OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
10 | 10 |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 uint8_t* kbuf = NULL; | 122 uint8_t* kbuf = NULL; |
123 int found_partitions = 0; | 123 int found_partitions = 0; |
124 int good_partition = -1; | 124 int good_partition = -1; |
125 uint16_t tpm_key_version = 0; | 125 uint16_t tpm_key_version = 0; |
126 uint16_t tpm_kernel_version = 0; | 126 uint16_t tpm_kernel_version = 0; |
127 uint64_t lowest_key_version = 0xFFFF; | 127 uint64_t lowest_key_version = 0xFFFF; |
128 uint64_t lowest_kernel_version = 0xFFFF; | 128 uint64_t lowest_kernel_version = 0xFFFF; |
129 int is_dev = (BOOT_FLAG_DEVELOPER & params->boot_flags ? 1 : 0); | 129 int is_dev = (BOOT_FLAG_DEVELOPER & params->boot_flags ? 1 : 0); |
130 int is_rec = (BOOT_FLAG_RECOVERY & params->boot_flags ? 1 : 0); | 130 int is_rec = (BOOT_FLAG_RECOVERY & params->boot_flags ? 1 : 0); |
131 int is_normal = (!is_dev && !is_rec); | 131 int is_normal = (!is_dev && !is_rec); |
| 132 uint32_t status; |
132 | 133 |
133 /* Clear output params in case we fail */ | 134 /* Clear output params in case we fail */ |
134 params->partition_number = 0; | 135 params->partition_number = 0; |
135 params->bootloader_address = 0; | 136 params->bootloader_address = 0; |
136 params->bootloader_size = 0; | 137 params->bootloader_size = 0; |
137 | 138 |
138 /* Let the TPM know if we're in recovery mode */ | 139 /* Let the TPM know if we're in recovery mode */ |
139 if (is_rec) { | 140 if (is_rec) { |
140 if (0 != RollbackKernelRecovery(is_dev ? 1 : 0)) { | 141 if (0 != RollbackKernelRecovery(is_dev ? 1 : 0)) { |
141 VBDEBUG(("Error setting up TPM for recovery kernel\n")); | 142 VBDEBUG(("Error setting up TPM for recovery kernel\n")); |
142 /* Ignore return code, since we need to boot recovery mode to | 143 /* Ignore return code, since we need to boot recovery mode to |
143 * fix the TPM. */ | 144 * fix the TPM. */ |
144 } | 145 } |
145 } | 146 } |
146 | 147 |
147 if (is_normal) { | 148 if (is_normal) { |
148 /* Read current kernel key index from TPM. Assumes TPM is already | 149 /* Read current kernel key index from TPM. Assumes TPM is already |
149 * initialized. */ | 150 * initialized. */ |
150 if (0 != RollbackKernelRead(&tpm_key_version, &tpm_kernel_version)) { | 151 status = RollbackKernelRead(&tpm_key_version, &tpm_kernel_version); |
| 152 if (0 != status) { |
151 VBDEBUG(("Unable to get kernel versions from TPM\n")); | 153 VBDEBUG(("Unable to get kernel versions from TPM\n")); |
152 return LOAD_KERNEL_RECOVERY; | 154 return (status == TPM_E_MUST_REBOOT ? |
| 155 LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY); |
153 } | 156 } |
154 } else if (is_dev && !is_rec) { | 157 } else if (is_dev && !is_rec) { |
155 /* In developer mode, we ignore the kernel subkey, and just use | 158 /* In developer mode, we ignore the kernel subkey, and just use |
156 * the SHA-512 hash to verify the key block. */ | 159 * the SHA-512 hash to verify the key block. */ |
157 kernel_subkey = NULL; | 160 kernel_subkey = NULL; |
158 } | 161 } |
159 | 162 |
160 do { | 163 do { |
161 /* Read GPT data */ | 164 /* Read GPT data */ |
162 gpt.sector_bytes = (uint32_t)blba; | 165 gpt.sector_bytes = (uint32_t)blba; |
(...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
360 /* We only update the TPM in normal boot mode. In developer | 363 /* We only update the TPM in normal boot mode. In developer |
361 * mode, the kernel is self-signed by the developer, so we can't | 364 * mode, the kernel is self-signed by the developer, so we can't |
362 * trust the key version and wouldn't want to roll the TPM | 365 * trust the key version and wouldn't want to roll the TPM |
363 * forward. In recovery mode, the TPM stays PP-unlocked, so | 366 * forward. In recovery mode, the TPM stays PP-unlocked, so |
364 * anything we write gets blown away by the firmware when we go | 367 * anything we write gets blown away by the firmware when we go |
365 * back to normal mode. */ | 368 * back to normal mode. */ |
366 VBDEBUG(("Boot_flags = is_normal\n")); | 369 VBDEBUG(("Boot_flags = is_normal\n")); |
367 if ((lowest_key_version > tpm_key_version) || | 370 if ((lowest_key_version > tpm_key_version) || |
368 (lowest_key_version == tpm_key_version && | 371 (lowest_key_version == tpm_key_version && |
369 lowest_kernel_version > tpm_kernel_version)) { | 372 lowest_kernel_version > tpm_kernel_version)) { |
370 if (0 != RollbackKernelWrite((uint16_t)lowest_key_version, | 373 |
371 (uint16_t)lowest_kernel_version)) { | 374 status = RollbackKernelWrite((uint16_t)lowest_key_version, |
| 375 (uint16_t)lowest_kernel_version); |
| 376 if (0 != status) { |
372 VBDEBUG(("Error writing kernel versions to TPM.\n")); | 377 VBDEBUG(("Error writing kernel versions to TPM.\n")); |
373 return LOAD_KERNEL_RECOVERY; | 378 return (status == TPM_E_MUST_REBOOT ? |
| 379 LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY); |
374 } | 380 } |
375 } | 381 } |
376 } | 382 } |
377 | 383 |
378 /* Lock the kernel versions */ | 384 /* Lock the kernel versions */ |
379 if (0 != RollbackKernelLock()) { | 385 status = RollbackKernelLock(); |
| 386 if (0 != status) { |
380 VBDEBUG(("Error locking kernel versions.\n")); | 387 VBDEBUG(("Error locking kernel versions.\n")); |
381 /* Don't reboot to recovery mode if we're already there */ | 388 /* Don't reboot to recovery mode if we're already there */ |
382 if (!is_rec) | 389 if (!is_rec) |
383 return LOAD_KERNEL_RECOVERY; | 390 return (status == TPM_E_MUST_REBOOT ? |
| 391 LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY); |
384 } | 392 } |
385 | 393 |
386 /* Success! */ | 394 /* Success! */ |
387 return LOAD_KERNEL_SUCCESS; | 395 return LOAD_KERNEL_SUCCESS; |
388 } | 396 } |
389 | 397 |
390 // Handle error cases | 398 // Handle error cases |
391 if (found_partitions) | 399 if (found_partitions) |
392 return LOAD_KERNEL_INVALID; | 400 return LOAD_KERNEL_INVALID; |
393 else | 401 else |
394 return LOAD_KERNEL_NOT_FOUND; | 402 return LOAD_KERNEL_NOT_FOUND; |
395 } | 403 } |
OLD | NEW |