2api: Add kernel version getter and make dev-signed check fail soft
This patch adds a function to retrieve the kernel rollback version from
secdata, which may be interesting to callers that have more advanced
ways of retrieving bootable images and want to be able to spot check
whether an image can be booted without passing the full thing to vboot.
Also reduce the penalty from calling vb2api_is_developer_signed() out of
turn from an immediate DIE() to an angry error message, to support a
case in depthcharge where for all practical purposes the call should
never happen too early, but the framework can't quite guarantee it.
BRANCH=None
BUG=b:153758197
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic7c2fc62e1ba80f69f70421907b9686f0b3dae77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2153592
Reviewed-by: Jes Klinke <jbk@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Jes Klinke <jbk@chromium.org>
3 files changed
