783 lines
23 KiB
C
783 lines
23 KiB
C
/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
#include <ctype.h>
|
|
#include <stddef.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include "2api.h"
|
|
#include "2common.h"
|
|
#include "2nvstorage.h"
|
|
#include "2sysincludes.h"
|
|
#include "crossystem_arch.h"
|
|
#include "crossystem.h"
|
|
#include "crossystem_vbnv.h"
|
|
#include "host_common.h"
|
|
#include "flashrom.h"
|
|
#include "subprocess.h"
|
|
#include "vboot_struct.h"
|
|
|
|
/* Filename for kernel command line */
|
|
#define KERNEL_CMDLINE_PATH "/proc/cmdline"
|
|
|
|
/* Filename for the mount-encrypted key */
|
|
#define MOUNT_ENCRYPTED_KEY_PATH "/mnt/stateful_partition/encrypted.key"
|
|
|
|
/* Fields that GetVdatString() can get */
|
|
typedef enum VdatStringField {
|
|
VDAT_STRING_DEPRECATED_TIMERS = 0, /* Timer values */
|
|
VDAT_STRING_LOAD_FIRMWARE_DEBUG, /* LoadFirmware() debug info */
|
|
VDAT_STRING_DEPRECATED_LOAD_KERNEL_DEBUG, /* LoadKernel() debug info */
|
|
VDAT_STRING_MAINFW_ACT /* Active main firmware */
|
|
} VdatStringField;
|
|
|
|
|
|
/* Fields that GetVdatInt() can get */
|
|
typedef enum VdatIntField {
|
|
VDAT_INT_FLAGS = 0, /* Flags */
|
|
VDAT_INT_HEADER_VERSION, /* Header version for VbSharedData */
|
|
VDAT_INT_DEVSW_BOOT, /* Dev switch position at boot */
|
|
VDAT_INT_RECSW_BOOT, /* Recovery switch position at boot */
|
|
VDAT_INT_HW_WPSW_BOOT, /* Hardware WP switch position at boot */
|
|
|
|
VDAT_INT_FW_VERSION_TPM, /* Current firmware version in TPM */
|
|
VDAT_INT_KERNEL_VERSION_TPM, /* Current kernel version in TPM */
|
|
VDAT_INT_TRIED_FIRMWARE_B, /* Tried firmware B due to fwb_tries */
|
|
VDAT_INT_KERNEL_KEY_VERIFIED, /* Kernel key verified using
|
|
* signature, not just hash */
|
|
VDAT_INT_RECOVERY_REASON, /* Recovery reason for current boot */
|
|
VDAT_INT_FW_BOOT2 /* Firmware selection by vboot2 */
|
|
} VdatIntField;
|
|
|
|
|
|
/* Description of build options that may be specified on the
|
|
* kernel command line. */
|
|
typedef enum VbBuildOption {
|
|
VB_BUILD_OPTION_UNKNOWN,
|
|
VB_BUILD_OPTION_DEBUG,
|
|
VB_BUILD_OPTION_NODEBUG
|
|
} VbBuildOption;
|
|
|
|
static const char *fw_results[] = {"unknown", "trying", "success", "failure"};
|
|
static const char *default_boot[] = {"disk", "usb", "legacy"};
|
|
|
|
/* Masks for kern_nv usage by kernel. */
|
|
#define KERN_NV_FWUPDATE_TRIES_MASK 0x000F
|
|
#define KERN_NV_BLOCK_DEVMODE_FLAG 0x0010
|
|
#define KERN_NV_TPM_ATTACK_FLAG 0x0020
|
|
/* If you want to use the remaining currently-unused bits in kern_nv
|
|
* for something kernel-y, define a new field (the way we did for
|
|
* fwupdate_tries). Don't just modify kern_nv directly, because that
|
|
* makes it too easy to accidentally corrupt other sub-fields. */
|
|
#define KERN_NV_CURRENTLY_UNUSED 0xFFC0
|
|
|
|
/* Return true if the FWID starts with the specified string. */
|
|
int FwidStartsWith(const char *start)
|
|
{
|
|
char fwid[VB_MAX_STRING_PROPERTY];
|
|
if (!VbGetSystemPropertyString("fwid", fwid, sizeof(fwid)))
|
|
return 0;
|
|
|
|
return 0 == strncmp(fwid, start, strlen(start));
|
|
}
|
|
|
|
static struct vb2_context *get_fake_context(void)
|
