summaryrefslogtreecommitdiff
path: root/payloads
diff options
context:
space:
mode:
authorJakub Czapiga <jacz@semihalf.com>2023-09-08 13:17:21 +0000
committerMartin L Roth <gaumless@gmail.com>2023-09-18 15:40:40 +0000
commitf64f3d00481ae45e1e70e804d5cb7907cac8abac (patch)
treeb9a8cde4360af01dd1dde6a283c2ee7138d28340 /payloads
parent58c2efc8e2cd5db065d0f4ab8678555e656e4a16 (diff)
libpayload/vboot: Add vboot context initialization and management code
To fully and easily implement fallback/recovery in libcbfs with vboot support the codebase requires access to vboot context. Moving context management to libpayload allows to avoid unnecessary overhead and code complication and still allows payloads to access it in a way it was designed. Access to this codebase will also allow implementation of e.g. vboot_fail_and_reboot() and other helpful utilities used by coreboot and depthcharge. BUG=b:197114807 TEST=make unit-tests TEST=Build and boot on google/ovis4es with CL:4839296 and VBOOT_CBFS_INTEGRATION enabled Change-Id: Id719be7c4f07251201424b7dc6c1125c6b5756d8 Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77635 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Diffstat (limited to 'payloads')
-rw-r--r--payloads/libpayload/include/lp_vboot.h10
-rw-r--r--payloads/libpayload/libc/Makefile.inc4
-rw-r--r--payloads/libpayload/libc/lp_vboot.c28
-rw-r--r--payloads/libpayload/libcbfs/cbfs.c7
-rw-r--r--payloads/libpayload/tests/libcbfs/cbfs-verification-test.c10
5 files changed, 58 insertions, 1 deletions
diff --git a/payloads/libpayload/include/lp_vboot.h b/payloads/libpayload/include/lp_vboot.h
new file mode 100644
index 0000000000..56ec46024e
--- /dev/null
+++ b/payloads/libpayload/include/lp_vboot.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#ifndef _LP_VBOOT_H_
+#define _LP_VBOOT_H_
+
+#include <vb2_api.h>
+
+struct vb2_context *vboot_get_context(void);
+
+#endif /* _LP_VBOOT_H_ */
diff --git a/payloads/libpayload/libc/Makefile.inc b/payloads/libpayload/libc/Makefile.inc
index 96d1312f65..bc706ae5a7 100644
--- a/payloads/libpayload/libc/Makefile.inc
+++ b/payloads/libpayload/libc/Makefile.inc
@@ -40,6 +40,10 @@ libc-$(CONFIG_LP_LIBC) += coreboot.c
libc-$(CONFIG_LP_LIBC) += fmap.c
libc-$(CONFIG_LP_LIBC) += fpmath.c
+ifeq ($(CONFIG_LP_VBOOT_LIB),y)
+libc-$(CONFIG_LP_LIBC) += lp_vboot.c
+endif
+
ifeq ($(CONFIG_LP_LIBC),y)
libc-srcs += $(coreboottop)/src/commonlib/bsd/elog.c
endif
diff --git a/payloads/libpayload/libc/lp_vboot.c b/payloads/libpayload/libc/lp_vboot.c
new file mode 100644
index 0000000000..b7717c7e78
--- /dev/null
+++ b/payloads/libpayload/libc/lp_vboot.c
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <libpayload-config.h>
+#include <arch/virtual.h>
+#include <assert.h>
+#include <libpayload.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sysinfo.h>
+#include <vb2_api.h>
+#include <lp_vboot.h>
+
+struct vb2_context *vboot_get_context(void)
+{
+ static struct vb2_context *ctx;
+
+ if (ctx)
+ return ctx;
+
+ die_if(lib_sysinfo.vboot_workbuf == 0, "vboot workbuf pointer is not set\n");
+
+ /* Use the firmware verification workbuf from coreboot. */
+ vb2_error_t rv = vb2api_reinit(phys_to_virt(lib_sysinfo.vboot_workbuf), &ctx);
+
+ die_if(rv, "vboot workbuf could not be initialized, error: %#x\n", rv);
+
+ return ctx;
+}
diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c
index 3dc19d2e7d..08e312a08d 100644
--- a/payloads/libpayload/libcbfs/cbfs.c
+++ b/payloads/libpayload/libcbfs/cbfs.c
@@ -8,6 +8,7 @@
#include <commonlib/bsd/cbfs_private.h>
#include <commonlib/bsd/fmap_serialized.h>
#include <libpayload.h>
+#include <lp_vboot.h>
#include <lz4.h>
#include <lzma.h>
#include <string.h>
@@ -232,5 +233,9 @@ void *_cbfs_unverified_area_load(const char *area, const char *name, void *buf,
policy on using HW crypto. */
__weak bool cbfs_hwcrypto_allowed(void)
{
- return true;
+ /* Avoid compiling vboot calls to prevent linker errors. */
+ if (!CONFIG(LP_CBFS_VERIFICATION))
+ return true;
+
+ return vb2api_hwcrypto_allowed(vboot_get_context());
}
diff --git a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
index 25e402cca3..9c077279f1 100644
--- a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
+++ b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
@@ -42,6 +42,16 @@ vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size,
return VB2_ERROR_SHA_MISMATCH;
}
+bool vb2api_hwcrypto_allowed(struct vb2_context *ctx)
+{
+ return true;
+}
+
+struct vb2_context *vboot_get_context(void)
+{
+ return NULL;
+}
+
unsigned long ulzman(const unsigned char *src, unsigned long srcn, unsigned char *dst,
unsigned long dstn)
{