This involves a minor code change but I take the opportunity
to clean things up, getting rid of files we don't need,
and fixing includes.

Change-Id: Ie9ead4b6a2473d2f25b7b0a777343aef598f8dd9
Signed-off-by: Ronald G. Minnich <rminn...@gmail.com>
---
 kern/drivers/dev/capability.c   |  15 +-
 kern/include/crypto/2api.h      |   5 +-
 kern/include/crypto/2hmac.h     |   1 -
 kern/lib/crypto/2api.c          | 208 --------------------
 kern/lib/crypto/2common.c       |   8 +-
 kern/lib/crypto/2crc8.c         |   4 +-
 kern/lib/crypto/2hmac.c         |   6 +-
 kern/lib/crypto/2misc.c         | 408 ----------------------------------------
 kern/lib/crypto/2nvstorage.c    | 370 ------------------------------------
 kern/lib/crypto/2rsa.c          |   8 +-
 kern/lib/crypto/2secdata.c      |  10 +-
 kern/lib/crypto/2secdatak.c     |  10 +-
 kern/lib/crypto/2sha1.c         |   6 +-
 kern/lib/crypto/2sha512.c       |   6 +-
 kern/lib/crypto/2sha_utility.c  |   6 +-
 kern/lib/crypto/2stub.c         |  59 ------
 kern/lib/crypto/2tpm_bootmode.c |  54 ------
 kern/lib/crypto/Kbuild          |  18 +-
 18 files changed, 54 insertions(+), 1148 deletions(-)
 delete mode 100644 kern/lib/crypto/2api.c
 delete mode 100644 kern/lib/crypto/2misc.c
 delete mode 100644 kern/lib/crypto/2nvstorage.c
 delete mode 100644 kern/lib/crypto/2stub.c
 delete mode 100644 kern/lib/crypto/2tpm_bootmode.c

diff --git a/kern/drivers/dev/capability.c b/kern/drivers/dev/capability.c
index ab0cd95..f974fff 100644
--- a/kern/drivers/dev/capability.c
+++ b/kern/drivers/dev/capability.c
@@ -21,8 +21,13 @@
 #include <smp.h>
 #include <ip.h>
 
+#include <crypto/2crypto.h>
+#include <crypto/2hmac.h>
+#include <crypto/2id.h>
+#include <crypto/2sha.h>
+
 enum {
-       Hashlen = 20, // SHA1dlen,
+       Hashlen = VB2_SHA256_BLOCK_SIZE,
        Maxhash = 256,
 };
 
@@ -197,6 +202,7 @@ static long capwrite(struct chan *c, void *va, long n, 
int64_t m)
        uint8_t hash[Hashlen];
        char *key, *from, *to;
        char err[256];
+       int ret;
        ERRSTACK(1);
 
        switch ((uint32_t)c->qid.path) {
@@ -226,9 +232,10 @@ static long capwrite(struct chan *c, void *va, long n, 
int64_t m)
                        error(EIO, "short read: Quse");
                *key++ = 0;
 
-               panic("No way to hash");
-               //hmac_sha1((uint8_t *)from, strlen(from), (uint8_t *)key, 
strlen(key),
-               //hash, NULL);
+               ret = hmac(VB2_ALG_RSA1024_SHA256, key, strlen(key),
+                          from, strlen(from), hash, sizeof(hash));
+               if (ret)
+                       error(EINVAL,"HMAC failed");
 
                p = remcap(hash);
                if (p == NULL) {
diff --git a/kern/include/crypto/2api.h b/kern/include/crypto/2api.h
index e4c6ad0..23d413d 100644
--- a/kern/include/crypto/2api.h
+++ b/kern/include/crypto/2api.h
@@ -17,8 +17,8 @@
  *      must be done elsewhere, and VB2_NV_DEBUG_RESET_MODE is ignored.
  */
 
-#ifndef VBOOT_2_API_H_
-#define VBOOT_2_API_H_
+#pragma once
+
 #include <stdint.h>
 
 #include "2common.h"
@@ -658,4 +658,3 @@ int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, 
uint32_t size);
  */
 int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size);
 
-#endif  /* VBOOT_2_API_H_ */
diff --git a/kern/include/crypto/2hmac.h b/kern/include/crypto/2hmac.h
index 7209a38..ad7dfea 100644
--- a/kern/include/crypto/2hmac.h
+++ b/kern/include/crypto/2hmac.h
@@ -25,4 +25,3 @@ int hmac(enum vb2_hash_algorithm alg,
         const void *msg, uint32_t msg_size,
         uint8_t *mac, uint32_t mac_size);
 
