diff options
author | Jakub Czapiga <jacz@semihalf.com> | 2023-09-08 13:17:21 +0000 |
---|---|---|
committer | Martin L Roth <gaumless@gmail.com> | 2023-09-18 15:40:40 +0000 |
commit | f64f3d00481ae45e1e70e804d5cb7907cac8abac (patch) | |
tree | b9a8cde4360af01dd1dde6a283c2ee7138d28340 /payloads | |
parent | 58c2efc8e2cd5db065d0f4ab8678555e656e4a16 (diff) |
libpayload/vboot: Add vboot context initialization and management code
To fully and easily implement fallback/recovery in libcbfs with vboot
support the codebase requires access to vboot context. Moving context
management to libpayload allows to avoid unnecessary overhead and code
complication and still allows payloads to access it in a way it was
designed. Access to this codebase will also allow implementation of e.g.
vboot_fail_and_reboot() and other helpful utilities used by coreboot and
depthcharge.
BUG=b:197114807
TEST=make unit-tests
TEST=Build and boot on google/ovis4es with CL:4839296 and
VBOOT_CBFS_INTEGRATION enabled
Change-Id: Id719be7c4f07251201424b7dc6c1125c6b5756d8
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77635
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Diffstat (limited to 'payloads')
-rw-r--r-- | payloads/libpayload/include/lp_vboot.h | 10 | ||||
-rw-r--r-- | payloads/libpayload/libc/Makefile.inc | 4 | ||||
-rw-r--r-- | payloads/libpayload/libc/lp_vboot.c | 28 | ||||
-rw-r--r-- | payloads/libpayload/libcbfs/cbfs.c | 7 | ||||
-rw-r--r-- | payloads/libpayload/tests/libcbfs/cbfs-verification-test.c | 10 |
5 files changed, 58 insertions, 1 deletions
diff --git a/payloads/libpayload/include/lp_vboot.h b/payloads/libpayload/include/lp_vboot.h new file mode 100644 index 0000000000..56ec46024e --- /dev/null +++ b/payloads/libpayload/include/lp_vboot.h @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ + +#ifndef _LP_VBOOT_H_ +#define _LP_VBOOT_H_ + +#include <vb2_api.h> + +struct vb2_context *vboot_get_context(void); + +#endif /* _LP_VBOOT_H_ */ diff --git a/payloads/libpayload/libc/Makefile.inc b/payloads/libpayload/libc/Makefile.inc index 96d1312f65..bc706ae5a7 100644 --- a/payloads/libpayload/libc/Makefile.inc +++ b/payloads/libpayload/libc/Makefile.inc @@ -40,6 +40,10 @@ libc-$(CONFIG_LP_LIBC) += coreboot.c libc-$(CONFIG_LP_LIBC) += fmap.c libc-$(CONFIG_LP_LIBC) += fpmath.c +ifeq ($(CONFIG_LP_VBOOT_LIB),y) +libc-$(CONFIG_LP_LIBC) += lp_vboot.c +endif + ifeq ($(CONFIG_LP_LIBC),y) libc-srcs += $(coreboottop)/src/commonlib/bsd/elog.c endif diff --git a/payloads/libpayload/libc/lp_vboot.c b/payloads/libpayload/libc/lp_vboot.c new file mode 100644 index 0000000000..b7717c7e78 --- /dev/null +++ b/payloads/libpayload/libc/lp_vboot.c @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ + +#include <libpayload-config.h> +#include <arch/virtual.h> +#include <assert.h> +#include <libpayload.h> +#include <stdio.h> +#include <stdlib.h> +#include <sysinfo.h> +#include <vb2_api.h> +#include <lp_vboot.h> + +struct vb2_context *vboot_get_context(void) +{ + static struct vb2_context *ctx; + + if (ctx) + return ctx; + + die_if(lib_sysinfo.vboot_workbuf == 0, "vboot workbuf pointer is not set\n"); + + /* Use the firmware verification workbuf from coreboot. */ + vb2_error_t rv = vb2api_reinit(phys_to_virt(lib_sysinfo.vboot_workbuf), &ctx); + + die_if(rv, "vboot workbuf could not be initialized, error: %#x\n", rv); + + return ctx; +} diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c index 3dc19d2e7d..08e312a08d 100644 --- a/payloads/libpayload/libcbfs/cbfs.c +++ b/payloads/libpayload/libcbfs/cbfs.c @@ -8,6 +8,7 @@ #include <commonlib/bsd/cbfs_private.h> #include <commonlib/bsd/fmap_serialized.h> #include <libpayload.h> +#include <lp_vboot.h> #include <lz4.h> #include <lzma.h> #include <string.h> @@ -232,5 +233,9 @@ void *_cbfs_unverified_area_load(const char *area, const char *name, void *buf, policy on using HW crypto. */ __weak bool cbfs_hwcrypto_allowed(void) { - return true; + /* Avoid compiling vboot calls to prevent linker errors. */ + if (!CONFIG(LP_CBFS_VERIFICATION)) + return true; + + return vb2api_hwcrypto_allowed(vboot_get_context()); } diff --git a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c index 25e402cca3..9c077279f1 100644 --- a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c +++ b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c @@ -42,6 +42,16 @@ vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size, return VB2_ERROR_SHA_MISMATCH; } +bool vb2api_hwcrypto_allowed(struct vb2_context *ctx) +{ + return true; +} + +struct vb2_context *vboot_get_context(void) +{ + return NULL; +} + unsigned long ulzman(const unsigned char *src, unsigned long srcn, unsigned char *dst, unsigned long dstn) { |