lib/prog_loaders.c: Add prog_locate_hook()

There is no posibility to prevent loading images from cbfs at this stage
For security features prog_locate_hook() is added. This hook can be used
to prevent loading the image.

BUG=N/A
TEST=Created verified binary and verify logging on Facebook FBG-1701

Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30811
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/include/program_loading.h b/src/include/program_loading.h
index 6dec1920b8..601847d4f8 100644
--- a/src/include/program_loading.h
+++ b/src/include/program_loading.h
@@ -3,6 +3,7 @@
  *
  * Copyright 2015 Google Inc.
  * Copyright (C) 2014 Imagination Technologies
+ * Copyright (C) 2018 Eltan B.V.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -138,6 +139,12 @@ static inline void prog_set_entry(struct prog *prog, void *e, void *arg)
 
 /* Locate the identified program to run. Return 0 on success. < 0 on error. */
 int prog_locate(struct prog *prog);
+/* The prog_locate_hook() is called prior to CBFS traversal. The hook can be
+ * used to implement policy that allows or prohibits further progress through
+ * prog_locate(). The type and name field within struct prog are the only valid
+ * fields. A 0 return value allows further progress while a non-zero return
+ * value prohibits further progress */
+int prog_locate_hook(struct prog *prog);
 
 /* Run the program described by prog. */
 void prog_run(struct prog *prog);