Verified boot wrapper - replace utility functions

This is part 3 of the vboot wrapper API refactoring.  It replaces the
function calls to utility.c functions with new API calls.  (It also
fixes up some integer type mismatches in cryptolib that were causing
warnings on the H2C build; those had been fixed a while ago in H2C but
hadn't been propagated across.)

This is a re-commit of the original; I've verified it compiles on both
x86-alex and tegra2, for both vboot_reference and
vboot_reference-firmware, now that the patch from
1c1a883bc746a6216bb634825d33d80562853020 is checked in.

BUG=chromium-os:17006
TEST=make && make runtests, and emerged on both x86-alex and tegra2

Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f
Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263
Original-Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
(cherry picked from commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc)

Change-Id: Iefdbfb3d10eb9aa385fb6dfc3bf0896f637cb64b
Reviewed-on: http://gerrit.chromium.org/gerrit/3582
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
diff --git a/firmware/include/utility.h b/firmware/include/utility.h
index 3de8bb8..2ad853e 100644
--- a/firmware/include/utility.h
+++ b/firmware/include/utility.h
@@ -14,7 +14,7 @@
 
 /* Debug and error output */
 #ifdef VBOOT_DEBUG
-#define VBDEBUG(params) debug params
+#define VBDEBUG(params) VbExDebug params
 #else
 #define VBDEBUG(params)
 #endif
@@ -35,16 +35,10 @@
 #define VBPERFEND(name)
 #endif
 
-/* Outputs an error message and quits. */
-void error(const char* format, ...);
-
-/* Outputs debug/warning messages. */
-void debug(const char* format, ...);
-
 #ifdef VBOOT_DEBUG
 #define VbAssert(expr) do { if (!(expr)) { \
-      error("assert fail: %s at %s:%d\n", \
-            #expr, __FILE__, __LINE__); }} while(0)
+    VbExError("assert fail: %s at %s:%d\n", \
+              #expr, __FILE__, __LINE__); }} while(0)
 #else
 #define VbAssert(expr)
 #endif
@@ -57,14 +51,6 @@
 /* Return the minimum of (a) or (b). */
 #define Min(a, b) (((a) < (b)) ? (a) : (b))
 
-/* Allocate [size] bytes and return a pointer to the allocated memory. Abort
- * on error.
- */
-void* Malloc(size_t size);
-
-/* Free memory pointed by [ptr] previously allocated by Malloc(). */
-void Free(void* ptr);
-
 /* Compare [n] bytes in [src1] and [src2]
  * Returns an integer less than, equal to, or greater than zero if the first [n]
  * bytes of [src1] is found, respectively, to be less than, to match, or be
@@ -96,18 +82,4 @@
 #define memset _do_not_use_standard_memset
 #endif
 
-/* Read a high-resolution timer. */
-uint64_t VbGetTimer(void);
-
-/* Return the maximum frequency for the high-resolution timer, in Hz.
- *
- * Note that this call MUST be fast; the implementation must not
- * attempt to actually measure the frequency.  This function need only
- * return an upper bound for the timer frequency, so that minimum
- * delays can be established.  For example, if the same BIOS can run
- * on CPUs where the timer frequency varies between 1.2GHz and 1.8GHz,
- * return 1800000000 (or even 2000000000). */
-uint64_t VbGetTimerMaxFreq(void);
-
-
 #endif  /* VBOOT_REFERENCE_UTILITY_H_ */
diff --git a/firmware/lib/cgptlib/cgptlib.c b/firmware/lib/cgptlib/cgptlib.c
index e1da7f4..2dcb46d 100644
--- a/firmware/lib/cgptlib/cgptlib.c
+++ b/firmware/lib/cgptlib/cgptlib.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
@@ -8,6 +8,7 @@
 #include "crc32.h"
 #include "gpt.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 int GptInit(GptData *gpt) {
   int retval;
diff --git a/firmware/lib/cryptolib/include/sha.h b/firmware/lib/cryptolib/include/sha.h
index 8beb296..a816471 100644
--- a/firmware/lib/cryptolib/include/sha.h
+++ b/firmware/lib/cryptolib/include/sha.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
@@ -107,7 +107,7 @@
 
 /* Initialize a digest context for use with signature algorithm [algorithm]. */
 void DigestInit(DigestContext* ctx, int sig_algorithm);
-void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint64_t len);
+void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint32_t len);
 
