From f4a9bfb303b034639469f1f1fcf18d61357bd4fe Mon Sep 17 00:00:00 2001 From: Joel Kitching Date: Tue, 20 Aug 2019 12:50:53 +0800 Subject: vboot: deprecate fastboot support BUG=b:124141368, chromium:995172 TEST=make clean && make runtests BRANCH=none Change-Id: I42e4ac8a21ac3be416d315a8a8cc914f997bab79 Signed-off-by: Joel Kitching Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1758148 Reviewed-by: Julius Werner Tested-by: Joel Kitching Commit-Queue: Joel Kitching --- firmware/2lib/2misc.c | 2 -- firmware/2lib/2nvstorage.c | 19 +++---------- firmware/2lib/include/2gbb_flags.h | 4 +-- firmware/2lib/include/2nvstorage.h | 9 ++++--- firmware/2lib/include/2nvstorage_fields.h | 4 +-- firmware/2lib/include/2recovery_reasons.h | 4 +-- firmware/lib/vboot_api_kernel.c | 38 +++++--------------------- firmware/lib/vboot_display.c | 10 ------- host/lib/crossystem.c | 10 ------- scripts/image_signing/gbb_flags_common.sh | 1 - tests/vb2_misc_tests.c | 6 ----- tests/vb2_nvstorage_tests.c | 2 -- tests/vboot_api_kernel5_tests.c | 44 ------------------------------- 13 files changed, 22 insertions(+), 131 deletions(-) mode change 100644 => 100755 scripts/image_signing/gbb_flags_common.sh diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 19380973..28ca3689 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -305,9 +305,7 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx) vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 0); vb2_nv_set(ctx, VB2_NV_DEV_BOOT_LEGACY, 0); vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 0); - vb2_nv_set(ctx, VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP, 0); vb2_nv_set(ctx, VB2_NV_DEV_DEFAULT_BOOT, 0); - vb2_nv_set(ctx, VB2_NV_FASTBOOT_UNLOCK_IN_FW, 0); } if (ctx->flags & VB2_CONTEXT_FORCE_WIPEOUT_MODE) diff --git a/firmware/2lib/2nvstorage.c b/firmware/2lib/2nvstorage.c index a418a559..be23cbbc 100644 --- a/firmware/2lib/2nvstorage.c +++ b/firmware/2lib/2nvstorage.c @@ -162,10 +162,6 @@ uint32_t vb2_nv_get(struct vb2_context *ctx, enum vb2_nv_param param) case VB2_NV_DEV_BOOT_SIGNED_ONLY: return GETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_SIGNED_ONLY); - case VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP: - return GETBIT(VB2_NV_OFFS_DEV, - VB2_NV_DEV_FLAG_FASTBOOT_FULL_CAP); - case VB2_NV_DEV_DEFAULT_BOOT: return (p[VB2_NV_OFFS_DEV] & VB2_NV_DEV_FLAG_DEFAULT_BOOT) >> VB2_NV_DEV_DEFAULT_BOOT_SHIFT; @@ -194,9 +190,6 @@ uint32_t vb2_nv_get(struct vb2_context *ctx, enum vb2_nv_param param) case VB2_NV_REQ_WIPEOUT: return GETBIT(VB2_NV_OFFS_HEADER , VB2_NV_HEADER_WIPEOUT); - case VB2_NV_FASTBOOT_UNLOCK_IN_FW: - return GETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_UNLOCK_FASTBOOT); - case VB2_NV_BOOT_ON_AC_DETECT: return GETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_BOOT_ON_AC_DETECT); @@ -226,6 +219,8 @@ uint32_t vb2_nv_get(struct vb2_context *ctx, enum vb2_nv_param param) return GETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_POST_EC_SYNC_DELAY); + case VB2_NV_DEPRECATED_DEV_BOOT_FASTBOOT_FULL_CAP: + case VB2_NV_DEPRECATED_FASTBOOT_UNLOCK_IN_FW: case