summaryrefslogtreecommitdiff
path: root/src/security/memory
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2020-12-23 17:38:11 -0800
committerJulius Werner <jwerner@chromium.org>2021-03-16 21:45:34 +0000
commit1de8708fe50339162b4a59039e0ac45e6f3ffdd0 (patch)
tree30a0f3fd50c7cfce4a02b822ccc7073b0b4e884c /src/security/memory
parentc24db001efb669c06489c55122e85a4a8948b539 (diff)
cbfs: Remove prog_locate() for stages and rmodules
This patch removes the prog_locate() step for stages and rmodules. Instead, the stage and rmodule loading functions will now perform the locate step directly together with the actual loading. The long-term goal of this is to eliminate prog_locate() (and the rdev member in struct prog that it fills) completely in order to make CBFS verification code safer and its security guarantees easier to follow. prog_locate() is the main remaining use case where a raw rdev of CBFS file data "leaks" out of cbfs.c into other code, and that other code needs to manually make sure that the contents of the rdev get verified during loading. By eliminating this step and moving all code that directly deals with file data into cbfs.c, we can concentrate the code that needs to worry about file data hashing (and needs access to cbfs_private.h APIs) into one file, making it easier to keep track of and reason about. This patch is the first step of this move, later patches will do the same for SELFs and other program types. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ia600e55f77c2549a00e2606f09befc1f92594a3a Reviewed-on: https://review.coreboot.org/c/coreboot/+/49335 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/memory')
0 files changed, 0 insertions, 0 deletions