VbVerifyMemoryBootImage: Allow integrity-only check in dev mode with
authorFurquan Shaikh <furquan@google.com>
Wed, 28 Oct 2015 20:01:27 +0000 (13:01 -0700)
committerchrome-bot <chrome-bot@chromium.org>
Thu, 29 Oct 2015 03:44:39 +0000 (20:44 -0700)
FASTBOOT_FULL_CAP set

This change allows developers to boot dev-signed boot images in
unlocked mode if DEV_BOOT_FASTBOOT_FULL_CAP is set in VbNvStorage or
GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set.

BUG=chrome-os-partner:47002
BRANCH=None
TEST=Compiles successfully. make -j runtests

Change-Id: I56e3879594da1b57051dfe242ff347ac970c96bb
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/309606
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
firmware/lib/vboot_api_kernel.c
tests/vboot_api_kernel5_tests.c

index fcec4cb..94c2c8a 100644 (file)
@@ -1226,6 +1226,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
        uint64_t body_offset;
        int hash_only = 0;
        int dev_switch;
+       uint32_t allow_fastboot_full_cap = 0;
 
        if ((boot_image == NULL) || (image_size == 0))
                return VBERROR_INVALID_PARAMETER;
@@ -1252,13 +1253,24 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
        /*
         * We don't care verifying the image if:
         * 1. dev-mode switch is on and
-        * 2. GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set.
+        * 2a. GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set, or
+        * 2b. DEV_BOOT_FASTBOOT_FULL_CAP flag is set in NvStorage
         *
         * Check only the integrity of the image.
         */
        dev_switch = shared->flags & VBSD_BOOT_DEV_SWITCH_ON;
-       if (dev_switch && (cparams->gbb->flags &
-                          GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP)) {
+
+       VbExNvStorageRead(vnc.raw);
+       VbNvSetup(&vnc);
+       VbNvGet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP,
+               &allow_fastboot_full_cap);
+
+       if (0 == allow_fastboot_full_cap) {
+               allow_fastboot_full_cap = !!(cparams->gbb->flags &
+                               GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP);
+       }
+
+       if (dev_switch && allow_fastboot_full_cap) {
                VBDEBUG(("Only performing integrity-check.\n"));
                hash_only = 1;
        } else {
index 8c59622..a372e17 100644 (file)
@@ -145,6 +145,12 @@ int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig,
        return VBERROR_SUCCESS;
 }
 
+VbError_t VbExNvStorageRead(uint8_t *buf)
+{
+       Memcpy(buf, vnc.raw, sizeof(vnc.raw));
+       return VBERROR_SUCCESS;
+}
+
 static void VerifyMemoryBootImageTest(void)
 {
        uint32_t u;
@@ -200,6 +206,17 @@ static void VerifyMemoryBootImageTest(void)
                VBERROR_INVALID_KERNEL_FOUND, "Key verify failed");
        TEST_EQ(hash_only_check, 1, "  hash check");
 
+       /* Key Block Hash Failure -- VBNV */
+       ResetMocks();
+       shared->flags = VBSD_BOOT_DEV_SWITCH_ON;
+       key_block_verify_fail = 1;
+       VbNvSet(&vnc, VBNV_DEV_BOOT_FASTBOOT_FULL_CAP, 1);
+       VbNvTeardown(&vnc);
+       TEST_EQ(VbVerifyMemoryBootImage(&cparams, &kparams, kernel_buffer,
+                                       kernel_buffer_size),
+               VBERROR_INVALID_KERNEL_FOUND, "Key verify failed");
+       TEST_EQ(hash_only_check, 1, "  hash check -- VBNV flag");
+
        /* Developer flag mismatch - dev switch on */
        ResetMocks();
        kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 |