)); } else { /* Normal boot */ - rv = vb2_normal_boot(ctx); + VB2_TRY(vb2_normal_boot(ctx)); } - if (VB2_SUCCESS == rv && (ctx->flags & VB2_CONTEXT_NO_BOOT)) { + if (ctx->flags & VB2_CONTEXT_NO_BOOT) { /* Stop all cases returning SUCCESS against NO_BOOT flag. */ VB2_DEBUG("Blocking boot in NO_BOOT mode.\n"); - vb2api_fail(ctx, VB2_RECOVERY_RW_INVALID_OS, rv); - rv = VB2_ERROR_ESCAPE_NO_BOOT; + vb2api_fail(ctx, VB2_RECOVERY_RW_INVALID_OS, 0); + return VB2_ERROR_ESCAPE_NO_BOOT; } - if (rv == VB2_SUCCESS) - vb2_kernel_fill_kparams(ctx, kparams); - - return rv; + vb2_kernel_fill_kparams(ctx, kparams); + return VB2_SUCCESS; } diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c index 36456f61..9ab85222 100644 --- a/firmware/lib20/api_kernel.c +++ b/firmware/lib20/api_kernel.c @@ -18,17 +18,11 @@ vb2_error_t vb2api_load_kernel_vblock(struct vb2_context *ctx) { - vb2_error_t rv; - /* Verify kernel keyblock */ - rv = vb2_load_kernel_keyblock(ctx); - if (rv) - return rv; + VB2_TRY(vb2_load_kernel_keyblock(ctx)); /* Verify kernel preamble */ - rv = vb2_load_kernel_preamble(ctx); - if (rv) - return rv; + VB2_TRY(vb2_load_kernel_preamble(ctx)); return VB2_SUCCESS; } @@ -72,8 +66,6 @@ vb2_error_t vb2api_verify_kernel_data(struct vb2_context *ctx, const void *buf, uint8_t *digest; uint32_t digest_size; - vb2_error_t rv; - vb2_workbuf_from_ctx(ctx, &wb); /* Get preamble pointer */ @@ -104,28 +96,20 @@ vb2_error_t vb2api_verify_kernel_data(struct vb2_context *ctx, const void *buf, if (!sd->data_key_size) return VB2_ERROR_API_VERIFY_KDATA_KEY; - rv = vb2_unpack_key_buffer(&key, - vb2_member_of(sd, sd->data_key_offset), - sd->data_key_size); - if (rv) - return rv; + VB2_TRY(vb2_unpack_key_buffer(&key, + vb2_member_of(sd, sd->data_key_offset), + sd->data_key_size)); - rv = vb2_digest_init(dc, key.hash_alg); - if (rv) - return rv; + VB2_TRY(vb2_digest_init(dc, key.hash_alg)); - rv = vb2_digest_extend(dc, buf, size); - if (rv) - return rv; + VB2_TRY(vb2_digest_extend(dc, buf, size)); digest_size = vb2_digest_size(key.hash_alg); digest = vb2_workbuf_alloc(&wb, digest_size); if (!digest) return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST; - rv = vb2_digest_finalize(dc, digest, digest_size); - if (rv) - return rv; + VB2_TRY(vb2_digest_finalize(dc, digest, digest_size)); /* * The body signature is currently a *signature* of the body data, not diff --git a/firmware/lib20/kernel.c b/firmware/lib20/kernel.c index 8e340349..ed04c6f3 100644 --- a/firmware/lib20/kernel.c +++ b/firmware/lib20/kernel.c @@ -45,12 +45,9 @@ vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block, struct vb2_digest_context *dc; uint8_t *digest; uint32_t digest_size; - vb2_error_t rv; /* Sanity check keyblock before attempting hash check of data */ - rv = vb2_check_keyblock(block, size, sig); - if (rv) - return rv; + VB2_TRY(vb2_check_keyblock(block, size, sig)); VB2_DEBUG("Checking keyblock hash...\n"); @@ -65,17 +62,11 @@ vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block, if (!dc) return VB2_ERROR_VDATA_WORKBUF_HASHING; - rv = vb2_digest_init(dc, VB2_HASH_SHA512); - if (rv) - return rv; + VB2_TRY(vb2_digest_init(dc, VB2_HASH_SHA512)); - rv = vb2_digest_extend(dc, (const uint8_t *)block, sig->data_size); - if (rv) - return rv; + VB2_TRY(vb2_digest_extend(dc, (const uint8_t *)block, sig->data_size)); - rv = vb2_digest_finalize(dc, digest, digest_size); - if (rv) - return rv; + VB2_TRY(vb2_digest_finalize(dc, digest, digest_size)); if (vb2_safe_memcmp(vb2_signature_data(sig), digest, digest_size) != 0) { @@ -119,19 +110,15 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx) /* Unpack the kernel key */ key_data = vb2_member_of(sd, sd->kernel_key_offset); key_size = sd->kernel_key_size; - rv = vb2_unpack_key_buffer(&kernel_key, key_data, key_size); - if (rv) - return rv; + VB2_TRY(vb2_unpack_key_buffer(&kernel_key, key_data, key_size)); /* Load the kernel keyblock header after the root key */ kb = vb2_workbuf_alloc(&wb, sizeof(*kb)); if (!kb) return VB2_ERROR_KERNEL_KEYBLOCK_WORKBUF_HEADER; - rv = vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, 0, kb, - sizeof(*kb)); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, 0, kb, + sizeof(*kb))); block_size = kb->keyblock_size; @@ -145,9 +132,8 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx) if (!kb) return VB2_ERROR_KERNEL_KEYBLOCK_WORKBUF; - rv = vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, 0, kb, block_size); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, 0, kb, + block_size)); /* Verify the keyblock */ rv = vb2_verify_keyblock(kb, block_size, &kernel_key, &wb); @@ -157,9 +143,7 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx) return rv; /* Signature is invalid, but hash may be fine */ - rv = vb2_verify_keyblock_hash(kb, block_size, &wb); - if (rv) - return rv; + VB2_TRY(vb2_verify_keyblock_hash(kb, block_size, &wb)); } /* Check the keyblock flags against the current boot mode */ @@ -363,28 +347,22 @@ vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx) struct vb2_kernel_preamble *pre; uint32_t pre_size; - vb2_error_t rv; - vb2_workbuf_from_ctx(ctx, &wb); /* Unpack the kernel data key */ if (!sd->data_key_size) return VB2_ERROR_KERNEL_PREAMBLE2_DATA_KEY; - rv = vb2_unpack_key_buffer(&data_key, key_data, key_size); - if (rv) - return rv; + VB2_TRY(vb2_unpack_key_buffer(&data_key, key_data, key_size)); /* Load the kernel preamble header */ pre = vb2_workbuf_alloc(&wb, sizeof(*pre)); if (!pre) return VB2_ERROR_KERNEL_PREAMBLE2_WORKBUF_HEADER; - rv = vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, - sd->vblock_preamble_offset, - pre, sizeof(*pre)); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, + sd->vblock_preamble_offset, + pre, sizeof(*pre))); pre_size = pre->preamble_size; @@ -393,11 +371,9 @@ vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx) if (!pre) return VB2_ERROR_KERNEL_PREAMBLE2_WORKBUF; - rv = vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, - sd->vblock_preamble_offset, - pre, pre_size); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_KERNEL_VBLOCK, + sd->vblock_preamble_offset, + pre, pre_size)); /* * Work buffer now contains: @@ -408,9 +384,7 @@ vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx) */ /* Verify the preamble */ - rv = vb2_verify_kernel_preamble(pre, pre_size, &data_key, &wb); - if (rv) - return rv; + VB2_TRY(vb2_verify_kernel_preamble(pre, pre_size, &data_key, &wb)); /* * Kernel preamble version is the lower 16 bits of the composite kernel diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index da12f028..4e1250c0 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -27,7 +27,7 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx) struct vb2_keyblock *kb; uint32_t block_size; - vb2_error_t rv; + vb2_error_t rv = VB2_SUCCESS; vb2_workbuf_from_ctx(ctx, &wb); @@ -37,24 +37,19 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx) if (!key_data) return VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY; - rv = vb2ex_read_resource(ctx, VB2_RES_GBB, gbb->rootkey_offset, - key_data, key_size); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_GBB, gbb->rootkey_offset, + key_data, key_size)); /* Unpack the root key */ - rv = vb2_unpack_key_buffer(&root_key, key_data, key_size); - if (rv) - return rv; + VB2_TRY(vb2_unpack_key_buffer(&root_key, key_data, key_size)); /* Load the firmware keyblock header after the root key */ kb = vb2_workbuf_alloc(&wb, sizeof(*kb)); if (!kb) return VB2_ERROR_FW_KEYBLOCK_WORKBUF_HEADER; - rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, sizeof(*kb)); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, + kb, sizeof(*kb))); block_size = kb->keyblock_size; @@ -68,16 +63,11 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx) if (!kb) return VB2_ERROR_FW_KEYBLOCK_WORKBUF; - rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, block_size); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, block_size)); /* Verify the keyblock */ - rv = vb2_verify_keyblock(kb, block_size, &root_key, &wb); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv); - return rv; - } + VB2_TRY(vb2_verify_keyblock(kb, block_size, &root_key, &wb), + ctx, VB2_RECOVERY_FW_KEYBLOCK); /* Key version is the upper 16 bits of the composite firmware version */ if (kb->data_key.key_version > VB2_MAX_KEY_VERSION) @@ -104,9 +94,7 @@ vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx) * no longer need the root key. First, let's double-check that it is * well-formed though (although the keyblock was signed anyway). */ - rv = vb2_verify_packed_key_inside(kb, block_size, &kb->data_key); - if (rv) - return rv; + VB2_TRY(vb2_verify_packed_key_inside(kb, block_size, &kb->data_key)); /* Save the future offset and size while kb->data_key is still valid. The check above made sure that key_offset and key_size are sane. */ @@ -149,7 +137,7 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx) struct vb2_fw_preamble *pre; uint32_t pre_size; - vb2_error_t rv; + vb2_error_t rv = VB2_SUCCESS; vb2_workbuf_from_ctx(ctx, &wb); @@ -157,20 +145,16 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx) if (!sd->data_key_size) return VB2_ERROR_FW_PREAMBLE2_DATA_KEY; - rv = vb2_unpack_key_buffer(&data_key, key_data, key_size); - if (rv) - return rv; + VB2_TRY(vb2_unpack_key_buffer(&data_key, key_data, key_size)); /* Load the firmware preamble header */ pre = vb2_workbuf_alloc(&wb, sizeof(*pre)); if (!pre) return VB2_ERROR_FW_PREAMBLE2_WORKBUF_HEADER; - rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, - sd->vblock_preamble_offset, - pre, sizeof(*pre)); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, + sd->vblock_preamble_offset, + pre, sizeof(*pre))); pre_size = pre->preamble_size; @@ -179,20 +163,15 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx) if (!pre) return VB2_ERROR_FW_PREAMBLE2_WORKBUF; - rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, - sd->vblock_preamble_offset, - pre, pre_size); - if (rv) - return rv; + VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, + sd->vblock_preamble_offset, + pre, pre_size)); /* Work buffer now contains the data subkey data and the preamble */ /* Verify the preamble */ - rv = vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb); - if (rv) { - vb2api_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv); - return rv; - } + VB2_TRY(vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb), + ctx, VB2_RECOVERY_FW_PREAMBLE); /* * Firmware version is the lower 16 bits of the composite firmware diff --git a/firmware/lib20/packed_key.c b/firmware/lib20/packed_key.c index 20b36a37..6d8fdebe 100644 --- a/firmware/lib20/packed_key.c +++ b/firmware/lib20/packed_key.c @@ -18,12 +18,9 @@ vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key, (const struct vb2_packed_key *)buf; const uint32_t *buf32; uint32_t expected_key_size; - vb2_error_t rv; /* Make sure passed buffer is big enough for the packed key */ - rv = vb2_verify_packed_key_inside(buf, size, packed_key); - if (rv) - return rv; + VB2_TRY(vb2_verify_packed_key_inside(buf, size, packed_key)); /* Unpack key algorithm */ key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); |