tests/vboot_api_init_tests.c - mirrors/cros/chromiumos/platform/vboot_reference - Git at Google

 /* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Tests for vboot_api_init
  */

 #include <stdio.h>
 #include <stdlib.h>

 #include "gbb_header.h"
 #include "host_common.h"
 #include "rollback_index.h"
 #include "test_common.h"
 #include "vboot_common.h"
 #include "vboot_nvstorage.h"
 #include "vboot_struct.h"

 /* Mock data */
 static VbCommonParams cparams;
 static VbInitParams iparams;
 static VbNvContext vnc;
 static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE];
 static VbSharedDataHeader* shared = (VbSharedDataHeader*)shared_data;
 static uint64_t mock_timer;
 static int rollback_s3_retval;
 static int nv_write_called;
 static GoogleBinaryBlockHeader gbb;
 static int mock_virt_dev_sw;
 static uint32_t mock_tpm_version;
 static uint32_t mock_rfs_retval;

 /* Reset mock data (for use before each test) */
 static void ResetMocks(void) {
   Memset(&cparams, 0, sizeof(cparams));
   cparams.shared_data_size = sizeof(shared_data);
   cparams.shared_data_blob = shared_data;
   cparams.gbb_data = &gbb;

   Memset(&gbb, 0, sizeof(gbb));
   gbb.major_version = GBB_MAJOR_VER;
   gbb.minor_version = GBB_MINOR_VER;
   gbb.flags = 0;

   Memset(&iparams, 0, sizeof(iparams));

   Memset(&vnc, 0, sizeof(vnc));
   VbNvSetup(&vnc);
   VbNvTeardown(&vnc);                   /* So CRC gets generated */

   Memset(&shared_data, 0, sizeof(shared_data));
   VbSharedDataInit(shared, sizeof(shared_data));

   mock_timer = 10;
   rollback_s3_retval = TPM_SUCCESS;
   nv_write_called = 0;

   mock_virt_dev_sw = 0;
   mock_tpm_version = 0x10001;
   mock_rfs_retval = 0;
 }

 /****************************************************************************/
 /* Mocked verification functions */

 VbError_t VbExNvStorageRead(uint8_t* buf) {
   Memcpy(buf, vnc.raw, sizeof(vnc.raw));
   return VBERROR_SUCCESS;
 }

 VbError_t VbExNvStorageWrite(const uint8_t* buf) {
   nv_write_called = 1;
   Memcpy(vnc.raw, buf, sizeof(vnc.raw));
   return VBERROR_SUCCESS;
 }

 uint64_t VbExGetTimer(void) {
   /* Exponential-ish rather than linear time, so that subtracting any
    * two mock values will yield a unique result. */
   uint64_t new_timer = mock_timer * 2 + 1;
   VbAssert(new_timer > mock_timer);  /* Make sure we don't overflow */
   mock_timer = new_timer;
   return mock_timer;
 }

 uint32_t RollbackS3Resume(void) {
   return rollback_s3_retval;
 }

 uint32_t RollbackFirmwareSetup(int recovery_mode, int is_hw_dev,
                                int disable_dev_request,
                                int clear_tpm_owner_request,
                                /* two outputs on success */
                                int *is_virt_dev, uint32_t *version) {
   *is_virt_dev = mock_virt_dev_sw;
   *version = mock_tpm_version;
   return mock_rfs_retval;
 }

 /****************************************************************************/
 /* Test VbInit() and check expected return value and recovery reason */
 static void TestVbInit(VbError_t expected_retval,
                        uint8_t expected_recovery, const char* desc) {
   uint32_t rr = 256;

   TEST_EQ(VbInit(&cparams, &iparams), expected_retval, desc);
   VbNvGet(&vnc, VBNV_RECOVERY_REQUEST, &rr);
   TEST_EQ(rr, expected_recovery, "  (recovery request)");
 }

 /****************************************************************************/

 static void VbInitTest(void) {
   uint32_t u;

   /* Test passing in too small a shared data area */
   ResetMocks();
   cparams.shared_data_size = VB_SHARED_DATA_MIN_SIZE - 1;
   TestVbInit(VBERROR_INIT_SHARED_DATA, 0, "Shared data too small");

