Index: src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c |
diff --git a/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c b/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c |
index 8c1ca31419f3f309a7cb37c47cd56362250efcb6..6d41e5ea659d31a626526eb26f2f0249ba34a25c 100644 |
--- a/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c |
+++ b/src/platform/vboot_reference/vboot_firmware/lib/kernel_image_fw.c |
@@ -381,109 +381,3 @@ uint32_t GetLogicalKernelVersion(uint8_t* kernel_blob) { |
Memcpy(&kernel_version, kernel_ptr, sizeof(kernel_version)); |
return CombineUint16Pair(kernel_key_version, kernel_version); |
} |
- |
-int VerifyKernelDriver_f(uint8_t* firmware_key_blob, |
- kernel_entry* kernelA, |
- kernel_entry* kernelB, |
- int dev_mode) { |
- int i; |
- /* Contains the logical kernel version (32-bit) which is calculated as |
- * (kernel_key_version << 16 | kernel_version) where |
- * [kernel_key_version], [firmware_version] are both 16-bit. |
- */ |
- uint32_t kernelA_lversion, kernelB_lversion; |
- uint32_t min_lversion; /* Minimum of kernel A and kernel B lversion. */ |
- uint32_t stored_lversion; /* Stored logical version in the TPM. */ |
- kernel_entry* try_kernel[2]; /* Kernel in try order. */ |
- int try_kernel_which[2]; /* Which corresponding kernel in the try order */ |
- uint32_t try_kernel_lversion[2]; /* Their logical versions. */ |
- uint16_t kernel_version, kernel_key_version; /* Temporary variables */ |
- |
- /* [kernel_to_boot] will eventually contain the boot path to follow |
- * and is returned to the caller. Initially, we set it to recovery. If |
- * a valid bootable kernel is found, it will be set to that. */ |
- int kernel_to_boot = BOOT_KERNEL_RECOVERY_CONTINUE; |
- |
- |
- /* The TPM must already have be initialized, so no need to call SetupTPM(). */ |
- |
- /* We get the key versions by reading directly from the image blobs without |
- * any additional (expensive) sanity checking on the blob since it's faster to |
- * outright reject a kernel with an older kernel key version. A malformed |
- * or corrupted kernel blob will still fail when VerifyKernel() is called |
- * on it. |
- */ |
- kernelA_lversion = GetLogicalKernelVersion(kernelA->kernel_blob); |
- kernelB_lversion = GetLogicalKernelVersion(kernelB->kernel_blob); |
- min_lversion = Min(kernelA_lversion, kernelB_lversion); |
- GetStoredVersions(KERNEL_VERSIONS, &kernel_key_version, &kernel_version); |
- stored_lversion = CombineUint16Pair(kernel_key_version, kernel_version); |
- |
- /* TODO(gauravsh): The kernel entries kernelA and kernelB come from the |
- * partition table - verify its signature/checksum before proceeding |
- * further. */ |
- |
- /* The logic for deciding which kernel to boot from is taken from the |
- * the Chromium OS Drive Map design document. |
- * |
- * We went to consider the kernels in their according to their boot |
- * priority attribute value. |
- */ |
- |
- if (kernelA->boot_priority >= kernelB->boot_priority) { |
- try_kernel[0] = kernelA; |
- try_kernel_which[0] = BOOT_KERNEL_A_CONTINUE; |
- try_kernel_lversion[0] = kernelA_lversion; |
- try_kernel[1] = kernelB; |
- try_kernel_which[1] = BOOT_KERNEL_B_CONTINUE; |
- try_kernel_lversion[1] = kernelB_lversion; |
- } else { |
- try_kernel[0] = kernelB; |
- try_kernel_which[0] = BOOT_KERNEL_B_CONTINUE; |
- try_kernel_lversion[0] = kernelB_lversion; |
- try_kernel[1] = kernelA; |
- try_kernel_which[1] = BOOT_KERNEL_A_CONTINUE; |
- try_kernel_lversion[1] = kernelA_lversion; |
- } |
- |
- /* TODO(gauravsh): Changes to boot_tries_remaining and boot_priority |
- * below should be propagated to partition table. This will be added |
- * once the firmware parition table parsing code is in. */ |
- for (i = 0; i < 2; i++) { |
- if ((try_kernel[i]->boot_success_flag || |
- try_kernel[i]->boot_tries_remaining) && |
- (VERIFY_KERNEL_SUCCESS == VerifyKernel(firmware_key_blob, |
- try_kernel[i]->kernel_blob, |
- dev_mode))) { |
- if (try_kernel[i]->boot_tries_remaining > 0) |
- try_kernel[i]->boot_tries_remaining--; |
- if (stored_lversion > try_kernel_lversion[i]) |
- continue; /* Rollback: I am afraid I can't let you do that Dave. */ |
- if (i == 0 && (stored_lversion < try_kernel_lversion[1])) { |
- /* The higher priority kernel is valid and bootable, See if we |
- * need to update the stored version for rollback prevention. */ |
- if (VERIFY_KERNEL_SUCCESS == VerifyKernel(firmware_key_blob, |
- try_kernel[1]->kernel_blob, |
- dev_mode)) { |
- WriteStoredVersions(KERNEL_VERSIONS, |
- (uint16_t) (min_lversion >> 16), |
- (uint16_t) (min_lversion & 0xFFFF)); |
- stored_lversion = min_lversion; /* Update stored version as it's |
- * used later. */ |
- } |
- } |
- kernel_to_boot = try_kernel_which[i]; |
- break; /* We found a valid kernel. */ |
- } |
- try_kernel[i]->boot_priority = 0; |
- } /* for loop. */ |
- |
- /* Lock Kernel TPM rollback indices from further writes. In this design, |
- * this is tied to locking physical presence---so (software) physical |
- * presence cannot be asserted after this point. This is a big side effect, |
- * so we want to make it clear in the function name. |
- * TODO(gauravsh): figure out better abstractions. |
- */ |
- LockKernelVersionsByLockingPP(); |
- return kernel_to_boot; |
-} |