OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
10 | 10 |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
204 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) | 204 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) |
205 continue; | 205 continue; |
206 | 206 |
207 /* Verify the key block */ | 207 /* Verify the key block */ |
208 key_block = (VbKeyBlockHeader*)kbuf; | 208 key_block = (VbKeyBlockHeader*)kbuf; |
209 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey))) { | 209 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey))) { |
210 VBDEBUG(("Verifying key block failed.\n")); | 210 VBDEBUG(("Verifying key block failed.\n")); |
211 continue; | 211 continue; |
212 } | 212 } |
213 | 213 |
214 /* Check the key block flags against the current boot mode */ | 214 /* Check the key block flags against the current boot mode in normal |
215 if (!(key_block->key_block_flags & | 215 * and recovery modes (not in developer mode booting from SSD). */ |
216 (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 : | 216 if (is_rec || is_normal) { |
217 KEY_BLOCK_FLAG_DEVELOPER_0))) { | 217 if (!(key_block->key_block_flags & |
218 VBDEBUG(("Developer flag mismatch.\n")); | 218 (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 : |
219 continue; | 219 KEY_BLOCK_FLAG_DEVELOPER_0))) { |
220 } | 220 VBDEBUG(("Developer flag mismatch.\n")); |
221 if (!(key_block->key_block_flags & | 221 continue; |
222 (is_rec ? KEY_BLOCK_FLAG_RECOVERY_1 : | 222 } |
223 KEY_BLOCK_FLAG_RECOVERY_0))) { | 223 if (!(key_block->key_block_flags & |
224 VBDEBUG(("Recovery flag mismatch.\n")); | 224 (is_rec ? KEY_BLOCK_FLAG_RECOVERY_1 : |
225 continue; | 225 KEY_BLOCK_FLAG_RECOVERY_0))) { |
| 226 VBDEBUG(("Recovery flag mismatch.\n")); |
| 227 continue; |
| 228 } |
226 } | 229 } |
227 | 230 |
228 /* Check for rollback of key version. Note this is implicitly | 231 /* Check for rollback of key version. Note this is implicitly |
229 * skipped in recovery and developer modes because those set | 232 * skipped in recovery and developer modes because those set |
230 * key_version=0 above. */ | 233 * key_version=0 above. */ |
231 key_version = key_block->data_key.key_version; | 234 key_version = key_block->data_key.key_version; |
232 if (key_version < tpm_key_version) { | 235 if (key_version < tpm_key_version) { |
233 VBDEBUG(("Key version too old.\n")); | 236 VBDEBUG(("Key version too old.\n")); |
234 continue; | 237 continue; |
235 } | 238 } |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
403 /* Success! */ | 406 /* Success! */ |
404 return LOAD_KERNEL_SUCCESS; | 407 return LOAD_KERNEL_SUCCESS; |
405 } | 408 } |
406 | 409 |
407 // Handle error cases | 410 // Handle error cases |
408 if (found_partitions) | 411 if (found_partitions) |
409 return LOAD_KERNEL_INVALID; | 412 return LOAD_KERNEL_INVALID; |
410 else | 413 else |
411 return LOAD_KERNEL_NOT_FOUND; | 414 return LOAD_KERNEL_NOT_FOUND; |
412 } | 415 } |
OLD | NEW |