Julius Werner has submitted this change. ( https://review.coreboot.org/c/coreboot/+/78821?usp=email )
Change subject: vboot: Add catchall recovery reason for unspecified phase 4 errors ......................................................................
vboot: Add catchall recovery reason for unspecified phase 4 errors
The code for "phase 4" of firmware verification currently only sets a recovery reason when there's an actual hash mismatch detected in vb2api_check_hash_get_digest(). This is the most likely way how this section of code can fail but not the only one. If any other unexpected issue occurs, we should still set a recovery reason rather than just reboot and risk an infinite boot loop.
This patch adds a catchall recovery reason for any error code that falls out of this block of code. If a more specific recovery reason had already been set beforehand, we'll continue to use that -- if not, we'll set VB2_RECOVERY_FW_GET_FW_BODY.
Change-Id: If00f8f8a5d17aa113e0325aad58d367f244aca49 Signed-off-by: Julius Werner jwerner@chromium.org Reviewed-on: https://review.coreboot.org/c/coreboot/+/78821 Reviewed-by: Yu-Ping Wu yupingso@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/security/vboot/vboot_logic.c 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Yu-Ping Wu: Looks good to me, approved
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 11983b9..93a188c 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -374,7 +374,7 @@ }
if (rv) - vboot_save_and_reboot(ctx, rv); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_FW_GET_FW_BODY, rv); vboot_save_data(ctx);
/* Only extend PCRs once on boot. */