cbfs: Add unverified_area APIs

This patch adds a new ..._unverified_area_... group of functions to the cbfs_map/_load/_alloc() APIs. These functions can be used to access custom FMAP sections and are meant to replace the existing cbfs_locate_file_in_region(). The name is intended to highlight that accesses through this API will not be verified when CBFS_VERIFICATION is enabled and should always be treated as if they may return malicious data. (Due to laziness I'm not adding the combination of this API with the ..._type_... variant at this point, since it seems very unlikely that we'll ever have a use case for that. If we ever do, it should be easy to add later.) (Also remove the 'inline' from cbfs_file_hash_mismatch(). I'm not sure why I put it there in the first place, probably a bad copy&paste.) Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I402265900f7075aa0c2f58d812c67ea63ddf2900 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59678 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
author: Julius Werner <jwerner@chromium.org> 2021-04-15 23:25:44 -0700
committer: Julius Werner <jwerner@chromium.org> 2021-11-30 00:27:30 +0000
commit: 05714ccab70a8a36382351e22ce3d31d86a47bef (patch)
tree: 2c5f417077851f0d23e47f49db61b09055d87648 /src/include
parent: 0cd6ab338c6ba93b286946449d6d250c25196e72 (diff)
1 files changed, 47 insertions, 0 deletions
diff --git a/src/include/cbfs.h b/src/include/cbfs.h
index 43d8123454..6c79625f72 100644
--- a/src/include/cbfs.h
+++ b/src/include/cbfs.h
@@ -55,6 +55,11 @@
  *	section), even when running in an RW stage from one of the RW CBFSs. Only relevant if
  *	CONFIG(VBOOT) is set.
  *
+ * ..._unverified_area_...: Will look for the CBFS file in the named FMAP area, rather than
+ *	any of the default (RO or RW) CBFSs. Files accessed this way are *not* verified in any
+ *	way (even if CONFIG(CBFS_VERIFICATION) is enabled) and should always be treated as
+ *	untrusted (potentially malicious) data. Mutually exclusive with the ..._ro_... variant.
+ *
  * ..._type_...: May pass in an extra enum cbfs_type *type parameter. If the value it points to
  *	is CBFS_TYPE_QUERY, it will be replaced with the actual CBFS type of the found file. If
  *	it is anything else, the type will be compared with the actually found type, and the
@@ -76,11 +81,15 @@ static inline size_t cbfs_type_load(const char *name, void *buf, size_t size,
 				    enum cbfs_type *type);
 static inline size_t cbfs_ro_type_load(const char *name, void *buf, size_t size,
 				    enum cbfs_type *type);
+static inline size_t cbfs_unverified_area_load(const char *area, const char *name,
+					       void *buf, size_t size);
 
 static inline void *cbfs_map(const char *name, size_t *size_out);
 static inline void *cbfs_ro_map(const char *name, size_t *size_out);
 static inline void *cbfs_type_map(const char *name, size_t *size_out, enum cbfs_type *type);
 static inline void *cbfs_ro_type_map(const char *name, size_t *size_out, enum cbfs_type *type);
+static inline void *cbfs_unverified_area_map(const char *area, const char *name,
+					      size_t *size_out);
 
 static inline void *cbfs_alloc(const char *name, cbfs_allocator_t allocator, void *arg,
 			       size_t *size_out);
@@ -90,6 +99,9 @@ static inline void *cbfs_type_alloc(const char *name, cbfs_allocator_t allocator
 				    size_t *size_out, enum cbfs_type *type);
 static inline void *cbfs_ro_type_alloc(const char *name, cbfs_allocator_t allocator, void *arg,
 				       size_t *size_out, enum cbfs_type *type);
+static inline void *cbfs_unverified_area_alloc(const char *area, const char *name,
+						cbfs_allocator_t allocator, void *arg,
+						size_t *size_out);
 
 static inline void *cbfs_cbmem_alloc(const char *name, uint32_t cbmem_id, size_t *size_out);
 static inline void *cbfs_ro_cbmem_alloc(const char *name, uint32_t cbmem_id, size_t *size_out);
@@ -97,6 +109,8 @@ static inline void *cbfs_type_cbmem_alloc(const char *name, uint32_t cbmem_id, s
 					  enum cbfs_type *type);
 static inline void *cbfs_ro_type_cbmem_alloc(const char *name, uint32_t cbmem_id,
 					     size_t *size_out, enum cbfs_type *type);
+static inline void *cbfs_unverified_area_cbmem_alloc(const char *area, const char *name,
+						      uint32_t cbmem_id, size_t *size_out);
 
