LoadFirmware() and LoadKernel() handling for test errors

firmware/lib/vboot_firmware.c

 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * High-level firmware API for loading and verifying rewritable firmware.
  * (Firmware portion)
  */
 
 #include "gbb_header.h"
 #include "load_firmware_fw.h"
@@ skipping 16 matching lines @@
                              uint8_t* data, uint64_t size) {
   VbLoadFirmwareInternal* lfi =
       (VbLoadFirmwareInternal*)params->load_firmware_internal;
 
   DigestUpdate(&lfi->body_digest_context, data, size);
   lfi->body_size_accum += size;
 }
 
 
 int LoadFirmwareSetup(void) {
+  /* TODO: handle test errors (requires passing in VbNvContext) */
   /* TODO: start initializing the TPM */
   return LOAD_FIRMWARE_SUCCESS;
 }
 
 
 int LoadFirmware(LoadFirmwareParams* params) {
   VbSharedDataHeader* shared = (VbSharedDataHeader*)params->shared_data_blob;
   GoogleBinaryBlockHeader* gbb = (GoogleBinaryBlockHeader*)params->gbb_data;
   VbPublicKey* root_key;
   VbLoadFirmwareInternal* lfi;
   VbNvContext* vnc = params->nv_context;
 
   uint32_t try_b_count;
   uint32_t tpm_version = 0;
   uint64_t lowest_version = 0xFFFFFFFF;
   uint32_t status;
+  uint32_t test_err = 0;
   int good_index = -1;
   int is_dev;
   int index;
   int i;
 
   int retval = LOAD_FIRMWARE_RECOVERY;
   int recovery = VBNV_RECOVERY_RO_UNSPECIFIED;
 
   /* Clear output params in case we fail */
   params->firmware_index = 0;
 
   VBDEBUG(("LoadFirmware started...\n"));
 
   /* Setup NV storage */
   VbNvSetup(vnc);
 
   /* Initialize shared data structure. */
   if (0 != VbSharedDataInit(shared, params->shared_data_size)) {
     VBDEBUG(("Shared data init error\n"));
     recovery = VBNV_RECOVERY_RO_SHARED_DATA;
     goto LoadFirmwareExit;
   }
 
+  /* Handle test errors */
+  VbNvGet(vnc, VBNV_TEST_ERROR_FUNC, &test_err);
+  if (VBNV_TEST_ERROR_LOAD_FIRMWARE == test_err) {
+    /* Get error code */
+    VbNvGet(vnc, VBNV_TEST_ERROR_NUM, &test_err);
+    /* Clear test params so we don't repeat the error */
+    VbNvSet(vnc, VBNV_TEST_ERROR_FUNC, 0);
+    VbNvSet(vnc, VBNV_TEST_ERROR_NUM, 0);
+    /* Handle error codes */
+    switch (test_err) {
+      case LOAD_FIRMWARE_RECOVERY:
+        recovery = VBNV_RECOVERY_RO_TEST_LF;
+        goto LoadFirmwareExit;
+      case LOAD_FIRMWARE_REBOOT:
+        retval = test_err;
+        goto LoadFirmwareExit;
+      default:
+        break;
+    }
+  }
+
   /* Must have a root key from the GBB */
   if (!gbb) {
     VBDEBUG(("No GBB\n"));
     goto LoadFirmwareExit;
   }
   root_key = (VbPublicKey*)((uint8_t*)gbb + gbb->rootkey_offset);
 
   /* Parse flags */
   is_dev = (params->boot_flags & BOOT_FLAG_DEVELOPER ? 1 : 0);
 
@@ skipping 227 matching lines @@
 
   /* Note that we don't reduce params->shared_data_size to shared->data_used,
    * since we want to leave space for LoadKernel() to add to the shared data
    * buffer. */
 
   return retval;
 }
 
 
 int S3Resume(void) {
+
+  /* TODO: handle test errors (requires passing in VbNvContext) */
+
   /* Resume the TPM */
   uint32_t status = RollbackS3Resume();
 
   /* If we can't resume, just do a full reboot.  No need to go to recovery
    * mode here, since if the TPM is really broken we'll catch it on the
    * next boot. */
   if (status == TPM_SUCCESS)
     return LOAD_FIRMWARE_SUCCESS;
   else
     return LOAD_FIRMWARE_REBOOT;
 }