diff options
| author | Karthikeyan Ramasubramanian <kramasub@google.com> | 2023-10-16 21:08:57 +0000 |
|---|---|---|
| committer | Matt DeVillier <matt.devillier@amd.corp-partner.google.com> | 2023-10-20 14:26:25 +0000 |
| commit | 204a4e6d9f2712dc9f78d44bb9820a7ab859f5d0 (patch) | |
| tree | e3d9d789b3781a0626b188c2b0ac7b7e20efc3cf /src/soc/amd/common | |
| parent | 64ba070fd164fc307fe02051e8480db573fc1ac6 (diff) | |
soc/amd/common/psp_verstage: Add PSP_VERSTACK_STACK_IS_MAPPED config
Crypto Engine in PSP prefers the buffer from Static RAM (SRAM). Hence if
a buffer comes from within SRAM address range, then it is passed
directly to Crypto Engine. Otherwise a bounce bufer from the stack is
used. But on SoCs like Picasso where PSP Verstage stack is mapped to a
virtual address space this check fails causing a bounce buffer to be
used and hence a stack overflow. Fix this issue by assuming that the
buffer comes from the SRAM always in such SoCs and pass the buffer
directly to crypto engine.
BUG=b:259649666
TEST=Build and boot to OS in Dalboz with unsigned PSP verstage.
Change-Id: I2161c8f0720c770efa5c05aece9584c3cbe7712a
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78426
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Diffstat (limited to 'src/soc/amd/common')
| -rw-r--r-- | src/soc/amd/common/psp_verstage/Kconfig | 8 | ||||
| -rw-r--r-- | src/soc/amd/common/psp_verstage/vboot_crypto.c | 5 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/soc/amd/common/psp_verstage/Kconfig b/src/soc/amd/common/psp_verstage/Kconfig index 526a4ae722..dc6ea1c3ee 100644 --- a/src/soc/amd/common/psp_verstage/Kconfig +++ b/src/soc/amd/common/psp_verstage/Kconfig @@ -35,3 +35,11 @@ config SEPARATE_SIGNED_PSPFW help Put signed AMD/PSP firmwares outside FW_MAIN_[AB] so vboot doesn't verify them, and rely on PSP's verification. + +config PSP_VERSTAGE_STACK_IS_MAPPED + bool + default y if SOC_AMD_PICASSO + default n + help + This configuration indicates whether the PSP Verstage stack is mapped to a virtual + address space. This has been the case so far only in Picasso SoC. diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c index b2c0c563f8..5ed351b604 100644 --- a/src/soc/amd/common/psp_verstage/vboot_crypto.c +++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c @@ -90,8 +90,11 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) * mapped address of SPI flash which makes crypto engine to return invalid address. * Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a * temporary buffer before passing it to crypto engine. + * + * Similarly in some SoCs, PSP verstage stack is mapped to a virtual address space. + * In those SoCs, assume that the buffer is from SRAM and pass it to crypto engine. */ - if (buf >= _sram && (buf + size) < _esram) + if (CONFIG(PSP_VERSTAGE_STACK_IS_MAPPED) || (buf >= _sram && (buf + size) < _esram)) return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size); while (size) { |