1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Externally-callable APIs 6 * (Firmware portion) 7 */ 8 9 #include "2sysincludes.h" 10 #include "2api.h" 11 #include "2common.h" 12 #include "2misc.h" 13 #include "2nvstorage.h" 14 #include "2secdata.h" 15 #include "2sha.h" 16 #include "2rsa.h" 17 #include "2tpm_bootmode.h" 18 19 int vb2api_secdata_check(const struct vb2_context *ctx) 20 { 21 return vb2_secdata_check_crc(ctx); 22 } 23 24 int vb2api_secdata_create(struct vb2_context *ctx) 25 { 26 return vb2_secdata_create(ctx); 27 } 28 29 void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) 30 { 31 /* Initialize the vboot context if it hasn't been yet */ 32 vb2_init_context(ctx); 33 34 vb2_fail(ctx, reason, subcode); 35 } 36 37 int vb2api_fw_phase1(struct vb2_context *ctx) 38 { 39 int rv; 40 41 /* Initialize the vboot context if it hasn't been yet */ 42 vb2_init_context(ctx); 43 44 /* Initialize NV context */ 45 vb2_nv_init(ctx); 46 47 /* Initialize secure data */ 48 rv = vb2_secdata_init(ctx); 49 if (rv) 50 vb2_fail(ctx, VB2_RECOVERY_SECDATA_INIT, rv); 51 52 /* Load and parse the GBB header */ 53 rv = vb2_fw_parse_gbb(ctx); 54 if (rv) 55 vb2_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv); 56 57 /* Check for dev switch */ 58 rv = vb2_check_dev_switch(ctx); 59 if (rv) 60 vb2_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv); 61 62 /* 63 * Check for recovery. Note that this function returns void, since 64 * any errors result in requesting recovery. 65 */ 66 vb2_check_recovery(ctx); 67 68 /* Return error if recovery is needed */ 69 if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) { 70 /* Always clear RAM when entering recovery mode */ 71 ctx->flags |= VB2_CONTEXT_CLEAR_RAM; 72 73 return VB2_ERROR_API_PHASE1_RECOVERY; 74 } 75 76 return VB2_SUCCESS; 77 } 78 79 int vb2api_fw_phase2(struct vb2_context *ctx) 80 { 81 int rv; 82 83 /* Always clear RAM when entering developer mode */ 84 if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) 85 ctx->flags |= VB2_CONTEXT_CLEAR_RAM; 86 87 /* Check for explicit request to clear TPM */ 88 rv = vb2_check_tpm_clear(ctx); 89 if (rv) { 90 vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv); 91 return rv; 92 } 93 94 /* Decide which firmware slot to try this boot */ 95 rv = vb2_select_fw_slot(ctx); 96 if (rv) { 97 vb2_fail(ctx, VB2_RECOVERY_FW_SLOT, rv); 98 return rv; 99 } 100 101 return VB2_SUCCESS; 102 } 103 104 int vb2api_extend_hash(struct vb2_context *ctx, 105 const void *buf, 106 uint32_t size) 107 { 108 struct vb2_shared_data *sd = vb2_get_sd(ctx); 109 struct vb2_digest_context *dc = (struct vb2_digest_context *) 110 (ctx->workbuf + sd->workbuf_hash_offset); 111 112 /* Must have initialized hash digest work area */ 113 if (!sd->workbuf_hash_size) 114 return VB2_ERROR_API_EXTEND_HASH_WORKBUF; 115 116 /* Don't extend past the data we expect to hash */ 117 if (!size || size > sd->hash_remaining_size) 118 return VB2_ERROR_API_EXTEND_HASH_SIZE; 119 120 sd->hash_remaining_size -= size; 121 122 if (dc->using_hwcrypto) 123 return vb2ex_hwcrypto_digest_extend(buf, size); 124 else 125 return vb2_digest_extend(dc, buf, size); 126 } 127 128 int vb2api_get_pcr_digest(struct vb2_context *ctx, 129 enum vb2_pcr_digest which_digest, 130 uint8_t *dest, 131 uint32_t *dest_size) 132 { 133 const uint8_t *digest; 134 uint32_t digest_size; 135 136 switch (which_digest) { 137 case BOOT_MODE_PCR: 138 digest = vb2_get_boot_state_digest(ctx); 139 digest_size = VB2_SHA1_DIGEST_SIZE; 140 break; 141 case HWID_DIGEST_PCR: 142 digest = vb2_get_sd(ctx)->gbb_hwid_digest; 143 digest_size = VB2_GBB_HWID_DIGEST_SIZE; 144 break; 145 default: 146 return VB2_ERROR_API_PCR_DIGEST; 147 } 148 149 if (digest == NULL || *dest_size < digest_size) 150 return VB2_ERROR_API_PCR_DIGEST_BUF; 151 152 memcpy(dest, digest, digest_size); 153 *dest_size = digest_size; 154 155 return VB2_SUCCESS; 156 } 157
