vboot: Add catchall recovery reason for unspecified phase 4 errors

The code for "phase 4" of firmware verification currently only sets a
recovery reason when there's an actual hash mismatch detected in
vb2api_check_hash_get_digest(). This is the most likely way how this
section of code can fail but not the only one. If any other unexpected
issue occurs, we should still set a recovery reason rather than just
reboot and risk an infinite boot loop.

This patch adds a catchall recovery reason for any error code that falls
out of this block of code. If a more specific recovery reason had
already been set beforehand, we'll continue to use that -- if not, we'll
set VB2_RECOVERY_FW_GET_FW_BODY.

Change-Id: If00f00f00f00aa113e0325aad58d367f244aca49
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78866
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 11983b9e1e..93a188cc7a 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -374,7 +374,7 @@ void verstage_main(void)
 	}
 
 	if (rv)
-		vboot_save_and_reboot(ctx, rv);
+		vboot_fail_and_reboot(ctx, VB2_RECOVERY_FW_GET_FW_BODY, rv);
 	vboot_save_data(ctx);
 
 	/* Only extend PCRs once on boot. */