vboot/ui: Display error for untrusted confirmation
Display a error dialog box while user confirms with untrusted keyboard.
BUG=b:144969091, b:161866932
BRANCH=puff
TEST=PHYSICAL_PRESENCE_KEYBOARD=1; emerge-puff depthcharge
Cq-Depend: chromium:2345837
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Change-Id: I2b0fdc217bbaa23ac71a41bf400c412be634ec0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2346455
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
diff --git a/firmware/2lib/2ui_screens.c b/firmware/2lib/2ui_screens.c
index 2510392..04f037b 100644
--- a/firmware/2lib/2ui_screens.c
+++ b/firmware/2lib/2ui_screens.c
@@ -433,6 +433,13 @@
if (!ui->key_trusted) {
VB2_DEBUG("Reject untrusted %s confirmation\n",
ui->key == VB_KEY_ENTER ? "ENTER" : "POWER");
+ /*
+ * If physical presence is confirmed using the keyboard,
+ * beep and notify the user when the ENTER key comes
+ * from an untrusted keyboard.
+ */
+ if (PHYSICAL_PRESENCE_KEYBOARD && ui->key == VB_KEY_ENTER)
+ ui->error_code = VB2_UI_ERROR_UNTRUSTED_CONFIRMATION;
return VB2_REQUEST_UI_CONTINUE;
}
return recovery_to_dev_finalize(ui);
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 205b289..c6d99bd 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -1309,6 +1309,8 @@
VB2_UI_ERROR_DEV_MODE_ALREADY_ENABLED,
/* Debug info screen initialization failed */
VB2_UI_ERROR_DEBUG_LOG,
+ /* Untrusted confirmation */
+ VB2_UI_ERROR_UNTRUSTED_CONFIRMATION,
};
/**
