diff options
| author | Jakub Czapiga <jacz@semihalf.com> | 2022-11-04 12:18:04 +0000 |
|---|---|---|
| committer | Felix Held <felix-coreboot@felixheld.de> | 2022-11-08 14:44:54 +0000 |
| commit | 605f793af84733eda416533ccf5b220c0f5a171b (patch) | |
| tree | 1ef966bbab9c4295fe08e76041492e1a7f8f572e /src/security | |
| parent | 699b833bd778954c0b3b8a3b856cf7af0668ad4c (diff) | |
vboot: Introduce handy vboot reboot functions
This patch groups vboot context, recovery reason and subcode saving, and
reboot calls into two handy functions:
- vboot_save_and_reboot() - save context and reboot
- vboot_fail_and_reboot() - store recovery reason and call function
above
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Change-Id: Ie29410e8985e7cf19bd8d4cccc393b050ca1f1c5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69208
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/vboot/vboot_common.c | 15 | ||||
| -rw-r--r-- | src/security/vboot/vboot_common.h | 10 | ||||
| -rw-r--r-- | src/security/vboot/vboot_logic.c | 43 |
3 files changed, 37 insertions, 31 deletions
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c index c557f25c14..8ecb5d81eb 100644 --- a/src/security/vboot/vboot_common.c +++ b/src/security/vboot/vboot_common.c @@ -64,3 +64,18 @@ void vboot_reboot(void) vboot_platform_prepare_reboot(); board_reset(); } + +void vboot_save_and_reboot(struct vb2_context *ctx, uint8_t subcode) +{ + printk(BIOS_INFO, "vboot: reboot requested (%#x)\n", subcode); + vboot_save_data(ctx); + vboot_reboot(); +} + +void vboot_fail_and_reboot(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) +{ + if (reason) + vb2api_fail(ctx, reason, subcode); + + vboot_save_and_reboot(ctx, subcode); +} diff --git a/src/security/vboot/vboot_common.h b/src/security/vboot/vboot_common.h index 512da0e91f..2399bf30ce 100644 --- a/src/security/vboot/vboot_common.h +++ b/src/security/vboot/vboot_common.h @@ -20,6 +20,16 @@ int vboot_check_recovery_request(void); */ void vboot_reboot(void); +/* + * Save vboot data and reboot device. Subcode will only be printed. To store + * failure reason and subcode vb2api_fail() should be called before this + * function or vboot_fail_and_reboot() should be used instead. + */ +void vboot_save_and_reboot(struct vb2_context *ctx, uint8_t subcode); + +/* Call vb2api_fail() with reason and subcode, save vboot data and reboot. */ +void vboot_fail_and_reboot(struct vb2_context *ctx, uint8_t reason, uint8_t subcode); + /* Allow the platform to do any clean up work when vboot requests a reboot. */ void vboot_platform_prepare_reboot(void); diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 2230b5ab57..660b7da1be 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -327,30 +327,22 @@ void verstage_main(void) goto verstage_main_exit; } - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_save_data(ctx); - vboot_reboot(); + vboot_save_and_reboot(ctx, rv); } /* Determine which firmware slot to boot (based on NVRAM) */ printk(BIOS_INFO, "Phase 2\n"); rv = vb2api_fw_phase2(ctx); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_save_data(ctx); - vboot_reboot(); - } + if (rv) + vboot_save_and_reboot(ctx, rv); /* Try that slot (verify its keyblock and preamble) */ printk(BIOS_INFO, "Phase 3\n"); timestamp_add_now(TS_VERIFY_SLOT_START); rv = vb2api_fw_phase3(ctx); timestamp_add_now(TS_VERIFY_SLOT_END); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_save_data(ctx); - vboot_reboot(); - } + if (rv) + vboot_save_and_reboot(ctx, rv); printk(BIOS_INFO, "Phase 4\n"); rv = vboot_locate_firmware(ctx, &fw_body); @@ -359,22 +351,17 @@ void verstage_main(void) "Failed to read FMAP to locate firmware"); rv = hash_body(ctx, &fw_body); + if (rv) + vboot_save_and_reboot(ctx, rv); vboot_save_data(ctx); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_reboot(); - } /* Only extend PCRs once on boot. */ if (!(ctx->flags & VB2_CONTEXT_S3_RESUME)) { timestamp_add_now(TS_TPMPCR_START); rv = extend_pcrs(ctx); if (rv) { - printk(BIOS_WARNING, - "Failed to extend TPM PCRs (%#x)\n", rv); - vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); - vboot_save_data(ctx); - vboot_reboot(); + printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); } timestamp_add_now(TS_TPMPCR_END); } @@ -385,9 +372,7 @@ void verstage_main(void) rv = antirollback_lock_space_firmware(); if (rv) { printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv); - vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0); - vboot_save_data(ctx); - vboot_reboot(); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0); } timestamp_add_now(TS_TPMLOCK_END); @@ -395,12 +380,8 @@ void verstage_main(void) if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) { rv = antirollback_lock_space_mrc_hash(MRC_REC_HASH_NV_INDEX); if (rv) { - printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n", - rv); - vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR, - 0); - vboot_save_data(ctx); - vboot_reboot(); + printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n", rv); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR, 0); } } |