|
{
|
|
static uint8_t fake_workbuf[sizeof(struct vb2_shared_data) + 16]
|
|
__attribute__((aligned(VB2_WORKBUF_ALIGN)));
|
|
static struct vb2_context *fake_ctx;
|
|
|
|
if (fake_ctx)
|
|
return fake_ctx;
|
|
|
|
vb2api_init(fake_workbuf, sizeof(fake_workbuf), &fake_ctx);
|
|
|
|
return fake_ctx;
|
|
}
|
|
|
|
static int vnc_read;
|
|
|
|
int vb2_get_nv_storage(enum vb2_nv_param param)
|
|
{
|
|
VbSharedDataHeader* sh = VbSharedDataRead();
|
|
struct vb2_context *ctx = get_fake_context();
|
|
|
|
if (!sh)
|
|
return -1;
|
|
|
|
/* TODO: locking around NV access */
|
|
if (!vnc_read) {
|
|
if (sh && sh->flags & VBSD_NVDATA_V2)
|
|
ctx->flags |= VB2_CONTEXT_NVDATA_V2;
|
|
if (0 != vb2_read_nv_storage(ctx)) {
|
|
free(sh);
|
|
return -1;
|
|
}
|
|
vb2_nv_init(ctx);
|
|
|
|
/* TODO: If vnc.raw_changed, attempt to reopen NVRAM for write
|
|
* and save the new defaults. If we're able to, log. */
|
|
|
|
vnc_read = 1;
|
|
}
|
|
|
|
free(sh);
|
|
return (int)vb2_nv_get(ctx, param);
|
|
}
|
|
|
|
int vb2_set_nv_storage(enum vb2_nv_param param, int value)
|
|
{
|
|
VbSharedDataHeader* sh = VbSharedDataRead();
|
|
struct vb2_context *ctx = get_fake_context();
|
|
|
|
if (!sh)
|
|
return -1;
|
|
|
|
/* TODO: locking around NV access */
|
|
if (sh && sh->flags & VBSD_NVDATA_V2)
|
|
ctx->flags |= VB2_CONTEXT_NVDATA_V2;
|
|
if (0 != vb2_read_nv_storage(ctx)) {
|
|
free(sh);
|
|
return -1;
|
|
}
|
|
vb2_nv_init(ctx);
|
|
vb2_nv_set(ctx, param, (uint32_t)value);
|
|
|
|
if (ctx->flags & VB2_CONTEXT_NVDATA_CHANGED) {
|
|
vnc_read = 0;
|
|
if (0 != vb2_write_nv_storage(ctx)) {
|
|
free(sh);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
/* Success */
|
|
free(sh);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Set a param value, and try to flag it for persistent backup. It's okay if
|
|
* backup isn't supported (which it isn't, in current designs). It's
|
|
* best-effort only.
|
|
*/
|
|
static int vb2_set_nv_storage_with_backup(enum vb2_nv_param param, int value)
|
|
{
|
|
int retval;
|
|
retval = vb2_set_nv_storage(param, value);
|
|
if (!retval)
|
|
vb2_set_nv_storage(VB2_NV_BACKUP_NVRAM_REQUEST, 1);
|
|
return retval;
|
|
}
|
|
|
|
/* Find what build/debug status is specified on the kernel command
|
|
* line, if any. */
|
|
static VbBuildOption VbScanBuildOption(void)
|
|
{
|
|
FILE* f = NULL;
|
|
char buf[4096] = "";
|
|
char *t, *saveptr;
|
|
const char *delimiters = " \r\n";
|
|
|
|
f = fopen(KERNEL_CMDLINE_PATH, "r");
|
|
if (NULL != f) {
|
|
if (NULL == fgets(buf, sizeof(buf), f))
|
|
buf[0] = 0;
|
|
fclose(f);
|
|
}
|
|
for (t = strtok_r(buf, delimiters, &saveptr); t;
|
|
t = strtok_r(NULL, delimiters, &saveptr)) {
|
|
if (0 == strcmp(t, "cros_debug"))
|
|
return VB_BUILD_OPTION_DEBUG;
|
|
else if (0 == strcmp(t, "cros_nodebug"))
|
|
return VB_BUILD_OPTION_NODEBUG;
|
|
}
|
|
|
|
return VB_BUILD_OPTION_UNKNOWN;
|
|
}
|
|
|
|
/* Determine whether the running OS image was built for debugging.
|
|
* Returns 1 if yes, 0 if no or indeterminate. */
|
|
static vb2_error_t VbGetDebugBuild(void)
|
|
{
|
|
return VB_BUILD_OPTION_DEBUG == VbScanBuildOption();
|
|
}
|
|
|
|
/* Determine whether OS-level debugging should be allowed.
