diff options
author | Karthikeyan Ramasubramanian <kramasub@google.com> | 2022-10-05 23:48:18 -0600 |
---|---|---|
committer | Raul Rangel <rrangel@chromium.org> | 2022-10-26 17:19:08 +0000 |
commit | 26aa7503a7cb9a5ca833f2b0774f10ec3846a6df (patch) | |
tree | d1056b18b01f59d17c2a42ad9249d068227bc1cd /src/soc/amd | |
parent | 69451f17a1138af9a982180d54249026a8edb92e (diff) |
soc/amd/common/psp_verstage: Pass SRAM buffer to Crypto Engine
Crypto engine prefers the buffer from SRAM. CBFS verification may pass
the mapped address of a CBFS file from SPI flash. This causes PSP crypto
engine to return invalid address. Hence if the buffer is from SRAM, pass
it directly to crypto engine. Else copy into a temporary buffer before
passing it to crypto engine.
BUG=b:b:227809919
TEST=Build and boot to OS in skyrim with CBFS verification enabled using
both x86 verstage and PSP verstage.
Change-Id: Ie9bc9e786f302e7938969c8093d5405b5a85b711
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68184
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Diffstat (limited to 'src/soc/amd')
-rw-r--r-- | src/soc/amd/common/psp_verstage/vboot_crypto.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c index 81a6740668..8c1f31336a 100644 --- a/src/soc/amd/common/psp_verstage/vboot_crypto.c +++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c @@ -6,9 +6,11 @@ #include <commonlib/bsd/helpers.h> #include <console/console.h> #include "psp_verstage.h" +#include <soc/psp_verstage_addr.h> #include <stddef.h> #include <string.h> #include <swab.h> +#include <symbols.h> #include <vb2_api.h> static struct sha_generic_data sha_op; @@ -40,9 +42,10 @@ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_ return VB2_SUCCESS; } -vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) +static vb2_error_t vb2ex_hwcrypto_digest_extend_psp_sram(const uint8_t *buf, uint32_t size) { uint32_t retval; + sha_op.Data = (uint8_t *)buf; if (!sha_op_size_remaining) { @@ -76,6 +79,39 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) return VB2_SUCCESS; } + +vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) +{ + vb2_error_t retval; + uint32_t offset = 0, copy_size; + + /* + * Crypto engine prefers the buffer from SRAM. CBFS verification may pass the + * mapped address of SPI flash which makes crypto engine to return invalid address. + * Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a + * temporary buffer before passing it to crypto engine. + */ + if (buf >= _sram && (buf + size) < _esram) + return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size); + + while (size) { + uint8_t block[CONFIG_VBOOT_HASH_BLOCK_SIZE]; + + copy_size = size < CONFIG_VBOOT_HASH_BLOCK_SIZE ? + size : CONFIG_VBOOT_HASH_BLOCK_SIZE; + memcpy(block, buf + offset, copy_size); + + retval = vb2ex_hwcrypto_digest_extend_psp_sram(block, copy_size); + if (retval != VB2_SUCCESS) + return retval; + + size -= copy_size; + offset += copy_size; + } + + return VB2_SUCCESS; +} + /* Copy the hash back to verstage */ vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size) { |