summaryrefslogtreecommitdiff
path: root/src/commonlib/bsd
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2021-04-02 15:58:05 -0700
committerPatrick Georgi <pgeorgi@google.com>2021-04-06 07:48:58 +0000
commitfccf1221a23d3fe5ca57cff6bb6a71d75e67041f (patch)
treea9620c9e1498815a16182bfb1e17846abfeb36ce /src/commonlib/bsd
parenteca99af22918d1fe8775ed7d299d235147d82228 (diff)
cbfs: Add file data hashing for CONFIG_CBFS_VERIFICATION
This patch adds file data hashing for CONFIG_CBFS_VERIFICATION. With this, all CBFS accesses using the new CBFS APIs (cbfs_load/_map/_alloc and variants) will be fully verified when verification is enabled. (Note that some use of legacy APIs remains and thus the CBFS_VERIFICATION feature is not fully finished.) Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ic9fff279f69cf3b7c38a0dc2ff3c970eaa756aa8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/52084 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/commonlib/bsd')
-rw-r--r--src/commonlib/bsd/cbfs_private.c23
-rw-r--r--src/commonlib/bsd/include/commonlib/bsd/cbfs_mdata.h3
2 files changed, 26 insertions, 0 deletions
diff --git a/src/commonlib/bsd/cbfs_private.c b/src/commonlib/bsd/cbfs_private.c
index 91f81e0db4..16bab7cbb8 100644
--- a/src/commonlib/bsd/cbfs_private.c
+++ b/src/commonlib/bsd/cbfs_private.c
@@ -190,3 +190,26 @@ const void *cbfs_find_attr(const union cbfs_mdata *mdata, uint32_t attr_tag, siz
return NULL;
}
+
+const struct vb2_hash *cbfs_file_hash(const union cbfs_mdata *mdata)
+{
+ /* Hashes are variable-length attributes, so need to manually check the length. */
+ const struct cbfs_file_attr_hash *attr =
+ cbfs_find_attr(mdata, CBFS_FILE_ATTR_TAG_HASH, 0);
+ if (!attr)
+ return NULL; /* no hash */
+ const size_t asize = be32toh(attr->len);
+
+ const struct vb2_hash *hash = &attr->hash;
+ const size_t hsize = vb2_digest_size(hash->algo);
+ if (!hsize) {
+ ERROR("Hash algo %u for '%s' unsupported.\n", hash->algo, mdata->h.filename);
+ return NULL;
+ }
+ if (hsize != asize - offsetof(struct cbfs_file_attr_hash, hash.raw)) {
+ ERROR("Hash attribute size for '%s' (%zu) incorrect for algo %u.\n",
+ mdata->h.filename, asize, hash->algo);
+ return NULL;
+ }
+ return hash;
+}
diff --git a/src/commonlib/bsd/include/commonlib/bsd/cbfs_mdata.h b/src/commonlib/bsd/include/commonlib/bsd/cbfs_mdata.h
index df13427c5f..ed5c378973 100644
--- a/src/commonlib/bsd/include/commonlib/bsd/cbfs_mdata.h
+++ b/src/commonlib/bsd/include/commonlib/bsd/cbfs_mdata.h
@@ -24,4 +24,7 @@ union cbfs_mdata {
else caller is responsible for checking the |len| field to avoid reading out-of-bounds. */
const void *cbfs_find_attr(const union cbfs_mdata *mdata, uint32_t attr_tag, size_t size_check);
+/* Returns pointer to CBFS file hash structure in metadata attributes, or NULL if invalid. */
+const struct vb2_hash *cbfs_file_hash(const union cbfs_mdata *mdata);
+
#endif /* _COMMONLIB_BSD_CBFS_MDATA_H_ */