|
|
* Returns 1 if yes, 0 if no or indeterminate. */
|
|
static int VbGetCrosDebug(void)
|
|
{
|
|
/* If the currently running system specifies its debug status, use
|
|
* that in preference to other indicators. */
|
|
VbBuildOption option = VbScanBuildOption();
|
|
if (VB_BUILD_OPTION_DEBUG == option) {
|
|
return 1;
|
|
} else if (VB_BUILD_OPTION_NODEBUG == option) {
|
|
return 0;
|
|
}
|
|
|
|
/* Command line is silent; allow debug if the dev switch is on. */
|
|
if (1 == VbGetSystemPropertyInt("devsw_boot"))
|
|
return 1;
|
|
|
|
/* All other cases disallow debug. */
|
|
return 0;
|
|
}
|
|
|
|
static char *GetVdatLoadFirmwareDebug(char *dest, int size,
|
|
const VbSharedDataHeader *sh)
|
|
{
|
|
snprintf(dest, size,
|
|
"Check A result=%d\n"
|
|
"Check B result=%d\n"
|
|
"Firmware index booted=0x%02x\n"
|
|
"TPM combined version at start=0x%08x\n"
|
|
"Lowest combined version from firmware=0x%08x\n",
|
|
sh->check_fw_a_result,
|
|
sh->check_fw_b_result,
|
|
sh->firmware_index,
|
|
sh->fw_version_tpm_start,
|
|
sh->fw_version_lowest);
|
|
return dest;
|
|
}
|
|
|
|
static char *GetVdatString(char *dest, int size, VdatStringField field)
|
|
{
|
|
VbSharedDataHeader *sh = VbSharedDataRead();
|
|
char *value = dest;
|
|
|
|
if (!sh)
|
|
return NULL;
|
|
|
|
switch (field) {
|
|
case VDAT_STRING_LOAD_FIRMWARE_DEBUG:
|
|
value = GetVdatLoadFirmwareDebug(dest, size, sh);
|
|
break;
|
|
|
|
case VDAT_STRING_MAINFW_ACT:
|
|
switch(sh->firmware_index) {
|
|
case 0:
|
|
StrCopy(dest, "A", size);
|
|
break;
|
|
case 1:
|
|
StrCopy(dest, "B", size);
|
|
break;
|
|
case 0xFF:
|
|
StrCopy(dest, "recovery", size);
|
|
break;
|
|
default:
|
|
value = NULL;
|
|
}
|
|
break;
|
|
|
|
default:
|
|
value = NULL;
|
|
break;
|
|
}
|
|
|
|
free(sh);
|
|
return value;
|
|
}
|
|
|
|
static int GetVdatInt(VdatIntField field)
|
|
{
|
|
VbSharedDataHeader* sh = VbSharedDataRead();
|
|
int value = -1;
|
|
|
|
if (!sh)
|
|
return -1;
|
|
|
|
/* Fields supported in version 1 */
|
|
switch (field) {
|
|
case VDAT_INT_FLAGS:
|
|
value = (int)sh->flags;
|
|
break;
|
|
case VDAT_INT_HEADER_VERSION:
|
|
value = sh->struct_version;
|
|
break;
|
|
case VDAT_INT_TRIED_FIRMWARE_B:
|
|
value = (sh->flags & VBSD_FWB_TRIED ? 1 : 0);
|
|
break;
|
|
case VDAT_INT_KERNEL_KEY_VERIFIED:
|
|
value = (sh->flags & VBSD_KERNEL_KEY_VERIFIED ? 1 : 0);
|
|
break;
|
|
case VDAT_INT_FW_VERSION_TPM:
|
|
value = (int)sh->fw_version_tpm;
|
|
break;
|
|
case VDAT_INT_KERNEL_VERSION_TPM:
|
|
value = (int)sh->kernel_version_tpm;
|
|
break;
|
|
case VDAT_INT_FW_BOOT2:
|
|
value = (sh->flags & VBSD_BOOT_FIRMWARE_VBOOT2 ? 1 : 0);
|
|
VBOOT_FALLTHROUGH;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
/* Fields added in struct version 2 */
|
|
if (sh->struct_version >= 2) {
|
|
switch(field) {
|
|
case VDAT_INT_DEVSW_BOOT:
|
|
value = (sh->flags &
|
|
VBSD_BOOT_DEV_SWITCH_ON ? 1 : 0);
|
|
break;
|
|
case VDAT_INT_RECSW_BOOT:
|
|
value = (sh->flags &
|
|
VBSD_BOOT_REC_SWITCH_ON ? 1 : 0);
|
|
break;
|
|
case VDAT_INT_HW_WPSW_BOOT:
|
|
value = (sh->flags &
|
|
VBSD_BOOT_FIRMWARE_WP_ENABLED ? 1 : 0);
|
|
break;
|
|
case VDAT_INT_RECOVERY_REASON:
|
|
value = sh->recovery_reason;
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
free(sh);
|
|
return value;
|
|
}
|
|
|
|
/* Return version of VbSharedData struct or -1 if not found. */