VB2_NV_DEPRECATED_ENABLE_ALT_OS_REQUEST: case VB2_NV_DEPRECATED_DISABLE_ALT_OS_REQUEST: return 0; @@ -354,10 +349,6 @@ void vb2_nv_set(struct vb2_context *ctx, SETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_SIGNED_ONLY); break; - case VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP: - SETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_FASTBOOT_FULL_CAP); - break; - case VB2_NV_DEV_DEFAULT_BOOT: /* Map out of range values to disk */ if (value > (VB2_NV_DEV_FLAG_DEFAULT_BOOT >> @@ -401,10 +392,6 @@ void vb2_nv_set(struct vb2_context *ctx, SETBIT(VB2_NV_OFFS_HEADER , VB2_NV_HEADER_WIPEOUT); break; - case VB2_NV_FASTBOOT_UNLOCK_IN_FW: - SETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_UNLOCK_FASTBOOT); - break; - case VB2_NV_BOOT_ON_AC_DETECT: SETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_BOOT_ON_AC_DETECT); break; @@ -439,6 +426,8 @@ void vb2_nv_set(struct vb2_context *ctx, SETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_POST_EC_SYNC_DELAY); break; + case VB2_NV_DEPRECATED_DEV_BOOT_FASTBOOT_FULL_CAP: + case VB2_NV_DEPRECATED_FASTBOOT_UNLOCK_IN_FW: case VB2_NV_DEPRECATED_ENABLE_ALT_OS_REQUEST: case VB2_NV_DEPRECATED_DISABLE_ALT_OS_REQUEST: return; diff --git a/firmware/2lib/include/2gbb_flags.h b/firmware/2lib/include/2gbb_flags.h index e90dfb15..600ac89e 100644 --- a/firmware/2lib/include/2gbb_flags.h +++ b/firmware/2lib/include/2gbb_flags.h @@ -70,9 +70,9 @@ enum vb2_gbb_flag { /* * Allow full fastboot capability in firmware even if - * dev_boot_fastboot_full_cap=0. + * dev_boot_fastboot_full_cap=0. Deprecated; see chromium:995172. */ - VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP = 1 << 13, + VB2_GBB_FLAG_DEPRECATED_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP = 1 << 13, /* Recovery mode always assumes manual recovery, even if EC_IN_RW=1 */ VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY = 1 << 14, diff --git a/firmware/2lib/include/2nvstorage.h b/firmware/2lib/include/2nvstorage.h index 4b15c2aa..a95515b7 100644 --- a/firmware/2lib/include/2nvstorage.h +++ b/firmware/2lib/include/2nvstorage.h @@ -54,9 +54,9 @@ enum vb2_nv_param { VB2_NV_DEV_BOOT_SIGNED_ONLY, /* * Allow full fastboot capability in firmware in developer mode. - * 0=no, 1=yes. + * 0=no, 1=yes. Deprecated; see chromium:995172. */ - VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP, + VB2_NV_DEPRECATED_DEV_BOOT_FASTBOOT_FULL_CAP, /* Set default boot mode (see vb2_dev_default_boot) */ VB2_NV_DEV_DEFAULT_BOOT, /* Enable USB Device Controller */ @@ -94,8 +94,9 @@ enum vb2_nv_param { /* Request wipeout of the device by the app. */ VB2_NV_REQ_WIPEOUT, - /* Fastboot: Unlock in firmware, 0=disabled, 1=enabled. */ - VB2_NV_FASTBOOT_UNLOCK_IN_FW, + /* Fastboot: Unlock in firmware, 0=disabled, 1=enabled. + Deprecated; see chromium:995172. */ + VB2_NV_DEPRECATED_FASTBOOT_UNLOCK_IN_FW, /* Boot system when AC detected (0=no, 1=yes). */ VB2_NV_BOOT_ON_AC_DETECT, /* diff --git a/firmware/2lib/include/2nvstorage_fields.h b/firmware/2lib/include/2nvstorage_fields.h index ce24c6a4..ec1f85e1 100644 --- a/firmware/2lib/include/2nvstorage_fields.h +++ b/firmware/2lib/include/2nvstorage_fields.h @@ -92,7 +92,7 @@ enum vb2_nv_offset { #define VB2_NV_DEV_FLAG_USB 0x01 #define VB2_NV_DEV_FLAG_SIGNED_ONLY 0x02 #define VB2_NV_DEV_FLAG_LEGACY 0x04 -#define VB2_NV_DEV_FLAG_FASTBOOT_FULL_CAP 0x08 +#define VB2_NV_DEV_FLAG_DEPRECATED_FASTBOOT_FULL_CAP 0x08 #define VB2_NV_DEV_FLAG_DEFAULT_BOOT 0x30 #define VB2_NV_DEV_DEFAULT_BOOT_SHIFT 4 /* Number of bits to shift */ #define VB2_NV_DEV_FLAG_UDC 0x40 @@ -103,7 +103,7 @@ enum vb2_nv_offset { #define VB2_NV_TPM_REBOOTED 0x04 /* Fields in VB2_NV_OFFS_MISC (unused = 0x80) */ -#define VB2_NV_MISC_UNLOCK_FASTBOOT 0x01 +#define VB2_NV_MISC_DEPRECATED_UNLOCK_FASTBOOT 0x01 #define VB2_NV_MISC_BOOT_ON_AC_DETECT 0x02 #define VB2_NV_MISC_TRY_RO_SYNC 0x04 #define VB2_NV_MISC_BATTERY_CUTOFF 0x08 diff --git a/firmware/2lib/include/2recovery_reasons.h b/firmware/2lib/include/2recovery_reasons.h index 870df1f0..3d1b3cfa 100644 --- a/firmware/2lib/include/2recovery_reasons.h +++ b/firmware/2lib/include/2recovery_reasons.h @@ -214,7 +214,7 @@ enum vb2_nv_recovery { VB2_RECOVERY_SECDATAK_INIT = 0x5d, /* Fastboot mode requested in firmware */ - VB2_RECOVERY_FW_FASTBOOT = 0x5e, + VB2_RECOVERY_DEPRECATED_FW_FASTBOOT = 0x5e, /* Recovery hash space lock error in RO firmware */ VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR = 0x5f, @@ -241,7 +241,7 @@ enum vb2_nv_recovery { VB2_RECOVERY_BCB_USER_MODE = 0xc2, /* Fastboot mode requested by user-mode */ - VB2_RECOVERY_US_FASTBOOT = 0xc3, + VB2_RECOVERY_DEPRECATED_US_FASTBOOT = 0xc3, /* User requested recovery for training memory and rebooting. */ VB2_RECOVERY_TRAIN_AND_REBOOT = 0xc4, diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 621aa7fe..dbaf93f3 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -470,7 +470,6 @@ vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx, uint64_t body_offset; int hash_only = 0; int dev_switch; - uint32_t allow_fastboot_full_cap = 0; struct vb2_workbuf wb; vb2_error_t retval; vb2_error_t rv; @@ -482,8 +481,6 @@ vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx, if (retval) goto fail; - struct vb2_gbb_header *gbb = vb2_get_gbb(ctx); - if ((boot_image == NULL) || (image_size == 0)) { retval = VB2_ERROR_INVALID_PARAMETER; goto fail; @@ -491,34 +488,12 @@ vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx, kbuf = boot_image; - /* - * We don't care verifying the image if: - * 1. dev-mode switch is on and - * 2a. GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set, or - * 2b. DEV_BOOT_FASTBOOT_FULL_CAP flag is set in NvStorage - * - * Check only the integrity of the image. - */ - dev_switch = shared->flags & VBSD_BOOT_DEV_SWITCH_ON; - allow_fastboot_full_cap = - vb2_nv_get(ctx, VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP); - - if (0 == allow_fastboot_full_cap) { - allow_fastboot_full_cap = !!(gbb->flags & - VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP); - } - - if (dev_switch && allow_fastboot_full_cap) { - VB2_DEBUG("Only performing integrity-check.\n"); - hash_only = 1; - } else { - /* Get recovery key. */ - rv = vb2_gbb_read_recovery_key(ctx, &kernel_subkey, NULL, &wb); - if (VB2_SUCCESS != rv) { - VB2_DEBUG("GBB read recovery key failed.