-#endif
diff --git a/kern/lib/crypto/2api.c b/kern/lib/crypto/2api.c
deleted file mode 100644
index c12a805..0000000
--- a/kern/lib/crypto/2api.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Externally-callable APIs
- * (Firmware portion)
- */
-
-#include "2sysincludes.h"
-#include "2api.h"
-#include "2common.h"
-#include "2misc.h"
-#include "2nvstorage.h"
-#include "2secdata.h"
-#include "2sha.h"
-#include "2rsa.h"
-#include "2tpm_bootmode.h"
-
-int vb2api_secdata_check(const struct vb2_context *ctx)
-{
-       return vb2_secdata_check_crc(ctx);
-}
-
-int vb2api_secdata_create(struct vb2_context *ctx)
-{
-       return vb2_secdata_create(ctx);
-}
-
-void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
-{
-       /* Initialize the vboot context if it hasn't been yet */
-       vb2_init_context(ctx);
-
-       vb2_fail(ctx, reason, subcode);
-}
-
-int vb2api_fw_phase1(struct vb2_context *ctx)
-{
-       int rv;
-
-       /* Initialize the vboot context if it hasn't been yet */
-       vb2_init_context(ctx);
-
-       /* Initialize NV context */
-       vb2_nv_init(ctx);
-
-       /*
-        * Handle caller-requested reboot due to secdata.  Do this before we
-        * even look at secdata.  If we fail because of a reboot loop we'll be
-        * the first failure so will get to set the recovery reason.
-        */
-       if (!(ctx->flags & VB2_CONTEXT_SECDATA_WANTS_REBOOT)) {
-               /* No reboot requested */
-               vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 0);
-       } else if (vb2_nv_get(ctx, VB2_NV_TPM_REQUESTED_REBOOT)) {
-               /*
-                * Reboot requested... again.  Fool me once, shame on you.
-                * Fool me twice, shame on me.  Fail into recovery to avoid
-                * a reboot loop.
-                */
-               vb2_fail(ctx, VB2_RECOVERY_RO_TPM_REBOOT, 0);
-       } else {
-               /* Reboot requested for the first time */
-               vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1);
-               return VB2_ERROR_API_PHASE1_SECDATA_REBOOT;
-       }
-
-       /* Initialize secure data */
-       rv = vb2_secdata_init(ctx);
-       if (rv)
-               vb2_fail(ctx, VB2_RECOVERY_SECDATA_INIT, rv);
-
-       /* Load and parse the GBB header */
-       rv = vb2_fw_parse_gbb(ctx);
-       if (rv)
-               vb2_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv);
-
-       /*
-        * Check for recovery.  Note that this function returns void, since any
-        * errors result in requesting recovery.  That's also why we don't
-        * return error from failures in the preceding two steps; those
-        * failures simply cause us to detect recovery mode here.
-        */
-       vb2_check_recovery(ctx);
-
-       /* Check for dev switch */
-       rv = vb2_check_dev_switch(ctx);
-       if (rv && !(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) {
-               /*
-                * Error in dev switch processing, and we weren't already
-                * headed for recovery mode.  Reboot into recovery mode, since
-                * it's too late to handle those errors this boot, and we need
-                * to take a different path through the dev switch checking
-                * code in that case.
-                */
-               vb2_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv);
-               return rv;
-       }
-
-       /* Return error if recovery is needed */
-       if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
-               /* Always clear RAM when entering recovery mode */
-               ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
-               return VB2_ERROR_API_PHASE1_RECOVERY;
-       }
-
-       return VB2_SUCCESS;
-}
-
-int vb2api_fw_phase2(struct vb2_context *ctx)
-{
-       int rv;
-
-       /*
-        * Use the slot from the last boot if this is a resume.  Do not set
-        * VB2_SD_STATUS_CHOSE_SLOT so the try counter is not decremented on
-        * failure as we are explicitly not attempting to boot from a new slot.
-        */
-       if (ctx->flags & VB2_CONTEXT_S3_RESUME) {
-               struct vb2_shared_data *sd = vb2_get_sd(ctx);
-
-               /* Set the current slot to the last booted slot */
-               sd->fw_slot = vb2_nv_get(ctx, VB2_NV_FW_TRIED);
-
-               /* Set context flag if we're using slot B */
-               if (sd->fw_slot)
-                       ctx->flags |= VB2_CONTEXT_FW_SLOT_B;
-
-               return VB2_SUCCESS;
-       }
-
-       /* Always clear RAM when entering developer mode */
-       if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
-               ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
-
-       /* Check for explicit request to clear TPM */
-       rv = vb2_check_tpm_clear(ctx);
-       if (rv) {
-               vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
-               return rv;
-       }
-
-       /* Decide which firmware slot to try this boot */
-       rv = vb2_select_fw_slot(ctx);
-       if (rv) {
-               vb2_fail(ctx, VB2_RECOVERY_FW_SLOT, rv);
-               return rv;
-       }
-
-       return VB2_SUCCESS;
-}
-
-int vb2api_extend_hash(struct vb2_context *ctx,
-                      const void *buf,
-                      uint32_t size)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-       struct vb2_digest_context *dc = (struct vb2_digest_context *)
-               (ctx->workbuf + sd->workbuf_hash_offset);
-
-       /* Must have initialized hash digest work area */
-       if (!sd->workbuf_hash_size)
-               return VB2_ERROR_API_EXTEND_HASH_WORKBUF;
-
-       /* Don't extend past the data we expect to hash */
-       if (!size || size > sd->hash_remaining_size)
-               return VB2_ERROR_API_EXTEND_HASH_SIZE;
-
-       sd->hash_remaining_size -= size;
-
-       if (dc->using_hwcrypto)
-               return vb2ex_hwcrypto_digest_extend(buf, size);
-       else
-               return vb2_digest_extend(dc, buf, size);
-}
-
-int vb2api_get_pcr_digest(struct vb2_context *ctx,
-                         enum vb2_pcr_digest which_digest,
-                         uint8_t *dest,
-                         uint32_t *dest_size)
-{
-       const uint8_t *digest;
-       uint32_t digest_size;
-
-       switch (which_digest) {
-       case BOOT_MODE_PCR:
-               digest = vb2_get_boot_state_digest(ctx);
-               digest_size = VB2_SHA1_DIGEST_SIZE;
-               break;
-       case HWID_DIGEST_PCR:
-               digest = vb2_get_sd(ctx)->gbb_hwid_digest;
-               digest_size = VB2_GBB_HWID_DIGEST_SIZE;
-               break;
-       default:
-               return VB2_ERROR_API_PCR_DIGEST;
-       }
-
-       if (digest == NULL || *dest_size < digest_size)
-               return VB2_ERROR_API_PCR_DIGEST_BUF;
-
-       memcpy(dest, digest, digest_size);
-       if (digest_size < *dest_size)
-               memset(dest + digest_size, 0, *dest_size - digest_size);
-
-       *dest_size = digest_size;
-
-       return VB2_SUCCESS;
-}
diff --git a/kern/lib/crypto/2common.c b/kern/lib/crypto/2common.c
index 9e75d0c..de1da6e 100644
--- a/kern/lib/crypto/2common.c
+++ b/kern/lib/crypto/2common.c
@@ -6,10 +6,10 @@
  * (Firmware portion)
  */
 
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2rsa.h"
-#include "2sha.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2rsa.h>
+#include <crypto/2sha.h>
 
 int vb2_safe_memcmp(const void *s1, const void *s2, size_t size)
 {
diff --git a/kern/lib/crypto/2crc8.c b/kern/lib/crypto/2crc8.c
index 9df0a00..57b63f2 100644
--- a/kern/lib/crypto/2crc8.c
+++ b/kern/lib/crypto/2crc8.c
@@ -3,8 +3,8 @@
  * found in the LICENSE file.
  */
 
-#include "2sysincludes.h"
-#include "2crc8.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2crc8.h>
 
 uint8_t vb2_crc8(const void *vptr, uint32_t size)
 {
diff --git a/kern/lib/crypto/2hmac.c b/kern/lib/crypto/2hmac.c
index 651ae57..7ca75ba 100644
--- a/kern/lib/crypto/2hmac.c
+++ b/kern/lib/crypto/2hmac.c
@@ -3,9 +3,9 @@
  * found in the LICENSE file.
  */
 
