diff options
author | Joel Kitching <kitching@google.com> | 2019-06-11 16:27:08 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-06-13 19:45:59 +0000 |
commit | d15663d4f594e2c82ec73570b2a6772e719c0c3f (patch) | |
tree | 5122a60b34ae4a0fd53f93df6f74318195a8f541 | |
parent | 70b3753d22dc0a1fead6f1cb65bc6e69e29a771e (diff) | |
download | vboot-d15663d4f594e2c82ec73570b2a6772e719c0c3f.tar.gz |
vboot: expose vb2api_secdatak_check and vb2api_secdatak_create
Previously vb2api_secdatak_check and vb2api_secdatak_create had
headers in 2api.h, but no definitions.
Merge identical internal/external functions:
vb2api_secdata_create, vb2_secdata_create_crc
vb2api_secdata_check, vb2_secdata_check_crc
vb2api_secdatak_create, vb2_secdatak_create_crc
vb2api_secdatak_check, vb2_secdatak_check_crc
BUG=b:124141368, chromium:972956
TEST=make clean && make runtests
BRANCH=none
Change-Id: I64a14d65e5d856ca0f819ef3ded50b4719abc8b3
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1652874
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Commit-Queue: Julius Werner <jwerner@chromium.org>
-rw-r--r-- | firmware/2lib/2api.c | 10 | ||||
-rw-r--r-- | firmware/2lib/2secdata.c | 6 | ||||
-rw-r--r-- | firmware/2lib/2secdatak.c | 6 | ||||
-rw-r--r-- | firmware/2lib/include/2api.h | 16 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 6 | ||||
-rw-r--r-- | firmware/2lib/include/2secdata.h | 50 | ||||
-rw-r--r-- | tests/vb20_api_kernel_tests.c | 2 | ||||
-rw-r--r-- | tests/vb20_api_tests.c | 2 | ||||
-rw-r--r-- | tests/vb20_kernel_tests.c | 2 | ||||
-rw-r--r-- | tests/vb20_misc_tests.c | 2 | ||||
-rw-r--r-- | tests/vb21_api_tests.c | 2 | ||||
-rw-r--r-- | tests/vb21_misc_tests.c | 2 | ||||
-rw-r--r-- | tests/vb2_api_tests.c | 2 | ||||
-rw-r--r-- | tests/vb2_misc_tests.c | 2 | ||||
-rw-r--r-- | tests/vb2_secdata_tests.c | 10 | ||||
-rw-r--r-- | tests/vb2_secdatak_tests.c | 12 |
16 files changed, 38 insertions, 94 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 99bb9630..f2e7d6bb 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -16,16 +16,6 @@ #include "2rsa.h" #include "2tpm_bootmode.h" -int vb2api_secdata_check(const struct vb2_context *ctx) -{ - return vb2_secdata_check_crc(ctx); -} - -int vb2api_secdata_create(struct vb2_context *ctx) -{ - return vb2_secdata_create(ctx); -} - void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) { /* Initialize the vboot context if it hasn't been yet */ diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c index 3281f7c3..e4b42e44 100644 --- a/firmware/2lib/2secdata.c +++ b/firmware/2lib/2secdata.c @@ -11,7 +11,7 @@ #include "2misc.h" #include "2secdata.h" -int vb2_secdata_check_crc(const struct vb2_context *ctx) +int vb2api_secdata_check(const struct vb2_context *ctx) { const struct vb2_secdata *sec = (const struct vb2_secdata *)ctx->secdata; @@ -27,7 +27,7 @@ int vb2_secdata_check_crc(const struct vb2_context *ctx) return VB2_SUCCESS; } -int vb2_secdata_create(struct vb2_context *ctx) +int vb2api_secdata_create(struct vb2_context *ctx) { struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata; @@ -48,7 +48,7 @@ int vb2_secdata_init(struct vb2_context *ctx) struct vb2_shared_data *sd = vb2_get_sd(ctx); int rv; - rv = vb2_secdata_check_crc(ctx); + rv = vb2api_secdata_check(ctx); if (rv) return rv; diff --git a/firmware/2lib/2secdatak.c b/firmware/2lib/2secdatak.c index af11aef4..228312d8 100644 --- a/firmware/2lib/2secdatak.c +++ b/firmware/2lib/2secdatak.c @@ -11,7 +11,7 @@ #include "2misc.h" #include "2secdata.h" -int vb2_secdatak_check_crc(const struct vb2_context *ctx) +int vb2api_secdatak_check(const struct vb2_context *ctx) { const struct vb2_secdatak *sec = (const struct vb2_secdatak *)ctx->secdatak; @@ -23,7 +23,7 @@ int vb2_secdatak_check_crc(const struct vb2_context *ctx) return VB2_SUCCESS; } -int vb2_secdatak_create(struct vb2_context *ctx) +int vb2api_secdatak_create(struct vb2_context *ctx) { struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak; @@ -48,7 +48,7 @@ int vb2_secdatak_init(struct vb2_context *ctx) struct vb2_shared_data *sd = vb2_get_sd(ctx); int rv; - rv = vb2_secdatak_check_crc(ctx); + rv = vb2api_secdatak_check(ctx); if (rv) return rv; diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 341517d9..9cab74e9 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -393,12 +393,13 @@ enum vb2_pcr_digest { */ /** - * Sanity-check the contents of the secure storage context. + * Check the CRC of the secure storage context. * * Use this if reading from secure storage may be flaky, and you want to retry * reading it several times. * - * This may be called before vb2api_phase1(). + * This may be called before vb2api_phase1() (externally), and before + * vb2_context_init() (internally). * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. @@ -413,7 +414,8 @@ int vb2api_secdata_check(const struct vb2_context *ctx); * (or any other API in this library) fails; that could allow the secure data * to be rolled back to an insecure state. * - * This may be called before vb2api_phase1(). + * This may be called before vb2api_phase1() (externally), and before + * vb2_context_init() (internally). * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. @@ -421,12 +423,13 @@ int vb2api_secdata_check(const struct vb2_context *ctx); int vb2api_secdata_create(struct vb2_context *ctx); /** - * Sanity-check the contents of the kernel version secure storage context. + * Check the CRC of the kernel version secure storage context. * * Use this if reading from secure storage may be flaky, and you want to retry * reading it several times. * - * This may be called before vb2api_phase1(). + * This may be called before vb2api_phase1() (externally), and before + * vb2_context_init() (internally). * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. @@ -441,7 +444,8 @@ int vb2api_secdatak_check(const struct vb2_context *ctx); * (or any other API in this library) fails; that could allow the secure data * to be rolled back to an insecure state. * - * This may be called before vb2api_phase1(). + * This may be called before vb2api_phase1() (externally), and before + * vb2_context_init() (internally). * * @param ctx Context pointer * @return VB2_SUCCESS, or non-zero error code if error. diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 15ec97f6..5126555b 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -90,10 +90,10 @@ enum vb2_return_code { */ VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000, - /* Bad CRC in vb2_secdata_check_crc() */ + /* Bad CRC in vb2api_secdata_check() */ VB2_ERROR_SECDATA_CRC, - /* Secdata is all zeroes (uninitialized) in vb2_secdata_check_crc() */ + /* Secdata is all zeroes (uninitialized) in vb2api_secdata_check() */ VB2_ERROR_SECDATA_ZERO, /* Invalid param in vb2_secdata_get() */ @@ -111,7 +111,7 @@ enum vb2_return_code { /* Called vb2_secdata_set() with uninitialized secdata */ VB2_ERROR_SECDATA_SET_UNINITIALIZED, - /* Bad CRC in vb2_secdatak_check_crc() */ + /* Bad CRC in vb2api_secdatak_check() */ VB2_ERROR_SECDATAK_CRC, /* Bad struct version in vb2_secdatak_init() */ diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h index d27432e8..2563b3fb 100644 --- a/firmware/2lib/include/2secdata.h +++ b/firmware/2lib/include/2secdata.h @@ -92,31 +92,6 @@ enum vb2_secdatak_param { /* Firmware version space functions */ /** - * Check the CRC of the secure storage context. - * - * Use this if reading from