summaryrefslogtreecommitdiff
path: root/util/cbfstool
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2022-08-08 18:08:35 -0700
committerJulius Werner <jwerner@chromium.org>2022-09-02 23:51:29 +0000
commitd96ca2465227f29354b41ce2ea7a17f1c5b8f1c1 (patch)
tree835f9410585448932b2195bfdb7b4066204411f3 /util/cbfstool
parentb45b48de739ebaf52584bc23797869028950a535 (diff)
cbfs/vboot: Adapt to new vb2_digest API
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new hwcrypto_allowed argument, to potentially let them try to call the vb2ex_hwcrypto API for hash calculation. This change will open hardware crypto acceleration up to all hash calculations in coreboot (most notably CBFS verification). As part of this change, the vb2_digest_buffer() function has been removed, so replace existing instances in coreboot with the newer vb2_hash_calculate() API. Due to the circular dependency of these changes with vboot, this patch also needs to update the vboot submodule: Updating from commit id 18cb85b5: 2load_kernel.c: Expose load kernel as vb2_api to commit id b827ddb9: tests: Ensure auxfw sync runs after EC sync This brings in 15 new commits. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Diffstat (limited to 'util/cbfstool')
-rw-r--r--util/cbfstool/cbfs_glue.h1
-rw-r--r--util/cbfstool/cbfs_image.c6
-rw-r--r--util/cbfstool/cbfstool.c10
-rw-r--r--util/cbfstool/platform_fixups.c4
4 files changed, 11 insertions, 10 deletions
diff --git a/util/cbfstool/cbfs_glue.h b/util/cbfstool/cbfs_glue.h
index 11786bece4..77f22e5a33 100644
--- a/util/cbfstool/cbfs_glue.h
+++ b/util/cbfstool/cbfs_glue.h
@@ -6,6 +6,7 @@
#include "cbfs_image.h"
#define CBFS_ENABLE_HASHING 1
+#define CBFS_HASH_HWCRYPTO 0
typedef const struct cbfs_image *cbfs_dev_t;
diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index 97ad995545..182b185558 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -1456,7 +1456,7 @@ int cbfs_print_entry_info(struct cbfs_image *image, struct cbfs_file *entry,
break;
}
char *hash_str = bintohex(attr->hash.raw, hash_len);
- int valid = vb2_hash_verify(CBFS_SUBHEADER(entry),
+ int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry),
be32toh(entry->len), &attr->hash) == VB2_SUCCESS;
const char *valid_str = valid ? "valid" : "invalid";
@@ -1544,7 +1544,7 @@ static int cbfs_print_parseable_entry_info(struct cbfs_image *image,
if (!hash_len)
continue;
char *hash_str = bintohex(attr->hash.raw, hash_len);
- int valid = vb2_hash_verify(CBFS_SUBHEADER(entry),
+ int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry),
be32toh(entry->len), &attr->hash) == VB2_SUCCESS;
fprintf(fp, "%shash:%s:%s:%s", sep,
vb2_get_hash_algorithm_name(attr->hash.algo),
@@ -1873,7 +1873,7 @@ int cbfs_add_file_hash(struct cbfs_file *header, struct buffer *buffer,
if (attr == NULL)
return -1;
- if (vb2_hash_calculate(buffer_get(buffer), buffer_size(buffer),
+ if (vb2_hash_calculate(false, buffer_get(buffer), buffer_size(buffer),
alg, &attr->hash) != VB2_SUCCESS)
return -1;
diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c
index c2191d27a5..5cb787d1c2 100644
--- a/util/cbfstool/cbfstool.c
+++ b/util/cbfstool/cbfstool.c
@@ -271,12 +271,12 @@ static int maybe_update_fmap_hash(void)
if (mhc->cbfs_hash.algo == VB2_HASH_INVALID)
return 0;
- uint8_t fmap_hash[VB2_MAX_DIGEST_SIZE];
+ struct vb2_hash fmap_hash;
const struct fmap *fmap = partitioned_file_get_fmap(param.image_file);
- if (!fmap || vb2_digest_buffer((const void *)fmap, fmap_size(fmap),
- mhc->cbfs_hash.algo, fmap_hash, sizeof(fmap_hash)))
+ if (!fmap || vb2_hash_calculate(false, fmap, fmap_size(fmap),
+ mhc->cbfs_hash.algo, &fmap_hash))
return -1;
- return update_anchor(mhc, fmap_hash);
+ return update_anchor(mhc, fmap_hash.raw);
}
static bool verification_exclude(enum cbfs_type type)
@@ -1511,7 +1511,7 @@ static enum cb_err verify_walker(__always_unused cbfs_dev_t dev, size_t offset,
if (!hash)
return CB_ERR;
void *file_data = arg + offset + data_offset;
- if (vb2_hash_verify(file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS)
+ if (vb2_hash_verify(false, file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS)
return CB_CBFS_HASH_MISMATCH;
return CB_CBFS_NOT_FOUND;
}
diff --git a/util/cbfstool/platform_fixups.c b/util/cbfstool/platform_fixups.c
index b2e12cf6a2..12a5ad7371 100644
--- a/util/cbfstool/platform_fixups.c
+++ b/util/cbfstool/platform_fixups.c
@@ -67,7 +67,7 @@ static void *qualcomm_find_hash(struct buffer *in, size_t bb_offset, struct vb2_
}
/* Pass out the actual hash of the current bootblock segment in |real_hash|. */
- if (vb2_hash_calculate(buffer_get(&elf) + pelf.phdr[bb_segment].p_offset,
+ if (vb2_hash_calculate(false, buffer_get(&elf) + pelf.phdr[bb_segment].p_offset,
pelf.phdr[bb_segment].p_filesz, VB2_HASH_SHA384, real_hash)) {
ERROR("fixups: vboot digest error\n");
goto destroy_elf;
@@ -159,7 +159,7 @@ static void *mediatek_find_hash(struct buffer *bootblock, struct vb2_hash *real_
return NULL;
}
- if (vb2_hash_calculate(buffer_get(&buffer),
+ if (vb2_hash_calculate(false, buffer_get(&buffer),
MEDIATEK_BOOTBLOCK_GFH_SIZE + data_size,
VB2_HASH_SHA256, real_hash)) {
ERROR("fixups: MediaTek: vboot digest error\n");