diff options
author | Julius Werner <jwerner@chromium.org> | 2022-08-08 18:08:35 -0700 |
---|---|---|
committer | Julius Werner <jwerner@chromium.org> | 2022-09-02 23:51:29 +0000 |
commit | d96ca2465227f29354b41ce2ea7a17f1c5b8f1c1 (patch) | |
tree | 835f9410585448932b2195bfdb7b4066204411f3 /util/cbfstool | |
parent | b45b48de739ebaf52584bc23797869028950a535 (diff) |
cbfs/vboot: Adapt to new vb2_digest API
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new
hwcrypto_allowed argument, to potentially let them try to call the
vb2ex_hwcrypto API for hash calculation. This change will open hardware
crypto acceleration up to all hash calculations in coreboot (most
notably CBFS verification). As part of this change, the
vb2_digest_buffer() function has been removed, so replace existing
instances in coreboot with the newer vb2_hash_calculate() API.
Due to the circular dependency of these changes with vboot, this patch
also needs to update the vboot submodule:
Updating from commit id 18cb85b5:
2load_kernel.c: Expose load kernel as vb2_api
to commit id b827ddb9:
tests: Ensure auxfw sync runs after EC sync
This brings in 15 new commits.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
Diffstat (limited to 'util/cbfstool')
-rw-r--r-- | util/cbfstool/cbfs_glue.h | 1 | ||||
-rw-r--r-- | util/cbfstool/cbfs_image.c | 6 | ||||
-rw-r--r-- | util/cbfstool/cbfstool.c | 10 | ||||
-rw-r--r-- | util/cbfstool/platform_fixups.c | 4 |
4 files changed, 11 insertions, 10 deletions
diff --git a/util/cbfstool/cbfs_glue.h b/util/cbfstool/cbfs_glue.h index 11786bece4..77f22e5a33 100644 --- a/util/cbfstool/cbfs_glue.h +++ b/util/cbfstool/cbfs_glue.h @@ -6,6 +6,7 @@ #include "cbfs_image.h" #define CBFS_ENABLE_HASHING 1 +#define CBFS_HASH_HWCRYPTO 0 typedef const struct cbfs_image *cbfs_dev_t; diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c index 97ad995545..182b185558 100644 --- a/util/cbfstool/cbfs_image.c +++ b/util/cbfstool/cbfs_image.c @@ -1456,7 +1456,7 @@ int cbfs_print_entry_info(struct cbfs_image *image, struct cbfs_file *entry, break; } char *hash_str = bintohex(attr->hash.raw, hash_len); - int valid = vb2_hash_verify(CBFS_SUBHEADER(entry), + int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry), be32toh(entry->len), &attr->hash) == VB2_SUCCESS; const char *valid_str = valid ? "valid" : "invalid"; @@ -1544,7 +1544,7 @@ static int cbfs_print_parseable_entry_info(struct cbfs_image *image, if (!hash_len) continue; char *hash_str = bintohex(attr->hash.raw, hash_len); - int valid = vb2_hash_verify(CBFS_SUBHEADER(entry), + int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry), be32toh(entry->len), &attr->hash) == VB2_SUCCESS; fprintf(fp, "%shash:%s:%s:%s", sep, vb2_get_hash_algorithm_name(attr->hash.algo), @@ -1873,7 +1873,7 @@ int cbfs_add_file_hash(struct cbfs_file *header, struct buffer *buffer, if (attr == NULL) return -1; - if (vb2_hash_calculate(buffer_get(buffer), buffer_size(buffer), + if (vb2_hash_calculate(false, buffer_get(buffer), buffer_size(buffer), alg, &attr->hash) != VB2_SUCCESS) return -1; diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c index c2191d27a5..5cb787d1c2 100644 --- a/util/cbfstool/cbfstool.c +++ b/util/cbfstool/cbfstool.c @@ -271,12 +271,12 @@ static int maybe_update_fmap_hash(void) if (mhc->cbfs_hash.algo == VB2_HASH_INVALID) return 0; - uint8_t fmap_hash[VB2_MAX_DIGEST_SIZE]; + struct vb2_hash fmap_hash; const struct fmap *fmap = partitioned_file_get_fmap(param.image_file); - if (!fmap || vb2_digest_buffer((const void *)fmap, fmap_size(fmap), - mhc->cbfs_hash.algo, fmap_hash, sizeof(fmap_hash))) + if (!fmap || vb2_hash_calculate(false, fmap, fmap_size(fmap), + mhc->cbfs_hash.algo, &fmap_hash)) return -1; - return update_anchor(mhc, fmap_hash); + return update_anchor(mhc, fmap_hash.raw); } static bool verification_exclude(enum cbfs_type type) @@ -1511,7 +1511,7 @@ static enum cb_err verify_walker(__always_unused cbfs_dev_t dev, size_t offset, if (!hash) return CB_ERR; void *file_data = arg + offset + data_offset; - if (vb2_hash_verify(file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS) + if (vb2_hash_verify(false, file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS) return CB_CBFS_HASH_MISMATCH; return CB_CBFS_NOT_FOUND; } diff --git a/util/cbfstool/platform_fixups.c b/util/cbfstool/platform_fixups.c index b2e12cf6a2..12a5ad7371 100644 --- a/util/cbfstool/platform_fixups.c +++ b/util/cbfstool/platform_fixups.c @@ -67,7 +67,7 @@ static void *qualcomm_find_hash(struct buffer *in, size_t bb_offset, struct vb2_ } /* Pass out the actual hash of the current bootblock segment in |real_hash|. */ - if (vb2_hash_calculate(buffer_get(&elf) + pelf.phdr[bb_segment].p_offset, + if (vb2_hash_calculate(false, buffer_get(&elf) + pelf.phdr[bb_segment].p_offset, pelf.phdr[bb_segment].p_filesz, VB2_HASH_SHA384, real_hash)) { ERROR("fixups: vboot digest error\n"); goto destroy_elf; @@ -159,7 +159,7 @@ static void *mediatek_find_hash(struct buffer *bootblock, struct vb2_hash *real_ return NULL; } - if (vb2_hash_calculate(buffer_get(&buffer), + if (vb2_hash_calculate(false, buffer_get(&buffer), MEDIATEK_BOOTBLOCK_GFH_SIZE + data_size, VB2_HASH_SHA256, real_hash)) { ERROR("fixups: MediaTek: vboot digest error\n"); |