secure storage may be flaky, and you want to retry - * reading it several times. - * - * This may be called before vb2_context_init(). - * - * @param ctx Context pointer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -int vb2_secdata_check_crc(const struct vb2_context *ctx); - -/** - * Create fresh data in the secure storage context. - * - * Use this only when initializing the secure storage context on a new machine - * the first time it boots. Do NOT simply use this if vb2_secdata_check_crc() - * (or any other API in this library) fails; that could allow the secure data - * to be rolled back to an insecure state. - * - * This may be called before vb2_context_init(). - */ -int vb2_secdata_create(struct vb2_context *ctx); - -/** * Initialize the secure storage context and verify its CRC. * * This must be called before vb2_secdata_get() or vb2_secdata_set(). @@ -158,31 +133,6 @@ int vb2_secdata_set(struct vb2_context *ctx, */ /** - * Check the CRC of the kernel version secure storage context. - * - * Use this if reading from secure storage may be flaky, and you want to retry - * reading it several times. - * - * This may be called before vb2_context_init(). - * - * @param ctx Context pointer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -int vb2_secdatak_check_crc(const struct vb2_context *ctx); - -/** - * Create fresh data in the secure storage context. - * - * Use this only when initializing the secure storage context on a new machine - * the first time it boots. Do NOT simply use this if vb2_secdatak_check_crc() - * (or any other API in this library) fails; that could allow the secure data - * to be rolled back to an insecure state. - * - * This may be called before vb2_context_init(). - */ -int vb2_secdatak_create(struct vb2_context *ctx); - -/** * Initialize the secure storage context and verify its CRC. * * This must be called before vb2_secdatak_get() or vb2_secdatak_set(). diff --git a/tests/vb20_api_kernel_tests.c b/tests/vb20_api_kernel_tests.c index 0d48c75c..64fb421f 100644 --- a/tests/vb20_api_kernel_tests.c +++ b/tests/vb20_api_kernel_tests.c @@ -64,7 +64,7 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2_secdatak_create(&ctx); + vb2api_secdatak_create(&ctx); vb2_secdatak_init(&ctx); vb2_secdatak_set(&ctx, VB2_SECDATAK_VERSIONS, 0x20002); diff --git a/tests/vb20_api_tests.c b/tests/vb20_api_tests.c index 6c43391e..1c96efa1 100644 --- a/tests/vb20_api_tests.c +++ b/tests/vb20_api_tests.c @@ -66,7 +66,7 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2_secdata_create(&ctx); + vb2api_secdata_create(&ctx); vb2_secdata_init(&ctx); retval_vb2_load_fw_keyblock = VB2_SUCCESS; diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c index ec70f4bb..c798f862 100644 --- a/tests/vb20_kernel_tests.c +++ b/tests/vb20_kernel_tests.c @@ -90,7 +90,7 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2_secdatak_create(&ctx); + vb2api_secdatak_create(&ctx); vb2_secdatak_init(&ctx); mock_read_res_fail_on_call = 0; diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 4cd11b6f..9716ae2a 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -76,7 +76,7 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2_secdata_create(&ctx); + vb2api_secdata_create(&ctx); vb2_secdata_init(&ctx); mock_read_res_fail_on_call = 0; diff --git a/tests/vb21_api_tests.c b/tests/vb21_api_tests.c index 18809400..cbe61086 100644 --- a/tests/vb21_api_tests.c +++ b/tests/vb21_api_tests.c @@ -81,7 +81,7 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2_secdata_create(&ctx); + vb2api_secdata_create(&ctx); vb2_secdata_init(&ctx); memset(&hwcrypto_emulation_dc, 0, sizeof(hwcrypto_emulation_dc)); diff --git a/tests/vb21_misc_tests.c b/tests/vb21_misc_tests.c