   /* Normal call; dev=0 rec=0 */
   ResetMocks();
   TestVbInit(0, 0, "Normal call");
   TEST_EQ(shared->timer_vb_init_enter, 21, "  time enter");
   TEST_EQ(shared->timer_vb_init_exit, 43, "  time exit");
   TEST_EQ(shared->flags, 0, "  shared flags");
   TEST_EQ(iparams.out_flags, 0, "  out flags");
   TEST_EQ(nv_write_called, 0, "  NV write not called since nothing changed");

   /* If NV data is trashed, we initialize it */
   ResetMocks();
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
   /* Note that we're not doing a VbNvTeardown(), so the CRC hasn't
    * been regenerated yet.  So VbInit() should ignore the corrupted
    * recovery value and boot normally. */
   TestVbInit(0, 0, "NV data trashed");
   TEST_EQ(nv_write_called, 1, "  NV write called");

   /* Test boot switch flags which are just passed through to shared
    * flags, and don't have an effect on VbInit(). */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_WP_ENABLED;
   TestVbInit(0, 0, "Flags test WP");
   TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_WP_ENABLED, "  shared flags WP");

   ResetMocks();
   iparams.flags = VB_INIT_FLAG_SW_WP_ENABLED;
   TestVbInit(0, 0, "Flags test SW WP");
   TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_SW_WP_ENABLED,
           "  shared flags SW WP");

   ResetMocks();
   iparams.flags = VB_INIT_FLAG_RO_NORMAL_SUPPORT;
   TestVbInit(0, 0, "  flags test RO normal");
   TEST_EQ(shared->flags, VBSD_BOOT_RO_NORMAL_SUPPORT,
           "  shared flags RO normal");

   /* S3 resume */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_S3_RESUME;
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
   VbNvTeardown(&vnc);
   /* S3 resume doesn't clear the recovery request (or act on it) */
   TestVbInit(0, 123, "S3 resume");
   TEST_EQ(shared->flags, VBSD_BOOT_S3_RESUME, "  shared flags S3");
   TEST_EQ(iparams.out_flags, 0, "  out flags");
   TEST_EQ(shared->recovery_reason, 0, "  S3 doesn't look at recovery request");

   /* S3 resume with TPM resume error */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_S3_RESUME;
   rollback_s3_retval = 1;
   /* S3 resume doesn't clear the recovery request (or act on it) */
   TestVbInit(VBERROR_TPM_S3_RESUME, 0, "S3 resume rollback error");

   /* Normal boot doesn't care about TPM resume error because it
    * doesn't call RollbackS3Resume() */
   ResetMocks();
   rollback_s3_retval = 1;
   TestVbInit(0, 0, "Normal doesn't S3 resume");

   /* S3 resume with debug reset */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_S3_RESUME;
   VbNvSet(&vnc, VBNV_DEBUG_RESET_MODE, 1);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "S3 debug reset");
   TEST_EQ(iparams.out_flags, VB_INIT_OUT_S3_DEBUG_BOOT, "  out flags");
   VbNvGet(&vnc, VBNV_DEBUG_RESET_MODE, &u);
   TEST_EQ(u, 0, "  S3 clears nv debug reset mode");

   /* Normal boot clears S3 debug reset mode, but doesn't set output flag */
   ResetMocks();
   VbNvSet(&vnc, VBNV_DEBUG_RESET_MODE, 1);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "Normal with debug reset mode");
   TEST_EQ(iparams.out_flags, 0, "  out flags");
   VbNvGet(&vnc, VBNV_DEBUG_RESET_MODE, &u);
   TEST_EQ(u, 0, "  normal clears nv debug reset mode");

   /* S3 resume with debug reset is a normal boot, so doesn't resume the TPM */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_S3_RESUME;
   rollback_s3_retval = 1;
   VbNvSet(&vnc, VBNV_DEBUG_RESET_MODE, 1);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "S3 debug reset rollback error");

   /* Developer mode */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_DEV_SWITCH_ON;
   TestVbInit(0, 0, "Dev mode on");
   TEST_EQ(shared->recovery_reason, 0, "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE |
           VB_INIT_OUT_ENABLE_DEVELOPER |
           VB_INIT_OUT_ENABLE_ALTERNATE_OS, "  out flags");
   TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, "  shared flags");

