Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / af0bb8ae26f9d646c485202a1bba1b56747b9ec4^! / .
commitaf0bb8ae26f9d646c485202a1bba1b56747b9ec4[log] [tgz]
authorJulius Werner <jwerner@chromium.org>Thu Apr 16 12:21:57 2020 -0700
committerCommit Bot <commit-bot@chromium.org>Tue Apr 21 02:25:17 2020 +0000
tree547fe3f19b057f23551c34c069d6927fd09bac47
parentecf8073bd306ca45d7b6551efe094f9a555f9985 [diff]
2api: Add kernel version getter and make dev-signed check fail soft

This patch adds a function to retrieve the kernel rollback version from
secdata, which may be interesting to callers that have more advanced
ways of retrieving bootable images and want to be able to spot check
whether an image can be booted without passing the full thing to vboot.

Also reduce the penalty from calling vb2api_is_developer_signed() out of
turn from an immediate DIE() to an angry error message, to support a
case in depthcharge where for all practical purposes the call should
never happen too early, but the framework can't quite guarantee it.

BRANCH=None
BUG=b:153758197
TEST=None

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic7c2fc62e1ba80f69f70421907b9686f0b3dae77
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2153592
Reviewed-by: Jes Klinke <jbk@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Jes Klinke <jbk@chromium.org>

diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c
index fc9158a..e05726d 100644
--- a/firmware/2lib/2kernel.c
+++ b/firmware/2lib/2kernel.c

@@ -100,7 +100,7 @@
 	struct vb2_shared_data *sd = vb2_get_sd(ctx);
 
 	if (!sd->kernel_key_offset || !sd->kernel_key_size) {
-		VB2_REC_OR_DIE(ctx, "Cannot call this before kernel_phase1!\n");
+		VB2_DEBUG("ERROR: Cannot call this before kernel_phase1!\n");
 		return 0;
 	}
 

diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c
index 8b3cf59..de12ca0 100644
--- a/firmware/2lib/2secdata_kernel.c
+++ b/firmware/2lib/2secdata_kernel.c

@@ -306,3 +306,8 @@
 
 	return;
 }
+
+uint32_t vb2api_get_kernel_rollback_version(struct vb2_context *ctx)
+{
+	return vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
+}

diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 5c21989..d75b9e4 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h

@@ -817,6 +817,15 @@
 int vb2api_is_developer_signed(struct vb2_context *ctx);
 
 /**
+ * Return the current kernel rollback version from secdata.
+ *
+ * @param ctx		Vboot context
+ *
+ * @return The rollback version number.
+ */
+uint32_t vb2api_get_kernel_rollback_version(struct vb2_context *ctx);
+
+/**
  * If no display is available, set DISPLAY_REQUEST in nvdata.
  *
  * @param ctx           Vboot2 context