diff options
| author | Werner Zeh <werner.zeh@siemens.com> | 2022-05-23 13:19:38 +0200 |
|---|---|---|
| committer | Felix Held <felix-coreboot@felixheld.de> | 2022-05-24 13:48:37 +0000 |
| commit | de1459082b08cf17c5e0c82fde5430801eec46ff (patch) | |
| tree | bb9248d642732ac76341f5d58c177b6167c680c2 /src | |
| parent | 458cfaea9f9da1c9aa4c70971e607f9cbdff533f (diff) | |
soc/intel/apollolake: Compare patched FIT pointer with the pre-defined
Since the FIT pointer is patched at runtime there is no guarantee that
the pre-defined one will match the patched one. Add a check and print a
warning at runtime if both addresses (pre-defined and patched) do not
match as in this case an offline computed hash for the bootblock will
differ from the runtime one.
Change-Id: Ib1b02ec43af183caa9f5b08b3c485879b423c40f
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64598
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'src')
| -rw-r--r-- | src/soc/intel/apollolake/bootblock/bootblock_measure.c | 7 | ||||
| -rw-r--r-- | src/soc/intel/apollolake/bootblock/fit.c | 4 |
2 files changed, 10 insertions, 1 deletions
diff --git a/src/soc/intel/apollolake/bootblock/bootblock_measure.c b/src/soc/intel/apollolake/bootblock/bootblock_measure.c index bd8e5b0105..e34e69b051 100644 --- a/src/soc/intel/apollolake/bootblock/bootblock_measure.c +++ b/src/soc/intel/apollolake/bootblock/bootblock_measure.c @@ -7,6 +7,7 @@ #include <stdint.h> #include <symbols.h> +extern const uint64_t fit_ptr; /* This region device covers the shared SRAM that gets mapped at bootblock runtime. */ static const struct mem_region_device sram_rdev = MEM_REGION_DEV_RO_INIT(SHARED_SRAM_BASE, SHARED_SRAM_SIZE); @@ -50,5 +51,11 @@ int tspi_soc_measure_bootblock(int pcr_index) return 1; if (tpm_measure_region(&ifwi_bootblock, pcr_index, "IFWI: bootblock")) return 1; + printk(BIOS_DEBUG, "FIT pointer patched to 0x%llx by TXE.\n", fit_ptr); + /* Check if the patched FIT pointer address matches the pre-defined one. */ + if (fit_ptr != SHARED_SRAM_BASE) { + printk(BIOS_WARNING, + "Runtime FIT pointer does not match the pre-defined address!\n"); + } return 0; } diff --git a/src/soc/intel/apollolake/bootblock/fit.c b/src/soc/intel/apollolake/bootblock/fit.c index 0728f53cbd..28207be248 100644 --- a/src/soc/intel/apollolake/bootblock/fit.c +++ b/src/soc/intel/apollolake/bootblock/fit.c @@ -1,11 +1,13 @@ /* SPDX-License-Identifier: GPL-2.0-only */ #include <stdint.h> +#include <soc/iomap.h> /* * At runtime TXE creates the FIT table in the shared SRAM and patches the bootblock * at the fixed address 4G - 64 byte with a pointer to this FIT table. In order to be able * to pre-compute the PCR value for the bootblock this FIT pointer needs to be added to the * image as well. Since the FIT location is fixed in TXE, this can be done at build time. + * TXE places the table right at the start of the shared SRAM. */ -__attribute__((used, __section__(".fit_pointer"))) const uint64_t fit_ptr = 0xfffe0000; +__attribute__((used, __section__(".fit_pointer"))) const uint64_t fit_ptr = SHARED_SRAM_BASE; |