   /* Developer mode forced by GBB flag */
   ResetMocks();
   iparams.flags = 0;
   gbb.flags = GBB_FLAG_FORCE_DEV_SWITCH_ON;
   TestVbInit(0, 0, "Dev mode via GBB");
   TEST_EQ(shared->recovery_reason, 0, "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE |
           VB_INIT_OUT_ENABLE_DEVELOPER |
           VB_INIT_OUT_ENABLE_ALTERNATE_OS, "  out flags");
   TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, "  shared flags");

   /* Recovery mode from NV storage */
   ResetMocks();
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "Recovery mode - from nv");
   TEST_EQ(shared->recovery_reason, 123, "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_ENABLE_RECOVERY |
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE, "  out flags");
   TEST_EQ(shared->flags, 0, "  shared flags");

   /* Recovery mode from recovery button */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED;
   TestVbInit(0, 0, "Recovery mode - button");
   TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_MANUAL,
           "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_ENABLE_RECOVERY |
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE, "  out flags");
   TEST_EQ(shared->flags, VBSD_BOOT_REC_SWITCH_ON, "  shared flags");

   /* Recovery button reason supersedes NV reason */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED;
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "Recovery mode - button AND nv");
   TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_MANUAL,
           "  recovery reason");

   /* Recovery mode from previous boot fail */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_PREVIOUS_BOOT_FAIL;
   TestVbInit(0, 0, "Recovery mode - previous boot fail");
   TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_FIRMWARE,
           "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_ENABLE_RECOVERY |
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE, "  out flags");
   TEST_EQ(shared->flags, 0, "  shared flags");

   /* Recovery mode from NV supersedes previous boot fail */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_PREVIOUS_BOOT_FAIL;
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "Recovery mode - previous boot fail AND nv");
   TEST_EQ(shared->recovery_reason, 123, "  recovery reason");

   /* Dev + recovery = recovery */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED | VB_INIT_FLAG_DEV_SWITCH_ON;
   TestVbInit(0, 0, "Recovery mode - button");
   TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_MANUAL,
           "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_ENABLE_RECOVERY |
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE, "  out flags");
   TEST_EQ(shared->flags,
           VBSD_BOOT_REC_SWITCH_ON | VBSD_BOOT_DEV_SWITCH_ON, "  shared flags");
 }

 static void VbInitTestTPM(void) {

   /* Rollback setup needs to reboot */
   ResetMocks();
   mock_rfs_retval = TPM_E_MUST_REBOOT;
   TestVbInit(VBERROR_TPM_REBOOT_REQUIRED, 0, "Rollback TPM reboot (rec=0)");
   ResetMocks();
   mock_rfs_retval = TPM_E_MUST_REBOOT;
   iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED;
   TestVbInit(VBERROR_TPM_REBOOT_REQUIRED, VBNV_RECOVERY_RO_TPM_REBOOT,
            "Rollback TPM reboot, in recovery, first time");
   /* Ignore if we already tried rebooting */
   ResetMocks();
   mock_rfs_retval = TPM_E_MUST_REBOOT;
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, VBNV_RECOVERY_RO_TPM_REBOOT);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "Rollback TPM reboot, in recovery, already retried");
   TEST_EQ(shared->fw_version_tpm, 0x10001, "  shared fw_version_tpm");

   /* Other rollback setup errors */
   ResetMocks();
   mock_rfs_retval = TPM_E_IOERROR;
   mock_tpm_version = 0x20002;
   TestVbInit(VBERROR_TPM_FIRMWARE_SETUP, VBNV_RECOVERY_RO_TPM_ERROR,
            "Rollback TPM setup error - not in recovery");
   TEST_EQ(shared->fw_version_tpm, 0, "  shared fw_version_tpm not set");
   ResetMocks();
   mock_rfs_retval = TPM_E_IOERROR;
   VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, VBNV_RECOVERY_US_TEST);
   VbNvTeardown(&vnc);
   TestVbInit(0, 0, "Rollback TPM setup error ignored in recovery");
   TEST_EQ(shared->fw_version_tpm, 0x10001, "  shared fw_version_tpm");

   /* Virtual developer switch, but not enabled. */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_VIRTUAL_DEV_SWITCH;
   TestVbInit(0, 0, "TPM Dev mode off");
   TEST_EQ(shared->recovery_reason, 0, "  recovery reason");
   TEST_EQ(iparams.out_flags, 0, "  out flags");
   TEST_EQ(shared->flags, VBSD_HONOR_VIRT_DEV_SWITCH, "  shared flags");