\n"); - retval = VBERROR_INVALID_GBB; - goto fail; - } + /* Get recovery key. */ + rv = vb2_gbb_read_recovery_key(ctx, &kernel_subkey, NULL, &wb); + if (VB2_SUCCESS != rv) { + VB2_DEBUG("GBB read recovery key failed.\n"); + retval = VBERROR_INVALID_GBB; + goto fail; } /* If we fail at any step, retval returned would be invalid kernel. */ @@ -548,6 +523,7 @@ vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx, } /* Check the key block flags against the current boot mode. */ + dev_switch = shared->flags & VBSD_BOOT_DEV_SWITCH_ON; if (!(key_block->key_block_flags & (dev_switch ? KEY_BLOCK_FLAG_DEVELOPER_1 : KEY_BLOCK_FLAG_DEVELOPER_0))) { diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c index 52d3510e..725e1aaa 100644 --- a/firmware/lib/vboot_display.c +++ b/firmware/lib/vboot_display.c @@ -241,8 +241,6 @@ const char *RecoveryReasonString(uint8_t code) return "No bootable kernel found on disk"; case VB2_RECOVERY_RW_BCB_ERROR: return "BCB partition error on disk"; - case VB2_RECOVERY_FW_FASTBOOT: - return "Fastboot-mode requested in firmware"; case VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR: return "Recovery hash space lock error in RO firmware"; case VB2_RECOVERY_RW_UNSPECIFIED: @@ -255,8 +253,6 @@ const char *RecoveryReasonString(uint8_t code) return "Recovery mode test from user-mode"; case VB2_RECOVERY_BCB_USER_MODE: return "User-mode requested recovery via BCB"; - case VB2_RECOVERY_US_FASTBOOT: - return "User-mode requested fastboot mode"; case VB2_RECOVERY_TRAIN_AND_REBOOT: return "User-mode requested DRAM train and reboot"; case VB2_RECOVERY_US_UNSPECIFIED: @@ -342,12 +338,6 @@ vb2_error_t VbDisplayDebugInfo(struct vb2_context *ctx) DEBUG_INFO_SIZE - used); used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, i, 10, 0); - /* Add dev_boot_fastboot_full_cap flag */ - i = vb2_nv_get(ctx, VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP); - used += StrnAppend(buf + used, "\ndev_boot_fastboot_full_cap: ", - DEBUG_INFO_SIZE - used); - used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used, i, 10, 0); - /* Add TPM versions */ used += StrnAppend(buf + used, "\nTPM: fwver=0x", DEBUG_INFO_SIZE - used); diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index 9b89fdc1..3db2ecb7 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -525,8 +525,6 @@ int VbGetSystemPropertyInt(const char *name) value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_LEGACY); } else if (!strcasecmp(name,"dev_boot_signed_only")) { value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_SIGNED_ONLY); - } else if (!strcasecmp(name,"dev_boot_fastboot_full_cap")) { - value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP); } else if (!strcasecmp(name,"dev_enable_udc")) { value = vb2_get_nv_storage(VB2_NV_DEV_ENABLE_UDC); } else if (!strcasecmp(name,"display_request")) { @@ -561,8 +559,6 @@ int VbGetSystemPropertyInt(const char *name) value = GetVdatInt(VDAT_INT_TRIED_FIRMWARE_B); } else if (!strcasecmp(name,"recovery_reason")) { value = GetVdatInt(VDAT_INT_RECOVERY_REASON); - } else if (!strcasecmp(name, "fastboot_unlock_in_fw")) { - value = vb2_get_nv_storage(VB2_NV_FASTBOOT_UNLOCK_IN_FW); } else if (!strcasecmp(name, "boot_on_ac_detect")) { value = vb2_get_nv_storage(VB2_NV_BOOT_ON_AC_DETECT); } else if (!strcasecmp(name, "try_ro_sync")) { @@ -726,12 +722,6 @@ int VbSetSystemPropertyInt(const char *name, int value) } else if (!strcasecmp(name,"dev_boot_signed_only")) { return vb2_set_nv_storage_with_backup( VB2_NV_DEV_BOOT_SIGNED_ONLY, value); - } else if (!strcasecmp(name,"dev_boot_fastboot_full_cap")) { - return vb2_set_nv_storage_with_backup( - VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP, value); - } else if (!strcasecmp(name, "fastboot_unlock_in_fw")) { - return vb2_set_nv_storage_with_backup( - VB2_NV_FASTBOOT_UNLOCK_IN_FW, value); } else if (!strcasecmp(name, "dev_enable_udc")) { return vb2_set_nv_storage_with_backup( VB2_NV_DEV_ENABLE_UDC, value); diff --git a/scripts/image_signing/gbb_flags_common.sh b/scripts/image_signing/gbb_flags_common.sh old mode 100644 new mode 100755 index d4e3cedf..2b0e58de --- a/scripts/image_signing/gbb_flags_common.sh +++ b/scripts/image_signing/gbb_flags_common.sh @@ -32,7 +32,6 @@ GBBFLAGS_LIST=" VB2_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY 0x00000400 VB2_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC 0x00000800 VB2_GBB_FLAG_DISABLE_LID_SHUTDOWN 0x00001000 - VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP 0x00002000 VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY 0x00004000 VB2_GBB_FLAG_DISABLE_FWMP 0x00008000 VB2_GBB_FLAG_ENABLE_UDC 0x00010000 diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index c2763e4e..8e96f1c0 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -368,9 +368,7 @@ static void dev_switch_tests(void) vb2_nv_set(&ctx, VB2_NV_DEV_BOOT_USB, 1); vb2_nv_set(&ctx, VB2_NV_DEV_BOOT_LEGACY, 1); vb2_nv_set(&ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1); - vb2_nv_set(&ctx, VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP, 1); vb2_nv_set(&ctx, VB2_NV_DEV_DEFAULT_BOOT, 1); - vb2_nv_set(&ctx, VB2_NV_FASTBOOT_UNLOCK_IN_FW, 1); TEST_SUCC(vb2_check_dev_switch(&ctx), "dev mode off"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_DEV_BOOT_USB), 0, " cleared dev boot usb"); @@ -378,12 +376,8 @@ static void dev_switch_tests(void) 0, " cleared dev boot legacy"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY), 0, " cleared dev boot signed only"); - TEST_EQ(vb2_nv_get(&ctx, VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP), - 0, " cleared dev boot fastboot full cap"); TEST_EQ(vb2_nv_get(&ctx, VB2_NV_DEV_DEFAULT_BOOT), 0, " cleared dev default boot"); - TEST_EQ(vb2_nv_get(&ctx, VB2_NV_FASTBOOT_UNLOCK_IN_FW), - 0, " cleared dev boot fastboot unlock in fw"); /* Normal-dev transition clears TPM */ reset_common_data(); diff --git a/tests/vb2_nvstorage_tests.c b/tests/vb2_nvstorage_tests.c index d47eaef7..1addc003 100644 --- a/tests/vb2_nvstorage_tests.c +++ b/tests/vb2_nvstorage_tests.c @@ -46,7 +46,6 @@ static struct nv_field nvfields[] = { {VB2_NV_DEV_BOOT_USB, 0, 1, 