futility: updater: Correct HWID digest when preserving HWID
Starting from GBB 1.2, a digest is stored in GBB and must be updated
whenever the HWID string is changed.
In shell script version of updater, the digest is automatically updated
when we do "futility gbb -s --hwid=XXX", but in native updater
implementation we only updated the HWID string and left digest
unchanged, this leaves devices generating wrong PCR1 values.
`cmd_gbb_utility` updates the digest by calling `update_hwid_digest`
using vboot1 structure, so we should introduce a new vboot2 friendly
function, `vb2_change_hwid`, which changes both HWID string and digest
at same time.
Note this has no impact for end user's devices with write protection
enabled. Only changes dogfood units AU results.
BUG=b:122248649
TEST=make futil; tests/futility/run_test_scripts.sh $(pwd)/build/futility
BRANCH=none
Change-Id: I6ad2754e6df3c9dd66d71c560a2afc26d14eae33
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/1411945
diff --git a/futility/futility.h b/futility/futility.h
index f063575..18582c6 100644
--- a/futility/futility.h
+++ b/futility/futility.h
@@ -108,6 +108,9 @@
int futil_valid_gbb_header(GoogleBinaryBlockHeader *gbb, uint32_t len,
uint32_t *maxlen);
+/* Updates HWID in GBB properly (and update digest if available). */
+int vb2_change_hwid(struct vb2_gbb_header *gbb, const char *hwid);
+
/* For GBB v1.2 and later, update the hwid_digest */
void update_hwid_digest(GoogleBinaryBlockHeader *gbb);
diff --git a/futility/misc.c b/futility/misc.c
index 703033c..2bf05b9 100644
--- a/futility/misc.c
+++ b/futility/misc.c
@@ -166,6 +166,7 @@
return is_valid;
}
+/* Deprecated. Use vb2_change_hwid in future. */
/* For GBB v1.2 and later, update the hwid_digest field. */
void update_hwid_digest(GoogleBinaryBlockHeader *gbb)
{
@@ -181,6 +182,25 @@
gbb->hwid_digest, sizeof(gbb->hwid_digest));
}
+int vb2_change_hwid(struct vb2_gbb_header *gbb, const char *hwid)
+{
+ uint8_t *to = (uint8_t *)gbb + gbb->hwid_offset;
+ int len = strlen(hwid);
+ if (len >= gbb->hwid_size)
+ return -1;
+
+ /* Zero whole area so we won't have garbage after NUL. */
+ memset(to, 0, gbb->hwid_size);
+ memcpy(to, hwid, len);
+
+ /* HWID digest must be updated since v1.2. */
+ if (gbb->major_version == 1 && gbb->minor_version < 2)
+ return 0;
+
+ return vb2_digest_buffer(to, len, VB2_HASH_SHA256, gbb->hwid_digest,
+ sizeof(gbb->hwid_digest));
+}
+
/*
* TODO: All sorts of race conditions likely here, and everywhere this is used.
* Do we care? If so, fix it.
diff --git a/futility/updater.c b/futility/updater.c
index 01aa13a..7536093 100644
--- a/futility/updater.c
+++ b/futility/updater.c
@@ -953,8 +953,6 @@
struct firmware_image *image_to,
int preserve_flags)
{
- int len;
- uint8_t *hwid_to, *hwid_from;
const struct vb2_gbb_header *gbb_from;
struct vb2_gbb_header *gbb_to;
@@ -969,18 +967,9 @@
if (preserve_flags)
gbb_to->flags = gbb_from->flags;
- hwid_to = (uint8_t *)gbb_to + gbb_to->hwid_offset;
- hwid_from = (uint8_t *)gbb_from + gbb_from->hwid_offset;
-
/* Preserve HWID. */
- len = strlen((const char *)hwid_from);
- if (len >= gbb_to->hwid_size)
- return -1;
-
- /* Zero whole area so we won't have garbage after NUL. */
- memset(hwid_to, 0, gbb_to->hwid_size);
- memcpy(hwid_to, hwid_from, len);
- return 0;
+ return vb2_change_hwid(
+ gbb_to, (const char *)gbb_from + gbb_from->hwid_offset);
}
/*
diff --git a/tests/futility/test_update.sh b/tests/futility/test_update.sh
index 740e53c..dd09251 100755
--- a/tests/futility/test_update.sh
+++ b/tests/futility/test_update.sh
@@ -91,6 +91,15 @@
cp -f "${FROM_IMAGE}" "${FROM_IMAGE}.large"
truncate -s $((8388608 * 2)) "${FROM_IMAGE}.large"
+# Hack for GBB v1.2
+TO_IMAGE_GBB12="${TO_IMAGE}.gbb12"
+HWID_DIGEST="adf64d2a434b610506153da42440b0b498d7369c0e98b629ede65eb59f4784fa"
+cp -f "${TO_IMAGE}" "${TO_IMAGE_GBB12}"
+patch_file "${TO_IMAGE_GBB12}" GBB 6 "\x02"
+"${FUTILITY}" gbb -s --hwid="${TO_HWID}" "${TO_IMAGE_GBB12}"
+GBB_OUTPUT="$("${FUTILITY}" gbb --digest "${TO_IMAGE_GBB12}")"
+[ "${GBB_OUTPUT}" = "digest: ${HWID_DIGEST} valid" ]
+
# Generate expected results.
cp -f "${TO_IMAGE}" "${TMP}.expected.full"
cp -f "${FROM_IMAGE}" "${TMP}.expected.rw"
@@ -112,6 +121,9 @@
RW_SECTION_B:${TMP}.to/RW_SECTION_B
"${FUTILITY}" load_fmap "${TMP}.expected.legacy" \
RW_LEGACY:${TMP}.to/RW_LEGACY
+cp -f "${TMP}.expected.full" "${TMP}.expected.full.gbb12"
+patch_file "${TMP}.expected.full.gbb12" GBB 6 "\x02"
+"${FUTILITY}" gbb -s --hwid="${FROM_HWID}" "${TMP}.expected.full.gbb12"
cp -f "${TMP}.expected.full" "${TMP}.expected.full.gbb0"
"${FUTILITY}" gbb -s --flags=0 "${TMP}.expected.full.gbb0"
cp -f "${FROM_IMAGE}" "${FROM_IMAGE}.gbb0"
@@ -187,6 +199,10 @@
-i "${TO_IMAGE}" --wp=0 --sys_props 0,0x10001,1 \
--host_only --ec_image non-exist.bin --pd_image non_exist.bin
+test_update "Full update (GBB1.2 hwid digest)" \
+ "${FROM_IMAGE}" "${TMP}.expected.full.gbb12" \
+ -i "${TO_IMAGE_GBB12}" --wp=0 --sys_props 0,0x10001,1
+
# Test RW-only update.
test_update "RW update" \
"${FROM_IMAGE}" "${TMP}.expected.rw" \
