diff options
author | Aaron Durbin <adurbin@chromium.org> | 2016-01-27 14:23:17 -0600 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2016-02-04 17:42:54 +0100 |
commit | 4121f9e555170bde6589b4e731f17f2149c3b401 (patch) | |
tree | d0ad108886ad2a2ba0f89453495b7491260f4afa /src/vendorcode | |
parent | f52fb2f7503373adf8a841608f9cb295448ae086 (diff) |
google/chromeos/vboot2: honor boot region device size
Vboot keeps track of the size of the hashed region in each
RW slot. While that size was being used to calculate the hash
it wasn't being honored in restricting the access within the
FMAP region for that RW slot. To alleviate that create a sub
region that covers the hashed data for the region in which
we boot from while performing CBFS accesses.
BUG=chrome-os-partner:49764
BUG=chromium:445938
BRANCH=glados
TEST=Built and booted chell with cbfstool and dev-util patches.
Change-Id: I1a4f45573a6eb8d53a63bc4b2453592664c4f78b
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 4ac9e84af5b632e5735736d505bb2ca6dba4ce28
Original-Change-Id: Idca946926f5cfd2c87c4a740ad2108010b6b6973
Original-Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/324093
Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-on: https://review.coreboot.org/13586
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Diffstat (limited to 'src/vendorcode')
-rw-r--r-- | src/vendorcode/google/chromeos/vboot2/vboot_logic.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c index 0d08d6adb2..fec368c590 100644 --- a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c +++ b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c @@ -202,6 +202,17 @@ static int hash_body(struct vb2_context *ctx, struct region_device *fw_main) if (rv) return rv; + /* + * Honor vboot's RW slot size. The expected size is pulled out of + * the preamble and obtained through vb2api_init_hash() above. By + * creating sub region the RW slot portion of the boot media is + * limited. + */ + if (rdev_chain(fw_main, fw_main, 0, expected_size)) { + printk(BIOS_ERR, "Unable to restrict CBFS size.\n"); + return VB2_ERROR_UNKNOWN; + } + /* Extend over the body */ while (expected_size) { uint64_t temp_ts; |