From 4f1dda7447025e42b73a31307db94c69fa5d277e Mon Sep 17 00:00:00 2001
From: Yu-Ping Wu <yupingso@chromium.org>
Date: Mon, 30 Oct 2023 16:45:32 +0800
Subject: security/vboot: Die if vb2api_reinit() failed

In vboot_get_context(), vb2api_reinit() is called to restore the vboot
context from the previous stage. We use assert() for the return value of
vb2api_reinit() because there shouldn't be runtime errors, except for
one edge case: vb2_shared_data struct version mismatch. More precisely,
when RW firmware's VB2_SHARED_DATA_VERSION_MINOR is greater than RO's,
vb2api_reinit() will return VB2_ERROR_SHARED_DATA_VERSION.

To avoid using an invalid vb2_context pointer (when FATAL_ASSERTS is
disabled), change assert() to die() on vb2api_reinit() failure. For the
vb2api_init() case the assertion is unchanged because there shouldn't be
any runtime error for that.

Also move the vb2api_init() call outside the assert() argument, as
assert() may be a no-op macro depending on the implementation.

Change-Id: I4ff5ef1202bba2384c71634ec5ba12db1b784607
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
---
 src/security/vboot/common.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c
index 4cf45b74b3..88b166ce6a 100644
--- a/src/security/vboot/common.c
+++ b/src/security/vboot/common.c
@@ -2,6 +2,7 @@
 
 #include <assert.h>
 #include <cbmem.h>
+#include <console/console.h>
 #include <fmap.h>
 #include <vb2_api.h>
 #include <security/vboot/misc.h>
@@ -28,6 +29,7 @@ static void *vboot_get_workbuf(void)
 struct vb2_context *vboot_get_context(void)
 {
 	void *wb;
+	vb2_error_t rv;
 
 	/* Return if context has already been initialized/restored. */
 	if (vboot_ctx)
@@ -37,15 +39,17 @@ struct vb2_context *vboot_get_context(void)
 
 	/* Restore context from a previous stage. */
 	if (vboot_logic_executed()) {
-		assert(vb2api_reinit(wb, &vboot_ctx) == VB2_SUCCESS);
+		rv = vb2api_reinit(wb, &vboot_ctx);
+		if (rv != VB2_SUCCESS)
+			die("%s: vb2api_reinit returned %#x\n", __func__, rv);
 		return vboot_ctx;
 	}
 
 	assert(verification_should_run());
 
 	/* Initialize vb2_shared_data and friends. */
-	assert(vb2api_init(wb, VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE,
-			   &vboot_ctx) == VB2_SUCCESS);
+	rv = vb2api_init(wb, VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE, &vboot_ctx);
+	assert(rv == VB2_SUCCESS);
 
 	return vboot_ctx;
 }
-- 
cgit v1.2.3