 /* Caller owns the returned digest and must free it. */
 uint8_t* DigestFinal(DigestContext* ctx);
diff --git a/firmware/lib/cryptolib/rsa.c b/firmware/lib/cryptolib/rsa.c
index 1dbf92c..d552e13 100644
--- a/firmware/lib/cryptolib/rsa.c
+++ b/firmware/lib/cryptolib/rsa.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
@@ -9,6 +9,7 @@
  */
 
 #include "cryptolib.h"
+#include "vboot_api.h"
 #include "utility.h"
 
 /* a[] -= mod */
@@ -77,9 +78,9 @@
  */
 static void modpowF4(const RSAPublicKey *key,
                     uint8_t* inout) {
-  uint32_t* a = (uint32_t*) Malloc(key->len * sizeof(uint32_t));
-  uint32_t* aR = (uint32_t*) Malloc(key->len * sizeof(uint32_t));
-  uint32_t* aaR = (uint32_t*) Malloc(key->len * sizeof(uint32_t));
+  uint32_t* a = (uint32_t*) VbExMalloc(key->len * sizeof(uint32_t));
+  uint32_t* aR = (uint32_t*) VbExMalloc(key->len * sizeof(uint32_t));
+  uint32_t* aaR = (uint32_t*) VbExMalloc(key->len * sizeof(uint32_t));
 
   uint32_t* aaa = aaR;  /* Re-use location. */
   int i;
@@ -116,9 +117,9 @@
     *inout++ = (uint8_t)(tmp >>  0);
   }
 
-  Free(a);
-  Free(aR);
-  Free(aaR);
+  VbExFree(a);
+  VbExFree(aR);
+  VbExFree(aaR);
 }
 
 /* Verify a RSA PKCS1.5 signature against an expected hash.
@@ -152,7 +153,7 @@
     return 0;
   }
 
-  buf = (uint8_t*) Malloc(sig_len);
+  buf = (uint8_t*) VbExMalloc(sig_len);
   if (!buf)
     return 0;
   Memcpy(buf, sig, sig_len);
@@ -177,7 +178,7 @@
     VBDEBUG(("In RSAVerify(): Hash check failed!\n"));
     success  = 0;
   }
-  Free(buf);
+  VbExFree(buf);
 
   return success;
 }
diff --git a/firmware/lib/cryptolib/rsa_utility.c b/firmware/lib/cryptolib/rsa_utility.c
index cc653c6..b227b06 100644
--- a/firmware/lib/cryptolib/rsa_utility.c
+++ b/firmware/lib/cryptolib/rsa_utility.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -8,11 +8,12 @@
 #include "cryptolib.h"
 #include "stateful_util.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 uint64_t RSAProcessedKeySize(uint64_t algorithm, uint64_t* out_size) {
-  uint64_t key_len; /* Key length in bytes. */
+  int key_len; /* Key length in bytes.  (int type matches siglen_map) */
   if (algorithm < kNumAlgorithms) {
-    key_len =  siglen_map[algorithm];
+    key_len = siglen_map[algorithm];
     /* Total size needed by a RSAPublicKey structure is =
      *  2 * key_len bytes for the  n and rr arrays
      *  + sizeof len + sizeof n0inv.
@@ -24,7 +25,7 @@
 }
 
 RSAPublicKey* RSAPublicKeyNew(void) {
-  RSAPublicKey* key = (RSAPublicKey*) Malloc(sizeof(RSAPublicKey));
+  RSAPublicKey* key = (RSAPublicKey*) VbExMalloc(sizeof(RSAPublicKey));
   key->n = NULL;
   key->rr = NULL;
   return key;
@@ -32,9 +33,9 @@
 
 void RSAPublicKeyFree(RSAPublicKey* key) {
   if (key) {
-    Free(key->n);
-    Free(key->rr);
-    Free(key);
+    VbExFree(key->n);
+    VbExFree(key->rr);
+    VbExFree(key);
   }
 }
 
@@ -59,8 +60,8 @@
     return NULL;
   }
 
-  key->n = (uint32_t*) Malloc(key_len);
-  key->rr = (uint32_t*) Malloc(key_len);
+  key->n = (uint32_t*) VbExMalloc(key_len);
+  key->rr = (uint32_t*) VbExMalloc(key_len);
 