|
|
int VbSharedDataVersion(void)
|
|
{
|
|
return GetVdatInt(VDAT_INT_HEADER_VERSION);
|
|
}
|
|
|
|
int VbGetSystemPropertyInt(const char *name)
|
|
{
|
|
int value = -1;
|
|
|
|
/* Check architecture-dependent properties first */
|
|
value = VbGetArchPropertyInt(name);
|
|
if (-1 != value)
|
|
return value;
|
|
|
|
/* NV storage values */
|
|
else if (!strcasecmp(name,"kern_nv")) {
|
|
value = vb2_get_nv_storage(VB2_NV_KERNEL_FIELD);
|
|
} else if (!strcasecmp(name,"nvram_cleared")) {
|
|
value = vb2_get_nv_storage(VB2_NV_KERNEL_SETTINGS_RESET);
|
|
} else if (!strcasecmp(name,"recovery_request")) {
|
|
value = vb2_get_nv_storage(VB2_NV_RECOVERY_REQUEST);
|
|
} else if (!strcasecmp(name,"diagnostic_request")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DIAG_REQUEST);
|
|
} else if (!strcasecmp(name,"dbg_reset")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DEBUG_RESET_MODE);
|
|
} else if (!strcasecmp(name,"disable_dev_request")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DISABLE_DEV_REQUEST);
|
|
} else if (!strcasecmp(name,"clear_tpm_owner_request")) {
|
|
if (TPM2_SIMULATOR)
|
|
/* Check mount-encrypted key status */
|
|
value = access(MOUNT_ENCRYPTED_KEY_PATH, F_OK) != 0;
|
|
else
|
|
value = vb2_get_nv_storage(
|
|
VB2_NV_CLEAR_TPM_OWNER_REQUEST);
|
|
} else if (!strcasecmp(name,"clear_tpm_owner_done")) {
|
|
value = vb2_get_nv_storage(VB2_NV_CLEAR_TPM_OWNER_DONE);
|
|
} else if (!strcasecmp(name,"tpm_rebooted")) {
|
|
value = vb2_get_nv_storage(VB2_NV_TPM_REQUESTED_REBOOT);
|
|
} else if (!strcasecmp(name,"fwb_tries") ||
|
|
!strcasecmp(name,"fw_try_count")) {
|
|
value = vb2_get_nv_storage(VB2_NV_TRY_COUNT);
|
|
} else if (!strcasecmp(name,"fw_vboot2")) {
|
|
value = GetVdatInt(VDAT_INT_FW_BOOT2);
|
|
} else if (!strcasecmp(name,"fwupdate_tries")) {
|
|
value = vb2_get_nv_storage(VB2_NV_KERNEL_FIELD);
|
|
if (value != -1)
|
|
value &= KERN_NV_FWUPDATE_TRIES_MASK;
|
|
} else if (!strcasecmp(name,"block_devmode")) {
|
|
value = vb2_get_nv_storage(VB2_NV_KERNEL_FIELD);
|
|
if (value != -1) {
|
|
value &= KERN_NV_BLOCK_DEVMODE_FLAG;
|
|
value = !!value;
|
|
}
|
|
} else if (!strcasecmp(name,"tpm_attack")) {
|
|
value = vb2_get_nv_storage(VB2_NV_KERNEL_FIELD);
|
|
if (value != -1) {
|
|
value &= KERN_NV_TPM_ATTACK_FLAG;
|
|
value = !!value;
|
|
}
|
|
} else if (!strcasecmp(name,"loc_idx")) {
|
|
value = vb2_get_nv_storage(VB2_NV_LOCALIZATION_INDEX);
|
|
} else if (!strcasecmp(name,"backup_nvram_request")) {
|
|
value = vb2_get_nv_storage(VB2_NV_BACKUP_NVRAM_REQUEST);
|
|
} else if (!strcasecmp(name,"dev_boot_usb")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_EXTERNAL);
|
|
} else if (!strcasecmp(name,"dev_boot_legacy")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_LEGACY);
|
|
} else if (!strcasecmp(name,"dev_boot_signed_only")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DEV_BOOT_SIGNED_ONLY);
|
|
} else if (!strcasecmp(name,"dev_enable_udc")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DEV_ENABLE_UDC);
|
|
} else if (!strcasecmp(name,"display_request")) {
|
|
value = vb2_get_nv_storage(VB2_NV_DISPLAY_REQUEST);
|
|
} else if (!strcasecmp(name,"recovery_subcode")) {
|
|
value = vb2_get_nv_storage(VB2_NV_RECOVERY_SUBCODE);
|
|
} else if (!strcasecmp(name,"wipeout_request")) {
|
|
