commit 3bd83883a08fb16069e89c5f6c1b6353e313184a
author Hsin-Te Yuan <yuanhsinte@google.com> Wed Jun 22 18:25:48 2022 +0800
committer Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Jun 24 16:02:49 2022 +0000
tree 7e98c2c499c5059572974c147586a5029525ba5a
parent a729c3f95d6c6d98c4e4d3500cc7535bf2ceee8a

2kernel: add vb2api_kernel_finalize

Move the final part of VbSelectAndLoadKernel into vb2api_kernel_finalize
and call vb2api_kernel_finalize at the end of VbSelectAndLoadKernel.

BUG=b:172339016
BRANCH=none
TEST=make runtests

Signed-off-by: Hsin-Te Yuan <yuanhsinte@google.com>
Change-Id: Ieef929f679e4703e6771313cdf34a9959cc1335f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3715882
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org>

firmware/2lib/2kernel.c

diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c
index 5b18cad..350a1bf 100644
--- a/firmware/2lib/2kernel.c
+++ b/firmware/2lib/2kernel.c
@@ -197,3 +197,22 @@
 
 	return VB2_SUCCESS;
 }
+
+vb2_error_t vb2api_kernel_finalize(struct vb2_context *ctx)
+{
+	vb2_gbb_flags_t gbb_flags = vb2api_gbb_get_flags(ctx);
+
+	/*
+	 * Disallow booting to kernel when NO_BOOT flag is set, except when
+	 * GBB flag disables software sync.
+	 */
+	if (!(gbb_flags & VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC)
+	    && (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED)
+	    && (ctx->flags & VB2_CONTEXT_NO_BOOT)) {
+		VB2_DEBUG("Blocking escape from NO_BOOT mode.\n");
+		vb2api_fail(ctx, VB2_RECOVERY_ESCAPE_NO_BOOT, 0);
+		return VB2_ERROR_ESCAPE_NO_BOOT;
+	}
+
+	return VB2_SUCCESS;
+}

firmware/2lib/include/2api.h

diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index b740f6d..bd0d14e 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -818,6 +818,16 @@
 vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx);
 
 /**
+ * Finalize for kernel verification stage.
+ *
+ * Handle NO_BOOT flag.
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+vb2_error_t vb2api_kernel_finalize(struct vb2_context *ctx);
+
+/**
  * Load the verified boot block (vblock) for a kernel.
  *
  * This function may be called multiple times, to load and verify the

firmware/lib/vboot_api_kernel.c

diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 3029852..a46317e 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -251,17 +251,5 @@
 		return VB2_ERROR_ESCAPE_NO_BOOT;
 	}
 
-	/*
-	 * Stop all cases returning SUCCESS against NO_BOOT flag except when
-	 * GBB flag disables software sync.
-	 */
-	if (!(gbb_flags & VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC)
-	    && (ctx->flags & VB2_CONTEXT_EC_SYNC_SUPPORTED)
-	    && (ctx->flags & VB2_CONTEXT_NO_BOOT)) {
-		VB2_DEBUG("Blocking escape from NO_BOOT mode.\n");
-		vb2api_fail(ctx, VB2_RECOVERY_ESCAPE_NO_BOOT, 0);
-		return VB2_ERROR_ESCAPE_NO_BOOT;
-	}
-
-	return VB2_SUCCESS;
+	return vb2api_kernel_finalize(ctx);
 }