   StatefulMemcpy(&st, &key->n0inv, sizeof(key->n0inv));
   StatefulMemcpy(&st, key->n, key_len);
@@ -106,7 +107,7 @@
   success = RSAVerify(verification_key, sig, (uint32_t)sig_size,
                       (uint8_t)algorithm, digest);
 
-  Free(digest);
+  VbExFree(digest);
   if (!key)
     RSAPublicKeyFree(verification_key);  /* Only free if we allocated it. */
   return success;
diff --git a/firmware/lib/cryptolib/sha_utility.c b/firmware/lib/cryptolib/sha_utility.c
index 4e266f7..bec7209 100644
--- a/firmware/lib/cryptolib/sha_utility.c
+++ b/firmware/lib/cryptolib/sha_utility.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -7,26 +7,27 @@
 
 #include "cryptolib.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 void DigestInit(DigestContext* ctx, int sig_algorithm) {
   ctx->algorithm = hash_type_map[sig_algorithm];
   switch(ctx->algorithm) {
     case SHA1_DIGEST_ALGORITHM:
-      ctx->sha1_ctx = (SHA1_CTX*) Malloc(sizeof(SHA1_CTX));
+      ctx->sha1_ctx = (SHA1_CTX*) VbExMalloc(sizeof(SHA1_CTX));
       SHA1_init(ctx->sha1_ctx);
       break;
     case SHA256_DIGEST_ALGORITHM:
-      ctx->sha256_ctx = (SHA256_CTX*) Malloc(sizeof(SHA256_CTX));
+      ctx->sha256_ctx = (SHA256_CTX*) VbExMalloc(sizeof(SHA256_CTX));
       SHA256_init(ctx->sha256_ctx);
       break;
     case SHA512_DIGEST_ALGORITHM:
-      ctx->sha512_ctx = (SHA512_CTX*) Malloc(sizeof(SHA512_CTX));
+      ctx->sha512_ctx = (SHA512_CTX*) VbExMalloc(sizeof(SHA512_CTX));
       SHA512_init(ctx->sha512_ctx);
       break;
   };
 }
 
-void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint64_t len) {
+void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint32_t len) {
   switch(ctx->algorithm) {
     case SHA1_DIGEST_ALGORITHM:
       SHA1_update(ctx->sha1_ctx, data, len);
@@ -44,26 +45,27 @@
   uint8_t* digest = NULL;
   switch(ctx->algorithm) {
     case SHA1_DIGEST_ALGORITHM:
-      digest = (uint8_t*) Malloc(SHA1_DIGEST_SIZE);
+      digest = (uint8_t*) VbExMalloc(SHA1_DIGEST_SIZE);
       Memcpy(digest, SHA1_final(ctx->sha1_ctx), SHA1_DIGEST_SIZE);
-      Free(ctx->sha1_ctx);
+      VbExFree(ctx->sha1_ctx);
       break;
     case SHA256_DIGEST_ALGORITHM:
-      digest = (uint8_t*) Malloc(SHA256_DIGEST_SIZE);
+      digest = (uint8_t*) VbExMalloc(SHA256_DIGEST_SIZE);
       Memcpy(digest, SHA256_final(ctx->sha256_ctx), SHA256_DIGEST_SIZE);
-      Free(ctx->sha256_ctx);
+      VbExFree(ctx->sha256_ctx);
       break;
     case SHA512_DIGEST_ALGORITHM:
-      digest = (uint8_t*) Malloc(SHA512_DIGEST_SIZE);
+      digest = (uint8_t*) VbExMalloc(SHA512_DIGEST_SIZE);
       Memcpy(digest, SHA512_final(ctx->sha512_ctx), SHA512_DIGEST_SIZE);
-      Free(ctx->sha512_ctx);
+      VbExFree(ctx->sha512_ctx);
       break;
   };
   return digest;
 }
 
 uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm) {
-  uint8_t* digest = (uint8_t*) Malloc(SHA512_DIGEST_SIZE); /* Use the max. */
+  /* Allocate enough space for the largest digest */
+  uint8_t* digest = (uint8_t*) VbExMalloc(SHA512_DIGEST_SIZE);
   /* Define an array mapping [sig_algorithm] to function pointers to the
    * SHA{1|256|512} functions.
    */
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index 27b6165..153bce2 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -7,11 +7,11 @@
  */
 
