dasharo-issues icon indicating copy to clipboard operation
dasharo-issues copied to clipboard

Published 20 hours ago verified publisher icon Dasharo

Popup with information about recovery mode is displayed after flashing with a valid binary

Open Pokisiekk opened this issue 3 years ago • 11 comments

Dasharo version v1.4.0

Dasharo variant NV41PZ

Affected component(s) or functionality Vboot

Brief summary Popup with information about recovery mode is displayed after flashing with a valid binary, but only one time.

How reproducible 100%

How to reproduce

Steps to reproduce the behavior:

  1. Power on the laptop.
  2. Boot into Ubuntu 22.04.
  3. Flash coreboot signed with wrong vboot keys by executing the following command: flashrom -p internal --fmap -i RW_SECTION_A -w [coreboot_binary]
  4. Power off and then power on the laptop.
  5. Boot into Ubuntu 22.04.
  6. Flash dasharo firmware by executing the following command: flashrom -p internal --fmap -i RW_SECTION_A -w [coreboot_binary] 7.Power off and then power on the laptop.

Expected behavior The laptop boots normal, BIOS_KEYS are displayed.

Actual behavior Popup with information about recovery mode is displayed during first boot after flashing.

Screenshots

Additional context

Solutions you've tried

Pokisiekk avatar Nov 16 '22 14:11 Pokisiekk

I've managed to reproduce this issue on NV41PZ, Dasharo version 1.4.0.

  1. Flash coreboot with the wrong vboot keys.
  2. Reboot platform, a message about recovery is shown.
  3. Flash again, this time using proper firmware.
  4. Reboot. A message about recovery is shown.

PrzemyslawBanasiak13 avatar Nov 17 '22 13:11 PrzemyslawBanasiak13

I reproduced the issue on NV41PZ with Dasharo firmware v1.5.0

Pokisiekk avatar Mar 03 '23 08:03 Pokisiekk

@miczyg1 @macpijan This issue keeps coming back to us with different platforms all the time it seems. Initially the problem was caused by upstream vboot changing the behaviour from clearing the recovery flag in coreboot to clearing it in payload. So we forked vboot and reverted that behaviour, but maintaining that has been messy.

IMO the best solution here would be to stop trying to maintain a vboot fork and implement vboot recovery handling / clearing in EDKII. Maybe even add an option to clear the flag manually when the recovery popup appears.

mkopec avatar Mar 03 '23 10:03 mkopec

I reproduced the issue on NV41PZ with Dasharo firmware v1.6.0

Pokisiekk avatar Mar 23 '23 09:03 Pokisiekk

@mkopec @miczyg1 @macpijan I look more closely this issue on NS5x/7xPU with v1.6.0 Dasharo firmware. After flashing firmware with wrong vboot keys, there are two reasons for recovery:

  1. RW firmware failed signature check with 0x03 code - This happens in every 1st,3rd,5th,7th... boot after flashing
  2. RW firmware unable to verify keyblock with 0x13 code - This happens in every 2nd,4th,6th,8th... boot after flashing

Flashing Dasharo firmware when the DUT booted with code 0x03 causes that the DUT boots properly:

?VB2:vb2_check_recovery() Recovery reason from previous boot: 0x0 / 0x0

Flashing Dasharo firmware when DUT booted with code 0x13 causes that the DUT boots from recovery on more time:

?VB2:vb2_check_recovery() Recovery reason from previous boot: 0x3 / 0x3
?VB2:vb2_check_recovery() We have a recovery request: 0x3 / 0x0

On next boot everything is fine:

?VB2:vb2_check_recovery() Recovery reason from previous boot: 0x0 / 0x0

Pokisiekk avatar Apr 06 '23 07:04 Pokisiekk

https://github.com/Dasharo/coreboot/pull/342

miczyg1 avatar May 18 '23 11:05 miczyg1

@mkopec @miczyg1 @macpijan I look more closely this issue on NS5x/7xPU with v1.6.0 Dasharo firmware. After flashing firmware with wrong vboot keys, there are two reasons for recovery:

  1. RW firmware failed signature check with 0x03 code - This happens in every 1st,3rd,5th,7th... boot after flashing
  2. RW firmware unable to verify keyblock with 0x13 code - This happens in every 2nd,4th,6th,8th... boot after flashing

Flashing Dasharo firmware when the DUT booted with code 0x03 causes that the DUT boots properly:

?VB2:vb2_check_recovery() Recovery reason from previous boot: 0x0 / 0x0

Flashing Dasharo firmware when DUT booted with code 0x13 causes that the DUT boots from recovery on more time:

?VB2:vb2_check_recovery() Recovery reason from previous boot: 0x3 / 0x3
?VB2:vb2_check_recovery() We have a recovery request: 0x3 / 0x0

On next boot everything is fine:

?VB2:vb2_check_recovery() Recovery reason from previous boot: 0x0 / 0x0

Apparently the vboot code is weird and sets 0x03 code once and later changes it to 0x13 code. Don't know how to explain it...

miczyg1 avatar May 18 '23 15:05 miczyg1

I reproduced the issue on VP4670 with v1.1.0 Dasharo firmware. The popup is displayed after flashing firmware when the DUT is booting with 0x13 code, how I described in this comment: https://github.com/Dasharo/dasharo-issues/issues/269#issuecomment-1498617421

Pokisiekk avatar Jun 02 '23 05:06 Pokisiekk

@Pokisiekk we can fairly say that it will reproduce on any platform with RW_A partition only.

miczyg1 avatar Jun 02 '23 07:06 miczyg1

Have not reproduced this on 1.1.0 -> 1.2.0 transition on Protectli VP4670 V2.

macpijan avatar Mar 25 '24 14:03 macpijan

We will need to make sure that this issue no longer happens with the upcoming releases. Let's await that.

wessel-novacustom avatar Apr 15 '24 14:04 wessel-novacustom