-#include "2sysincludes.h"
-#include "2sha.h"
-#include "2hmac.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2sha.h>
 
 int hmac(enum vb2_hash_algorithm alg,
         const void *key, uint32_t key_size,
diff --git a/kern/lib/crypto/2misc.c b/kern/lib/crypto/2misc.c
deleted file mode 100644
index a955f53..0000000
--- a/kern/lib/crypto/2misc.c
+++ /dev/null
@@ -1,408 +0,0 @@
-/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Misc functions which need access to vb2_context but are not public APIs
- */
-
-#include "2sysincludes.h"
-#include "2api.h"
-#include "2common.h"
-#include "2misc.h"
-#include "2nvstorage.h"
-#include "2secdata.h"
-#include "2sha.h"
-#include "2rsa.h"
-
-int vb2_validate_gbb_signature(uint8_t *sig) {
-       const static uint8_t sig_xor[VB2_GBB_SIGNATURE_SIZE] =
-                       VB2_GBB_XOR_SIGNATURE;
-       int i;
-       for (i = 0; i < VB2_GBB_SIGNATURE_SIZE; i++) {
-               if (sig[i] != (sig_xor[i] ^ VB2_GBB_XOR_CHARS[i]))
-                       return VB2_ERROR_GBB_MAGIC;
-       }
-       return VB2_SUCCESS;
-}
-
-void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb)
-{
-       vb2_workbuf_init(wb, ctx->workbuf + ctx->workbuf_used,
-                        ctx->workbuf_size - ctx->workbuf_used);
-}
-
-int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb)
-{
-       int rv;
-
-       /* Read the entire header */
-       rv = vb2ex_read_resource(ctx, VB2_RES_GBB, 0, gbb, sizeof(*gbb));
-       if (rv)
-               return rv;
-
-       /* Make sure it's really a GBB */
-       rv = vb2_validate_gbb_signature(gbb->signature);
-       if (rv)
-               return rv;
-
-       /* Check for compatible version */
-       if (gbb->major_version != VB2_GBB_MAJOR_VER)
-               return VB2_ERROR_GBB_VERSION;
-
-       /* Current code is not backwards-compatible to 1.1 headers or older */
-       if (gbb->minor_version < VB2_GBB_MINOR_VER)
-               return VB2_ERROR_GBB_TOO_OLD;
-
-       /*
-        * Header size should be at least as big as we expect.  It could be
-        * bigger, if the header has grown.
-        */
-       if (gbb->header_size < sizeof(*gbb))
-               return VB2_ERROR_GBB_HEADER_SIZE;
-
-       return VB2_SUCCESS;
-}
-
-void vb2_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-
-       /* If NV data hasn't been initialized, initialize it now */
-       if (!(sd->status & VB2_SD_STATUS_NV_INIT))
-               vb2_nv_init(ctx);
-
-       /* See if we were far enough in the boot process to choose a slot */
-       if (sd->status & VB2_SD_STATUS_CHOSE_SLOT) {
-
-               /* Boot failed */
-               vb2_nv_set(ctx, VB2_NV_FW_RESULT, VB2_FW_RESULT_FAILURE);
-
-               /* Use up remaining tries */
-               vb2_nv_set(ctx, VB2_NV_TRY_COUNT, 0);
-
-               /*
-                * Try the other slot next time.  We'll alternate
-                * between slots, which may help if one or both slots is
-                * flaky.
-                */
-               vb2_nv_set(ctx, VB2_NV_TRY_NEXT, 1 - sd->fw_slot);
-
-               /*
-                * If we didn't try the other slot last boot, or we tried it
-                * and it didn't fail, try it next boot.
-                */
-               if (sd->last_fw_slot != 1 - sd->fw_slot ||
-                   sd->last_fw_result != VB2_FW_RESULT_FAILURE)
-                       return;
-       }
-
-       /*
-        * If we're still here, we failed before choosing a slot, or both
-        * this slot and the other slot failed in successive boots.  So we
-        * need to go to recovery.
-        *
-        * Set a recovery reason and subcode only if they're not already set.
-        * If recovery is already requested, it's a more specific error code
-        * than later code is providing and we shouldn't overwrite it.
-        */
-       VB2_DEBUG("Need recovery, reason: %#x / %#x\n", reason, subcode);
-       if (!vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST)) {
-               vb2_nv_set(ctx, VB2_NV_RECOVERY_REQUEST, reason);
-               vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE, subcode);
-       }
-}
-
-int vb2_init_context(struct vb2_context *ctx)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-
-       /* Don't do anything if the context has already been initialized */
-       if (ctx->workbuf_used)
-               return VB2_SUCCESS;
-
-       /*
-        * Workbuf had better be big enough for our shared data struct and
-        * aligned.  Not much we can do if it isn't; we'll die before we can
-        * store a recovery reason.
-        */
-       if (ctx->workbuf_size < sizeof(*sd))
-               return VB2_ERROR_INITCTX_WORKBUF_SMALL;
-       if (!vb2_aligned(ctx->workbuf, VB2_WORKBUF_ALIGN))
-               return VB2_ERROR_INITCTX_WORKBUF_ALIGN;
-
-       /* Initialize the shared data at the start of the work buffer */
-       memset(sd, 0, sizeof(*sd));
-       ctx->workbuf_used = sizeof(*sd);
-       return VB2_SUCCESS;
-}
-
-void vb2_check_recovery(struct vb2_context *ctx)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-       uint32_t reason = vb2_nv_get(ctx, VB2_NV_RECOVERY_REQUEST);
-       uint32_t subcode = vb2_nv_get(ctx, VB2_NV_RECOVERY_SUBCODE);
-
-       VB2_DEBUG("Recovery reason from previous boot: %#x / %#x\n",
-                 reason, subcode);
-
-       /*
-        * Sets the current recovery request, unless there's already been a
-        * failure earlier in the boot process.
-        */
-       if (!sd->recovery_reason)
-               sd->recovery_reason = reason;
-
-       /* Clear request and subcode so we don't get stuck in recovery mode */
-       vb2_nv_set(ctx, VB2_NV_RECOVERY_REQUEST, VB2_RECOVERY_NOT_REQUESTED);
-       vb2_nv_set(ctx, VB2_NV_RECOVERY_SUBCODE, VB2_RECOVERY_NOT_REQUESTED);
-
-       if (ctx->flags & VB2_CONTEXT_FORCE_RECOVERY_MODE) {
-               VB2_DEBUG("Recovery was requested manually\n");
-               if (subcode && !sd->recovery_reason)
-                       /*
-                        * Recovery was requested at 'broken' screen.
-                        * Promote subcode to reason.
-                        */
-                       sd->recovery_reason = subcode;
-               else
-                       /* Recovery was forced. Override recovery reason */
-                       sd->recovery_reason = VB2_RECOVERY_RO_MANUAL;
-               sd->flags |= VB2_SD_FLAG_MANUAL_RECOVERY;
-       }
-
-       /* If recovery reason is non-zero, tell caller we need recovery mode */
-       if (sd->recovery_reason) {
-               ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
-               VB2_DEBUG("We have a recovery request: %#x / %#x\n",
-                         sd->recovery_reason,
-                         vb2_nv_get(ctx, VB2_NV_RECOVERY_SUBCODE));
-       }
-}
-
-int vb2_fw_parse_gbb(struct vb2_context *ctx)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-       struct vb2_gbb_header *gbb;
-       struct vb2_workbuf wb;
-       int rv;
-
-       vb2_workbuf_from_ctx(ctx, &wb);
-
-       /* Read GBB into next chunk of work buffer */
-       gbb = vb2_workbuf_alloc(&wb, sizeof(*gbb));
-       if (!gbb)
-               return VB2_ERROR_GBB_WORKBUF;
