| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for verifying a verified boot firmware image. | 5 * Functions for verifying a verified boot firmware image. |
| 6 * (Firmware Portion) | 6 * (Firmware Portion) |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "firmware_image_fw.h" | 9 #include "firmware_image_fw.h" |
| 10 | 10 |
| (...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 266 * (firmware_key_version << 16 | firmware_version) where | 266 * (firmware_key_version << 16 | firmware_version) where |
| 267 * [firmware_key_version] [firmware_version] are both 16-bit. | 267 * [firmware_key_version] [firmware_version] are both 16-bit. |
| 268 */ | 268 */ |
| 269 uint32_t firmwareA_lversion, firmwareB_lversion; | 269 uint32_t firmwareA_lversion, firmwareB_lversion; |
| 270 uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ | 270 uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ |
| 271 uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ | 271 uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ |
| 272 uint32_t stored_lversion; /* Stored logical version in the TPM. */ | 272 uint32_t stored_lversion; /* Stored logical version in the TPM. */ |
| 273 uint16_t version, key_version; /* Temporary variables */ | 273 uint16_t version, key_version; /* Temporary variables */ |
| 274 | 274 |
| 275 /* Initialize the TPM since we'll be reading the rollback indices. */ | 275 /* Initialize the TPM since we'll be reading the rollback indices. */ |
| 276 SetupTPM(); | 276 SetupTPM(0, 0); |
| 277 | 277 |
| 278 /* We get the key versions by reading directly from the image blobs without | 278 /* We get the key versions by reading directly from the image blobs without |
| 279 * any additional (expensive) sanity checking on the blob since it's faster to | 279 * any additional (expensive) sanity checking on the blob since it's faster to |
| 280 * outright reject a firmware with an older firmware key version. A malformed | 280 * outright reject a firmware with an older firmware key version. A malformed |
| 281 * or corrupted firmware blob will still fail when VerifyFirmware() is called | 281 * or corrupted firmware blob will still fail when VerifyFirmware() is called |
| 282 * on it. | 282 * on it. |
| 283 */ | 283 */ |
| 284 firmwareA_lversion = GetLogicalFirmwareVersion(verification_headerA); | 284 firmwareA_lversion = GetLogicalFirmwareVersion(verification_headerA); |
| 285 firmwareB_lversion = GetLogicalFirmwareVersion(verification_headerB); | 285 firmwareB_lversion = GetLogicalFirmwareVersion(verification_headerB); |
| 286 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); | 286 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 339 */ | 339 */ |
| 340 if (stored_lversion <= firmwareB_lversion && | 340 if (stored_lversion <= firmwareB_lversion && |
| 341 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, | 341 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
| 342 verification_headerB, | 342 verification_headerB, |
| 343 firmwareB))) | 343 firmwareB))) |
| 344 return BOOT_FIRMWARE_B_CONTINUE; | 344 return BOOT_FIRMWARE_B_CONTINUE; |
| 345 } | 345 } |
| 346 /* D'oh: No bootable firmware. */ | 346 /* D'oh: No bootable firmware. */ |
| 347 return BOOT_FIRMWARE_RECOVERY_CONTINUE; | 347 return BOOT_FIRMWARE_RECOVERY_CONTINUE; |
| 348 } | 348 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2792009:
Fix normal/recovery mode, and RO firmware vs. RW firmware behavior. (Closed)
Base URL: ssh://git@chromiumos-git/vboot_reference.git