| Index: src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
|
| diff --git a/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c b/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
|
| index 8c1ca31419f3f309a7cb37c47cd56362250efcb6..6d41e5ea659d31a626526eb26f2f0249ba34a25c 100644
|
| --- a/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
|
| +++ b/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c
|
| @@ -381,109 +381,3 @@ uint32_t GetLogicalKernelVersion(uint8_t* kernel_blob) {
|
| Memcpy(&kernel_version, kernel_ptr, sizeof(kernel_version));
|
| return CombineUint16Pair(kernel_key_version, kernel_version);
|
| }
|
| -
|
| -int VerifyKernelDriver_f(uint8_t* firmware_key_blob,
|
| - kernel_entry* kernelA,
|
| - kernel_entry* kernelB,
|
| - int dev_mode) {
|
| - int i;
|
| - /* Contains the logical kernel version (32-bit) which is calculated as
|
| - * (kernel_key_version << 16 | kernel_version) where
|
| - * [kernel_key_version], [firmware_version] are both 16-bit.
|
| - */
|
| - uint32_t kernelA_lversion, kernelB_lversion;
|
| - uint32_t min_lversion; /* Minimum of kernel A and kernel B lversion. */
|
| - uint32_t stored_lversion; /* Stored logical version in the TPM. */
|
| - kernel_entry* try_kernel[2]; /* Kernel in try order. */
|
| - int try_kernel_which[2]; /* Which corresponding kernel in the try order */
|
| - uint32_t try_kernel_lversion[2]; /* Their logical versions. */
|
| - uint16_t kernel_version, kernel_key_version; /* Temporary variables */
|
| -
|
| - /* [kernel_to_boot] will eventually contain the boot path to follow
|
| - * and is returned to the caller. Initially, we set it to recovery. If
|
| - * a valid bootable kernel is found, it will be set to that. */
|
| - int kernel_to_boot = BOOT_KERNEL_RECOVERY_CONTINUE;
|
| -
|
| -
|
| - /* The TPM must already have be initialized, so no need to call SetupTPM(). */
|
| -
|
| - /* We get the key versions by reading directly from the image blobs without
|
| - * any additional (expensive) sanity checking on the blob since it's faster to
|
| - * outright reject a kernel with an older kernel key version. A malformed
|
| - * or corrupted kernel blob will still fail when VerifyKernel() is called
|
| - * on it.
|
| - */
|
| - kernelA_lversion = GetLogicalKernelVersion(kernelA->kernel_blob);
|
| - kernelB_lversion = GetLogicalKernelVersion(kernelB->kernel_blob);
|
| - min_lversion = Min(kernelA_lversion, kernelB_lversion);
|
| - GetStoredVersions(KERNEL_VERSIONS, &kernel_key_version, &kernel_version);
|
| - stored_lversion = CombineUint16Pair(kernel_key_version, kernel_version);
|
| -
|
| - /* TODO(gauravsh): The kernel entries kernelA and kernelB come from the
|
| - * partition table - verify its signature/checksum before proceeding
|
| - * further. */
|
| -
|
| - /* The logic for deciding which kernel to boot from is taken from the
|
| - * the Chromium OS Drive Map design document.
|
| - *
|
| - * We went to consider the kernels in their according to their boot
|
| - * priority attribute value.
|
| - */
|
| -
|
| - if (kernelA->boot_priority >= kernelB->boot_priority) {
|
| - try_kernel[0] = kernelA;
|
| - try_kernel_which[0] = BOOT_KERNEL_A_CONTINUE;
|
| - try_kernel_lversion[0] = kernelA_lversion;
|
| - try_kernel[1] = kernelB;
|
| - try_kernel_which[1] = BOOT_KERNEL_B_CONTINUE;
|
| - try_kernel_lversion[1] = kernelB_lversion;
|
| - } else {
|
| - try_kernel[0] = kernelB;
|
| - try_kernel_which[0] = BOOT_KERNEL_B_CONTINUE;
|
| - try_kernel_lversion[0] = kernelB_lversion;
|
| - try_kernel[1] = kernelA;
|
| - try_kernel_which[1] = BOOT_KERNEL_A_CONTINUE;
|
| - try_kernel_lversion[1] = kernelA_lversion;
|
| - }
|
| -
|
| - /* TODO(gauravsh): Changes to boot_tries_remaining and boot_priority
|
| - * below should be propagated to partition table. This will be added
|
| - * once the firmware parition table parsing code is in. */
|
| - for (i = 0; i < 2; i++) {
|
| - if ((try_kernel[i]->boot_success_flag ||
|
| - try_kernel[i]->boot_tries_remaining) &&
|
| - (VERIFY_KERNEL_SUCCESS == VerifyKernel(firmware_key_blob,
|
| - try_kernel[i]->kernel_blob,
|
| - dev_mode))) {
|
| - if (try_kernel[i]->boot_tries_remaining > 0)
|
| - try_kernel[i]->boot_tries_remaining--;
|
| - if (stored_lversion > try_kernel_lversion[i])
|
| - continue; /* Rollback: I am afraid I can't let you do that Dave. */
|
| - if (i == 0 && (stored_lversion < try_kernel_lversion[1])) {
|
| - /* The higher priority kernel is valid and bootable, See if we
|
| - * need to update the stored version for rollback prevention. */
|
| - if (VERIFY_KERNEL_SUCCESS == VerifyKernel(firmware_key_blob,
|
| - try_kernel[1]->kernel_blob,
|
| - dev_mode)) {
|
| - WriteStoredVersions(KERNEL_VERSIONS,
|
| - (uint16_t) (min_lversion >> 16),
|
| - (uint16_t) (min_lversion & 0xFFFF));
|
| - stored_lversion = min_lversion; /* Update stored version as it's
|
| - * used later. */
|
| - }
|
| - }
|
| - kernel_to_boot = try_kernel_which[i];
|
| - break; /* We found a valid kernel. */
|
| - }
|
| - try_kernel[i]->boot_priority = 0;
|
| - } /* for loop. */
|
| -
|
| - /* Lock Kernel TPM rollback indices from further writes. In this design,
|
| - * this is tied to locking physical presence---so (software) physical
|
| - * presence cannot be asserted after this point. This is a big side effect,
|
| - * so we want to make it clear in the function name.
|
| - * TODO(gauravsh): figure out better abstractions.
|
| - */
|
| - LockKernelVersionsByLockingPP();
|
| - return kernel_to_boot;
|
| -}
|
|
|
Chromium Code Reviews
Issue 2584001:
Remove obsolete VerifyKernelDriver() and associated data structures. (Closed)
Base URL: ssh://git@gitrw.chromium.org/chromiumos