   /* Virtual developer switch, enabled. */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_VIRTUAL_DEV_SWITCH;
   mock_virt_dev_sw = 1;
   TestVbInit(0, 0, "TPM Dev mode on");
   TEST_EQ(shared->recovery_reason, 0, "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE |
           VB_INIT_OUT_ENABLE_DEVELOPER |
           VB_INIT_OUT_ENABLE_ALTERNATE_OS, "  out flags");
   TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON | VBSD_HONOR_VIRT_DEV_SWITCH,
           "  shared flags");

   /* Ignore virtual developer switch, even though enabled. */
   ResetMocks();
   mock_virt_dev_sw = 1;
   TestVbInit(0, 0, "TPM Dev mode on but ignored");
   TEST_EQ(shared->recovery_reason, 0, "  recovery reason");
   TEST_EQ(iparams.out_flags, 0, "  out flags");
   TEST_EQ(shared->flags, 0, "  shared flags");

   /* HW dev switch on, no virtual developer switch */
   ResetMocks();
   iparams.flags = VB_INIT_FLAG_DEV_SWITCH_ON;
   TestVbInit(0, 0, "HW Dev mode on");
   TEST_EQ(shared->recovery_reason, 0, "  recovery reason");
   TEST_EQ(iparams.out_flags,
           VB_INIT_OUT_CLEAR_RAM |
           VB_INIT_OUT_ENABLE_DISPLAY |
           VB_INIT_OUT_ENABLE_USB_STORAGE |
           VB_INIT_OUT_ENABLE_DEVELOPER |
           VB_INIT_OUT_ENABLE_ALTERNATE_OS, "  out flags");
   TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, "  shared flags");
 }


 /* disable MSVC warnings on unused arguments */
 __pragma(warning (disable: 4100))

 int main(int argc, char* argv[]) {
   int error_code = 0;

   VbInitTest();
   VbInitTestTPM();

   if (!gTestSuccess)
     error_code = 255;

   return error_code;
 }
	/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
	* Use of this source code is governed by a BSD-style license that can be
	* found in the LICENSE file.
	*
	* Tests for vboot_api_init
	*/

	#include <stdio.h>
	#include <stdlib.h>

	#include "gbb_header.h"
	#include "host_common.h"
	#include "rollback_index.h"
	#include "test_common.h"
	#include "vboot_common.h"
	#include "vboot_nvstorage.h"
	#include "vboot_struct.h"

	/* Mock data */
	static VbCommonParams cparams;
	static VbInitParams iparams;
	static VbNvContext vnc;
	static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE];
	static VbSharedDataHeader* shared = (VbSharedDataHeader*)shared_data;
	static uint64_t mock_timer;
	static int rollback_s3_retval;
	static int nv_write_called;
	static GoogleBinaryBlockHeader gbb;
	static int mock_virt_dev_sw;
	static uint32_t mock_tpm_version;
	static uint32_t mock_rfs_retval;

	/* Reset mock data (for use before each test) */
	static void ResetMocks(void) {
	Memset(&cparams, 0, sizeof(cparams));
	cparams.shared_data_size = sizeof(shared_data);
	cparams.shared_data_blob = shared_data;
	cparams.gbb_data = &gbb;

	Memset(&gbb, 0, sizeof(gbb));
	gbb.major_version = GBB_MAJOR_VER;
	gbb.minor_version = GBB_MINOR_VER;
	gbb.flags = 0;

	Memset(&iparams, 0, sizeof(iparams));

	Memset(&vnc, 0, sizeof(vnc));
	VbNvSetup(&vnc);
	VbNvTeardown(&vnc); /* So CRC gets generated */

	Memset(&shared_data, 0, sizeof(shared_data));
	VbSharedDataInit(shared, sizeof(shared_data));

	mock_timer = 10;
	rollback_s3_retval = TPM_SUCCESS;
	nv_write_called = 0;

	mock_virt_dev_sw = 0;
	mock_tpm_version = 0x10001;
	mock_rfs_retval = 0;
	}

	/****************************************************************************/
	/* Mocked verification functions */

	VbError_t VbExNvStorageRead(uint8_t* buf) {
	Memcpy(buf, vnc.raw, sizeof(vnc.raw));
	return VBERROR_SUCCESS;
	}

