OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for generating and manipulating a verified boot firmware image. | 5 * Functions for generating and manipulating a verified boot firmware image. |
6 */ | 6 */ |
7 | 7 |
8 #include "firmware_image.h" | 8 #include "firmware_image.h" |
9 | 9 |
10 #include <fcntl.h> | 10 #include <fcntl.h> |
(...skipping 662 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
673 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); | 673 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); |
674 stored_lversion = CombineUint16Pair(GetStoredVersion(FIRMWARE_KEY_VERSION), | 674 stored_lversion = CombineUint16Pair(GetStoredVersion(FIRMWARE_KEY_VERSION), |
675 GetStoredVersion(FIRMWARE_VERSION)); | 675 GetStoredVersion(FIRMWARE_VERSION)); |
676 /* Always try FirmwareA first. */ | 676 /* Always try FirmwareA first. */ |
677 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareA)) | 677 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareA)) |
678 firmwareA_is_verified = 1; | 678 firmwareA_is_verified = 1; |
679 if (firmwareA_is_verified && (stored_lversion < firmwareA_lversion)) { | 679 if (firmwareA_is_verified && (stored_lversion < firmwareA_lversion)) { |
680 /* Stored version may need to be updated but only if FirmwareB | 680 /* Stored version may need to be updated but only if FirmwareB |
681 * is successfully verified and has a logical version greater than | 681 * is successfully verified and has a logical version greater than |
682 * the stored logical version. */ | 682 * the stored logical version. */ |
683 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB)) { | 683 if (stored_lversion < firmwareB_lversion) { |
684 if (stored_lversion < firmwareB_lversion) { | 684 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB)) { |
685 WriteStoredVersion(FIRMWARE_KEY_VERSION, | 685 WriteStoredVersion(FIRMWARE_KEY_VERSION, |
686 (uint16_t) (min_lversion >> 16)); | 686 (uint16_t) (min_lversion >> 16)); |
687 WriteStoredVersion(FIRMWARE_VERSION, | 687 WriteStoredVersion(FIRMWARE_VERSION, |
688 (uint16_t) (min_lversion & 0x00FFFF)); | 688 (uint16_t) (min_lversion & 0x00FFFF)); |
689 stored_lversion = min_lversion; /* Update stored version as it's used | 689 stored_lversion = min_lversion; /* Update stored version as it's used |
690 * later. */ | 690 * later. */ |
691 } | 691 } |
692 } | 692 } |
693 } | 693 } |
694 /* Lock Firmware TPM rollback indices from further writes. */ | 694 /* Lock Firmware TPM rollback indices from further writes. */ |
695 /* TODO(gauravsh): Figure out if these can be combined into one | 695 /* TODO(gauravsh): Figure out if these can be combined into one |
696 * 32-bit location since we seem to always use them together. This can help | 696 * 32-bit location since we seem to always use them together. This can help |
697 * us minimize the number of NVRAM writes/locks (which are limited over flash | 697 * us minimize the number of NVRAM writes/locks (which are limited over flash |
698 * memory lifetimes. | 698 * memory lifetimes. |
699 */ | 699 */ |
700 LockStoredVersion(FIRMWARE_KEY_VERSION); | 700 LockStoredVersion(FIRMWARE_KEY_VERSION); |
701 LockStoredVersion(FIRMWARE_VERSION); | 701 LockStoredVersion(FIRMWARE_VERSION); |
(...skipping 15 matching lines...) Expand all Loading... |
717 if (stored_lversion <= firmwareA_lversion) | 717 if (stored_lversion <= firmwareA_lversion) |
718 return BOOT_FIRMWARE_A_CONTINUE; | 718 return BOOT_FIRMWARE_A_CONTINUE; |
719 } else { | 719 } else { |
720 /* If FirmwareA was not valid, then we skipped over the | 720 /* If FirmwareA was not valid, then we skipped over the |
721 * check to update the rollback indices and a Verify of FirmwareB wasn't | 721 * check to update the rollback indices and a Verify of FirmwareB wasn't |
722 * attempted. | 722 * attempted. |
723 * If FirmwareB is not a rollback, then we attempt to do the verification. | 723 * If FirmwareB is not a rollback, then we attempt to do the verification. |
724 */ | 724 */ |
725 if (stored_lversion <= firmwareB_lversion && | 725 if (stored_lversion <= firmwareB_lversion && |
726 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB))) | 726 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB))) |
727 return BOOT_FIRMWARE_B_CONTINUE; | 727 return BOOT_FIRMWARE_B_CONTINUE; |
728 } | 728 } |
729 /* D'oh: No bootable firmware. */ | 729 /* D'oh: No bootable firmware. */ |
730 return BOOT_FIRMWARE_RECOVERY_CONTINUE; | 730 return BOOT_FIRMWARE_RECOVERY_CONTINUE; |
731 } | 731 } |
OLD | NEW |