vboot: Change VbExEc implementations to support RO update
authorMary Ruthven <mruthven@chromium.org>
Fri, 18 Dec 2015 19:16:02 +0000 (11:16 -0800)
committerchrome-bot <chrome-bot@chromium.org>
Thu, 7 Jan 2016 04:43:25 +0000 (20:43 -0800)
This change will be used to support EC-RO software sync by allowing for
access to the readonly region of firmware. Currently only the writable
section is accessed by vboot using VB_SELECT_FIRMWARE_A and B.

BUG=chrome-os-partner:48703
BRANCH=none
TEST=built on jerry and check that the RO hash can be read and the image
can be updated.
CQ-DEPEND=CL:319185,CL:320425,CL:320598

Change-Id: Ic3942d86b65da3123798cfd11a78056f5dab6699
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/319213
Reviewed-by: Randall Spangler <rspangler@chromium.org>
firmware/include/vboot_api.h
firmware/lib/vboot_api_kernel.c
firmware/stub/vboot_api_stub.c
tests/vboot_api_kernel3_tests.c

index 95ef21d..4b7f179 100644 (file)
@@ -891,34 +891,37 @@ VbError_t VbExEcJumpToRW(int devidx);
 VbError_t VbExEcDisableJump(int devidx);
 
 /**
- * Read the SHA-256 hash of the rewriteable EC image.
+ * Read the SHA-256 hash of the selected EC image.
  */
-VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size);
+VbError_t VbExEcHashImage(int devidx, enum VbSelectFirmware_t select,
+                         const uint8_t **hash, int *hash_size);
 
 /**
  * Get the expected contents of the EC image associated with the main firmware
  * specified by the "select" argument.
  */
-VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
-                              const uint8_t **image, int *image_size);
+VbError_t VbExEcGetExpectedImage(int devidx, enum VbSelectFirmware_t select,
+                                const uint8_t **image, int *image_size);
 
 /**
  * Read the SHA-256 hash of the expected contents of the EC image associated
  * with the main firmware specified by the "select" argument.
  */
-VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
-                      const uint8_t **hash, int *hash_size);
+VbError_t VbExEcGetExpectedImageHash(int devidx, enum VbSelectFirmware_t select,
+                                    const uint8_t **hash, int *hash_size);
 
 /**
- * Update the EC rewritable image.
+ * Update the selected EC image.
  */
-VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size);
+VbError_t VbExEcUpdateImage(int devidx, enum VbSelectFirmware_t select,
+                           const uint8_t *image, int image_size);
 
 /**
- * Lock the EC code to prevent updates until the EC is rebooted.
- * Subsequent calls to VbExEcUpdateRW() this boot will fail.
+ * Lock the selected EC code to prevent updates until the EC is rebooted.
+ * Subsequent calls to VbExEcUpdateImage() with the same region this boot will
+ * fail.
  */
-VbError_t VbExEcProtectRW(int devidx);
+VbError_t VbExEcProtect(int devidx, enum VbSelectFirmware_t select);
 
 /**
  * Info the EC of the boot mode selected by the AP.
index 2bf183b..903055b 100644 (file)
@@ -639,16 +639,16 @@ VbError_t VbBootRecovery(VbCommonParams *cparams, LoadKernelParams *p)
 }
 
 /**
- * Wrapper around VbExEcProtectRW() which sets recovery reason on error.
+ * Wrapper around VbExEcProtect() which sets recovery reason on error.
  */
-static VbError_t EcProtectRW(int devidx)
+static VbError_t EcProtect(int devidx, enum VbSelectFirmware_t select)
 {
-       int rv = VbExEcProtectRW(devidx);
+       int rv = VbExEcProtect(devidx, select);
 