	VbError_t VbExNvStorageWrite(const uint8_t* buf) {
	nv_write_called = 1;
	Memcpy(vnc.raw, buf, sizeof(vnc.raw));
	return VBERROR_SUCCESS;
	}

	uint64_t VbExGetTimer(void) {
	/* Exponential-ish rather than linear time, so that subtracting any
	* two mock values will yield a unique result. */
	uint64_t new_timer = mock_timer * 2 + 1;
	VbAssert(new_timer > mock_timer); /* Make sure we don't overflow */
	mock_timer = new_timer;
	return mock_timer;
	}

	uint32_t RollbackS3Resume(void) {
	return rollback_s3_retval;
	}

	uint32_t RollbackFirmwareSetup(int recovery_mode, int is_hw_dev,
	int disable_dev_request,
	int clear_tpm_owner_request,
	/* two outputs on success */
	int is_virt_dev, uint32_t version) {
	*is_virt_dev = mock_virt_dev_sw;
	*version = mock_tpm_version;
	return mock_rfs_retval;
	}

	/****************************************************************************/
	/* Test VbInit() and check expected return value and recovery reason */
	static void TestVbInit(VbError_t expected_retval,
	uint8_t expected_recovery, const char* desc) {
	uint32_t rr = 256;

	TEST_EQ(VbInit(&cparams, &iparams), expected_retval, desc);
	VbNvGet(&vnc, VBNV_RECOVERY_REQUEST, &rr);
	TEST_EQ(rr, expected_recovery, " (recovery request)");
	}

	/****************************************************************************/

	static void VbInitTest(void) {
	uint32_t u;

	/* Test passing in too small a shared data area */
	ResetMocks();
	cparams.shared_data_size = VB_SHARED_DATA_MIN_SIZE - 1;
	TestVbInit(VBERROR_INIT_SHARED_DATA, 0, "Shared data too small");

	/* Normal call; dev=0 rec=0 */
	ResetMocks();
	TestVbInit(0, 0, "Normal call");
	TEST_EQ(shared->timer_vb_init_enter, 21, " time enter");
	TEST_EQ(shared->timer_vb_init_exit, 43, " time exit");
	TEST_EQ(shared->flags, 0, " shared flags");
	TEST_EQ(iparams.out_flags, 0, " out flags");
	TEST_EQ(nv_write_called, 0, " NV write not called since nothing changed");

	/* If NV data is trashed, we initialize it */
	ResetMocks();
	VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
	/* Note that we're not doing a VbNvTeardown(), so the CRC hasn't
	* been regenerated yet. So VbInit() should ignore the corrupted
	* recovery value and boot normally. */
	TestVbInit(0, 0, "NV data trashed");
	TEST_EQ(nv_write_called, 1, " NV write called");

	/* Test boot switch flags which are just passed through to shared
	* flags, and don't have an effect on VbInit(). */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_WP_ENABLED;
	TestVbInit(0, 0, "Flags test WP");
	TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_WP_ENABLED, " shared flags WP");

	ResetMocks();
	iparams.flags = VB_INIT_FLAG_SW_WP_ENABLED;
	TestVbInit(0, 0, "Flags test SW WP");
	TEST_EQ(shared->flags, VBSD_BOOT_FIRMWARE_SW_WP_ENABLED,
	" shared flags SW WP");

	ResetMocks();
	iparams.flags = VB_INIT_FLAG_RO_NORMAL_SUPPORT;
	TestVbInit(0, 0, " flags test RO normal");
	TEST_EQ(shared->flags, VBSD_BOOT_RO_NORMAL_SUPPORT,
	" shared flags RO normal");

	/* S3 resume */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_S3_RESUME;
	VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
	VbNvTeardown(&vnc);
	/* S3 resume doesn't clear the recovery request (or act on it) */
	TestVbInit(0, 123, "S3 resume");
	TEST_EQ(shared->flags, VBSD_BOOT_S3_RESUME, " shared flags S3");
	TEST_EQ(iparams.out_flags, 0, " out flags");
	TEST_EQ(shared->recovery_reason, 0, " S3 doesn't look at recovery request");

	/* S3 resume with TPM resume error */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_S3_RESUME;
	rollback_s3_retval = 1;
	/* S3 resume doesn't clear the recovery request (or act on it) */
	TestVbInit(VBERROR_TPM_S3_RESUME, 0, "S3 resume rollback error");

