vboot: use VB2_SD_FLAG_KERNEL_SIGNED
Use vboot2 variant VB2_SD_FLAG_KERNEL_SIGNED instead of
vboot1 VBSD flag VBSD_KERNEL_KEY_VERIFIED. Export the
flag back to vboot1 at the end of VBSLK.
BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ie7516195b95a9ef2ca254616c9486991b1a418fa
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2053181
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 36bac6e..822f1cb 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -428,6 +428,10 @@
if (rv == VB2_SUCCESS)
vb2_kernel_fill_kparams(ctx, kparams);
+ /* Translate vboot2 flags and fields into vboot1. */
+ if (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED)
+ sd->vbsd->flags |= VBSD_KERNEL_KEY_VERIFIED;
+
/* Commit data, but retain any previous errors */
call_rv = vb2_commit_data(ctx);
if (rv == VB2_SUCCESS)
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 9ca14ba..6c30c02 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -560,7 +560,7 @@
int keyblock_valid = (shpart->flags &
VBSD_LKP_FLAG_KEYBLOCK_VALID);
if (keyblock_valid) {
- shared->flags |= VBSD_KERNEL_KEY_VERIFIED;
+ sd->flags |= VB2_SD_FLAG_KERNEL_SIGNED;
/* Track lowest version from a valid header. */
if (lowest_version > shpart->combined_version)
lowest_version = shpart->combined_version;
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index fd0ccfd..7a2c269 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -70,6 +70,7 @@
static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]
__attribute__((aligned(VB2_WORKBUF_ALIGN)));
static struct vb2_context *ctx;
+static struct vb2_shared_data *sd;
static struct vb2_packed_key mock_key;
/**
@@ -171,7 +172,7 @@
memset(&mock_key, 0, sizeof(mock_key));
- struct vb2_shared_data *sd = vb2_get_sd(ctx);
+ sd = vb2_get_sd(ctx);
sd->vbsd = shared;
/* CRC will be invalid after here, but nobody's checking */
@@ -613,13 +614,13 @@
static void LoadKernelTest(void)
{
ResetMocks();
-
TestLoadKernel(0, "First kernel good");
TEST_EQ(lkp.partition_number, 1, " part num");
TEST_EQ(lkp.bootloader_address, 0xbeadd008, " bootloader addr");
TEST_EQ(lkp.bootloader_size, 0x1234, " bootloader size");
TEST_STR_EQ((char *)lkp.partition_guid, "FakeGuid", " guid");
TEST_EQ(gpt_flag_external, 0, "GPT was internal");
+ TEST_NEQ(sd->flags & VB2_SD_FLAG_KERNEL_SIGNED, 0, " use signature");
ResetMocks();
mock_parts[1].start = 300;
@@ -660,6 +661,7 @@
ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
keyblock_verify_fail = 1;
TestLoadKernel(0, "Succeed keyblock dev sig");
+ TEST_EQ(sd->flags & VB2_SD_FLAG_KERNEL_SIGNED, 0, " use hash");
/* In dev mode and requiring signed kernel, fail if sig is bad */
ResetMocks();
