summaryrefslogtreecommitdiff
path: root/src/vendorcode
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2022-08-08 18:08:35 -0700
committerJulius Werner <jwerner@chromium.org>2022-09-02 23:51:29 +0000
commitd96ca2465227f29354b41ce2ea7a17f1c5b8f1c1 (patch)
tree835f9410585448932b2195bfdb7b4066204411f3 /src/vendorcode
parentb45b48de739ebaf52584bc23797869028950a535 (diff)
cbfs/vboot: Adapt to new vb2_digest API
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new hwcrypto_allowed argument, to potentially let them try to call the vb2ex_hwcrypto API for hash calculation. This change will open hardware crypto acceleration up to all hash calculations in coreboot (most notably CBFS verification). As part of this change, the vb2_digest_buffer() function has been removed, so replace existing instances in coreboot with the newer vb2_hash_calculate() API. Due to the circular dependency of these changes with vboot, this patch also needs to update the vboot submodule: Updating from commit id 18cb85b5: 2load_kernel.c: Expose load kernel as vb2_api to commit id b827ddb9: tests: Ensure auxfw sync runs after EC sync This brings in 15 new commits. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Diffstat (limited to 'src/vendorcode')
-rw-r--r--src/vendorcode/eltan/security/mboot/mboot.c5
-rw-r--r--src/vendorcode/eltan/security/verified_boot/vboot_check.c7
2 files changed, 8 insertions, 4 deletions
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c
index 575c5fc022..c26ac8f39d 100644
--- a/src/vendorcode/eltan/security/mboot/mboot.c
+++ b/src/vendorcode/eltan/security/mboot/mboot.c
@@ -128,9 +128,10 @@ int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLe
/* The hash is provided as data */
memcpy(digest->digest.sha256, (void *)hashData, hashDataLen);
} else {
- if (vb2_digest_buffer(hashData, hashDataLen, VB2_HASH_SHA256, digest->digest.sha256,
- VB2_SHA256_DIGEST_SIZE))
+ struct vb2_hash tmp;
+ if (vb2_hash_calculate(false, hashData, hashDataLen, VB2_HASH_SHA256, &tmp))
return TPM_E_IOERROR;
+ memcpy(digest->digest.sha256, tmp.sha256, sizeof(tmp.sha256));
}
printk(BIOS_DEBUG, "%s: SHA256 Hash Digest:\n", __func__);
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
index 09da5c50ad..649adc285d 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
@@ -145,9 +145,12 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz
start, (int)size);
if (start && size) {
+ struct vb2_hash tmp_hash;
+
+ status = vb2_hash_calculate(false, start, size, HASH_ALG, &tmp_hash);
+ if (!status)
+ memcpy(digest, tmp_hash.raw, DIGEST_SIZE);
- status = vb2_digest_buffer((const uint8_t *)start, size, HASH_ALG, digest,
- DIGEST_SIZE);
if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)(
(uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC +
sizeof(digest) * hash_index), digest, sizeof(digest))) || status) {