| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
| 6 * (Firmware portion) | 6 * (Firmware portion) |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
| 10 | 10 |
| 11 #include "boot_device.h" | 11 #include "boot_device.h" |
| (...skipping 438 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 450 Free(kbuf); | 450 Free(kbuf); |
| 451 | 451 |
| 452 /* Write and free GPT data */ | 452 /* Write and free GPT data */ |
| 453 WriteAndFreeGptData(&gpt); | 453 WriteAndFreeGptData(&gpt); |
| 454 | 454 |
| 455 /* Handle finding a good partition */ | 455 /* Handle finding a good partition */ |
| 456 if (good_partition >= 0) { | 456 if (good_partition >= 0) { |
| 457 VBDEBUG(("Good_partition >= 0\n")); | 457 VBDEBUG(("Good_partition >= 0\n")); |
| 458 | 458 |
| 459 /* See if we need to update the TPM */ | 459 /* See if we need to update the TPM */ |
| 460 if (kBootRecovery != boot_mode) { | 460 if (kBootRecovery != boot_mode && good_partition_key_block_valid) { |
| 461 /* We only update the TPM in normal and developer boot modes. In | 461 /* We only update the TPM in normal and developer boot modes. In |
| 462 * developer mode, we only advanced lowest_version for kernels with valid | 462 * developer mode, we only advanced lowest_version for kernels with valid |
| 463 * key blocks, and didn't count self-signed key blocks. In recovery | 463 * key blocks, and didn't count self-signed key blocks. In recovery |
| 464 * mode, the TPM stays PP-unlocked, so anything we write gets blown away | 464 * mode, the TPM stays PP-unlocked, so anything we write gets blown away |
| 465 * by the firmware when we go back to normal mode. */ | 465 * by the firmware when we go back to normal mode. */ |
| 466 VBDEBUG(("Boot_flags = not recovery\n")); | 466 VBDEBUG(("Boot_flags = not recovery\n")); |
| 467 if (lowest_version > tpm_version) { | 467 if (lowest_version > tpm_version) { |
| 468 status = RollbackKernelWrite((uint32_t)lowest_version); | 468 status = RollbackKernelWrite((uint32_t)lowest_version); |
| 469 if (0 != status) { | 469 if (0 != status) { |
| 470 VBDEBUG(("Error writing kernel versions to TPM.\n")); | 470 VBDEBUG(("Error writing kernel versions to TPM.\n")); |
| (...skipping 29 matching lines...) Expand all Loading... |
| 500 /* Save whether the good partition's key block was fully verified */ | 500 /* Save whether the good partition's key block was fully verified */ |
| 501 VbNvSet(vnc, VBNV_FW_VERIFIED_KERNEL_KEY, good_partition_key_block_valid); | 501 VbNvSet(vnc, VBNV_FW_VERIFIED_KERNEL_KEY, good_partition_key_block_valid); |
| 502 | 502 |
| 503 /* Store recovery request, if any, then tear down non-volatile storage */ | 503 /* Store recovery request, if any, then tear down non-volatile storage */ |
| 504 VbNvSet(vnc, VBNV_RECOVERY_REQUEST, LOAD_KERNEL_RECOVERY == retval ? | 504 VbNvSet(vnc, VBNV_RECOVERY_REQUEST, LOAD_KERNEL_RECOVERY == retval ? |
| 505 recovery : VBNV_RECOVERY_NOT_REQUESTED); | 505 recovery : VBNV_RECOVERY_NOT_REQUESTED); |
| 506 VbNvTeardown(vnc); | 506 VbNvTeardown(vnc); |
| 507 | 507 |
| 508 return retval; | 508 return retval; |
| 509 } | 509 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6626020:
Only advance kernel version when the booted partition has a valid key block (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master