value = vb2_get_nv_storage(VB2_NV_REQ_WIPEOUT);
|
|
} else if (!strcasecmp(name,"kernel_max_rollforward")) {
|
|
value = vb2_get_nv_storage(VB2_NV_KERNEL_MAX_ROLLFORWARD);
|
|
}
|
|
/* Other parameters */
|
|
else if (!strcasecmp(name,"cros_debug")) {
|
|
value = VbGetCrosDebug();
|
|
} else if (!strcasecmp(name,"debug_build")) {
|
|
value = VbGetDebugBuild();
|
|
} else if (!strcasecmp(name,"devsw_boot")) {
|
|
value = GetVdatInt(VDAT_INT_DEVSW_BOOT);
|
|
} else if (!strcasecmp(name, "recoverysw_boot")) {
|
|
value = GetVdatInt(VDAT_INT_RECSW_BOOT);
|
|
} else if (!strcasecmp(name, "wpsw_cur")) {
|
|
/* Use "write-protect at boot" as a fallback value. */
|
|
value = GetVdatInt(VDAT_INT_HW_WPSW_BOOT);
|
|
} else if (!strcasecmp(name,"vdat_flags")) {
|
|
value = GetVdatInt(VDAT_INT_FLAGS);
|
|
} else if (!strcasecmp(name,"tpm_fwver")) {
|
|
value = GetVdatInt(VDAT_INT_FW_VERSION_TPM);
|
|
} else if (!strcasecmp(name,"tpm_kernver")) {
|
|
value = GetVdatInt(VDAT_INT_KERNEL_VERSION_TPM);
|
|
} else if (!strcasecmp(name,"tried_fwb")) {
|
|
value = GetVdatInt(VDAT_INT_TRIED_FIRMWARE_B);
|
|
} else if (!strcasecmp(name,"recovery_reason")) {
|
|
value = GetVdatInt(VDAT_INT_RECOVERY_REASON);
|
|
} else if (!strcasecmp(name, "boot_on_ac_detect")) {
|
|
value = vb2_get_nv_storage(VB2_NV_BOOT_ON_AC_DETECT);
|
|
} else if (!strcasecmp(name, "try_ro_sync")) {
|
|
value = vb2_get_nv_storage(VB2_NV_TRY_RO_SYNC);
|
|
} else if (!strcasecmp(name, "battery_cutoff_request")) {
|
|
value = vb2_get_nv_storage(VB2_NV_BATTERY_CUTOFF_REQUEST);
|
|
} else if (!strcasecmp(name, "inside_vm")) {
|
|
/* Detect if the host is a VM. If there is no HWID and the
|
|
* firmware type is "nonchrome", then assume it is a VM. If
|
|
* HWID is present, it is a baremetal Chrome OS machine. Other
|
|
* cases are errors. */
|
|
char hwid[VB_MAX_STRING_PROPERTY];
|
|
if (!VbGetSystemPropertyString("hwid", hwid, sizeof(hwid))) {
|
|
char fwtype_buf[VB_MAX_STRING_PROPERTY];
|
|
const char *fwtype = VbGetSystemPropertyString(
|
|
"mainfw_type", fwtype_buf, sizeof(fwtype_buf));
|
|
if (fwtype && !strcasecmp(fwtype, "nonchrome")) {
|
|
value = 1;
|
|
}
|
|
} else {
|
|
value = 0;
|
|
}
|
|
} else if (!strcasecmp(name, "post_ec_sync_delay")) {
|
|
value = vb2_get_nv_storage(VB2_NV_POST_EC_SYNC_DELAY);
|
|
}
|
|
|
|
return value;
|
|
}
|
|
|
|
const char *VbGetSystemPropertyString(const char *name, char *dest,
|
|
size_t size)
|
|
{
|
|
/* Check architecture-dependent properties first */
|
|
if (VbGetArchPropertyString(name, dest, size))
|
|
return dest;
|
|
|
|
if (!strcasecmp(name,"kernkey_vfy")) {
|
|
switch(GetVdatInt(VDAT_INT_KERNEL_KEY_VERIFIED)) {
|
|
case 0:
|
|
return "hash";
|
|
case 1:
|
|
return "sig";
|
|
default:
|
|
return NULL;
|
|
}
|
|
} else if (!strcasecmp(name, "mainfw_act")) {
|
|
return GetVdatString(dest, size, VDAT_STRING_MAINFW_ACT);
|
|
} else if (!strcasecmp(name, "vdat_lfdebug")) {
|
|
return GetVdatString(dest, size,
|
|
VDAT_STRING_LOAD_FIRMWARE_DEBUG);
|
|
} else if (!strcasecmp(name, "fw_try_next")) {
|
|
return vb2_get_nv_storage(VB2_NV_TRY_NEXT) ? "B" : "A";
|
|
} else if (!strcasecmp(name, "fw_tried")) {
|
|
return vb2_get_nv_storage(VB2_NV_FW_TRIED) ? "B" : "A";
|
|
} else if (!strcasecmp(name, "fw_result")) {
|
|
int v = vb2_get_nv_storage(VB2_NV_FW_RESULT);
|
|
