OLD | NEW |
1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
10 | 10 |
(...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
225 | 225 |
226 /* Use the recovery key to verify the kernel */ | 226 /* Use the recovery key to verify the kernel */ |
227 kernel_subkey = (VbPublicKey*)((uint8_t*)gbb + gbb->recovery_key_offset); | 227 kernel_subkey = (VbPublicKey*)((uint8_t*)gbb + gbb->recovery_key_offset); |
228 | 228 |
229 /* Let the TPM know if we're in recovery mode */ | 229 /* Let the TPM know if we're in recovery mode */ |
230 if (0 != RollbackKernelRecovery(dev_switch)) { | 230 if (0 != RollbackKernelRecovery(dev_switch)) { |
231 VBDEBUG(("Error setting up TPM for recovery kernel\n")); | 231 VBDEBUG(("Error setting up TPM for recovery kernel\n")); |
232 /* Ignore return code, since we need to boot recovery mode to | 232 /* Ignore return code, since we need to boot recovery mode to |
233 * fix the TPM. */ | 233 * fix the TPM. */ |
234 } | 234 } |
| 235 |
| 236 /* Read the key indices from the TPM; ignore any errors */ |
| 237 if (shared) { |
| 238 RollbackFirmwareRead(&shared->fw_version_tpm); |
| 239 RollbackKernelRead(&shared->kernel_version_tpm); |
| 240 } |
235 } else { | 241 } else { |
236 /* Use the kernel subkey passed from LoadFirmware(). */ | 242 /* Use the kernel subkey passed from LoadFirmware(). */ |
237 kernel_subkey = &shared->kernel_subkey; | 243 kernel_subkey = &shared->kernel_subkey; |
238 | 244 |
239 /* Read current kernel key index from TPM. Assumes TPM is already | 245 /* Read current kernel key index from TPM. Assumes TPM is already |
240 * initialized. */ | 246 * initialized. */ |
241 status = RollbackKernelRead(&tpm_version); | 247 status = RollbackKernelRead(&tpm_version); |
242 if (0 != status) { | 248 if (0 != status) { |
243 VBDEBUG(("Unable to get kernel versions from TPM\n")); | 249 VBDEBUG(("Unable to get kernel versions from TPM\n")); |
244 if (status == TPM_E_MUST_REBOOT) | 250 if (status == TPM_E_MUST_REBOOT) |
245 retval = LOAD_KERNEL_REBOOT; | 251 retval = LOAD_KERNEL_REBOOT; |
246 else | 252 else |
247 recovery = VBNV_RECOVERY_RW_TPM_ERROR; | 253 recovery = VBNV_RECOVERY_RW_TPM_ERROR; |
248 goto LoadKernelExit; | 254 goto LoadKernelExit; |
249 } | 255 } |
| 256 if (shared) |
| 257 shared->kernel_version_tpm = tpm_version; |
250 } | 258 } |
251 | 259 |
252 do { | 260 do { |
253 /* Read GPT data */ | 261 /* Read GPT data */ |
254 gpt.sector_bytes = (uint32_t)blba; | 262 gpt.sector_bytes = (uint32_t)blba; |
255 gpt.drive_sectors = params->ending_lba + 1; | 263 gpt.drive_sectors = params->ending_lba + 1; |
256 if (0 != AllocAndReadGptData(&gpt)) { | 264 if (0 != AllocAndReadGptData(&gpt)) { |
257 VBDEBUG(("Unable to read GPT data\n")); | 265 VBDEBUG(("Unable to read GPT data\n")); |
258 break; | 266 break; |
259 } | 267 } |
(...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
514 (lowest_version != LOWEST_TPM_VERSION)) { | 522 (lowest_version != LOWEST_TPM_VERSION)) { |
515 status = RollbackKernelWrite((uint32_t)lowest_version); | 523 status = RollbackKernelWrite((uint32_t)lowest_version); |
516 if (0 != status) { | 524 if (0 != status) { |
517 VBDEBUG(("Error writing kernel versions to TPM.\n")); | 525 VBDEBUG(("Error writing kernel versions to TPM.\n")); |
518 if (status == TPM_E_MUST_REBOOT) | 526 if (status == TPM_E_MUST_REBOOT) |
519 retval = LOAD_KERNEL_REBOOT; | 527 retval = LOAD_KERNEL_REBOOT; |
520 else | 528 else |
521 recovery = VBNV_RECOVERY_RW_TPM_ERROR; | 529 recovery = VBNV_RECOVERY_RW_TPM_ERROR; |
522 goto LoadKernelExit; | 530 goto LoadKernelExit; |
523 } | 531 } |
| 532 if (shared) |
| 533 shared->kernel_version_tpm = (uint32_t)lowest_version; |
524 } | 534 } |
525 } | 535 } |
526 | 536 |
527 /* Lock the kernel versions */ | 537 /* Lock the kernel versions */ |
528 status = RollbackKernelLock(); | 538 status = RollbackKernelLock(); |
529 if (0 != status) { | 539 if (0 != status) { |
530 VBDEBUG(("Error locking kernel versions.\n")); | 540 VBDEBUG(("Error locking kernel versions.\n")); |
531 /* Don't reboot to recovery mode if we're already there */ | 541 /* Don't reboot to recovery mode if we're already there */ |
532 if (kBootRecovery != boot_mode) { | 542 if (kBootRecovery != boot_mode) { |
533 if (status == TPM_E_MUST_REBOOT) | 543 if (status == TPM_E_MUST_REBOOT) |
(...skipping 26 matching lines...) Expand all Loading... |
560 if (shared) { | 570 if (shared) { |
561 /* Save timer values */ | 571 /* Save timer values */ |
562 shared->timer_load_kernel_enter = timer_enter; | 572 shared->timer_load_kernel_enter = timer_enter; |
563 shared->timer_load_kernel_exit = VbGetTimer(); | 573 shared->timer_load_kernel_exit = VbGetTimer(); |
564 /* Store how much shared data we used, if any */ | 574 /* Store how much shared data we used, if any */ |
565 params->shared_data_size = shared->data_used; | 575 params->shared_data_size = shared->data_used; |
566 } | 576 } |
567 | 577 |
568 return retval; | 578 return retval; |
569 } | 579 } |
OLD | NEW |