-
-       rv = vb2_read_gbb_header(ctx, gbb);
-       if (rv)
-               return rv;
-
-       /* Extract the only things we care about at firmware time */
-       sd->gbb_flags = gbb->flags;
-       sd->gbb_rootkey_offset = gbb->rootkey_offset;
-       sd->gbb_rootkey_size = gbb->rootkey_size;
-       memcpy(sd->gbb_hwid_digest, gbb->hwid_digest, VB2_GBB_HWID_DIGEST_SIZE);
-
-       return VB2_SUCCESS;
-}
-
-int vb2_check_dev_switch(struct vb2_context *ctx)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-       uint32_t flags = 0;
-       uint32_t old_flags;
-       int is_dev = 0;
-       int use_secdata = 1;
-       int rv;
-
-       /* Read secure flags */
-       rv = vb2_secdata_get(ctx, VB2_SECDATA_FLAGS, &flags);
-       if (rv) {
-               if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
-                       /*
-                        * Recovery mode needs to check other ways developer
-                        * mode can be enabled, so don't give up yet.  But
-                        * since we can't read secdata, assume dev mode was
-                        * disabled.
-                        */
-                       use_secdata = 0;
-                       flags = 0;
-               } else {
-                       /* Normal mode simply fails */
-                       return rv;
-               }
-       }
-       old_flags = flags;
-
-       /* Handle dev disable request */
-       if (use_secdata && vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST)) {
-               flags &= ~VB2_SECDATA_FLAG_DEV_MODE;
-
-               /* Clear the request */
-               vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 0);
-       }
-
-       /*
-        * Check if we've been asked by the caller to disable dev mode.  Note
-        * that hardware switch and GBB flag will take precedence over this.
-        */
-       if (ctx->flags & VB2_DISABLE_DEVELOPER_MODE)
-               flags &= ~VB2_SECDATA_FLAG_DEV_MODE;
-
-       /* Check virtual dev switch */
-       if (flags & VB2_SECDATA_FLAG_DEV_MODE)
-               is_dev = 1;
-
-       /* Handle forcing dev mode via physical switch */
-       if (ctx->flags & VB2_CONTEXT_FORCE_DEVELOPER_MODE)
-               is_dev = 1;
-
-       /* Check if GBB is forcing dev mode */
-       if (sd->gbb_flags & VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON)
-               is_dev = 1;
-
-       /* Handle whichever mode we end up in */
-       if (is_dev) {
-               /* Developer mode */
-               sd->flags |= VB2_SD_DEV_MODE_ENABLED;
-               ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
-
-               flags |= VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER;
-       } else {
-               /* Normal mode */
-               flags &= ~VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER;
-
-               /*
-                * Disable dev_boot_* flags.  This ensures they will be
-                * initially disabled if the user later transitions back into
-                * developer mode.
-                */
-               vb2_nv_set(ctx, VB2_NV_DEV_BOOT_USB, 0);
-               vb2_nv_set(ctx, VB2_NV_DEV_BOOT_LEGACY, 0);
-               vb2_nv_set(ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 0);
-               vb2_nv_set(ctx, VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP, 0);
-               vb2_nv_set(ctx, VB2_NV_DEV_DEFAULT_BOOT, 0);
-               vb2_nv_set(ctx, VB2_NV_FASTBOOT_UNLOCK_IN_FW, 0);
-       }
-
-       if (ctx->flags & VB2_CONTEXT_FORCE_WIPEOUT_MODE)
-               vb2_nv_set(ctx, VB2_NV_REQ_WIPEOUT, 1);
-
-       if (flags != old_flags) {
-               /*
-                * Just changed dev mode state.  Clear TPM owner.  This must be
-                * done here instead of simply passing a flag to
-                * vb2_check_tpm_clear(), because we don't want to update
-                * last_boot_developer and then fail to clear the TPM owner.
-                *
-                * Note that we do this even if we couldn't read secdata, since
-                * the TPM owner and secdata may be independent, and we want
-                * the owner to be cleared if *this boot* is different than the
-                * last one (perhaps due to GBB or hardware override).
-                */
-               rv = vb2ex_tpm_clear_owner(ctx);
-               if (use_secdata) {
-                       /* Check for failure to clear owner */
-                       if (rv) {
-                               /*
-                                * Note that this truncates rv to 8 bit.  Which
-                                * is not as useful as the full error code, but
-                                * we don't have NVRAM space to store the full
-                                * 32-bit code.
-                                */
-                               vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
-                               return rv;
-                       }
-
-                       /* Save new flags */
-                       rv = vb2_secdata_set(ctx, VB2_SECDATA_FLAGS, flags);
-                       if (rv)
-                               return rv;
-               }
-       }
-
-       return VB2_SUCCESS;
-}
-
-int vb2_check_tpm_clear(struct vb2_context *ctx)
-{
-       int rv;
-
-       /* Check if we've been asked to clear the owner */
-       if (!vb2_nv_get(ctx, VB2_NV_CLEAR_TPM_OWNER_REQUEST))
-               return VB2_SUCCESS;  /* No need to clear */
-
-       /* Request applies one time only */
-       vb2_nv_set(ctx, VB2_NV_CLEAR_TPM_OWNER_REQUEST, 0);
-
-       /* Try clearing */
-       rv = vb2ex_tpm_clear_owner(ctx);
-       if (rv) {
-               /*
-                * Note that this truncates rv to 8 bit.  Which is not as
-                * useful as the full error code, but we don't have NVRAM space
-                * to store the full 32-bit code.
-                */
-               vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
-               return rv;
-       }
-
-       /* Clear successful */
-       vb2_nv_set(ctx, VB2_NV_CLEAR_TPM_OWNER_DONE, 1);
-       return VB2_SUCCESS;
-}
-
-int vb2_select_fw_slot(struct vb2_context *ctx)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-       uint32_t tries;
-
-       /* Get result of last boot */
-       sd->last_fw_slot = vb2_nv_get(ctx, VB2_NV_FW_TRIED);
-       sd->last_fw_result = vb2_nv_get(ctx, VB2_NV_FW_RESULT);
-
-       /* Save to the previous result fields in NV storage */
-       vb2_nv_set(ctx, VB2_NV_FW_PREV_TRIED, sd->last_fw_slot);
-       vb2_nv_set(ctx, VB2_NV_FW_PREV_RESULT, sd->last_fw_result);
-
-       /* Clear result, since we don't know what will happen this boot */
-       vb2_nv_set(ctx, VB2_NV_FW_RESULT, VB2_FW_RESULT_UNKNOWN);
-
-       /* Get slot to try */
-       sd->fw_slot = vb2_nv_get(ctx, VB2_NV_TRY_NEXT);
-
-       /* Check try count */
-       tries = vb2_nv_get(ctx, VB2_NV_TRY_COUNT);
-
-       if (sd->last_fw_result == VB2_FW_RESULT_TRYING &&
-           sd->last_fw_slot == sd->fw_slot &&
-           tries == 0) {
-               /*
-                * We used up our last try on the previous boot, so fall back
