Change in coreboot[master]: security/vboot: Boot to Recovery Mode if no RW slot present

List overview All Threads
Download

newer

older

Change in coreboot[master]:...

Bill XIE (Code Review)

18 Aug 2019 18 Aug '19

8 a.m.

Bill XIE has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/34977 )

Change subject: security/vboot: Boot to Recovery Mode if no RW slot present ......................................................................

security/vboot: Boot to Recovery Mode if no RW slot present

Currently, even if there is no RW slot present, vboot will still try to find one to boot, result in an infinite boot loop.

This change explicitly allows a coreboot build with vboot but without RW slot to make use of vboot only for measured boot, by performing "Recovery mode" boot, with stages and payloads in the RO slot.

Change-Id: Ica98afd6aeb5328515df0c11e974cc9b3e8cdde1 Signed-off-by: Bill XIE persmule@hardenedlinux.org --- M src/security/vboot/vboot_logic.c 1 file changed, 3 insertions(+), 1 deletion(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/77/34977/1

diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 7f00df5..48fd6db 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -347,7 +347,9 @@ "Initializing measured boot mode failed!"); }

- if (get_recovery_mode_switch()) { + /* Boot to Recovery Mode if no RW slot present */ + if (!CONFIG(VBOOT_SLOTS_RW_A) || + get_recovery_mode_switch()) { ctx.flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE; if (CONFIG(VBOOT_DISABLE_DEV_ON_RECOVERY)) ctx.flags |= VB2_CONTEXT_DISABLE_DEVELOPER_MODE;

Attachments:

attachment.htm (text/html — 2.9 KB)

Show replies by date

Julius Werner (Code Review)

20 Aug 20 Aug

12:39 a.m.

Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34977 )

Change subject: security/vboot: Boot to Recovery Mode if no RW slot present ......................................................................

Patch Set 1: Code-Review-1

I don't think you should do this. Running vboot when you not actually want to verify anything doesn't make any sense. We should rather try to decouple measured boot from verified boot and make them two fully independent options. It really doesn't have anything to do with vboot other than reusing crypto routines and relying on TPM initialization. We should change security/vboot/Makefile.inc so that the vboot library is still built and linked even if CONFIG_VBOOT is false (so you can use the crypto routines for other purposes), and we should tie the CRTM init to something other than vboot_logic_executed() (would probably do it in ramstage after init_tpm_dev() then... or if that's too late, maybe move that non-vboot TPM init into romstage somehow). There's no point in even having a verstage if you're never running verification.

On the other hand, if you *would* like to have verification but you just don't want to have more than one CBFS copy, we should implement a way to only have a single "RW" CBFS with no support for recovery mode or A/B updates, as discussed in CB:31662.

-- To view, visit https://review.coreboot.org/c/coreboot/+/34977 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ica98afd6aeb5328515df0c11e974cc9b3e8cdde1 Gerrit-Change-Number: 34977 Gerrit-PatchSet: 1 Gerrit-Owner: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Julius Werner jwerner@chromium.org Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Joel Kitching kitching@google.com Gerrit-CC: Patrick Rudolph siro@das-labor.org Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-CC: Shawn C citypw@hardenedlinux.org Gerrit-Comment-Date: Tue, 20 Aug 2019 00:39:47 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Patrick Rudolph (Code Review)

9:41 a.m.

Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34977 )

Change subject: security/vboot: Boot to Recovery Mode if no RW slot present ......................................................................

Patch Set 1: Code-Review-1

(1 comment)

Duplicate of https://review.coreboot.org/c/coreboot/+/31662/

https://review.coreboot.org/c/coreboot/+/34977/1/src/security/vboot/vboot_lo... File src/security/vboot/vboot_logic.c:

https://review.coreboot.org/c/coreboot/+/34977/1/src/security/vboot/vboot_lo... PS1, Line 350: /* Boot to Recovery Mode if no RW slot present */ duplicate of https://review.coreboot.org/c/coreboot/+/31662/

-- To view, visit https://review.coreboot.org/c/coreboot/+/34977 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ica98afd6aeb5328515df0c11e974cc9b3e8cdde1 Gerrit-Change-Number: 34977 Gerrit-PatchSet: 1 Gerrit-Owner: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Julius Werner jwerner@chromium.org Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Joel Kitching kitching@google.com Gerrit-CC: Patrick Rudolph siro@das-labor.org Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-CC: Shawn C citypw@hardenedlinux.org Gerrit-Comment-Date: Tue, 20 Aug 2019 09:41:54 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Bill XIE (Code Review)

23 Aug 23 Aug

5:25 a.m.

