summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2021-04-12 16:28:37 -0700
committerJulius Werner <jwerner@chromium.org>2021-04-14 01:03:22 +0000
commitb3182fbb0021f725c302bf327663696ca0800a4d (patch)
treedcc2c9863f9265e38b508e2c43470d400c4356b1 /src/security
parentc074f61d8fb0fbad1ec7a19e32cb7d1524ad97f0 (diff)
vboot: ec_sync: Switch to new CBFS API
This patch changes the vboot EC sync code to use the new CBFS API. As a consequence, we have to map the whole EC image file at once (because the new API doesn't support partial mapping). This should be fine on the only platform that uses this code (Google_Volteer/_Dedede family) because they are x86 devices that support direct mapping from flash, but the code was originally written to more carefully map the file in smaller steps to be theoretically able to support Arm devices. EC sync in romstage for devices without memory-mapped flash would be hard to combine with CBFS verification because there's not enough SRAM to ever hold the whole file in memory at once, but we can't validate the file hash until we have loaded the whole file and for performance (or TOCTOU-safety, if applicable) reasons we wouldn't want to load anything more than once. The "good" solution for this would be to introduce a CBFS streaming API can slowly feed chunks of the file into a callback but in the end still return a "hash valid/invalid" result to the caller. If use cases like this become pressing in the future, we may have to implement such an API. However, for now this code is the only part of coreboot with constraints like that, it was only ever used on platforms that do support memory-mapped flash, and due to the new EC-EFS2 model used on more recent Chrome OS devices we don't currently anticipate this to ever be needed again. Therefore this patch goes the easier way of just papering over the problem and punting the work of implementing a more generic solution until we actually have a real need for it. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I7e263272aef3463f3b2924887d96de9b2607f5e5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/52280 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/ec_sync.c48
1 files changed, 21 insertions, 27 deletions
diff --git a/src/security/vboot/ec_sync.c b/src/security/vboot/ec_sync.c
index 7e3d29a4ab..f31b78337b 100644
--- a/src/security/vboot/ec_sync.c
+++ b/src/security/vboot/ec_sync.c
@@ -240,11 +240,10 @@ static enum ec_flash_region vboot_to_ec_region(enum vb2_firmware_selection selec
}
/*
- * Read the EC's burst size bytes at a time from CBFS, and then send
- * the chunk to the EC for it to write into its flash.
+ * Send an image to the EC in burst-sized chunks.
*/
-static vb2_error_t ec_flash_write(struct region_device *image_region,
- uint32_t region_offset, int image_size)
+static vb2_error_t ec_flash_write(void *image, uint32_t region_offset,
+ int image_size)
{
struct ec_response_get_protocol_info resp_proto;
struct ec_response_flash_info resp_flash;
@@ -295,24 +294,17 @@ static vb2_error_t ec_flash_write(struct region_device *image_region,
/* Fill up the buffer */
end = region_offset + image_size;
+ file_buf = image;
for (off = region_offset; off < end; off += burst) {
uint32_t todo = MIN(end - off, burst);
uint32_t xfer_size = todo + sizeof(*params);
- /* Map 'todo' bytes into memory */
- file_buf = rdev_mmap(image_region, off - region_offset, todo);
- if (file_buf == NULL)
- return VB2_ERROR_UNKNOWN;
-
params->offset = off;
params->size = todo;
/* Read todo bytes into the buffer */
memcpy(params + 1, file_buf, todo);
- if (rdev_munmap(image_region, file_buf))
- return VB2_ERROR_UNKNOWN;
-
/* Make sure to add back in the size of the parameters */
if (google_chromeec_flash_write_block(
(const uint8_t *)params, xfer_size)) {
@@ -320,6 +312,8 @@ static vb2_error_t ec_flash_write(struct region_device *image_region,
"relative offset %u!\n", off - region_offset);
return VB2_ERROR_UNKNOWN;
}
+
+ file_buf += todo;
}
return VB2_SUCCESS;
@@ -333,10 +327,8 @@ static vb2_error_t ec_update_image(enum vb2_firmware_selection select)
uint32_t region_offset, region_size;
enum ec_flash_region region;
vb2_error_t rv;
+ void *image;
size_t image_size;
- struct cbfsf fh;
- const char *filename;
- struct region_device image_region;
/* Un-protect the flash region */
rv = ec_protect_flash(select, 0);
@@ -351,32 +343,34 @@ static vb2_error_t ec_update_image(enum vb2_firmware_selection select)
&region_size))
return VB2_ERROR_UNKNOWN;
- /* Locate the CBFS file */
- filename = EC_IMAGE_FILENAME(select);
- if (cbfs_boot_locate(&fh, filename, NULL))
+ /* Map the CBFS file */
+ image = cbfs_map(EC_IMAGE_FILENAME(select), &image_size);
+ if (!image)
return VB2_ERROR_UNKNOWN;
- /* Get the file size and the region struct */
- image_size = region_device_sz(&fh.data);
- cbfs_file_data(&image_region, &fh);
+ rv = VB2_ERROR_UNKNOWN;
/* Bail if the image is too large */
if (image_size > region_size)
- return VB2_ERROR_INVALID_PARAMETER;
+ goto unmap;
/* Erase the region */
if (google_chromeec_flash_erase(region_offset, region_size))
- return VB2_ERROR_UNKNOWN;
+ goto unmap;
/* Write the image into the region */
- if (ec_flash_write(&image_region, region_offset, image_size))
- return VB2_ERROR_UNKNOWN;
+ if (ec_flash_write(image, region_offset, image_size))
+ goto unmap;
/* Verify the image */
if (google_chromeec_efs_verify(region))
- return VB2_ERROR_UNKNOWN;
+ goto unmap;
- return VB2_SUCCESS;
+ rv = VB2_SUCCESS;
+
+unmap:
+ cbfs_unmap(image);
+ return rv;
}
static vb2_error_t ec_get_expected_hash(enum vb2_firmware_selection select,