summaryrefslogtreecommitdiff
path: root/src/vendorcode/eltan/security/verified_boot
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2020-03-04 16:52:08 -0800
committerPatrick Georgi <pgeorgi@google.com>2020-12-02 22:13:17 +0000
commit834b3ecd7cbefbad8f09a9bda4f10cd7842cdbcd (patch)
tree13db079f261e5fd3854f85e7f03c2d177fa7dbbb /src/vendorcode/eltan/security/verified_boot
parent0d9072b1a196627755164288a9f334ef844628f5 (diff)
cbfs: Simplify load/map API names, remove type arguments
This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file() to cbfs_map() and cbfs_load() respectively. This is supposed to be the start of a new, better organized CBFS API where the most common operations have the most simple and straight-forward names. Less commonly used variants of these operations (e.g. cbfs_ro_load() or cbfs_region_load()) can be introduced later. It seems unnecessary to keep carrying around "boot" in the names of most CBFS APIs if the vast majority of accesses go to the boot CBFS (instead, more unusual operations should have longer names that describe how they diverge from the common ones). cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly reap mappings when desired. A few new cbfs_unmap() calls are added to generic code where it makes sense, but it seems unnecessary to introduce this everywhere in platform or architecture specific code where the boot medium is known to be memory-mapped anyway. In fact, even for non-memory-mapped platforms, sometimes leaking a mapping to the CBFS cache is a much cleaner solution than jumping through hoops to provide some other storage for some long-lived file object, and it shouldn't be outright forbidden when it makes sense. Additionally, remove the type arguments from these function signatures. The goal is to eventually remove type arguments for lookup from the whole CBFS API. Filenames already uniquely identify CBFS files. The type field is just informational, and there should be APIs to allow callers to check it when desired, but it's not clear what we gain from forcing this as a parameter into every single CBFS access when the vast majority of the time it provides no additional value and is just clutter. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Mariusz SzafraƄski <mariuszx.szafranski@intel.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/vendorcode/eltan/security/verified_boot')
-rw-r--r--src/vendorcode/eltan/security/verified_boot/vboot_check.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
index 044f2d43b1..824570e481 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
@@ -33,7 +33,7 @@ int verified_boot_check_manifest(void)
sd = vb2_get_sd(ctx);
- buffer = cbfs_boot_map_with_leak(RSA_PUBLICKEY_FILE_NAME, CBFS_TYPE_RAW, &size);
+ buffer = cbfs_map(RSA_PUBLICKEY_FILE_NAME, &size);
if (!buffer || !size) {
printk(BIOS_ERR, "ERROR: Public key not found!\n");
goto fail;
@@ -71,7 +71,7 @@ int verified_boot_check_manifest(void)
pre->flags = VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO;
/* Fill body_signature (vb2_structure). RSA2048 key is used */
- cbfs_boot_map_with_leak("oemmanifest.bin", CBFS_TYPE_RAW, &size);
+ cbfs_map("oemmanifest.bin", &size);
if (size != ((CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * DIGEST_SIZE) + (2048/8))) {
printk(BIOS_ERR, "ERROR: Incorrect manifest size!\n");
goto fail;
@@ -183,7 +183,7 @@ void verified_boot_check_cbfsfile(const char *name, uint32_t type, uint32_t hash
void *start;
size_t size;
- start = cbfs_boot_map_with_leak(name, type & ~VERIFIED_BOOT_COPY_BLOCK, &size);
+ start = cbfs_map(name, &size);
if (start && size) {
/* Speed up processing by copying the file content to memory first */
if (!ENV_ROMSTAGE_OR_BEFORE && (type & VERIFIED_BOOT_COPY_BLOCK)) {