if (v < ARRAY_SIZE(fw_results))
|
|
return fw_results[v];
|
|
else
|
|
return "unknown";
|
|
} else if (!strcasecmp(name, "fw_prev_tried")) {
|
|
return vb2_get_nv_storage(VB2_NV_FW_PREV_TRIED) ? "B" : "A";
|
|
} else if (!strcasecmp(name, "fw_prev_result")) {
|
|
int v = vb2_get_nv_storage(VB2_NV_FW_PREV_RESULT);
|
|
if (v < ARRAY_SIZE(fw_results))
|
|
return fw_results[v];
|
|
else
|
|
return "unknown";
|
|
} else if (!strcasecmp(name,"dev_default_boot")) {
|
|
int v = vb2_get_nv_storage(VB2_NV_DEV_DEFAULT_BOOT);
|
|
if (v < ARRAY_SIZE(default_boot))
|
|
return default_boot[v];
|
|
else
|
|
return "unknown";
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
|
|
int VbSetSystemPropertyInt(const char *name, int value)
|
|
{
|
|
/* Check architecture-dependent properties first */
|
|
|
|
if (0 == VbSetArchPropertyInt(name, value))
|
|
return 0;
|
|
|
|
/* NV storage values */
|
|
if (!strcasecmp(name,"nvram_cleared")) {
|
|
/* Can only clear this flag; it's set inside the NV storage
|
|
* library. */
|
|
return vb2_set_nv_storage(VB2_NV_KERNEL_SETTINGS_RESET, 0);
|
|
} else if (!strcasecmp(name,"recovery_request")) {
|
|
return vb2_set_nv_storage(VB2_NV_RECOVERY_REQUEST, value);
|
|
} else if (!strcasecmp(name,"diagnostic_request")) {
|
|
return vb2_set_nv_storage(VB2_NV_DIAG_REQUEST, value);
|
|
} else if (!strcasecmp(name,"recovery_subcode")) {
|
|
return vb2_set_nv_storage(VB2_NV_RECOVERY_SUBCODE, value);
|
|
} else if (!strcasecmp(name,"dbg_reset")) {
|
|
return vb2_set_nv_storage(VB2_NV_DEBUG_RESET_MODE, value);
|
|
} else if (!strcasecmp(name,"disable_dev_request")) {
|
|
return vb2_set_nv_storage(VB2_NV_DISABLE_DEV_REQUEST, value);
|
|
} else if (!strcasecmp(name,"clear_tpm_owner_request")) {
|
|
if (TPM2_SIMULATOR) {
|
|
/* We don't support to set clear_tpm_owner_request to 0
|
|
* on simulator */
|
|
if (value == 0)
|
|
return -1;
|
|
/* Check mount-encrypted key status */
|
|
if (!access(MOUNT_ENCRYPTED_KEY_PATH, F_OK)) {
|
|
/* Remove the mount_encrypted key, and it would
|
|
* also clear the TPM2.0 simulator NV space on
|
|
* it. */
|
|
return remove(MOUNT_ENCRYPTED_KEY_PATH);
|
|
} else {
|
|
/* Return success when the file is already
|
|
* removed */
|
|
return 0;
|
|
}
|
|
} else {
|
|
return vb2_set_nv_storage(
|
|
VB2_NV_CLEAR_TPM_OWNER_REQUEST, value);
|
|
}
|
|
} else if (!strcasecmp(name,"clear_tpm_owner_done")) {
|
|
/* Can only clear this flag; it's set by firmware. */
|
|
return vb2_set_nv_storage(VB2_NV_CLEAR_TPM_OWNER_DONE, 0);
|
|
} else if (!strcasecmp(name,"fwb_tries") ||
|
|
!strcasecmp(name,"fw_try_count")) {
|
|
return vb2_set_nv_storage(VB2_NV_TRY_COUNT, value);
|
|
} else if (!strcasecmp(name,"display_request")) {
|
|
return vb2_set_nv_storage(VB2_NV_DISPLAY_REQUEST, value);
|
|
} else if (!strcasecmp(name,"wipeout_request")) {
|
|
/* Can only clear this flag, set only by firmware. */
|
|
return vb2_set_nv_storage(VB2_NV_REQ_WIPEOUT, 0);
|
|
} else if (!strcasecmp(name,"backup_nvram_request")) {
|
|
/* Best-effort only, since it requires firmware and TPM
|
|
* support. */
|
|
return vb2_set_nv_storage(VB2_NV_BACKUP_NVRAM_REQUEST, value);
|
|
} else if (!strcasecmp(name,"fwupdate_tries")) {
|
|
int kern_nv = vb2_get_nv_storage(VB2_NV_KERNEL_FIELD);
|
|
if (kern_nv == -1)
|
|
return -1;
|
|
kern_nv &= ~KERN_NV_FWUPDATE_TRIES_MASK;