-                * to the other slot this boot.
-                */
-               sd->fw_slot = 1 - sd->fw_slot;
-               vb2_nv_set(ctx, VB2_NV_TRY_NEXT, sd->fw_slot);
-       }
-
-       if (tries > 0) {
-               /* Still trying this firmware */
-               vb2_nv_set(ctx, VB2_NV_FW_RESULT, VB2_FW_RESULT_TRYING);
-
-               /* Decrement non-zero try count, unless told not to */
-               if (!(ctx->flags & VB2_CONTEXT_NOFAIL_BOOT))
-                       vb2_nv_set(ctx, VB2_NV_TRY_COUNT, tries - 1);
-       }
-
-       /* Store the slot we're trying */
-       vb2_nv_set(ctx, VB2_NV_FW_TRIED, sd->fw_slot);
-
-       /* Set context flag if we're using slot B */
-       if (sd->fw_slot)
-               ctx->flags |= VB2_CONTEXT_FW_SLOT_B;
-
-       /* Set status flag */
-       sd->status |= VB2_SD_STATUS_CHOSE_SLOT;
-
-       return VB2_SUCCESS;
-}
diff --git a/kern/lib/crypto/2nvstorage.c b/kern/lib/crypto/2nvstorage.c
deleted file mode 100644
index b40bbe7..0000000
--- a/kern/lib/crypto/2nvstorage.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/* Non-volatile storage routines */
-
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2crc8.h"
-#include "2misc.h"
-#include "2nvstorage.h"
-#include "2nvstorage_fields.h"
-
-static void vb2_nv_regen_crc(struct vb2_context *ctx)
-{
-       ctx->nvdata[VB2_NV_OFFS_CRC] = vb2_crc8(ctx->nvdata, VB2_NV_OFFS_CRC);
-       ctx->flags |= VB2_CONTEXT_NVDATA_CHANGED;
-}
-
-/**
- * Check the CRC of the non-volatile storage context.
- *
- * Use this if reading from non-volatile storage may be flaky, and you want to
- * retry reading it several times.
- *
- * This may be called before vb2_context_init().
- *
- * @param ctx          Context pointer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_nv_check_crc(const struct vb2_context *ctx)
-{
-       const uint8_t *p = ctx->nvdata;
-
-       /* Check header */
-       if (VB2_NV_HEADER_SIGNATURE !=
-           (p[VB2_NV_OFFS_HEADER] & VB2_NV_HEADER_MASK))
-               return VB2_ERROR_NV_HEADER;
-
-       /* Check CRC */
-       if (vb2_crc8(p, VB2_NV_OFFS_CRC) != p[VB2_NV_OFFS_CRC])
-               return VB2_ERROR_NV_CRC;
-
-       return VB2_SUCCESS;
-}
-
-void vb2_nv_init(struct vb2_context *ctx)
-{
-       struct vb2_shared_data *sd = vb2_get_sd(ctx);
-       uint8_t *p = ctx->nvdata;
-
-       /* Check data for consistency */
-       if (vb2_nv_check_crc(ctx) != VB2_SUCCESS) {
-               /* Data is inconsistent (bad CRC or header); reset defaults */
-               memset(p, 0, VB2_NVDATA_SIZE);
-               p[VB2_NV_OFFS_HEADER] = (VB2_NV_HEADER_SIGNATURE |
-                                        VB2_NV_HEADER_FW_SETTINGS_RESET |
-                                        VB2_NV_HEADER_KERNEL_SETTINGS_RESET);
-
-               /* Regenerate CRC */
-               vb2_nv_regen_crc(ctx);
-
-               /* Set status flag */
-               sd->status |= VB2_SD_STATUS_NV_REINIT;
-               /* TODO: unit test for status flag being set */
-       }
-
-       sd->status |= VB2_SD_STATUS_NV_INIT;
-}
-
-/* Macro for vb2_nv_get() single-bit settings to reduce duplicate code. */
-#define GETBIT(offs, mask) (p[offs] & mask ? 1 : 0)
-
-uint32_t vb2_nv_get(struct vb2_context *ctx, enum vb2_nv_param param)
-{
-       const uint8_t *p = ctx->nvdata;
-
-       /*
-        * TODO: We could reduce the binary size for this code by #ifdef'ing
-        * out the params not used by firmware verification.
-        */
-       switch (param) {
-       case VB2_NV_FIRMWARE_SETTINGS_RESET:
-               return GETBIT(VB2_NV_OFFS_HEADER,
-                             VB2_NV_HEADER_FW_SETTINGS_RESET);
-
-       case VB2_NV_KERNEL_SETTINGS_RESET:
-               return GETBIT(VB2_NV_OFFS_HEADER,
-                             VB2_NV_HEADER_KERNEL_SETTINGS_RESET);
-
-       case VB2_NV_DEBUG_RESET_MODE:
-               return GETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_DEBUG_RESET);
-
-       case VB2_NV_TRY_NEXT:
-               return GETBIT(VB2_NV_OFFS_BOOT2, VB2_NV_BOOT2_TRY_NEXT);
-
-       case VB2_NV_TRY_COUNT:
-               return p[VB2_NV_OFFS_BOOT] & VB2_NV_BOOT_TRY_COUNT_MASK;
-
-       case VB2_NV_FW_TRIED:
-               return GETBIT(VB2_NV_OFFS_BOOT2, VB2_NV_BOOT2_TRIED);
-
-       case VB2_NV_FW_RESULT:
-               return p[VB2_NV_OFFS_BOOT2] & VB2_NV_BOOT2_RESULT_MASK;
-
-       case VB2_NV_FW_PREV_TRIED:
-               return GETBIT(VB2_NV_OFFS_BOOT2, VB2_NV_BOOT2_PREV_TRIED);
-
-       case VB2_NV_FW_PREV_RESULT:
-               return (p[VB2_NV_OFFS_BOOT2] & VB2_NV_BOOT2_PREV_RESULT_MASK)
-                       >> VB2_NV_BOOT2_PREV_RESULT_SHIFT;
-
-       case VB2_NV_RECOVERY_REQUEST:
-               return p[VB2_NV_OFFS_RECOVERY];
-
-       case VB2_NV_RECOVERY_SUBCODE:
-               return p[VB2_NV_OFFS_RECOVERY_SUBCODE];
-
-       case VB2_NV_LOCALIZATION_INDEX:
-               return p[VB2_NV_OFFS_LOCALIZATION];
-
-       case VB2_NV_KERNEL_FIELD:
-               return (p[VB2_NV_OFFS_KERNEL]
-                       | (p[VB2_NV_OFFS_KERNEL + 1] << 8)
-                       | (p[VB2_NV_OFFS_KERNEL + 2] << 16)
-                       | (p[VB2_NV_OFFS_KERNEL + 3] << 24));
-
-       case VB2_NV_DEV_BOOT_USB:
-               return GETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_USB);
-
-       case VB2_NV_DEV_BOOT_LEGACY:
-               return GETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_LEGACY);
-
-       case VB2_NV_DEV_BOOT_SIGNED_ONLY:
-               return GETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_SIGNED_ONLY);
-
-       case VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP:
-               return GETBIT(VB2_NV_OFFS_DEV,
-                             VB2_NV_DEV_FLAG_FASTBOOT_FULL_CAP);
-
-       case VB2_NV_DEV_DEFAULT_BOOT:
-               return (p[VB2_NV_OFFS_DEV] & VB2_NV_DEV_FLAG_DEFAULT_BOOT)
-                       >> VB2_NV_DEV_DEFAULT_BOOT_SHIFT;
-
-       case VB2_NV_DISABLE_DEV_REQUEST:
-               return GETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_DISABLE_DEV);
-
-       case VB2_NV_OPROM_NEEDED:
-               return GETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_OPROM_NEEDED);
-
-       case VB2_NV_BACKUP_NVRAM_REQUEST:
-               return GETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_BACKUP_NVRAM);
-
-       case VB2_NV_CLEAR_TPM_OWNER_REQUEST:
-               return GETBIT(VB2_NV_OFFS_TPM, VB2_NV_TPM_CLEAR_OWNER_REQUEST);
-
-       case VB2_NV_CLEAR_TPM_OWNER_DONE:
-               return GETBIT(VB2_NV_OFFS_TPM, VB2_NV_TPM_CLEAR_OWNER_DONE);
-
-       case VB2_NV_TPM_REQUESTED_REBOOT:
-               return GETBIT(VB2_NV_OFFS_TPM, VB2_NV_TPM_REBOOTED);
-
-       case VB2_NV_REQ_WIPEOUT:
-               return GETBIT(VB2_NV_OFFS_HEADER , VB2_NV_HEADER_WIPEOUT);
-
-       case VB2_NV_FASTBOOT_UNLOCK_IN_FW:
-               return GETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_UNLOCK_FASTBOOT);
-
-       case VB2_NV_BOOT_ON_AC_DETECT:
-               return GETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_BOOT_ON_AC_DETECT);
-
-       case VB2_NV_TRY_RO_SYNC:
-               return GETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_TRY_RO_SYNC);
-