        if (rv == VBERROR_EC_REBOOT_TO_RO_REQUIRED) {
-               VBDEBUG(("VbExEcProtectRW() needs reboot\n"));
+               VBDEBUG(("VbExEcProtect() needs reboot\n"));
        } else if (rv != VBERROR_SUCCESS) {
-               VBDEBUG(("VbExEcProtectRW() returned %d\n", rv));
+               VBDEBUG(("VbExEcProtect() returned %d\n", rv));
                VbSetRecoveryRequest(VBNV_RECOVERY_EC_PROTECT);
        }
        return rv;
@@ -658,6 +658,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
 {
        VbSharedDataHeader *shared =
                (VbSharedDataHeader *)cparams->shared_data_blob;
+       enum VbSelectFirmware_t rw;
        int in_rw = 0;
        int rv;
        const uint8_t *ec_hash = NULL;
@@ -671,6 +672,8 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
        int i;
 
        VBDEBUG(("VbEcSoftwareSync(devidx=%d)\n", devidx));
+       rw = shared->firmware_index ? VB_SELECT_FIRMWARE_B :
+            VB_SELECT_FIRMWARE_A;
 
        /* Determine whether the EC is in RO or RW */
        rv = VbExEcRunningRW(devidx, &in_rw);
@@ -719,7 +722,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
                }
 
                /* Protect the RW flash and stay in EC-RO */
-               rv = EcProtectRW(devidx);
+               rv = EcProtect(devidx, rw);
                if (rv != VBERROR_SUCCESS)
                        return rv;
 
@@ -736,16 +739,16 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
        }
 
        /* Get hash of EC-RW */
-       rv = VbExEcHashRW(devidx, &ec_hash, &ec_hash_size);
+       rv = VbExEcHashImage(devidx, rw, &ec_hash, &ec_hash_size);
        if (rv) {
                VBDEBUG(("VbEcSoftwareSync() - "
-                        "VbExEcHashRW() returned %d\n", rv));
+                        "VbExEcHashImage() returned %d\n", rv));
                VbSetRecoveryRequest(VBNV_RECOVERY_EC_HASH_FAILED);
                return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
        }
        if (ec_hash_size != SHA256_DIGEST_SIZE) {
                VBDEBUG(("VbEcSoftwareSync() - "
-                        "VbExEcHashRW() says size %d, not %d\n",
+                        "VbExEcHashImage() says size %d, not %d\n",
                         ec_hash_size, SHA256_DIGEST_SIZE));
                VbSetRecoveryRequest(VBNV_RECOVERY_EC_HASH_SIZE);
                return VBERROR_EC_REBOOT_TO_RO_REQUIRED;
@@ -761,9 +764,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
         * RO_NORMAL, so we know that the BIOS must be RW-A or RW-B, and
         * therefore the EC must match.
         */
-       rv = VbExEcGetExpectedRWHash(devidx, shared->firmware_index ?
-                                VB_SELECT_FIRMWARE_B : VB_SELECT_FIRMWARE_A,
-                                &rw_hash, &rw_hash_size);
+       rv = VbExEcGetExpectedImageHash(devidx, rw, &rw_hash, &rw_hash_size);
 
        if (rv == VBERROR_EC_GET_EXPECTED_HASH_FROM_IMAGE) {
                /*
@@ -799,10 +800,8 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
         */
        if (need_update || !rw_hash) {
                /* Get expected EC-RW image */
-               rv = VbExEcGetExpectedRW(devidx, shared->firmware_index ?
-                                        VB_SELECT_FIRMWARE_B :
-                                        VB_SELECT_FIRMWARE_A,
-                                        &expected, &expected_size);
+               rv = VbExEcGetExpectedImage(devidx, rw, &expected,
+                                           &expected_size);
                if (rv) {
                        VBDEBUG(("VbEcSoftwareSync() - "
                                 "VbExEcGetExpectedRW() returned %d\n", rv));
@@ -891,11 +890,11 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
                        VbDisplayScreen(cparams, VB_SCREEN_WAIT, 0, &vnc);
                }
 
-               rv = VbExEcUpdateRW(devidx, expected, expected_size);
+               rv = VbExEcUpdateImage(devidx, rw, expected, expected_size);
 
                if (rv != VBERROR_SUCCESS) {
                        VBDEBUG(("VbEcSoftwareSync() - "
-                                "VbExEcUpdateRW() returned %d\n", rv));
+                                "VbExEcUpdateImage() returned %d\n", rv));
 
