summaryrefslogtreecommitdiff
path: root/src/soc/amd
diff options
context:
space:
mode:
authorKarthikeyan Ramasubramanian <kramasub@google.com>2022-10-05 23:48:18 -0600
committerRaul Rangel <rrangel@chromium.org>2022-10-26 17:19:08 +0000
commit26aa7503a7cb9a5ca833f2b0774f10ec3846a6df (patch)
treed1056b18b01f59d17c2a42ad9249d068227bc1cd /src/soc/amd
parent69451f17a1138af9a982180d54249026a8edb92e (diff)
soc/amd/common/psp_verstage: Pass SRAM buffer to Crypto Engine
Crypto engine prefers the buffer from SRAM. CBFS verification may pass the mapped address of a CBFS file from SPI flash. This causes PSP crypto engine to return invalid address. Hence if the buffer is from SRAM, pass it directly to crypto engine. Else copy into a temporary buffer before passing it to crypto engine. BUG=b:b:227809919 TEST=Build and boot to OS in skyrim with CBFS verification enabled using both x86 verstage and PSP verstage. Change-Id: Ie9bc9e786f302e7938969c8093d5405b5a85b711 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68184 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
Diffstat (limited to 'src/soc/amd')
-rw-r--r--src/soc/amd/common/psp_verstage/vboot_crypto.c38
1 files changed, 37 insertions, 1 deletions
diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c
index 81a6740668..8c1f31336a 100644
--- a/src/soc/amd/common/psp_verstage/vboot_crypto.c
+++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c
@@ -6,9 +6,11 @@
#include <commonlib/bsd/helpers.h>
#include <console/console.h>
#include "psp_verstage.h"
+#include <soc/psp_verstage_addr.h>
#include <stddef.h>
#include <string.h>
#include <swab.h>
+#include <symbols.h>
#include <vb2_api.h>
static struct sha_generic_data sha_op;
@@ -40,9 +42,10 @@ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_
return VB2_SUCCESS;
}
-vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
+static vb2_error_t vb2ex_hwcrypto_digest_extend_psp_sram(const uint8_t *buf, uint32_t size)
{
uint32_t retval;
+
sha_op.Data = (uint8_t *)buf;
if (!sha_op_size_remaining) {
@@ -76,6 +79,39 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
return VB2_SUCCESS;
}
+
+vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
+{
+ vb2_error_t retval;
+ uint32_t offset = 0, copy_size;
+
+ /*
+ * Crypto engine prefers the buffer from SRAM. CBFS verification may pass the
+ * mapped address of SPI flash which makes crypto engine to return invalid address.
+ * Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a
+ * temporary buffer before passing it to crypto engine.
+ */
+ if (buf >= _sram && (buf + size) < _esram)
+ return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size);
+
+ while (size) {
+ uint8_t block[CONFIG_VBOOT_HASH_BLOCK_SIZE];
+
+ copy_size = size < CONFIG_VBOOT_HASH_BLOCK_SIZE ?
+ size : CONFIG_VBOOT_HASH_BLOCK_SIZE;
+ memcpy(block, buf + offset, copy_size);
+
+ retval = vb2ex_hwcrypto_digest_extend_psp_sram(block, copy_size);
+ if (retval != VB2_SUCCESS)
+ return retval;
+
+ size -= copy_size;
+ offset += copy_size;
+ }
+
+ return VB2_SUCCESS;
+}
+
/* Copy the hash back to verstage */
vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size)
{