summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2023-10-27 15:55:17 -0700
committerJulius Werner <jwerner@chromium.org>2023-10-31 22:47:41 +0000
commit7499d9610016c4a89b722498885f196ed6d217aa (patch)
tree437323e5c6eeb73ce7bae276e7ea66e9cc0812bd /src/security
parent6e03007bfa948d679f5d4d6998c12c581b390d1a (diff)
vboot: Add catchall recovery reason for unspecified phase 4 errors
The code for "phase 4" of firmware verification currently only sets a recovery reason when there's an actual hash mismatch detected in vb2api_check_hash_get_digest(). This is the most likely way how this section of code can fail but not the only one. If any other unexpected issue occurs, we should still set a recovery reason rather than just reboot and risk an infinite boot loop. This patch adds a catchall recovery reason for any error code that falls out of this block of code. If a more specific recovery reason had already been set beforehand, we'll continue to use that -- if not, we'll set VB2_RECOVERY_FW_GET_FW_BODY. Change-Id: If00f8f8a5d17aa113e0325aad58d367f244aca49 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78821 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/vboot_logic.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 11983b9e1e..93a188cc7a 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -374,7 +374,7 @@ void verstage_main(void)
}
if (rv)
- vboot_save_and_reboot(ctx, rv);
+ vboot_fail_and_reboot(ctx, VB2_RECOVERY_FW_GET_FW_BODY, rv);
vboot_save_data(ctx);
/* Only extend PCRs once on boot. */