                        /*
                         * The EC may know it needs a reboot.  It may need to
@@ -919,7 +918,7 @@ VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
        }
 
        /* Protect EC-RW flash */
-       rv = EcProtectRW(devidx);
+       rv = EcProtect(devidx, rw);
        if (rv != VBERROR_SUCCESS)
                return rv;
 
index 23e3dfb..2299a03 100644 (file)
@@ -115,7 +115,8 @@ VbError_t VbExEcDisableJump(int devidx)
 
 #define SHA256_HASH_SIZE 32
 
-VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size)
+VbError_t VbExEcHashImage(int devidx, enum VbSelectFirmware_t select,
+                         const uint8_t **hash, int *hash_size)
 {
        static const uint8_t fake_hash[32] = {1, 2, 3, 4};
 
@@ -124,8 +125,8 @@ VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size)
        return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
-                              const uint8_t **image, int *image_size)
+VbError_t VbExEcGetExpectedImage(int devidx, enum VbSelectFirmware_t select,
+                                const uint8_t **image, int *image_size)
 {
        static uint8_t fake_image[64] = {5, 6, 7, 8};
        *image = fake_image;
@@ -133,8 +134,8 @@ VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
        return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
-                                 const uint8_t **hash, int *hash_size)
+VbError_t VbExEcGetExpectedImageHash(int devidx, enum VbSelectFirmware_t select,
+                                    const uint8_t **hash, int *hash_size)
 {
        static const uint8_t fake_hash[32] = {1, 2, 3, 4};
 
@@ -143,12 +144,13 @@ VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
        return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size)
+VbError_t VbExEcUpdateImage(int devidx, enum VbSelectFirmware_t select,
+                           const uint8_t *image, int image_size)
 {
        return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcProtectRW(int devidx)
+VbError_t VbExEcProtect(int devidx, enum VbSelectFirmware_t select)
 {
        return VBERROR_SUCCESS;
 }
index 32a35ec..a4c5ea7 100644 (file)
@@ -123,7 +123,7 @@ VbError_t VbExEcRunningRW(int devidx, int *in_rw)
        return in_rw_retval;
 }
 
-VbError_t VbExEcProtectRW(int devidx)
+VbError_t VbExEcProtect(int devidx, enum VbSelectFirmware_t select)
 {
        ec_protected = 1;
        return protect_retval;
@@ -140,15 +140,16 @@ VbError_t VbExEcJumpToRW(int devidx)
        return run_retval;
 }
 
-VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size)
+VbError_t VbExEcHashImage(int devidx, enum VbSelectFirmware_t select,
+                         const uint8_t **hash, int *hash_size)
 {
        *hash = mock_ec_hash;
        *hash_size = mock_ec_hash_size;
        return mock_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED;
 }
 
-VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
-                              const uint8_t **image, int *image_size)
+VbError_t VbExEcGetExpectedImage(int devidx, enum VbSelectFirmware_t select,
+                                const uint8_t **image, int *image_size)
 {
        static uint8_t fake_image[64] = {5, 6, 7, 8};
        *image = fake_image;
@@ -156,8 +157,8 @@ VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
        return get_expected_retval;
 }
 
-VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
-                                 const uint8_t **hash, int *hash_size)
+VbError_t VbExEcGetExpectedImageHash(int devidx, enum VbSelectFirmware_t select,
+                                    const uint8_t **hash, int *hash_size)
 {
        *hash = want_ec_hash;
        *hash_size = want_ec_hash_size;
@@ -174,7 +175,8 @@ uint8_t *internal_SHA256(const uint8_t *data, uint64_t len, uint8_t *digest)
        return digest;
 }
 
-VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size)
+VbError_t VbExEcUpdateImage(int devidx, enum VbSelectFirmware_t select,
+                           const uint8_t *image, int image_size)
 {
        ec_updated = 1;
        return update_retval;