-       case VB2_NV_BATTERY_CUTOFF_REQUEST:
-               return GETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_BATTERY_CUTOFF);
-       }
-
-       /*
-        * Put default return outside the switch() instead of in default:, so
-        * that adding a new param will cause a compiler warning.
-        */
-       return 0;
-}
-
-#undef GETBIT
-
-/* Macro for vb2_nv_set() single-bit settings to reduce duplicate code. */
-#define SETBIT(offs, mask)                                     \
-       { if (value) p[offs] |= mask; else p[offs] &= ~mask; }
-
-void vb2_nv_set(struct vb2_context *ctx,
-               enum vb2_nv_param param,
-               uint32_t value)
-{
-       uint8_t *p = ctx->nvdata;
-
-       /* If not changing the value, don't regenerate the CRC. */
-       if (vb2_nv_get(ctx, param) == value)
-               return;
-
-       /*
-        * TODO: We could reduce the binary size for this code by #ifdef'ing
-        * out the params not used by firmware verification.
-        */
-       switch (param) {
-       case VB2_NV_FIRMWARE_SETTINGS_RESET:
-               SETBIT(VB2_NV_OFFS_HEADER, VB2_NV_HEADER_FW_SETTINGS_RESET);
-               break;
-
-       case VB2_NV_KERNEL_SETTINGS_RESET:
-               SETBIT(VB2_NV_OFFS_HEADER, VB2_NV_HEADER_KERNEL_SETTINGS_RESET);
-               break;
-
-       case VB2_NV_DEBUG_RESET_MODE:
-               SETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_DEBUG_RESET);
-               break;
-
-       case VB2_NV_TRY_NEXT:
-               SETBIT(VB2_NV_OFFS_BOOT2, VB2_NV_BOOT2_TRY_NEXT);
-               break;
-
-       case VB2_NV_TRY_COUNT:
-               /* Clip to valid range. */
-               if (value > VB2_NV_BOOT_TRY_COUNT_MASK)
-                       value = VB2_NV_BOOT_TRY_COUNT_MASK;
-
-               p[VB2_NV_OFFS_BOOT] &= ~VB2_NV_BOOT_TRY_COUNT_MASK;
-               p[VB2_NV_OFFS_BOOT] |= (uint8_t)value;
-               break;
-
-       case VB2_NV_FW_TRIED:
-               SETBIT(VB2_NV_OFFS_BOOT2, VB2_NV_BOOT2_TRIED);
-               break;
-
-       case VB2_NV_FW_RESULT:
-               /* Map out of range values to unknown */
-               if (value > VB2_NV_BOOT2_RESULT_MASK)
-                       value = VB2_FW_RESULT_UNKNOWN;
-
-               p[VB2_NV_OFFS_BOOT2] &= ~VB2_NV_BOOT2_RESULT_MASK;
-               p[VB2_NV_OFFS_BOOT2] |= (uint8_t)value;
-               break;
-
-       case VB2_NV_FW_PREV_TRIED:
-               SETBIT(VB2_NV_OFFS_BOOT2, VB2_NV_BOOT2_PREV_TRIED);
-               break;
-
-       case VB2_NV_FW_PREV_RESULT:
-               /* Map out of range values to unknown */
-               if (value > VB2_NV_BOOT2_RESULT_MASK)
-                       value = VB2_FW_RESULT_UNKNOWN;
-
-               p[VB2_NV_OFFS_BOOT2] &= ~VB2_NV_BOOT2_PREV_RESULT_MASK;
-               p[VB2_NV_OFFS_BOOT2] |=
-                       (uint8_t)(value << VB2_NV_BOOT2_PREV_RESULT_SHIFT);
-               break;
-
-       case VB2_NV_RECOVERY_REQUEST:
-               /*
-                * Map values outside the valid range to the legacy reason,
-                * since we can't determine if we're called from kernel or user
-                * mode.
-                */
-               if (value > 0xff)
-                       value = VB2_RECOVERY_LEGACY;
-               p[VB2_NV_OFFS_RECOVERY] = (uint8_t)value;
-               break;
-
-       case VB2_NV_RECOVERY_SUBCODE:
-               p[VB2_NV_OFFS_RECOVERY_SUBCODE] = (uint8_t)value;
-               break;
-
-       case VB2_NV_LOCALIZATION_INDEX:
-               /* Map values outside the valid range to the default index. */
-               if (value > 0xFF)
-                       value = 0;
-               p[VB2_NV_OFFS_LOCALIZATION] = (uint8_t)value;
-               break;
-
-       case VB2_NV_KERNEL_FIELD:
-               p[VB2_NV_OFFS_KERNEL] = (uint8_t)(value);
-               p[VB2_NV_OFFS_KERNEL + 1] = (uint8_t)(value >> 8);
-               p[VB2_NV_OFFS_KERNEL + 2] = (uint8_t)(value >> 16);
-               p[VB2_NV_OFFS_KERNEL + 3] = (uint8_t)(value >> 24);
-               break;
-
-       case VB2_NV_DEV_BOOT_USB:
-               SETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_USB);
-               break;
-
-       case VB2_NV_DEV_BOOT_LEGACY:
-               SETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_LEGACY);
-               break;
-
-       case VB2_NV_DEV_BOOT_SIGNED_ONLY:
-               SETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_SIGNED_ONLY);
-               break;
-
-       case VB2_NV_DEV_BOOT_FASTBOOT_FULL_CAP:
-               SETBIT(VB2_NV_OFFS_DEV, VB2_NV_DEV_FLAG_FASTBOOT_FULL_CAP);
-               break;
-
-       case VB2_NV_DEV_DEFAULT_BOOT:
-               /* Map out of range values to disk */
-               if (value > (VB2_NV_DEV_FLAG_DEFAULT_BOOT >>
-                            VB2_NV_DEV_DEFAULT_BOOT_SHIFT))
-                       value = VB2_DEV_DEFAULT_BOOT_DISK;
-
-               p[VB2_NV_OFFS_DEV] &= ~VB2_NV_DEV_FLAG_DEFAULT_BOOT;
-               p[VB2_NV_OFFS_DEV] |=
-                       (uint8_t)(value << VB2_NV_DEV_DEFAULT_BOOT_SHIFT);
-               break;
-
-       case VB2_NV_DISABLE_DEV_REQUEST:
-               SETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_DISABLE_DEV);
-               break;
-
-       case VB2_NV_OPROM_NEEDED:
-               SETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_OPROM_NEEDED);
-               break;
-
-       case VB2_NV_BACKUP_NVRAM_REQUEST:
-               SETBIT(VB2_NV_OFFS_BOOT, VB2_NV_BOOT_BACKUP_NVRAM);
-               break;
-
-       case VB2_NV_CLEAR_TPM_OWNER_REQUEST:
-               SETBIT(VB2_NV_OFFS_TPM, VB2_NV_TPM_CLEAR_OWNER_REQUEST);
-               break;
-
-       case VB2_NV_CLEAR_TPM_OWNER_DONE:
-               SETBIT(VB2_NV_OFFS_TPM, VB2_NV_TPM_CLEAR_OWNER_DONE);
-               break;
-
-       case VB2_NV_TPM_REQUESTED_REBOOT:
-               SETBIT(VB2_NV_OFFS_TPM, VB2_NV_TPM_REBOOTED);
-               break;
-
-       case VB2_NV_REQ_WIPEOUT:
-               SETBIT(VB2_NV_OFFS_HEADER , VB2_NV_HEADER_WIPEOUT);
-               break;
-
-       case VB2_NV_FASTBOOT_UNLOCK_IN_FW:
-               SETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_UNLOCK_FASTBOOT);
-               break;
-
-       case VB2_NV_BOOT_ON_AC_DETECT:
-               SETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_BOOT_ON_AC_DETECT);
-               break;
-
-       case VB2_NV_TRY_RO_SYNC:
-               SETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_TRY_RO_SYNC);
-               break;
-
-       case VB2_NV_BATTERY_CUTOFF_REQUEST:
-               SETBIT(VB2_NV_OFFS_MISC, VB2_NV_MISC_BATTERY_CUTOFF);
-               break;
-       }
-
-       /*
-        * Note there is no default case.  This causes a compiler warning if
-        * a new param is added to the enum without adding support here.
-        */
-
-       /* Need to regenerate CRC, since the value changed. */
-       vb2_nv_regen_crc(ctx);
-}
-
-#undef SETBIT
diff --git a/kern/lib/crypto/2rsa.c b/kern/lib/crypto/2rsa.c
index 7862b13..9fe5b44 100644
--- a/kern/lib/crypto/2rsa.c
+++ b/kern/lib/crypto/2rsa.c
@@ -9,10 +9,10 @@
  * multiple RSA key lengths and hash digest algorithms.
  */
 