|
|
kern_nv |= (value & KERN_NV_FWUPDATE_TRIES_MASK);
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_KERNEL_FIELD, kern_nv);
|
|
} else if (!strcasecmp(name,"block_devmode")) {
|
|
int kern_nv = vb2_get_nv_storage(VB2_NV_KERNEL_FIELD);
|
|
if (kern_nv == -1)
|
|
return -1;
|
|
kern_nv &= ~KERN_NV_BLOCK_DEVMODE_FLAG;
|
|
if (value)
|
|
kern_nv |= KERN_NV_BLOCK_DEVMODE_FLAG;
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_KERNEL_FIELD, kern_nv);
|
|
} else if (!strcasecmp(name,"tpm_attack")) {
|
|
/* This value should only be read and cleared, but we allow
|
|
* setting it to 1 for testing. */
|
|
int kern_nv = vb2_get_nv_storage(VB2_NV_KERNEL_FIELD);
|
|
if (kern_nv == -1)
|
|
return -1;
|
|
kern_nv &= ~KERN_NV_TPM_ATTACK_FLAG;
|
|
if (value)
|
|
kern_nv |= KERN_NV_TPM_ATTACK_FLAG;
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_KERNEL_FIELD, kern_nv);
|
|
} else if (!strcasecmp(name,"loc_idx")) {
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_LOCALIZATION_INDEX, value);
|
|
} else if (!strcasecmp(name,"dev_boot_usb")) {
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_DEV_BOOT_EXTERNAL, value);
|
|
} else if (!strcasecmp(name,"dev_boot_legacy")) {
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_DEV_BOOT_LEGACY, value);
|
|
} else if (!strcasecmp(name,"dev_boot_signed_only")) {
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_DEV_BOOT_SIGNED_ONLY, value);
|
|
} else if (!strcasecmp(name, "dev_enable_udc")) {
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_DEV_ENABLE_UDC, value);
|
|
} else if (!strcasecmp(name, "boot_on_ac_detect")) {
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_BOOT_ON_AC_DETECT, value);
|
|
} else if (!strcasecmp(name, "try_ro_sync")) {
|
|
return vb2_set_nv_storage_with_backup(
|
|
VB2_NV_TRY_RO_SYNC, value);
|
|
} else if (!strcasecmp(name, "battery_cutoff_request")) {
|
|
return vb2_set_nv_storage(VB2_NV_BATTERY_CUTOFF_REQUEST, value);
|
|
} else if (!strcasecmp(name,"kernel_max_rollforward")) {
|
|
return vb2_set_nv_storage(VB2_NV_KERNEL_MAX_ROLLFORWARD, value);
|
|
} else if (!strcasecmp(name, "post_ec_sync_delay")) {
|
|
return vb2_set_nv_storage(VB2_NV_POST_EC_SYNC_DELAY, value);
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
int VbSetSystemPropertyString(const char* name, const char* value)
|
|
{
|
|
/* Chain to architecture-dependent properties */
|
|
if (0 == VbSetArchPropertyString(name, value))
|
|
return 0;
|
|
|
|
if (!strcasecmp(name, "fw_try_next")) {
|
|
if (!strcasecmp(value, "A"))
|
|
return vb2_set_nv_storage(VB2_NV_TRY_NEXT, 0);
|
|
else if (!strcasecmp(value, "B"))
|
|
return vb2_set_nv_storage(VB2_NV_TRY_NEXT, 1);
|
|
else
|
|
return -1;
|
|
|
|
} else if (!strcasecmp(name, "fw_result")) {
|
|
int i;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(fw_results); i++) {
|
|
if (!strcasecmp(value, fw_results[i]))
|
|
return vb2_set_nv_storage(VB2_NV_FW_RESULT, i);
|
|
}
|
|
return -1;
|
|
} else if (!strcasecmp(name, "dev_default_boot")) {
|
|
int i;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(default_boot); i++) {
|
|
if (!strcasecmp(value, default_boot[i]))
|
|
return vb2_set_nv_storage(
|
|
VB2_NV_DEV_DEFAULT_BOOT, i);
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
/**
|
|
* Get index of the last valid VBNV entry in an EEPROM.