	/* Normal boot doesn't care about TPM resume error because it
	* doesn't call RollbackS3Resume() */
	ResetMocks();
	rollback_s3_retval = 1;
	TestVbInit(0, 0, "Normal doesn't S3 resume");

	/* S3 resume with debug reset */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_S3_RESUME;
	VbNvSet(&vnc, VBNV_DEBUG_RESET_MODE, 1);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "S3 debug reset");
	TEST_EQ(iparams.out_flags, VB_INIT_OUT_S3_DEBUG_BOOT, " out flags");
	VbNvGet(&vnc, VBNV_DEBUG_RESET_MODE, &u);
	TEST_EQ(u, 0, " S3 clears nv debug reset mode");

	/* Normal boot clears S3 debug reset mode, but doesn't set output flag */
	ResetMocks();
	VbNvSet(&vnc, VBNV_DEBUG_RESET_MODE, 1);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "Normal with debug reset mode");
	TEST_EQ(iparams.out_flags, 0, " out flags");
	VbNvGet(&vnc, VBNV_DEBUG_RESET_MODE, &u);
	TEST_EQ(u, 0, " normal clears nv debug reset mode");

	/* S3 resume with debug reset is a normal boot, so doesn't resume the TPM */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_S3_RESUME;
	rollback_s3_retval = 1;
	VbNvSet(&vnc, VBNV_DEBUG_RESET_MODE, 1);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "S3 debug reset rollback error");

	/* Developer mode */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_DEV_SWITCH_ON;
	TestVbInit(0, 0, "Dev mode on");
	TEST_EQ(shared->recovery_reason, 0, " recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE \|
	VB_INIT_OUT_ENABLE_DEVELOPER \|
	VB_INIT_OUT_ENABLE_ALTERNATE_OS, " out flags");
	TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, " shared flags");

	/* Developer mode forced by GBB flag */
	ResetMocks();
	iparams.flags = 0;
	gbb.flags = GBB_FLAG_FORCE_DEV_SWITCH_ON;
	TestVbInit(0, 0, "Dev mode via GBB");
	TEST_EQ(shared->recovery_reason, 0, " recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE \|
	VB_INIT_OUT_ENABLE_DEVELOPER \|
	VB_INIT_OUT_ENABLE_ALTERNATE_OS, " out flags");
	TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, " shared flags");

	/* Recovery mode from NV storage */
	ResetMocks();
	VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "Recovery mode - from nv");
	TEST_EQ(shared->recovery_reason, 123, " recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_ENABLE_RECOVERY \|
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE, " out flags");
	TEST_EQ(shared->flags, 0, " shared flags");

	/* Recovery mode from recovery button */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED;
	TestVbInit(0, 0, "Recovery mode - button");
	TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_MANUAL,
	" recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_ENABLE_RECOVERY \|
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE, " out flags");
	TEST_EQ(shared->flags, VBSD_BOOT_REC_SWITCH_ON, " shared flags");

	/* Recovery button reason supersedes NV reason */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED;
	VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "Recovery mode - button AND nv");
	TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_MANUAL,
	" recovery reason");

	/* Recovery mode from previous boot fail */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_PREVIOUS_BOOT_FAIL;
	TestVbInit(0, 0, "Recovery mode - previous boot fail");
	TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_FIRMWARE,
	" recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_ENABLE_RECOVERY \|
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE, " out flags");
	TEST_EQ(shared->flags, 0, " shared flags");

	/* Recovery mode from NV supersedes previous boot fail */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_PREVIOUS_BOOT_FAIL;
	VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, 123);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "Recovery mode - previous boot fail AND nv");
	TEST_EQ(shared->recovery_reason, 123, " recovery reason");