0, "dev boot usb"}, {VB2_NV_DEV_BOOT_LEGACY, 0, 1, 0, "dev boot legacy"}, {VB2_NV_DEV_BOOT_SIGNED_ONLY, 0, 1, 0, "dev boot custom"}, - {VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP, 0, 1, 0, "dev boot fb full cap"}, {VB2_NV_DEV_DEFAULT_BOOT, 0, 1, 2, "dev default boot"}, {VB2_NV_DIAG_REQUEST, 0, 1, 0, "diagnostic rom request"}, {VB2_NV_DISABLE_DEV_REQUEST, 0, 1, 0, "disable dev request"}, @@ -56,7 +55,6 @@ static struct nv_field nvfields[] = { {VB2_NV_REQ_WIPEOUT, 0, 1, 0, "request wipeout"}, {VB2_NV_DISPLAY_REQUEST, 0, 1, 0, "oprom needed"}, {VB2_NV_BACKUP_NVRAM_REQUEST, 0, 1, 0, "backup nvram request"}, - {VB2_NV_FASTBOOT_UNLOCK_IN_FW, 0, 1, 0, "fastboot unlock in fw"}, {VB2_NV_BOOT_ON_AC_DETECT, 0, 1, 0, "boot on ac detect"}, {VB2_NV_TRY_RO_SYNC, 0, 1, 0, "try read only software sync"}, {VB2_NV_BATTERY_CUTOFF_REQUEST, 0, 1, 0, "battery cutoff request"}, diff --git a/tests/vboot_api_kernel5_tests.c b/tests/vboot_api_kernel5_tests.c index f07fc2d9..86195e3c 100644 --- a/tests/vboot_api_kernel5_tests.c +++ b/tests/vboot_api_kernel5_tests.c @@ -284,26 +284,6 @@ static void VerifyMemoryBootImageTest(void) VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); TEST_EQ(hash_only_check, 0, " hash check"); - /* Key Block Hash Failure */ - ResetMocks(); - shared->flags = VBSD_BOOT_DEV_SWITCH_ON; - gbb.flags = VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP; - key_block_verify_fail = 1; - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); - TEST_EQ(hash_only_check, 1, " hash check"); - - /* Key Block Hash Failure -- VBNV */ - ResetMocks(); - shared->flags = VBSD_BOOT_DEV_SWITCH_ON; - key_block_verify_fail = 1; - vb2_nv_set(&ctx_nvram_backend, VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP, 1); - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); - TEST_EQ(hash_only_check, 1, " hash check -- VBNV flag"); - /* Developer flag mismatch - dev switch on */ ResetMocks(); kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 | @@ -315,30 +295,6 @@ static void VerifyMemoryBootImageTest(void) VBERROR_INVALID_KERNEL_FOUND, "Developer flag mismatch - dev switch on"); - /* Developer flag mismatch - dev switch on with GBB override */ - ResetMocks(); - kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 | - KEY_BLOCK_FLAG_RECOVERY_1; - copy_kbh(); - gbb.flags = VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP; - shared->flags = VBSD_BOOT_DEV_SWITCH_ON; - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VB2_SUCCESS, - "Developer flag mismatch - dev switch on(gbb override)"); - - /* Recovery flag mismatch - dev switch on with GBB override */ - ResetMocks(); - kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 | - KEY_BLOCK_FLAG_RECOVERY_0; - copy_kbh(); - shared->flags = VBSD_BOOT_DEV_SWITCH_ON; - gbb.flags = VB2_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP; - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VB2_SUCCESS, - "Recovery flag mismatch - dev switch on(gbb override)"); - /* Developer flag mismatch - dev switch off */ ResetMocks(); kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_1 | -- cgit v1.2.1