Bill XIE has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34977 )

Change subject: security/vboot: Boot to Recovery Mode if no RW slot present ......................................................................

Patch Set 1: Code-Review+2

-- To view, visit https://review.coreboot.org/c/coreboot/+/34977 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ica98afd6aeb5328515df0c11e974cc9b3e8cdde1 Gerrit-Change-Number: 34977 Gerrit-PatchSet: 1 Gerrit-Owner: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Julius Werner jwerner@chromium.org Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Joel Kitching kitching@google.com Gerrit-CC: Patrick Rudolph siro@das-labor.org Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-CC: Shawn C citypw@hardenedlinux.org Gerrit-Comment-Date: Fri, 23 Aug 2019 05:25:03 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Bill XIE (Code Review)

5:25 a.m.

Bill XIE has removed a vote from this change. ( https://review.coreboot.org/c/coreboot/+/34977 )

Change subject: security/vboot: Boot to Recovery Mode if no RW slot present ......................................................................

Removed Code-Review+2 by Bill XIE persmule@hardenedlinux.org

-- To view, visit https://review.coreboot.org/c/coreboot/+/34977 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ica98afd6aeb5328515df0c11e974cc9b3e8cdde1 Gerrit-Change-Number: 34977 Gerrit-PatchSet: 1 Gerrit-Owner: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Julius Werner jwerner@chromium.org Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Joel Kitching kitching@google.com Gerrit-CC: Patrick Rudolph siro@das-labor.org Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-CC: Shawn C citypw@hardenedlinux.org Gerrit-MessageType: deleteVote

Bill XIE (Code Review)

5:27 a.m.

Bill XIE has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34977 )

Change subject: security/vboot: Boot to Recovery Mode if no RW slot present ......................................................................

Patch Set 1: Code-Review-1

Okay. I will retain this change a period of time, before I finish decoupling measured boot from verified boot.

-- To view, visit https://review.coreboot.org/c/coreboot/+/34977 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ica98afd6aeb5328515df0c11e974cc9b3e8cdde1 Gerrit-Change-Number: 34977 Gerrit-PatchSet: 1 Gerrit-Owner: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Julius Werner jwerner@chromium.org Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Joel Kitching kitching@google.com Gerrit-CC: Patrick Rudolph siro@das-labor.org Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-CC: Shawn C citypw@hardenedlinux.org Gerrit-Comment-Date: Fri, 23 Aug 2019 05:27:17 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

Bill XIE (Code Review)

17 Dec 17 Dec

7:14 a.m.

Bill XIE has abandoned this change. ( https://review.coreboot.org/c/coreboot/+/34977 )

Change subject: security/vboot: Boot to Recovery Mode if no RW slot present ......................................................................

Abandoned

Replaced by CB:35077

-- To view, visit https://review.coreboot.org/c/coreboot/+/34977 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ica98afd6aeb5328515df0c11e974cc9b3e8cdde1 Gerrit-Change-Number: 34977 Gerrit-PatchSet: 1 Gerrit-Owner: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org Gerrit-Reviewer: Julius Werner jwerner@chromium.org Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org Gerrit-CC: Joel Kitching kitching@google.com Gerrit-CC: Patrick Rudolph siro@das-labor.org Gerrit-CC: Philipp Deppenwiese zaolin.daisuki@gmail.com Gerrit-CC: Shawn C citypw@hardenedlinux.org Gerrit-MessageType: abandon

1808

days inactive

1929

days old

coreboot-gerrit@coreboot.org

6 comments

3 participants

tags (0)

participants (3)

Bill XIE (Code Review)
Julius Werner (Code Review)
Patrick Rudolph (Code Review)