diff options
| author | Julius Werner <jwerner@chromium.org> | 2022-08-09 18:46:50 -0700 |
|---|---|---|
| committer | Julius Werner <jwerner@chromium.org> | 2022-08-12 20:59:59 +0000 |
| commit | 99a9928447568e0144a61ea1d1799ecd99b31b9d (patch) | |
| tree | 346de50def36a9f1c46d8dd4adf476acce33105c /src | |
| parent | 5ef258b3f6a6481d20f1fca0f60db894b80649ab (diff) | |
soc/(amd|rockchip): Update vb2ex_hwcrypto implementations to new API req
We want to extend the vb2ex_hwcrypto APIs on the vboot side to allow
passing 0 for the data_size parameter to vb2ex_hwcrypto_digest_init()
(see CL:3825558). This is because not all use cases allow knowing the
amount of data to be hashed beforehand (most notable the metadata hash
for CBFS verification), and some HW crypto engines do not need this
information, so we don't want to preclude them from optimizing these use
cases just because others do.
The new API requirement is that data_size may be 0, which indicates that
the amount of data to be hashed is unknown. If a HW crypto engine cannot
support this case, it should return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED to
those calls (this patch adds the code to do that to existing HW crypto
implementations). If the passed-in data_size value is non-zero, the HW
crypto implementation can trust that it is accurate.
Also reduce a bit of the console spew for existing HW crypto
implementations, since vboot already logs the same information anyway.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ieb7597080254b31ef2bdbc0defc91b119c618380
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66621
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/soc/amd/common/psp_verstage/vboot_crypto.c | 8 | ||||
| -rw-r--r-- | src/soc/rockchip/rk3288/crypto.c | 5 |
2 files changed, 3 insertions, 10 deletions
diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c index 89a4ccea51..81a6740668 100644 --- a/src/soc/amd/common/psp_verstage/vboot_crypto.c +++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c @@ -17,15 +17,11 @@ static uint8_t __attribute__((aligned(32))) sha_hash[64]; vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_t data_size) { - printk(BIOS_DEBUG, "Calculating hash of %d bytes\n", data_size); + if (!data_size || platform_set_sha_op(hash_alg, &sha_op) != 0) + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; sha_op_size_remaining = data_size; - if (platform_set_sha_op(hash_alg, &sha_op) != 0) { - printk(BIOS_INFO, "Unsupported hash_alg %d!\n", hash_alg); - return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; - } - /* Set init flag for first operation */ sha_op.Init = 1; diff --git a/src/soc/rockchip/rk3288/crypto.c b/src/soc/rockchip/rk3288/crypto.c index 6ce6a27c95..450a8a05ac 100644 --- a/src/soc/rockchip/rk3288/crypto.c +++ b/src/soc/rockchip/rk3288/crypto.c @@ -58,11 +58,8 @@ check_member(rk3288_crypto, trng_dout[7], 0x220); vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_t data_size) { - if (hash_alg != VB2_HASH_SHA256) { - printk(BIOS_INFO, "RK3288 doesn't support hash_alg %d!\n", - hash_alg); + if (hash_alg != VB2_HASH_SHA256 || !data_size) return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; - } write32(&crypto->ctrl, RK_SETBITS(1 << 6)); /* Assert HASH_FLUSH */ udelay(1); /* for 10+ cycles to */ |