From 19788a7d88397e2d9df3881c39a9111f365fa3cf Mon Sep 17 00:00:00 2001
From: Joel Kitching <kitching@google.com>
Date: Thu, 13 Feb 2020 18:01:42 +0800
Subject: vboot: use VB2_SD_FLAG_KERNEL_SIGNED

Use vboot2 variant VB2_SD_FLAG_KERNEL_SIGNED instead of
vboot1 VBSD flag VBSD_KERNEL_KEY_VERIFIED.  Export the
flag back to vboot1 at the end of VBSLK.

BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none

Change-Id: Ie7516195b95a9ef2ca254616c9486991b1a418fa
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2053181
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
---
 firmware/lib/vboot_api_kernel.c | 4 ++++
 firmware/lib/vboot_kernel.c     | 2 +-
 tests/vboot_kernel_tests.c      | 6 ++++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 36bac6ed..822f1cbe 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -428,6 +428,10 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
 	if (rv == VB2_SUCCESS)
 		vb2_kernel_fill_kparams(ctx, kparams);
 
+	/* Translate vboot2 flags and fields into vboot1. */
+	if (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED)
+		sd->vbsd->flags |= VBSD_KERNEL_KEY_VERIFIED;
+
 	/* Commit data, but retain any previous errors */
 	call_rv = vb2_commit_data(ctx);
 	if (rv == VB2_SUCCESS)
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 9ca14bac..6c30c028 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -560,7 +560,7 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params)
 		int keyblock_valid = (shpart->flags &
 				      VBSD_LKP_FLAG_KEYBLOCK_VALID);
 		if (keyblock_valid) {
-			shared->flags |= VBSD_KERNEL_KEY_VERIFIED;
+			sd->flags |= VB2_SD_FLAG_KERNEL_SIGNED;
 			/* Track lowest version from a valid header. */
 			if (lowest_version > shpart->combined_version)
 				lowest_version = shpart->combined_version;
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index fd0ccfd1..7a2c2699 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -70,6 +70,7 @@ static uint8_t mock_digest[VB2_SHA256_DIGEST_SIZE] = {12, 34, 56, 78};
 static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]
 	__attribute__((aligned(VB2_WORKBUF_ALIGN)));
 static struct vb2_context *ctx;
+static struct vb2_shared_data *sd;
 static struct vb2_packed_key mock_key;
 
 /**
@@ -171,7 +172,7 @@ static void ResetMocks(void)
 
 	memset(&mock_key, 0, sizeof(mock_key));
 
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	sd = vb2_get_sd(ctx);
 	sd->vbsd = shared;
 
 	/* CRC will be invalid after here, but nobody's checking */
@@ -613,13 +614,13 @@ static void InvalidParamsTest(void)
 static void LoadKernelTest(void)
 {
 	ResetMocks();
-
 	TestLoadKernel(0, "First kernel good");
 	TEST_EQ(lkp.partition_number, 1, "  part num");
 	TEST_EQ(lkp.bootloader_address, 0xbeadd008, "  bootloader addr");
 	TEST_EQ(lkp.bootloader_size, 0x1234, "  bootloader size");
 	TEST_STR_EQ((char *)lkp.partition_guid, "FakeGuid", "  guid");
 	TEST_EQ(gpt_flag_external, 0, "GPT was internal");
+	TEST_NEQ(sd->flags & VB2_SD_FLAG_KERNEL_SIGNED, 0, "  use signature");
 
 	ResetMocks();
 	mock_parts[1].start = 300;
@@ -660,6 +661,7 @@ static void LoadKernelTest(void)
 	ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 	keyblock_verify_fail = 1;
 	TestLoadKernel(0, "Succeed keyblock dev sig");
+	TEST_EQ(sd->flags & VB2_SD_FLAG_KERNEL_SIGNED, 0, "  use hash");
 
 	/* In dev mode and requiring signed kernel, fail if sig is bad */
 	ResetMocks();
-- 
cgit v1.2.1