summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2019-11-26 17:58:11 -0800
committerJulius Werner <jwerner@chromium.org>2019-11-28 07:03:20 +0000
commitd618aaceae69fa83f630da84036da8ee23ef43e1 (patch)
tree57add8f595faf00617b20dee89ce4999baf1a460 /src/security
parent3e8ef1028dc92d2f06f20e7f80db70002ba84841 (diff)
security/vboot: Use persistent context to read GBB flags
With the persistent vboot context coreboot no longer needs to read GBB flags from flash itself -- it can just ask vboot for the cached result. This patch removes the existing GBB code and provides gbb_is_flag_set() (with a slightly better namespaced name) as a static inline instead. Change-Id: Ibc3ed0f3fbeb53d630925d47df4dc474b0ed07ee Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37261 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/Makefile.inc2
-rw-r--r--src/security/vboot/gbb.c80
-rw-r--r--src/security/vboot/gbb.h39
-rw-r--r--src/security/vboot/misc.h11
-rw-r--r--src/security/vboot/vboot_common.c4
5 files changed, 13 insertions, 123 deletions
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index 010a06cfa7..5292bd142d 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -24,8 +24,6 @@ postcar-y += bootmode.c
verstage-generic-ccopts += -D__VERSTAGE__
-ramstage-y += gbb.c
-
bootblock-y += vbnv.c
verstage-y += vbnv.c
romstage-y += vbnv.c
diff --git a/src/security/vboot/gbb.c b/src/security/vboot/gbb.c
deleted file mode 100644
index 5293033666..0000000000
--- a/src/security/vboot/gbb.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright 2018 Google LLC
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#define NEED_VB20_INTERNALS /* Peeking into vb2_gbb_header */
-
-#include <commonlib/region.h>
-#include <console/console.h>
-#include <fmap.h>
-#include <security/vboot/gbb.h>
-#include <string.h>
-#include <vb2_api.h>
-
-#define GBB_FMAP_REGION_NAME "GBB"
-
-/* Copy of GBB header read from boot media. */
-static struct vb2_gbb_header gbb_header;
-
-/*
- * Read "GBB" region from SPI flash to obtain GBB header and validate
- * signature.
- *
- * Return value:
- * Success = 0
- * Error = 1
- */
-static int gbb_init(void)
-{
- static bool init_done = false;
- struct region_device gbb_rdev;
-
- if (init_done != false)
- return 0;
-
- if (fmap_locate_area_as_rdev(GBB_FMAP_REGION_NAME, &gbb_rdev))
- return 1;
-
- if (rdev_readat(&gbb_rdev, &gbb_header, 0,
- sizeof(struct vb2_gbb_header)) !=
- sizeof(struct vb2_gbb_header)) {
- printk(BIOS_ERR, "%s: Failure to read GBB header!\n", __func__);
- return 1;
- }
-
- if (memcmp(gbb_header.signature, VB2_GBB_SIGNATURE,
- VB2_GBB_SIGNATURE_SIZE)) {
- printk(BIOS_ERR, "%s: Signature check failed!\n", __func__);
- return 1;
- }
-
- init_done = true;
- return 0;
-}
-
-uint32_t gbb_get_flags(void)
-{
- if (gbb_init()) {
- printk(BIOS_ERR,
- "%s: Failure to initialize GBB. Returning flags as 0!\n",
- __func__);
- return 0;
- }
- return gbb_header.flags;
-}
-
-bool gbb_is_flag_set(uint32_t flag)
-{
- return !!(gbb_get_flags() & flag);
-}
diff --git a/src/security/vboot/gbb.h b/src/security/vboot/gbb.h
deleted file mode 100644
index 389242a3a2..0000000000
--- a/src/security/vboot/gbb.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright 2018 Google LLC
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- */
-
-#ifndef __SECURITY_VBOOT_GBB_H__
-#define __SECURITY_VBOOT_GBB_H__
-
-#include <stdint.h>
-
-/* In order to use VB2_GBB_FLAG_* macros from vboot, include vb2_api.h. */
-
-/*
- * Read flags field from GBB header.
- * Return value:
- * Success: 32-bit unsigned integer representing flags field from GBB header.
- * Error : 0
- */
-uint32_t gbb_get_flags(void);
-
-/*
- * Check if given flag is set in the flags field in GBB header.
- * Return value:
- * true: Flag is set.
- * false: Flag is not set or failure to read GBB flags.
- */
-bool gbb_is_flag_set(uint32_t flag);
-
-#endif /* __SECURITY_VBOOT_GBB_H__ */
diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h
index 1b147992d8..471f838a9c 100644
--- a/src/security/vboot/misc.h
+++ b/src/security/vboot/misc.h
@@ -50,6 +50,17 @@ static inline int vboot_is_firmware_slot_a(const struct vb2_context *ctx)
}
/*
+ * Check if given flag is set in the flags field in GBB header.
+ * Return value:
+ * true: Flag is set.
+ * false: Flag is not set.
+ */
+static inline bool vboot_is_gbb_flag_set(enum vb2_gbb_flag flag)
+{
+ return !!(vb2api_gbb_get_flags(vboot_get_context()) & flag);
+}
+
+/*
* Locates firmware as a region device. Returns 0 on success, -1 on failure.
*/
int vboot_locate_firmware(const struct vb2_context *ctx,
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index a24b220a9c..458ed87982 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -19,7 +19,7 @@
#include <fmap.h>
#include <reset.h>
#include <stddef.h>
-#include <security/vboot/gbb.h>
+#include <security/vboot/misc.h>
#include <security/vboot/vboot_common.h>
#include <security/vboot/vbnv.h>
#include <vb2_api.h>
@@ -31,7 +31,7 @@ int vboot_can_enable_udc(void)
if (!vboot_developer_mode_enabled())
return 0;
/* Enable if GBB flag is set */
- if (gbb_is_flag_set(VB2_GBB_FLAG_ENABLE_UDC))
+ if (vboot_is_gbb_flag_set(VB2_GBB_FLAG_ENABLE_UDC))
return 1;
/* Enable if VBNV flag is set */
if (vbnv_udc_enable_flag())