index 7eaf0546..db7cd775 100644 --- a/tests/vb21_misc_tests.c +++ b/tests/vb21_misc_tests.c @@ -78,7 +78,7 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2_secdata_create(&ctx); + vb2api_secdata_create(&ctx); vb2_secdata_init(&ctx); mock_read_res_fail_on_call = 0; diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c index c261f963..144102a6 100644 --- a/tests/vb2_api_tests.c +++ b/tests/vb2_api_tests.c @@ -59,7 +59,7 @@ static void reset_common_data(enum reset_type t) vb2_nv_init(&ctx); - vb2_secdata_create(&ctx); + vb2api_secdata_create(&ctx); vb2_secdata_init(&ctx); force_dev_mode = 0; diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index 3c262633..85a6e697 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -44,7 +44,7 @@ static void reset_common_data(void) vb2_nv_init(&ctx); - vb2_secdata_create(&ctx); + vb2api_secdata_create(&ctx); vb2_secdata_init(&ctx); mock_tpm_clear_called = 0; diff --git a/tests/vb2_secdata_tests.c b/tests/vb2_secdata_tests.c index 460bf831..99d7788a 100644 --- a/tests/vb2_secdata_tests.c +++ b/tests/vb2_secdata_tests.c @@ -43,7 +43,7 @@ static void secdata_test(void) /* Blank data is invalid */ memset(c.secdata, 0xa6, sizeof(c.secdata)); - TEST_EQ(vb2_secdata_check_crc(&c), + TEST_EQ(vb2api_secdata_check(&c), VB2_ERROR_SECDATA_CRC, "Check blank CRC"); TEST_EQ(vb2_secdata_init(&c), VB2_ERROR_SECDATA_CRC, "Init blank CRC"); @@ -53,19 +53,19 @@ static void secdata_test(void) TEST_EQ(vb2_secdata_init(&c), VB2_ERROR_SECDATA_ZERO, "Zeroed buffer"); /* Create good data */ - TEST_SUCC(vb2_secdata_create(&c), "Create"); - TEST_SUCC(vb2_secdata_check_crc(&c), "Check created CRC"); + TEST_SUCC(vb2api_secdata_create(&c), "Create"); + TEST_SUCC(vb2api_secdata_check(&c), "Check created CRC"); TEST_SUCC(vb2_secdata_init(&c), "Init created CRC"); test_changed(&c, 1, "Create changes data"); /* Now corrupt it */ c.secdata[2]++; - TEST_EQ(vb2_secdata_check_crc(&c), + TEST_EQ(vb2api_secdata_check(&c), VB2_ERROR_SECDATA_CRC, "Check invalid CRC"); TEST_EQ(vb2_secdata_init(&c), VB2_ERROR_SECDATA_CRC, "Init invalid CRC"); - vb2_secdata_create(&c); + vb2api_secdata_create(&c); c.flags = 0; /* Read/write flags */ diff --git a/tests/vb2_secdatak_tests.c b/tests/vb2_secdatak_tests.c index 6a4f9017..81eb0345 100644 --- a/tests/vb2_secdatak_tests.c +++ b/tests/vb2_secdatak_tests.c @@ -44,20 +44,20 @@ static void secdatak_test(void) /* Blank data is invalid */ memset(c.secdatak, 0xa6, sizeof(c.secdatak)); - TEST_EQ(vb2_secdatak_check_crc(&c), + TEST_EQ(vb2api_secdatak_check(&c), VB2_ERROR_SECDATAK_CRC, "Check blank CRC"); TEST_EQ(vb2_secdatak_init(&c), VB2_ERROR_SECDATAK_CRC, "Init blank CRC"); /* Create good data */ - TEST_SUCC(vb2_secdatak_create(&c), "Create"); - TEST_SUCC(vb2_secdatak_check_crc(&c), "Check created CRC"); + TEST_SUCC(vb2api_secdatak_create(&c), "Create"); + TEST_SUCC(vb2api_secdatak_check(&c), "Check created CRC"); TEST_SUCC(vb2_secdatak_init(&c), "Init created CRC"); test_changed(&c, 1, "Create changes data"); /* Now corrupt it */ c.secdatak[2]++; - TEST_EQ(vb2_secdatak_check_crc(&c), + TEST_EQ(vb2api_secdatak_check(&c), VB2_ERROR_SECDATAK_CRC, "Check invalid CRC"); TEST_EQ(vb2_secdatak_init(&c), VB2_ERROR_SECDATAK_CRC, "Init invalid CRC"); @@ -66,7 +66,7 @@ static void secdatak_test(void) { struct vb2_secdatak *sec = (struct vb2_secdatak *)c.secdatak; - vb2_secdatak_create(&c); + vb2api_secdatak_create(&c); sec->uid++; sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8)); @@ -75,7 +75,7 @@ static void secdatak_test(void) } /* Read/write versions */ - vb2_secdatak_create(&c); + vb2api_secdatak_create(&c); c.flags = 0; TEST_SUCC(vb2_secdatak_get(&c, VB2_SECDATAK_VERSIONS, &v), "Get versions"); |