 #include "rollback_index.h"
-
 #include "tlcl.h"
 #include "tpm_bootmode.h"
 #include "tss_constants.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 static int g_rollback_recovery_mode = 0;
 
diff --git a/firmware/lib/tpm_bootmode.c b/firmware/lib/tpm_bootmode.c
index 13371c4..f9a9bec 100644
--- a/firmware/lib/tpm_bootmode.c
+++ b/firmware/lib/tpm_bootmode.c
@@ -9,6 +9,7 @@
 
 #include "tlcl.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 /* TPM PCR to use for storing boot mode measurements. */
 #define BOOT_MODE_PCR 0
diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c
index 3fbcd1e..5c623b6 100644
--- a/firmware/lib/tpm_lite/tlcl.c
+++ b/firmware/lib/tpm_lite/tlcl.c
@@ -19,6 +19,7 @@
 #include "tlcl_internal.h"
 #include "tlcl_structures.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 /* Sets the size field of a TPM command. */
 static INLINE void SetTpmCommandSize(uint8_t* buffer, uint32_t size) {
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index a20e16f..81e2597 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -7,6 +7,7 @@
  */
 
 
+#include "vboot_api.h"
 #include "vboot_common.h"
 #include "utility.h"
 
@@ -231,7 +232,7 @@
                                 SHA512_DIGEST_ALGORITHM);
     rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig),
                     SHA512_DIGEST_SIZE);
-    Free(header_checksum);
+    VbExFree(header_checksum);
     if (rv) {
       VBDEBUG(("Invalid key block hash.\n"));
       return VBOOT_KEY_BLOCK_HASH;
diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c
index d56cba7..40ddf4c 100644
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -11,6 +11,7 @@
 #include "rollback_index.h"
 #include "tpm_bootmode.h"
 #include "utility.h"
+#include "vboot_api.h"
 #include "vboot_common.h"
 #include "vboot_nvstorage.h"
 
@@ -77,7 +78,7 @@
     recovery = VBNV_RECOVERY_RO_SHARED_DATA;
     goto LoadFirmwareExit;
   }
-  shared->timer_load_firmware_enter = VbGetTimer();
+  shared->timer_load_firmware_enter = VbExGetTimer();
 
   /* Handle test errors */
   VbNvGet(vnc, VBNV_TEST_ERROR_FUNC, &test_err);
@@ -136,7 +137,7 @@
   }
 
   /* Allocate our internal data */
-  lfi = (VbLoadFirmwareInternal*)Malloc(sizeof(VbLoadFirmwareInternal));
+  lfi = (VbLoadFirmwareInternal*)VbExMalloc(sizeof(VbLoadFirmwareInternal));
   if (!lfi)
     return LOAD_FIRMWARE_RECOVERY;
 
@@ -275,7 +276,7 @@
       VBDEBUG(("Firmware body verification failed.\n"));
       *check_result = VBSD_LF_CHECK_VERIFY_BODY;
       RSAPublicKeyFree(data_key);
-      Free(body_digest);
+      VbExFree(body_digest);
       VBPERFEND("VB_VFD");
       continue;
     }
@@ -283,7 +284,7 @@
 
     /* Done with the digest and data key, so can free them now */
     RSAPublicKeyFree(data_key);
-    Free(body_digest);
+    VbExFree(body_digest);
 
     /* If we're still here, the firmware is valid. */
     VBDEBUG(("Firmware %d is valid.\n", index));
@@ -327,7 +328,7 @@
   }
 
   /* Free internal data */
-  Free(lfi);
+  VbExFree(lfi);
   params->load_firmware_internal = NULL;
 
   /* Handle finding good firmware */
@@ -390,7 +391,7 @@
           recovery : VBNV_RECOVERY_NOT_REQUESTED);
   VbNvTeardown(vnc);
 
-  shared->timer_load_firmware_exit = VbGetTimer();
+  shared->timer_load_firmware_exit = VbExGetTimer();
 
   /* Note that we don't reduce params->shared_data_size to shared->data_used,
    * since we want to leave space for LoadKernel() to add to the shared data
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index a1ddd17..da9fb2c 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -6,8 +6,6 @@
  * (Firmware portion)
  */
 
