summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJoel Kitching <kitching@google.com>2020-02-08 10:58:48 +0800
committerJulius Werner <jwerner@chromium.org>2020-02-10 21:25:14 +0000
commit8a3bc3be922766b6b9a34499dc2124f038b3f467 (patch)
treecd46becc4c0dd652830def79d0dbb130813a108a /src/security
parent9f78faedabba30d491e7a5b923bd57b27e986c1d (diff)
vboot: correct workbuf size when VBOOT_STARTS_IN_ROMSTAGE
Part of the design of vboot persistent context is that the workbuf gets placed in CBMEM and stays there for depthcharge to use in kernel verification. As such, the space allocated in CBMEM needs to be at least VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE. In the VBOOT_STARTS_IN_ROMSTAGE case, prior to this CL, vboot_get_context() would get invoked for the first time after CBMEM comes up, and it would only allocate VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE. Initialize the workbuf directly in vboot_setup_cbmem() instead with the correct VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE. BUG=b:124141368, chromium:994060 TEST=make clean && make test-abuild TEST=boot on GOOGLE_EVE with VBOOT_STARTS_IN_ROMSTAGE set BRANCH=none Change-Id: Ie09c39f960b3f14f3a64c648eee6ca3f23214d9a Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38778 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/common.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c
index aeb4498839..ffd9353260 100644
--- a/src/security/vboot/common.c
+++ b/src/security/vboot/common.c
@@ -86,6 +86,7 @@ int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw)
static void vboot_setup_cbmem(int unused)
{
+ vb2_error_t rv;
const size_t cbmem_size = VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE;
void *wb_cbmem = cbmem_add(CBMEM_ID_VBOOT_WORKBUF, cbmem_size);
assert(wb_cbmem != NULL);
@@ -94,9 +95,17 @@ static void vboot_setup_cbmem(int unused)
* occurs before CBMEM is brought online, using pre-RAM. In order to
* make vboot data structures available downstream, copy vboot workbuf
* from SRAM/CAR into CBMEM.
+ *
+ * For platforms where VBOOT_STARTS_IN_ROMSTAGE, verification occurs
+ * after CBMEM is brought online. Directly initialize vboot data
+ * structures in CBMEM, which will also be available downstream.
*/
if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
- assert(vb2api_relocate(wb_cbmem, _vboot2_work, cbmem_size,
- &vboot_ctx) == VB2_SUCCESS);
+ rv = vb2api_relocate(wb_cbmem, _vboot2_work, cbmem_size,
+ &vboot_ctx);
+ else
+ rv = vb2api_init(wb_cbmem, cbmem_size, &vboot_ctx);
+
+ assert(rv == VB2_SUCCESS);
}
ROMSTAGE_CBMEM_INIT_HOOK(vboot_setup_cbmem)