diff options
author | Julius Werner <jwerner@chromium.org> | 2021-04-02 16:31:21 -0700 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2021-04-06 07:49:15 +0000 |
commit | 6296ca8ad9137a12094ad5d49d6f937dcf502105 (patch) | |
tree | 6ff17f7e96a11982d84e87618fbef11855c640bc /src/lib | |
parent | fccf1221a23d3fe5ca57cff6bb6a71d75e67041f (diff) |
decompressor: Add CBFS_VERIFICATION support
CBFS_VERIFICATION requires the CBFS metadata hash anchor to be linked
into an uncompressed stage, but for platforms using COMPRESS_BOOTBLOCK,
this is only the decompressor stage. The first CBFS accesses are made in
the bootblock stage after decompression, so if we want to make
CBFS_VERIFICATION work on those platforms, we have to pass the metadata
hash anchor from the decompressor into the bootblock. This patch does
just that. (Note that this relies on the decompressor data remaining
valid in memory for as long as the metadata hash anchor is needed. This
is always true even for OVERLAP_DECOMPRESSOR_ROMSTAGE() situations
because the FMAP and CBFS metadata necessarily need to have finished
verification before a new stage could be loaded.)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I2e6d7384cfb8339a24369eb6c01fc12f911c974e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52085
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/Kconfig.cbfs_verification | 1 | ||||
-rw-r--r-- | src/lib/Makefile.inc | 1 | ||||
-rw-r--r-- | src/lib/bootblock.c | 3 | ||||
-rw-r--r-- | src/lib/decompressor.c | 4 | ||||
-rw-r--r-- | src/lib/metadata_hash.c | 31 |
5 files changed, 36 insertions, 4 deletions
diff --git a/src/lib/Kconfig.cbfs_verification b/src/lib/Kconfig.cbfs_verification index a28df1ff6d..fa90d9d9af 100644 --- a/src/lib/Kconfig.cbfs_verification +++ b/src/lib/Kconfig.cbfs_verification @@ -6,7 +6,6 @@ config CBFS_VERIFICATION bool # TODO: make user selectable once it works - depends on !COMPRESS_BOOTBLOCK # TODO: figure out decompressor anchor depends on !VBOOT_STARTS_BEFORE_BOOTBLOCK # this is gonna get tricky... select VBOOT_LIB help diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 074cb2a1f2..358035d9d8 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -38,6 +38,7 @@ decompressor-y += delay.c decompressor-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c decompressor-y += memchr.c decompressor-y += memcmp.c +decompressor-$(CONFIG_CBFS_VERIFICATION) += metadata_hash.c decompressor-y += prog_ops.c decompressor-$(CONFIG_COLLECT_TIMESTAMPS) += timestamp.c diff --git a/src/lib/bootblock.c b/src/lib/bootblock.c index 1509c8cb59..23fb392276 100644 --- a/src/lib/bootblock.c +++ b/src/lib/bootblock.c @@ -4,6 +4,7 @@ #include <bootblock_common.h> #include <console/console.h> #include <delay.h> +#include <metadata_hash.h> #include <option.h> #include <post.h> #include <program_loading.h> @@ -88,6 +89,8 @@ void main(void) void _start(struct bootblock_arg *arg); void _start(struct bootblock_arg *arg) { + if (CONFIG(CBFS_VERIFICATION)) + metadata_hash_import_anchor(arg->metadata_hash_anchor); bootblock_main_with_timestamp(arg->base_timestamp, arg->timestamps, arg->num_timestamps); } diff --git a/src/lib/decompressor.c b/src/lib/decompressor.c index 8ae9358e6a..1d160e0c60 100644 --- a/src/lib/decompressor.c +++ b/src/lib/decompressor.c @@ -3,6 +3,7 @@ #include <bootblock_common.h> #include <commonlib/bsd/compression.h> #include <delay.h> +#include <metadata_hash.h> #include <program_loading.h> #include <symbols.h> #include <timestamp.h> @@ -42,6 +43,9 @@ void main(void) if (CONFIG(COLLECT_TIMESTAMPS)) arg.base_timestamp = timestamp_get(); + if (CONFIG(CBFS_VERIFICATION)) + arg.metadata_hash_anchor = metadata_hash_export_anchor(); + decompressor_soc_init(); if (CONFIG(COLLECT_TIMESTAMPS)) diff --git a/src/lib/metadata_hash.c b/src/lib/metadata_hash.c index a823c5f26f..5619efea7f 100644 --- a/src/lib/metadata_hash.c +++ b/src/lib/metadata_hash.c @@ -5,6 +5,7 @@ #include <metadata_hash.h> #include <symbols.h> +#if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR __attribute__((used, section(".metadata_hash_anchor"))) static struct metadata_hash_anchor metadata_hash_anchor = { /* This is the only place in all of coreboot where we actually need to use this. */ @@ -12,15 +13,39 @@ static struct metadata_hash_anchor metadata_hash_anchor = { .cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO } }; +static struct metadata_hash_anchor *get_anchor(void) +{ + return &metadata_hash_anchor; +} + +void *metadata_hash_export_anchor(void) +{ + return get_anchor(); +} +#else +static struct metadata_hash_anchor *anchor_ptr = NULL; + +static struct metadata_hash_anchor *get_anchor(void) +{ + assert(anchor_ptr != NULL); + return anchor_ptr; +} + +void metadata_hash_import_anchor(void *ptr) +{ + anchor_ptr = ptr; +} +#endif + struct vb2_hash *metadata_hash_get(void) { - return &metadata_hash_anchor.cbfs_hash; + return &get_anchor()->cbfs_hash; } vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size) { - struct vb2_hash hash = { .algo = metadata_hash_anchor.cbfs_hash.algo }; - memcpy(hash.raw, metadata_hash_anchor_fmap_hash(&metadata_hash_anchor), + struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo }; + memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()), vb2_digest_size(hash.algo)); return vb2_hash_verify(fmap_buffer, fmap_size, &hash); } |