summaryrefslogtreecommitdiff
path: root/src/vendorcode
diff options
context:
space:
mode:
authorAaron Durbin <adurbin@chromium.org>2016-01-27 14:23:17 -0600
committerPatrick Georgi <pgeorgi@google.com>2016-02-04 17:42:54 +0100
commit4121f9e555170bde6589b4e731f17f2149c3b401 (patch)
treed0ad108886ad2a2ba0f89453495b7491260f4afa /src/vendorcode
parentf52fb2f7503373adf8a841608f9cb295448ae086 (diff)
google/chromeos/vboot2: honor boot region device size
Vboot keeps track of the size of the hashed region in each RW slot. While that size was being used to calculate the hash it wasn't being honored in restricting the access within the FMAP region for that RW slot. To alleviate that create a sub region that covers the hashed data for the region in which we boot from while performing CBFS accesses. BUG=chrome-os-partner:49764 BUG=chromium:445938 BRANCH=glados TEST=Built and booted chell with cbfstool and dev-util patches. Change-Id: I1a4f45573a6eb8d53a63bc4b2453592664c4f78b Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 4ac9e84af5b632e5735736d505bb2ca6dba4ce28 Original-Change-Id: Idca946926f5cfd2c87c4a740ad2108010b6b6973 Original-Signed-off-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/324093 Original-Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-on: https://review.coreboot.org/13586 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Diffstat (limited to 'src/vendorcode')
-rw-r--r--src/vendorcode/google/chromeos/vboot2/vboot_logic.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
index 0d08d6adb2..fec368c590 100644
--- a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
+++ b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
@@ -202,6 +202,17 @@ static int hash_body(struct vb2_context *ctx, struct region_device *fw_main)
if (rv)
return rv;
+ /*
+ * Honor vboot's RW slot size. The expected size is pulled out of
+ * the preamble and obtained through vb2api_init_hash() above. By
+ * creating sub region the RW slot portion of the boot media is
+ * limited.
+ */
+ if (rdev_chain(fw_main, fw_main, 0, expected_size)) {
+ printk(BIOS_ERR, "Unable to restrict CBFS size.\n");
+ return VB2_ERROR_UNKNOWN;
+ }
+
/* Extend over the body */
while (expected_size) {
uint64_t temp_ts;