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2rsa.h"
-#include "2sha.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2rsa.h>
+#include <crypto/2sha.h>
 
 /**
  * a[] -= mod
diff --git a/kern/lib/crypto/2secdata.c b/kern/lib/crypto/2secdata.c
index 3281f7c..08316b6 100644
--- a/kern/lib/crypto/2secdata.c
+++ b/kern/lib/crypto/2secdata.c
@@ -5,11 +5,11 @@
  * Secure storage APIs
  */
 
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2crc8.h"
-#include "2misc.h"
-#include "2secdata.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2crc8.h>
+#include <crypto/2misc.h>
+#include <crypto/2secdata.h>
 
 int vb2_secdata_check_crc(const struct vb2_context *ctx)
 {
diff --git a/kern/lib/crypto/2secdatak.c b/kern/lib/crypto/2secdatak.c
index af11aef..c037085 100644
--- a/kern/lib/crypto/2secdatak.c
+++ b/kern/lib/crypto/2secdatak.c
@@ -5,11 +5,11 @@
  * Secure storage APIs - kernel version space
  */
 
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2crc8.h"
-#include "2misc.h"
-#include "2secdata.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2crc8.h>
+#include <crypto/2misc.h>
+#include <crypto/2secdata.h>
 
 int vb2_secdatak_check_crc(const struct vb2_context *ctx)
 {
diff --git a/kern/lib/crypto/2sha1.c b/kern/lib/crypto/2sha1.c
index 41c8317..5f824db 100644
--- a/kern/lib/crypto/2sha1.c
+++ b/kern/lib/crypto/2sha1.c
@@ -6,9 +6,9 @@
  * Open Source Project (platorm/system/core.git/libmincrypt/sha.c
  */
 
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2sha.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2sha.h>
 
 /*
  * Some machines lack byteswap.h and endian.h. These have to use the
diff --git a/kern/lib/crypto/2sha512.c b/kern/lib/crypto/2sha512.c
index fedc8b7..69eab40 100644
--- a/kern/lib/crypto/2sha512.c
+++ b/kern/lib/crypto/2sha512.c
@@ -35,9 +35,9 @@
  * SUCH DAMAGE.
  */
 
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2sha.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2sha.h>
 