 /*
  * Starts the processes of preloading a file into RAM.
@@ -194,6 +208,9 @@ cb_err_t _cbfs_boot_lookup(const char *name, bool force_ro,
 void *_cbfs_alloc(const char *name, cbfs_allocator_t allocator, void *arg,
 		  size_t *size_out, bool force_ro, enum cbfs_type *type);
 
+void *_cbfs_unverified_area_alloc(const char *area, const char *name,
+				  cbfs_allocator_t allocator, void *arg, size_t *size_out);
+
 struct _cbfs_default_allocator_arg {
 	void *buf;
 	size_t buf_size;
@@ -229,6 +246,13 @@ static inline void *cbfs_ro_type_alloc(const char *name, cbfs_allocator_t alloca
 	return _cbfs_alloc(name, allocator, arg, size_out, true, type);
 }
 
+static inline void *cbfs_unverified_area_alloc(const char *area, const char *name,
+					       cbfs_allocator_t allocator, void *arg,
+					       size_t *size_out)
+{
+	return _cbfs_unverified_area_alloc(area, name, allocator, arg, size_out);
+}
+
 static inline void *cbfs_map(const char *name, size_t *size_out)
 {
 	return cbfs_type_map(name, size_out, NULL);
@@ -249,6 +273,12 @@ static inline void *cbfs_ro_type_map(const char *name, size_t *size_out, enum cb
 	return cbfs_ro_type_alloc(name, NULL, NULL, size_out, type);
 }
 
+static inline void *cbfs_unverified_area_map(const char *area, const char *name,
+					     size_t *size_out)
+{
+	return _cbfs_unverified_area_alloc(area, name, NULL, NULL, size_out);
+}
+
 static inline size_t _cbfs_load(const char *name, void *buf, size_t size, bool force_ro,
 				enum cbfs_type *type)
 {
@@ -281,6 +311,16 @@ static inline size_t cbfs_ro_type_load(const char *name, void *buf, size_t size,
 	return _cbfs_load(name, buf, size, true, type);
 }
 
+static inline size_t cbfs_unverified_area_load(const char *area, const char *name,
+					       void *buf, size_t size)
+{
+	struct _cbfs_default_allocator_arg arg = { .buf = buf, .buf_size = size };
+	if (_cbfs_unverified_area_alloc(area, name, _cbfs_default_allocator, &arg, &size))
+		return size;
+	else
+		return 0;
+}
+
 static inline void *cbfs_cbmem_alloc(const char *name, uint32_t cbmem_id, size_t *size_out)
 {
 	return cbfs_type_cbmem_alloc(name, cbmem_id, size_out, NULL);
@@ -305,6 +345,13 @@ static inline void *cbfs_ro_type_cbmem_alloc(const char *name, uint32_t cbmem_id
 				  size_out, type);
 }
 
+static inline void *cbfs_unverified_area_cbmem_alloc(const char *area, const char *name,
+						     uint32_t cbmem_id, size_t *size_out)
+{
+	return _cbfs_unverified_area_alloc(area, name, _cbfs_cbmem_allocator,
+					   (void *)(uintptr_t)cbmem_id, size_out);
+}
+
 static inline size_t cbfs_get_size(const char *name)
 {
 	union cbfs_mdata mdata;
author	Julius Werner <jwerner@chromium.org>	2021-04-15 23:25:44 -0700
committer	Julius Werner <jwerner@chromium.org>	2021-11-30 00:27:30 +0000
commit	05714ccab70a8a36382351e22ce3d31d86a47bef (patch)
tree	2c5f417077851f0d23e47f49db61b09055d87648 /src/include
parent	0cd6ab338c6ba93b286946449d6d250c25196e72 (diff)