vboot/vboot_kernel: rename vboot_mode enum
Rename vboot_mode enum to better match vboot2 coding style.
Also add a test case for checking developer key hash while
in recovery mode.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I4ac141df17c5e53caebe605f0fb6a186130ed6d5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2730357
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
diff --git a/firmware/lib/include/vboot_kernel.h b/firmware/lib/include/vboot_kernel.h
index 661f0c4..ea4c1b2 100644
--- a/firmware/lib/include/vboot_kernel.h
+++ b/firmware/lib/include/vboot_kernel.h
@@ -80,8 +80,6 @@
uint32_t sector_size;
/* Check result; see VBSD_LKC_CHECK_* */
uint8_t check_result;
- /* Boot mode for LoadKernel(); see VBSD_LK_BOOT_MODE_* constants */
- uint8_t boot_mode;
/* Test error number, if non-zero */
uint8_t test_error_num;
/* Return code from LoadKernel() */
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 470f19e..8c1c074 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -25,28 +25,33 @@
#define LOWEST_TPM_VERSION 0xffffffff
-enum vboot_mode {
- kBootRecovery = 0, /* Recovery firmware, any dev switch position */
- kBootNormal = 1, /* Normal boot - kernel must be verified */
- kBootDev = 2 /* Developer boot - self-signed kernel ok */
+enum vb2_boot_mode {
+ /* Normal boot: kernel must be verified. */
+ VB2_BOOT_MODE_NORMAL = 0,
+
+ /* Recovery boot, regardless of dev mode state. */
+ VB2_BOOT_MODE_RECOVERY = 1,
+
+ /* Developer boot: self-signed kernel okay. */
+ VB2_BOOT_MODE_DEVELOPER = 2,
};
/**
- * Return the boot mode based on the parameters.
+ * Return the current boot mode (normal, recovery, or dev).
*
- * @param params Load kernel parameters
- * @return The current boot mode.
+ * @param ctx Vboot context
+ * @return Current boot mode (see vb2_boot_mode enum).
*/
-static enum vboot_mode get_kernel_boot_mode(struct vb2_context *ctx)
+static enum vb2_boot_mode get_boot_mode(struct vb2_context *ctx)
{
if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
- return kBootRecovery;
+ return VB2_BOOT_MODE_RECOVERY;
if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
- return kBootDev;
+ return VB2_BOOT_MODE_DEVELOPER;
- return kBootNormal;
-};
+ return VB2_BOOT_MODE_NORMAL;
+}
/**
* Check if the parameters require an officially signed OS.
@@ -58,7 +63,7 @@
const LoadKernelParams *params)
{
/* Normal and recovery modes always require official OS */
- if (get_kernel_boot_mode(ctx) != kBootDev)
+ if (get_boot_mode(ctx) != VB2_BOOT_MODE_DEVELOPER)
return 1;
/* FWMP can require developer mode to use official OS */
@@ -184,9 +189,9 @@
}
/* Check for rollback of key version except in recovery mode. */
- enum vboot_mode boot_mode = get_kernel_boot_mode(ctx);
+ enum vb2_boot_mode boot_mode = get_boot_mode(ctx);
uint32_t key_version = keyblock->data_key.key_version;
- if (kBootRecovery != boot_mode) {
+ if (boot_mode != VB2_BOOT_MODE_RECOVERY) {
if (key_version < (min_version >> 16)) {
VB2_DEBUG("Key version too old.\n");
shpart->check_result = VBSD_LKP_CHECK_KEY_ROLLBACK;
@@ -205,13 +210,13 @@
}
/* If not in developer mode, keyblock required to be valid. */
- if (kBootDev != boot_mode && !keyblock_valid) {
+ if (boot_mode != VB2_BOOT_MODE_DEVELOPER && !keyblock_valid) {
VB2_DEBUG("Keyblock is invalid.\n");
return VB2_ERROR_VBLOCK_KEYBLOCK;
}
/* If in developer mode and using key hash, check it */
- if ((kBootDev == boot_mode) &&
+ if (boot_mode == VB2_BOOT_MODE_DEVELOPER &&
vb2_secdata_fwmp_get_flag(ctx, VB2_SECDATA_FWMP_DEV_USE_KEY_HASH)) {
struct vb2_packed_key *key = &keyblock->data_key;
uint8_t *buf = ((uint8_t *)key) + key->key_offset;
@@ -273,7 +278,7 @@
uint32_t combined_version = (key_version << 16) |
(preamble->kernel_version & 0xFFFF);
shpart->combined_version = combined_version;
- if (keyblock_valid && kBootRecovery != boot_mode) {
+ if (keyblock_valid && boot_mode != VB2_BOOT_MODE_RECOVERY) {
if (combined_version < min_version) {
VB2_DEBUG("Kernel version too low.\n");
shpart->check_result = VBSD_LKP_CHECK_KERNEL_ROLLBACK;
@@ -281,7 +286,7 @@
* If not in developer mode, kernel version
* must be valid.
*/
- if (kBootDev != boot_mode)
+ if (boot_mode != VB2_BOOT_MODE_DEVELOPER)
return VB2_ERROR_UNKNOWN;
}
}
@@ -466,7 +471,6 @@
*/
memset(&shcall, 0, sizeof(shcall));
shcall.boot_flags = (uint32_t)params->boot_flags;
- shcall.boot_mode = get_kernel_boot_mode(ctx);
shcall.sector_size = (uint32_t)params->bytes_per_lba;
shcall.sector_count = params->streaming_lba_count;
@@ -606,7 +610,8 @@
* non-officially-signed kernel, there's no rollback
* protection, so we can stop at the first valid kernel.
*/
- if (kBootRecovery == shcall.boot_mode || !keyblock_valid) {
+ if (get_boot_mode(ctx) == VB2_BOOT_MODE_RECOVERY ||
+ !keyblock_valid) {
VB2_DEBUG("In recovery mode or dev-signed kernel\n");
break;
}
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index e86837b..41b710a 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -769,6 +769,14 @@
TestLoadKernel(VB2_ERROR_LK_INVALID_KERNEL_FOUND,
"Fail keyblock dev fwmp hash");
+ /* Check developer key hash - bad (recovery mode) */
+ ResetMocks();
+ ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+ ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
+ fwmp->flags |= VB2_SECDATA_FWMP_DEV_USE_KEY_HASH;
+ fwmp->dev_key_hash[0]++;
+ TestLoadKernel(0, "Bad keyblock dev fwmp hash ignored in rec mode");
+
/* Check developer key hash - good */
ResetMocks();
ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