	/* Dev + recovery = recovery */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED \| VB_INIT_FLAG_DEV_SWITCH_ON;
	TestVbInit(0, 0, "Recovery mode - button");
	TEST_EQ(shared->recovery_reason, VBNV_RECOVERY_RO_MANUAL,
	" recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_ENABLE_RECOVERY \|
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE, " out flags");
	TEST_EQ(shared->flags,
	VBSD_BOOT_REC_SWITCH_ON \| VBSD_BOOT_DEV_SWITCH_ON, " shared flags");
	}

	static void VbInitTestTPM(void) {

	/* Rollback setup needs to reboot */
	ResetMocks();
	mock_rfs_retval = TPM_E_MUST_REBOOT;
	TestVbInit(VBERROR_TPM_REBOOT_REQUIRED, 0, "Rollback TPM reboot (rec=0)");
	ResetMocks();
	mock_rfs_retval = TPM_E_MUST_REBOOT;
	iparams.flags = VB_INIT_FLAG_REC_BUTTON_PRESSED;
	TestVbInit(VBERROR_TPM_REBOOT_REQUIRED, VBNV_RECOVERY_RO_TPM_REBOOT,
	"Rollback TPM reboot, in recovery, first time");
	/* Ignore if we already tried rebooting */
	ResetMocks();
	mock_rfs_retval = TPM_E_MUST_REBOOT;
	VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, VBNV_RECOVERY_RO_TPM_REBOOT);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "Rollback TPM reboot, in recovery, already retried");
	TEST_EQ(shared->fw_version_tpm, 0x10001, " shared fw_version_tpm");

	/* Other rollback setup errors */
	ResetMocks();
	mock_rfs_retval = TPM_E_IOERROR;
	mock_tpm_version = 0x20002;
	TestVbInit(VBERROR_TPM_FIRMWARE_SETUP, VBNV_RECOVERY_RO_TPM_ERROR,
	"Rollback TPM setup error - not in recovery");
	TEST_EQ(shared->fw_version_tpm, 0, " shared fw_version_tpm not set");
	ResetMocks();
	mock_rfs_retval = TPM_E_IOERROR;
	VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, VBNV_RECOVERY_US_TEST);
	VbNvTeardown(&vnc);
	TestVbInit(0, 0, "Rollback TPM setup error ignored in recovery");
	TEST_EQ(shared->fw_version_tpm, 0x10001, " shared fw_version_tpm");

	/* Virtual developer switch, but not enabled. */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_VIRTUAL_DEV_SWITCH;
	TestVbInit(0, 0, "TPM Dev mode off");
	TEST_EQ(shared->recovery_reason, 0, " recovery reason");
	TEST_EQ(iparams.out_flags, 0, " out flags");
	TEST_EQ(shared->flags, VBSD_HONOR_VIRT_DEV_SWITCH, " shared flags");

	/* Virtual developer switch, enabled. */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_VIRTUAL_DEV_SWITCH;
	mock_virt_dev_sw = 1;
	TestVbInit(0, 0, "TPM Dev mode on");
	TEST_EQ(shared->recovery_reason, 0, " recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE \|
	VB_INIT_OUT_ENABLE_DEVELOPER \|
	VB_INIT_OUT_ENABLE_ALTERNATE_OS, " out flags");
	TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON \| VBSD_HONOR_VIRT_DEV_SWITCH,
	" shared flags");

	/* Ignore virtual developer switch, even though enabled. */
	ResetMocks();
	mock_virt_dev_sw = 1;
	TestVbInit(0, 0, "TPM Dev mode on but ignored");
	TEST_EQ(shared->recovery_reason, 0, " recovery reason");
	TEST_EQ(iparams.out_flags, 0, " out flags");
	TEST_EQ(shared->flags, 0, " shared flags");

	/* HW dev switch on, no virtual developer switch */
	ResetMocks();
	iparams.flags = VB_INIT_FLAG_DEV_SWITCH_ON;
	TestVbInit(0, 0, "HW Dev mode on");
	TEST_EQ(shared->recovery_reason, 0, " recovery reason");
	TEST_EQ(iparams.out_flags,
	VB_INIT_OUT_CLEAR_RAM \|
	VB_INIT_OUT_ENABLE_DISPLAY \|
	VB_INIT_OUT_ENABLE_USB_STORAGE \|
	VB_INIT_OUT_ENABLE_DEVELOPER \|
	VB_INIT_OUT_ENABLE_ALTERNATE_OS, " out flags");
	TEST_EQ(shared->flags, VBSD_BOOT_DEV_SWITCH_ON, " shared flags");
	}


	/* disable MSVC warnings on unused arguments */
	__pragma(warning (disable: 4100))

	int main(int argc, char* argv[]) {
	int error_code = 0;

	VbInitTest();
	VbInitTestTPM();

	if (!gTestSuccess)
	error_code = 255;

	return error_code;
	}