-#include "vboot_kernel.h"
-
 #include "boot_device.h"
 #include "cgptlib.h"
 #include "cgptlib_internal.h"
@@ -15,7 +13,9 @@
 #include "load_kernel_fw.h"
 #include "rollback_index.h"
 #include "utility.h"
+#include "vboot_api.h"
 #include "vboot_common.h"
+#include "vboot_kernel.h"
 
 #define KBUF_SIZE 65536  /* Bytes to read at start of kernel partition */
 #define LOWEST_TPM_VERSION 0xffffffff
@@ -40,10 +40,10 @@
   gptdata->modified = 0;
 
   /* Allocate all buffers */
-  gptdata->primary_header = (uint8_t*)Malloc(gptdata->sector_bytes);
-  gptdata->secondary_header = (uint8_t*)Malloc(gptdata->sector_bytes);
-  gptdata->primary_entries = (uint8_t*)Malloc(TOTAL_ENTRIES_SIZE);
-  gptdata->secondary_entries = (uint8_t*)Malloc(TOTAL_ENTRIES_SIZE);
+  gptdata->primary_header = (uint8_t*)VbExMalloc(gptdata->sector_bytes);
+  gptdata->secondary_header = (uint8_t*)VbExMalloc(gptdata->sector_bytes);
+  gptdata->primary_entries = (uint8_t*)VbExMalloc(TOTAL_ENTRIES_SIZE);
+  gptdata->secondary_entries = (uint8_t*)VbExMalloc(TOTAL_ENTRIES_SIZE);
 
   if (gptdata->primary_header == NULL || gptdata->secondary_header == NULL ||
       gptdata->primary_entries == NULL || gptdata->secondary_entries == NULL)
@@ -79,7 +79,7 @@
       if (0 != BootDeviceWriteLBA(1, 1, gptdata->primary_header))
         return 1;
     }
-    Free(gptdata->primary_header);
+    VbExFree(gptdata->primary_header);
   }
 
   if (gptdata->primary_entries) {
@@ -89,7 +89,7 @@
                                   gptdata->primary_entries))
         return 1;
     }
-    Free(gptdata->primary_entries);
+    VbExFree(gptdata->primary_entries);
   }
 
   if (gptdata->secondary_entries) {
@@ -99,7 +99,7 @@
                                   entries_sectors, gptdata->secondary_entries))
         return 1;
     }
-    Free(gptdata->secondary_entries);
+    VbExFree(gptdata->secondary_entries);
   }
 
   if (gptdata->secondary_header) {
@@ -109,7 +109,7 @@
                                   gptdata->secondary_header))
         return 1;
     }
-    Free(gptdata->secondary_header);
+    VbExFree(gptdata->secondary_header);
   }
 
   /* Success */
@@ -142,7 +142,7 @@
 
   int retval = LOAD_KERNEL_RECOVERY;
   int recovery = VBNV_RECOVERY_RO_UNSPECIFIED;
-  uint64_t timer_enter = VbGetTimer();
+  uint64_t timer_enter = VbExGetTimer();
 
   /* Setup NV storage */
   VbNvSetup(vnc);
@@ -300,7 +300,7 @@
     }
 
     /* Allocate kernel header buffers */
-    kbuf = (uint8_t*)Malloc(KBUF_SIZE);
+    kbuf = (uint8_t*)VbExMalloc(KBUF_SIZE);
     if (!kbuf)
       break;
 
@@ -585,7 +585,7 @@
 
   /* Free kernel buffer */
   if (kbuf)
-    Free(kbuf);
+    VbExFree(kbuf);
 
   /* Write and free GPT data */
   WriteAndFreeGptData(&gpt);
@@ -665,7 +665,7 @@
 
     /* Save timer values */
     shared->timer_load_kernel_enter = timer_enter;
-    shared->timer_load_kernel_exit = VbGetTimer();
+    shared->timer_load_kernel_exit = VbExGetTimer();
     /* Store how much shared data we used, if any */
     params->shared_data_size = shared->data_used;
   }
diff --git a/firmware/stub/load_firmware_stub.c b/firmware/stub/load_firmware_stub.c
index 26ce3d5..bdae981 100644
--- a/firmware/stub/load_firmware_stub.c
+++ b/firmware/stub/load_firmware_stub.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -9,6 +9,7 @@
 
 #include "load_firmware_fw.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 #define  BOOT_FIRMWARE_A_CONTINUE 1
 #define  BOOT_FIRMWARE_B_CONTINUE 2
@@ -99,7 +100,7 @@
   p.nv_context = &vnc;
 
