summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2021-02-05 16:51:25 -0800
committerPatrick Georgi <pgeorgi@google.com>2021-03-17 08:10:20 +0000
commit77639e4537cc9e56e65880e022e154af6d042453 (patch)
treefea2b411d9d1d7a52d53630efaef5fd4363809c2 /src/security
parent81dc20e744aa1762c17dcf5aac5c37643d62a983 (diff)
cbfs: Replace more instances of cbfs_boot_locate() with newer APIs
In pursuit of the eventual goal of removing cbfs_boot_locate() (and direct rdev access) from CBFS APIs, this patch replaces all remaining "simple" uses of the function call that can easily be replaced by the newer APIs (like cbfs_load() or cbfs_map()). Some cases of cbfs_boot_locate() remain that will be more complicated to solve. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Icd0f21e2fa49c7cc834523578b7b45b5482cb1a8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50348 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/intel/txt/common.c22
-rw-r--r--src/security/intel/txt/ramstage.c23
2 files changed, 14 insertions, 31 deletions
diff --git a/src/security/intel/txt/common.c b/src/security/intel/txt/common.c
index 4dd4ad3ddf..437c55edd8 100644
--- a/src/security/intel/txt/common.c
+++ b/src/security/intel/txt/common.c
@@ -215,25 +215,17 @@ static int validate_acm(const void *ptr)
*/
static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_len)
{
- struct cbfsf file;
void *acm_data = NULL;
if (!acm || !acm_len)
return NULL;
- if (cbfs_boot_locate(&file, CONFIG_INTEL_TXT_CBFS_BIOS_ACM, NULL)) {
+ acm_data = cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_ACM, acm_len);
+ if (!acm_data) {
printk(BIOS_ERR, "TEE-TXT: Couldn't locate BIOS ACM in CBFS.\n");
return NULL;
}
- cbfs_file_data(acm, &file);
- acm_data = rdev_mmap_full(acm);
- *acm_len = region_device_sz(acm);
- if (!acm_data || *acm_len == 0) {
- printk(BIOS_ERR, "TEE-TXT: Couldn't map BIOS ACM from CBFS.\n");
- return NULL;
- }
-
/*
* CPU enforces only 4KiB alignment.
* Chapter A.1.1
@@ -241,7 +233,7 @@ static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_l
*/
if (!IS_ALIGNED((uintptr_t)acm_data, 4096)) {
printk(BIOS_ERR, "TEE-TXT: BIOS ACM isn't mapped at page boundary.\n");
- rdev_munmap(acm, acm_data);
+ cbfs_unmap(acm_data);
return NULL;
}
@@ -252,7 +244,7 @@ static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_l
*/
if (!IS_ALIGNED(*acm_len, 64)) {
printk(BIOS_ERR, "TEE-TXT: BIOS ACM size isn't multiple of 64.\n");
- rdev_munmap(acm, acm_data);
+ cbfs_unmap(acm_data);
return NULL;
}
@@ -262,7 +254,7 @@ static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_l
*/
if (!IS_ALIGNED((uintptr_t)acm_data, (1UL << log2_ceil(*acm_len)))) {
printk(BIOS_ERR, "TEE-TXT: BIOS ACM isn't aligned to its size.\n");
- rdev_munmap(acm, acm_data);
+ cbfs_unmap(acm_data);
return NULL;
}
@@ -273,7 +265,7 @@ static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_l
*/
if (popcnt(ALIGN_UP(*acm_len, 4096)) > get_var_mtrr_count()) {
printk(BIOS_ERR, "TEE-TXT: Not enough MTRRs to cache this BIOS ACM's size.\n");
- rdev_munmap(acm, acm_data);
+ cbfs_unmap(acm_data);
return NULL;
}
@@ -283,7 +275,7 @@ static void *intel_txt_prepare_bios_acm(struct region_device *acm, size_t *acm_l
const int ret = validate_acm(acm_data);
if (ret < 0) {
printk(BIOS_ERR, "TEE-TXT: Validation of ACM failed with: %d\n", ret);
- rdev_munmap(acm, acm_data);
+ cbfs_unmap(acm_data);
return NULL;
}
diff --git a/src/security/intel/txt/ramstage.c b/src/security/intel/txt/ramstage.c
index 3401aef336..c830f975a6 100644
--- a/src/security/intel/txt/ramstage.c
+++ b/src/security/intel/txt/ramstage.c
@@ -233,23 +233,14 @@ static void txt_initialize_heap(void)
memset(sinit_base, 0, read64((void *)TXT_SINIT_SIZE));
}
- struct cbfsf file;
/* The following have been removed from BIOS Data Table in version 6 */
- if (!cbfs_boot_locate(&file, CONFIG_INTEL_TXT_CBFS_BIOS_POLICY, NULL)) {
- struct region_device policy;
-
- cbfs_file_data(&policy, &file);
- void *policy_data = rdev_mmap_full(&policy);
- size_t policy_len = region_device_sz(&policy);
-
- if (policy_data && policy_len) {
- /* Point to FIT Type 9 entry in flash */
- data.bdr.lcp_pd_base = (uintptr_t)policy_data;
- data.bdr.lcp_pd_size = (uint64_t)policy_len;
- rdev_munmap(&policy, policy_data);
- } else {
- printk(BIOS_ERR, "TEE-TXT: Couldn't map LCP PD Policy from CBFS.\n");
- }
+ size_t policy_len;
+ void *policy_data = cbfs_map(CONFIG_INTEL_TXT_CBFS_BIOS_POLICY, &policy_len);
+ if (policy_data) {
+ /* Point to FIT Type 9 entry in flash */
+ data.bdr.lcp_pd_base = (uintptr_t)policy_data;
+ data.bdr.lcp_pd_size = (uint64_t)policy_len;
+ cbfs_unmap(policy_data);
} else {
printk(BIOS_ERR, "TEE-TXT: Couldn't locate LCP PD Policy in CBFS.\n");
}