|
|
*
|
|
* @param buf Pointer to the beginning of the EEPROM.
|
|
* @param buf_sz Size of the EEPROM.
|
|
* @param vbnv_size The size of a single VBNV entry for this device.
|
|
*
|
|
* @return The index of the last valid VBNV entry on success, or -1 on
|
|
* failure.
|
|
*/
|
|
static int vb2_nv_index(const uint8_t *buf, uint32_t buf_sz, int vbnv_size)
|
|
{
|
|
int index;
|
|
uint8_t blank[VB2_NVDATA_SIZE_V2];
|
|
|
|
/* The size of the buffer should be an even multiple of the
|
|
VBNV size. */
|
|
if (buf_sz % vbnv_size != 0) {
|
|
VB2_DIE("The VBNV in flash (%u bytes) is not an even multiple "
|
|
"of the VBNV size (%u bytes). This is likely a "
|
|
"firmware bug.\n", buf_sz, vbnv_size);
|
|
}
|
|
|
|
memset(blank, 0xff, sizeof(blank));
|
|
for (index = 0; index < buf_sz / vbnv_size; index++) {
|
|
if (!memcmp(blank, &buf[index * vbnv_size], vbnv_size))
|
|
break;
|
|
}
|
|
|
|
if (!index) {
|
|
fprintf(stderr, "VBNV is uninitialized.\n");
|
|
return -1;
|
|
}
|
|
|
|
return index - 1;
|
|
}
|
|
|
|
#define VBNV_FMAP_REGION "RW_NVRAM"
|
|
|
|
int vb2_read_nv_storage_flashrom(struct vb2_context *ctx)
|
|
{
|
|
int index;
|
|
int vbnv_size = vb2_nv_get_size(ctx);
|
|
uint8_t *flash_buf;
|
|
uint32_t flash_size;
|
|
|
|
if (flashrom_read(FLASHROM_PROGRAMMER_INTERNAL_AP, VBNV_FMAP_REGION,
|
|
&flash_buf, &flash_size))
|
|
return -1;
|
|
|
|
index = vb2_nv_index(flash_buf, flash_size, vbnv_size);
|
|
if (index < 0) {
|
|
free(flash_buf);
|
|
return -1;
|
|
}
|
|
|
|
memcpy(ctx->nvdata, &flash_buf[index * vbnv_size], vbnv_size);
|
|
free(flash_buf);
|
|
return 0;
|
|
}
|
|
|
|
int vb2_write_nv_storage_flashrom(struct vb2_context *ctx)
|
|
{
|
|
int rv = 0;
|
|
int current_index;
|
|
int next_index;
|
|
int vbnv_size = vb2_nv_get_size(ctx);
|
|
uint8_t *flash_buf;
|
|
uint32_t flash_size;
|
|
|
|
if (flashrom_read(FLASHROM_PROGRAMMER_INTERNAL_AP, VBNV_FMAP_REGION,
|
|
&flash_buf, &flash_size))
|
|
return -1;
|
|
|
|
current_index = vb2_nv_index(flash_buf, flash_size, vbnv_size);
|
|
if (current_index < 0) {
|
|
rv = -1;
|
|
goto exit;
|
|
}
|
|
|
|
next_index = current_index + 1;
|
|
if (next_index * vbnv_size == flash_size) {
|
|
/* VBNV is full. Erase and write at beginning. */
|
|
memset(flash_buf, 0xff, flash_size);
|
|
next_index = 0;
|
|
}
|
|
|
|
memcpy(&flash_buf[next_index * vbnv_size], ctx->nvdata, vbnv_size);
|
|
if (flashrom_write(FLASHROM_PROGRAMMER_INTERNAL_AP, VBNV_FMAP_REGION,
|
|
flash_buf, flash_size)) {
|
|
rv = -1;
|
|
goto exit;
|
|
}
|
|
|
|
exit:
|
|
free(flash_buf);
|
|
return rv;
|
|
}
|