firmware/lib/vboot_firmware.c - Issue 6596081: Add crossystem support for nvram_cleared and kern_nv

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: firmware/lib/vboot_firmware.c

Issue 6596081: Add crossystem support for nvram_cleared and kern_nv (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master

Patch Set: Fix try B count mask Created 9 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: firmware/lib/vboot_firmware.c

diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c

index e8c8a86fa902d4cb5f52954a46d2eed9ebb6a2b0..036441fb7f6836c1e553c4cee1fada8624bc7380 100644

--- a/firmware/lib/vboot_firmware.c

+++ b/firmware/lib/vboot_firmware.c

@@ -116,10 +116,7 @@ int LoadFirmware(LoadFirmwareParams* params) {

uint8_t* body_digest;

/* If try B count is non-zero try firmware B first */

- index = (try_b_count ? i : 1 - i);

- /* Verify the key block */

- VBPERFSTART("VB_VKB");

+ index = (try_b_count ? 1 - i : i);

if (0 == index) {

key_block = (VbKeyBlockHeader*)params->verification_block_0;

vblock_size = params->verification_size_0;

@@ -127,14 +124,10 @@ int LoadFirmware(LoadFirmwareParams* params) {

key_block = (VbKeyBlockHeader*)params->verification_block_1;

vblock_size = params->verification_size_1;

}

- if ((0 != KeyBlockVerify(key_block, vblock_size, root_key, 0))) {

- VBDEBUG(("Key block verification failed.\n"));

- VBPERFEND("VB_VKB");

- continue;

- }

- VBPERFEND("VB_VKB");

- /* Check the key block flags against the current boot mode. */

+ /* Check the key block flags against the current boot mode. Do this

+ * before verifying the key block, since flags are faster to check than

+ * the RSA signature. */

if (!(key_block->key_block_flags &

(is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 :

KEY_BLOCK_FLAG_DEVELOPER_0))) {

@@ -147,6 +140,15 @@ int LoadFirmware(LoadFirmwareParams* params) {

continue;

}

+ /* Verify the key block */

+ VBPERFSTART("VB_VKB");

+ if ((0 != KeyBlockVerify(key_block, vblock_size, root_key, 0))) {

+ VBDEBUG(("Key block verification failed.\n"));

+ VBPERFEND("VB_VKB");

+ continue;

+ }

+ VBPERFEND("VB_VKB");

/* Check for rollback of key version. */

key_version = key_block->data_key.key_version;

if (key_version < (tpm_version >> 16)) {

« no previous file with comments | « no previous file | firmware/lib/vboot_nvstorage.c » ('j') | no next file with comments »