Pass VbSharedData between LoadFirmware() and LoadKernel()

firmware/lib/vboot_firmware.c

-/* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * High-level firmware API for loading and verifying rewritable firmware.
  * (Firmware portion)
  */
 
+#include "gbb_header.h"
 #include "load_firmware_fw.h"
 #include "rollback_index.h"
 #include "utility.h"
 #include "vboot_common.h"
 #include "vboot_nvstorage.h"
 
 /* Static variables for UpdateFirmwareBodyHash().  It's less than
  * optimal to have static variables in a library, but in UEFI the
  * caller is deep inside a different firmware stack and doesn't have a
  * good way to pass the params struct back to us. */
@@ skipping 13 matching lines @@
 }
 
 
 int LoadFirmwareSetup(void) {
   /* TODO: start initializing the TPM */
   return LOAD_FIRMWARE_SUCCESS;
 }
 
 
 int LoadFirmware(LoadFirmwareParams* params) {
-
-  VbPublicKey* root_key = (VbPublicKey*)params->firmware_root_key_blob;
+  VbSharedDataHeader* shared = (VbSharedDataHeader*)params->shared_data_blob;
+  GoogleBinaryBlockHeader* gbb = (GoogleBinaryBlockHeader*)params->gbb_data;
+  VbPublicKey* root_key;
   VbLoadFirmwareInternal* lfi;
   VbNvContext* vnc = params->nv_context;
 
   uint32_t try_b_count;
   uint32_t tpm_version = 0;
   uint64_t lowest_version = 0xFFFFFFFF;
   uint32_t status;
   int good_index = -1;
   int is_dev;
   int index;
   int i;
 
   int retval = LOAD_FIRMWARE_RECOVERY;
   int recovery = VBNV_RECOVERY_RO_UNSPECIFIED;
 
   /* Clear output params in case we fail */
   params->firmware_index = 0;
 
   VBDEBUG(("LoadFirmware started...\n"));
 
   /* Setup NV storage */
   VbNvSetup(vnc);
 
-  if (params->kernel_sign_key_size < sizeof(VbPublicKey)) {
-    VBDEBUG(("Kernel sign key buffer too small\n"));
+  /* Initialize shared data structure. */
+  if (0 != VbSharedDataInit(shared, params->shared_data_size)) {
+    VBDEBUG(("Shared data init error\n"));
+    recovery = VBNV_RECOVERY_RO_SHARED_DATA;
     goto LoadFirmwareExit;
   }
 
-  /* Must have a root key */
-  if (!root_key) {
-    VBDEBUG(("No root key\n"));
+  /* Must have a root key from the GBB */
+  if (!gbb) {
+    VBDEBUG(("No GBB\n"));
     goto LoadFirmwareExit;
   }
+  root_key = (VbPublicKey*)((uint8_t*)gbb + gbb->rootkey_offset);
 
   /* Parse flags */
   is_dev = (params->boot_flags & BOOT_FLAG_DEVELOPER ? 1 : 0);
 
   /* Initialize the TPM and read rollback indices. */
   VBPERFSTART("VB_TPMI");
   status = RollbackFirmwareSetup(is_dev, &tpm_version);
   if (0 != status) {
     VBDEBUG(("Unable to setup TPM and read stored versions.\n"));
     VBPERFEND("VB_TPMI");
@@ skipping 141 matching lines @@
     }
     VBPERFEND("VB_VFD");
 
     /* Done with the digest and data key, so can free them now */
     RSAPublicKeyFree(data_key);
     Free(body_digest);
 
     /* If we're still here, the firmware is valid. */
     VBDEBUG(("Firmware %d is valid.\n", index));
     if (-1 == good_index) {
-      VbPublicKey *kdest = (VbPublicKey*)params->kernel_sign_key_blob;
-
-      /* Copy the kernel sign key blob into the destination buffer */
-      PublicKeyInit(kdest, (uint8_t*)(kdest + 1),
-                    (params->kernel_sign_key_size - sizeof(VbPublicKey)));
-
-      if (0 != PublicKeyCopy(kdest, &preamble->kernel_subkey)) {
-        VBDEBUG(("Kernel subkey too big for buffer.\n"));
+      /* Save the key we actually used */
+      if (0 != VbSharedDataSetKernelKey(shared, &preamble->kernel_subkey)) {
+        VBDEBUG(("Unable to save kernel subkey to shared data.\n"));
         continue;  /* The firmware signature was good, but the public
                     * key was bigger that the caller can handle. */
       }
 
-      /* Save the key size we actually used */
-      params->kernel_sign_key_size = kdest->key_offset + kdest->key_size;
-
       /* Save the good index, now that we're sure we can actually use
        * this firmware.  That's the one we'll boot. */
       good_index = index;
       params->firmware_index = index;
 
       /* If the good firmware's key version is the same as the tpm,
        * then the TPM doesn't need updating; we can stop now.
        * Otherwise, we'll check all the other headers to see if they
        * contain a newer key. */
       if (combined_version == tpm_version)
@@ skipping 44 matching lines @@
     VBDEBUG(("Alas, no good firmware.\n"));
     recovery = VBNV_RECOVERY_RO_INVALID_RW;
   }
 
 LoadFirmwareExit:
   /* Store recovery request, if any, then tear down non-volatile storage */
   VbNvSet(vnc, VBNV_RECOVERY_REQUEST, LOAD_FIRMWARE_RECOVERY == retval ?
           recovery : VBNV_RECOVERY_NOT_REQUESTED);
   VbNvTeardown(vnc);
 
+  /* Note that we don't reduce params->shared_data_size to shared->data_used,
+   * since we want to leave space for LoadKernel() to add to the shared data
+   * buffer. */
+
   return retval;
 }
 
 
 int S3Resume(void) {
   /* Resume the TPM */
   uint32_t status = RollbackS3Resume();
 
   /* If we can't resume, just do a full reboot.  No need to go to recovery
    * mode here, since if the TPM is really broken we'll catch it on the
    * next boot. */
   if (status == TPM_SUCCESS)
     return LOAD_FIRMWARE_SUCCESS;
   else
     return LOAD_FIRMWARE_REBOOT;
 }