   /* Allocate a shared data buffer */
-  p.shared_data_blob = Malloc(VB_SHARED_DATA_REC_SIZE);
+  p.shared_data_blob = VbExMalloc(VB_SHARED_DATA_REC_SIZE);
   p.shared_data_size = VB_SHARED_DATA_REC_SIZE;
 
   /* TODO: YOU NEED TO SET THE BOOT FLAGS SOMEHOW */
diff --git a/firmware/stub/tpm_lite_stub.c b/firmware/stub/tpm_lite_stub.c
index ddb5d22..0317f93 100644
--- a/firmware/stub/tpm_lite_stub.c
+++ b/firmware/stub/tpm_lite_stub.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
@@ -10,6 +10,7 @@
 #include "tlcl.h"
 #include "tlcl_internal.h"
 #include "utility.h"
+#include "vboot_api.h"
 
 #include <errno.h>
 #include <fcntl.h>
@@ -56,22 +57,22 @@
                 uint8_t *out, uint32_t *pout_len) {
   uint8_t response[TPM_MAX_COMMAND_SIZE];
   if (in_len <= 0) {
-    error("invalid command length %d for command 0x%x\n", in_len, in[9]);
+    VbExError("invalid command length %d for command 0x%x\n", in_len, in[9]);
   } else if (tpm_fd < 0) {
-    error("the TPM device was not opened.  Forgot to call TlclLibInit?\n");
+    VbExError("the TPM device was not opened.  Forgot to call TlclLibInit?\n");
   } else {
     int n = write(tpm_fd, in, in_len);
     if (n != in_len) {
-      error("write failure to TPM device: %s\n", strerror(errno));
+      VbExError("write failure to TPM device: %s\n", strerror(errno));
     }
     n = read(tpm_fd, response, sizeof(response));
     if (n == 0) {
-      error("null read from TPM device\n");
+      VbExError("null read from TPM device\n");
     } else if (n < 0) {
-      error("read failure from TPM device: %s\n", strerror(errno));
+      VbExError("read failure from TPM device: %s\n", strerror(errno));
     } else {
       if (n > *pout_len) {
-        error("TPM response too long for output buffer\n");
+        VbExError("TPM response too long for output buffer\n");
       } else {
         *pout_len = n;
         Memcpy(out, response, n);
@@ -126,7 +127,8 @@
 
   tpm_fd = open(device_path, O_RDWR);
   if (tpm_fd < 0) {
-    error("TPM: Cannot open TPM device %s: %s\n", device_path, strerror(errno));
+    VbExError("TPM: Cannot open TPM device %s: %s\n", device_path,
+              strerror(errno));
   }
 
   return 0;
diff --git a/firmware/stub/utility_stub.c b/firmware/stub/utility_stub.c
index 2d56f72..489b0f7 100644
--- a/firmware/stub/utility_stub.c
+++ b/firmware/stub/utility_stub.c
@@ -15,50 +15,12 @@
 #include <string.h>
 #include <sys/time.h>
 
-void error(const char *format, ...) {
-  va_list ap;
-  va_start(ap, format);
-  fprintf(stderr, "ERROR: ");
-  vfprintf(stderr, format, ap);
-  va_end(ap);
-  exit(1);
-}
-
-void debug(const char *format, ...) {
-  va_list ap;
-  va_start(ap, format);
-  fprintf(stderr, "DEBUG: ");
-  vfprintf(stderr, format, ap);
-  va_end(ap);
-}
-
-void* Malloc(size_t size) {
-  void* p = malloc(size);
-  if (!p) {
-    /* Fatal Error. We must abort. */
-    abort();
-  }
-  return p;
-}
-
-void Free(void* ptr) {
-  free(ptr);
-}
 
 int Memcmp(const void* src1, const void* src2, size_t n) {
   return memcmp(src1, src2, n);
 }
 
+
 void* Memcpy(void* dest, const void* src, uint64_t n) {
   return memcpy(dest, src, (size_t)n);
 }
-
-uint64_t VbGetTimer(void) {
-  struct timeval tv;
-  gettimeofday(&tv, NULL);
-  return (uint64_t)tv.tv_sec * 1000000 + (uint64_t)tv.tv_usec;
-}
-
-uint64_t VbGetTimerMaxFreq(void) {
-  return UINT64_C(1000000);
-}