 #define SHFR(x, n)    (x >> n)
 #define ROTR(x, n)   ((x >> n) | (x << ((sizeof(x) << 3) - n)))
diff --git a/kern/lib/crypto/2sha_utility.c b/kern/lib/crypto/2sha_utility.c
index dd74f29..d0f40d8 100644
--- a/kern/lib/crypto/2sha_utility.c
+++ b/kern/lib/crypto/2sha_utility.c
@@ -5,9 +5,9 @@
  * Utility functions for message digest functions.
  */
 
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2sha.h"
+#include <crypto/2sysincludes.h>
+#include <crypto/2common.h>
+#include <crypto/2sha.h>
 
 #if VB2_SUPPORT_SHA1
 #define CTH_SHA1 VB2_HASH_SHA1
diff --git a/kern/lib/crypto/2stub.c b/kern/lib/crypto/2stub.c
deleted file mode 100644
index 971286c..0000000
--- a/kern/lib/crypto/2stub.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Stub API implementations which should be implemented by the caller.
- */
-
-#include <stdarg.h>
-#include <stdio.h>
-
-#include "2sysincludes.h"
-#include "2api.h"
-
-__attribute__((weak))
-void vb2ex_printf(const char *func, const char *fmt, ...)
-{
-       va_list ap;
-       va_start(ap, fmt);
-       fprintf(stderr, "%s: ", func);
-       vfprintf(stderr, fmt, ap);
-       va_end(ap);
-}
-
-__attribute__((weak))
-int vb2ex_tpm_clear_owner(struct vb2_context *ctx)
-{
-       return VB2_ERROR_EX_TPM_CLEAR_OWNER_UNIMPLEMENTED;
-}
-
-__attribute__((weak))
-int vb2ex_read_resource(struct vb2_context *ctx,
-                       enum vb2_resource_index index,
-                       uint32_t offset,
-                       void *buf,
-                       uint32_t size)
-{
-       return VB2_ERROR_EX_READ_RESOURCE_UNIMPLEMENTED;
-}
-
-__attribute__((weak))
-int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
-                              uint32_t data_size)
-{
-       return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
-}
-
-__attribute__((weak))
-int vb2ex_hwcrypto_digest_extend(const uint8_t *buf,
-                                uint32_t size)
-{
-       return VB2_ERROR_SHA_EXTEND_ALGORITHM;  /* Should not be called. */
-}
-
-__attribute__((weak))
-int vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
-                                  uint32_t digest_size)
-{
-       return VB2_ERROR_SHA_FINALIZE_ALGORITHM; /* Should not be called. */
-}
diff --git a/kern/lib/crypto/2tpm_bootmode.c b/kern/lib/crypto/2tpm_bootmode.c
deleted file mode 100644
index 6903fe8..0000000
--- a/kern/lib/crypto/2tpm_bootmode.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/* Copyright 2015 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Functions for updating the TPM state with the status of boot path.
- */
-
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2sha.h"
-#include "2tpm_bootmode.h"
-
-/*
- * Input digests for PCR extend.
- * These are calculated as:
- *    SHA1("|Developer_Mode||Recovery_Mode||Keyblock_Mode|").
- * Developer_Mode can be 0 or 1.
- * Recovery_Mode can be 0 or 1.
- * Keyblock flags are defined in 2struct.h and assumed always 0 in recovery 
mode
- * or 7 in non-recovery mode.
- *
- * We map them to Keyblock_Mode as follows:
- *   -----------------------------------------
- *   Keyblock Flags            | Keyblock Mode
- *   -----------------------------------------
- *   0 recovery mode           |     0
- *   7 Normal-signed firmware  |     1
- */
-
-const uint8_t kBootStateSHA1Digests[][VB2_SHA1_DIGEST_SIZE] = {
-       /* SHA1(0x00|0x00|0x01) */
-       {0x25, 0x47, 0xcc, 0x73, 0x6e, 0x95, 0x1f, 0xa4, 0x91, 0x98, 0x53, 0xc4,
-                       0x3a, 0xe8, 0x90, 0x86, 0x1a, 0x3b, 0x32, 0x64},
-
-       /* SHA1(0x01|0x00|0x01) */
-       {0xc4, 0x2a, 0xc1, 0xc4, 0x6f, 0x1d, 0x4e, 0x21, 0x1c, 0x73, 0x5c, 0xc7,
-                       0xdf, 0xad, 0x4f, 0xf8, 0x39, 0x11, 0x10, 0xe9},
-
-       /* SHA1(0x00|0x01|0x00) */
-       {0x62, 0x57, 0x18, 0x91, 0x21, 0x5b, 0x4e, 0xfc, 0x1c, 0xea, 0xb7, 0x44,
-                       0xce, 0x59, 0xdd, 0x0b, 0x66, 0xea, 0x6f, 0x73},
-
-       /* SHA1(0x01|0x01|0x00) */
-       {0x47, 0xec, 0x8d, 0x98, 0x36, 0x64, 0x33, 0xdc, 0x00, 0x2e, 0x77, 0x21,
-                       0xc9, 0xe3, 0x7d, 0x50, 0x67, 0x54, 0x79, 0x37},
-};
-
-const uint8_t *vb2_get_boot_state_digest(struct vb2_context *ctx)
-{
-       int index = (ctx->flags & VB2_CONTEXT_RECOVERY_MODE ? 2 : 0) +
-                       (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE ? 1 : 0);
-
-       return kBootStateSHA1Digests[index];
-}
diff --git a/kern/lib/crypto/Kbuild b/kern/lib/crypto/Kbuild
index f82f470..c706f80 100644
--- a/kern/lib/crypto/Kbuild
+++ b/kern/lib/crypto/Kbuild
@@ -1,15 +1,15 @@
 #obj-y                                           += 2api.o
-#obj-y                                           += 2common.o
-#obj-y                                           += 2crc8.o
-#obj-y                                           += 2hmac.o
+obj-y                                           += 2common.o
+obj-y                                           += 2crc8.o
+obj-y                                           += 2hmac.o
 #obj-y                                           += 2misc.o
 #obj-y                                           += 2nvstorage.o
-#obj-y                                           += 2rsa.o
-#obj-y                                           += 2secdata.o
-#obj-y                                           += 2secdatak.o
-#obj-y                                           += 2sha1.o
+obj-y                                           += 2rsa.o
+obj-y                                           += 2secdata.o
+obj-y                                           += 2secdatak.o
+obj-y                                           += 2sha1.o
 obj-y                                           += 2sha256.o
-#obj-y                                           += 2sha512.o
-#obj-y                                           += 2sha_utility.o
+obj-y                                           += 2sha512.o
+obj-y                                           += 2sha_utility.o
 #obj-y                                           += 2stub.o
 #obj-y                                           += 2tpm_bootmode.o
-- 
2.8.0.rc3.226.g39d4020

-- 
You received this message because you are subscribed to the Google Groups 
"Akaros" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to akaros+unsubscr...@googlegroups.com.
To post to this group, send email to akaros@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to