diff options
author | Karthikeyan Ramasubramanian <kramasub@google.com> | 2022-09-20 23:00:00 -0600 |
---|---|---|
committer | Raul Rangel <rrangel@chromium.org> | 2022-10-26 15:59:58 +0000 |
commit | da5d0251f52356bc2acb4217bbc2030581145af1 (patch) | |
tree | 6c9dcca87dc54025dc8e95efc5babfa3f207993a | |
parent | ab82a9f9b4826ef6449cc5920c1e6c5b2c262aef (diff) |
util/cbfstool: Check for metadata hash in verstage
Metadata Hash is usually present inside the first segment of BIOS. On
board where vboot starts in bootblock, it is present in bootblock. On
boards where vboot starts before bootblock, it is present in file
containing verstage. Update cbfstool to check for metadata hash in file
containing verstage besides bootblock.
Add a new CBFS file type for the concerned file and exclude it from CBFS
verification.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled using
x86 and PSP verstages.
Change-Id: Ib4dfba6a9cdbda0ef367b812f671c90e5f90caf8
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66942
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
-rw-r--r-- | src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h | 1 | ||||
-rw-r--r-- | util/cbfstool/cbfs.h | 1 | ||||
-rw-r--r-- | util/cbfstool/cbfstool.c | 25 |
3 files changed, 18 insertions, 9 deletions
diff --git a/src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h b/src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h index 5b70d1aee5..605412bbe1 100644 --- a/src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h +++ b/src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h @@ -36,6 +36,7 @@ enum cbfs_type { CBFS_TYPE_MMA = 0x62, CBFS_TYPE_EFI = 0x63, CBFS_TYPE_STRUCT = 0x70, + CBFS_TYPE_AMDFW = 0x80, CBFS_TYPE_CMOS_DEFAULT = 0xaa, CBFS_TYPE_SPD = 0xab, CBFS_TYPE_MRC_CACHE = 0xac, diff --git a/util/cbfstool/cbfs.h b/util/cbfstool/cbfs.h index e90516211d..eca7168787 100644 --- a/util/cbfstool/cbfs.h +++ b/util/cbfstool/cbfs.h @@ -52,6 +52,7 @@ static struct typedesc_t filetypes[] unused = { {CBFS_TYPE_STRUCT, "struct"}, {CBFS_TYPE_DELETED, "deleted"}, {CBFS_TYPE_NULL, "null"}, + {CBFS_TYPE_AMDFW, "amdfw"}, {0, NULL} }; diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c index 5cb787d1c2..04b91e51ce 100644 --- a/util/cbfstool/cbfstool.c +++ b/util/cbfstool/cbfstool.c @@ -148,7 +148,7 @@ static struct mh_cache *get_mh_cache(void) if (!fmap) goto no_metadata_hash; - /* Find the bootblock. If there is a "BOOTBLOCK" FMAP section, it's + /* Find the metadata_hash container. If there is a "BOOTBLOCK" FMAP section, it's there. If not, it's a normal file in the primary CBFS section. */ size_t offset, size; struct buffer buffer; @@ -161,22 +161,27 @@ static struct mh_cache *get_mh_cache(void) size = buffer.size; } else { struct cbfs_image cbfs; - struct cbfs_file *bootblock; + struct cbfs_file *mh_container; if (!partitioned_file_read_region(&buffer, param.image_file, SECTION_NAME_PRIMARY_CBFS)) goto no_metadata_hash; mhc.region = SECTION_NAME_PRIMARY_CBFS; if (cbfs_image_from_buffer(&cbfs, &buffer, param.headeroffset)) goto no_metadata_hash; - bootblock = cbfs_get_entry(&cbfs, "bootblock"); - if (!bootblock || be32toh(bootblock->type) != CBFS_TYPE_BOOTBLOCK) - goto no_metadata_hash; - offset = (void *)bootblock + be32toh(bootblock->offset) - + mh_container = cbfs_get_entry(&cbfs, "bootblock"); + if (!mh_container || be32toh(mh_container->type) != CBFS_TYPE_BOOTBLOCK) { + /* Check for apu/amdfw file */ + mh_container = cbfs_get_entry(&cbfs, "apu/amdfw"); + if (!mh_container || be32toh(mh_container->type) != CBFS_TYPE_AMDFW) + goto no_metadata_hash; + } + + offset = (void *)mh_container + be32toh(mh_container->offset) - buffer_get(&cbfs.buffer); - size = be32toh(bootblock->len); + size = be32toh(mh_container->len); } - /* Find and validate the metadata hash anchor inside the bootblock and + /* Find and validate the metadata hash anchor inside the containing file and record its exact byte offset from the start of the FMAP region. */ struct metadata_hash_anchor *anchor = memmem(buffer_get(&buffer) + offset, size, METADATA_HASH_ANCHOR_MAGIC, sizeof(anchor->magic)); @@ -264,7 +269,8 @@ static int maybe_update_fmap_hash(void) { if (strcmp(param.region_name, SECTION_NAME_BOOTBLOCK) && strcmp(param.region_name, SECTION_NAME_FMAP) && - param.type != CBFS_TYPE_BOOTBLOCK) + param.type != CBFS_TYPE_BOOTBLOCK && + param.type != CBFS_TYPE_AMDFW) return 0; /* FMAP and bootblock didn't change. */ struct mh_cache *mhc = get_mh_cache(); @@ -285,6 +291,7 @@ static bool verification_exclude(enum cbfs_type type) case CBFS_TYPE_BOOTBLOCK: case CBFS_TYPE_CBFSHEADER: case CBFS_TYPE_INTEL_FIT: + case CBFS_TYPE_AMDFW: return true; default: return false; |