diff options
| -rw-r--r-- | src/include/bootblock_common.h | 1 | ||||
| -rw-r--r-- | src/include/metadata_hash.h | 5 | ||||
| -rw-r--r-- | src/lib/Kconfig.cbfs_verification | 1 | ||||
| -rw-r--r-- | src/lib/Makefile.inc | 1 | ||||
| -rw-r--r-- | src/lib/bootblock.c | 3 | ||||
| -rw-r--r-- | src/lib/decompressor.c | 4 | ||||
| -rw-r--r-- | src/lib/metadata_hash.c | 31 |
7 files changed, 42 insertions, 4 deletions
diff --git a/src/include/bootblock_common.h b/src/include/bootblock_common.h index da627d23d4..fccd23524d 100644 --- a/src/include/bootblock_common.h +++ b/src/include/bootblock_common.h @@ -35,6 +35,7 @@ void bootblock_main_with_timestamp(uint64_t base_timestamp, /* This is the argument structure passed from decompressor to bootblock. */ struct bootblock_arg { uint64_t base_timestamp; + void *metadata_hash_anchor; uint32_t num_timestamps; struct timestamp_entry timestamps[]; }; diff --git a/src/include/metadata_hash.h b/src/include/metadata_hash.h index 2d3b8a86bc..bfa7ef1fb6 100644 --- a/src/include/metadata_hash.h +++ b/src/include/metadata_hash.h @@ -6,6 +6,11 @@ #include <commonlib/bsd/metadata_hash.h> +/* Return a pointer to the whole anchor. Only used for decompressor builds. */ +void *metadata_hash_export_anchor(void); +/* Import a pointer that points to the anchor. Only used for decompressor builds. */ +void metadata_hash_import_anchor(void *ptr); + /* Verify the an FMAP data structure with the FMAP hash that is stored together with the CBFS metadata hash in the bootblock's metadata hash anchor (when CBFS verification is enabled). */ vb2_error_t metadata_hash_verify_fmap(const void *fmap_base, size_t fmap_size); diff --git a/src/lib/Kconfig.cbfs_verification b/src/lib/Kconfig.cbfs_verification index a28df1ff6d..fa90d9d9af 100644 --- a/src/lib/Kconfig.cbfs_verification +++ b/src/lib/Kconfig.cbfs_verification @@ -6,7 +6,6 @@ config CBFS_VERIFICATION bool # TODO: make user selectable once it works - depends on !COMPRESS_BOOTBLOCK # TODO: figure out decompressor anchor depends on !VBOOT_STARTS_BEFORE_BOOTBLOCK # this is gonna get tricky... select VBOOT_LIB help diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 074cb2a1f2..358035d9d8 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -38,6 +38,7 @@ decompressor-y += delay.c decompressor-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c decompressor-y += memchr.c decompressor-y += memcmp.c +decompressor-$(CONFIG_CBFS_VERIFICATION) += metadata_hash.c decompressor-y += prog_ops.c decompressor-$(CONFIG_COLLECT_TIMESTAMPS) += timestamp.c diff --git a/src/lib/bootblock.c b/src/lib/bootblock.c index 1509c8cb59..23fb392276 100644 --- a/src/lib/bootblock.c +++ b/src/lib/bootblock.c @@ -4,6 +4,7 @@ #include <bootblock_common.h> #include <console/console.h> #include <delay.h> +#include <metadata_hash.h> #include <option.h> #include <post.h> #include <program_loading.h> @@ -88,6 +89,8 @@ void main(void) void _start(struct bootblock_arg *arg); void _start(struct bootblock_arg *arg) { + if (CONFIG(CBFS_VERIFICATION)) + metadata_hash_import_anchor(arg->metadata_hash_anchor); bootblock_main_with_timestamp(arg->base_timestamp, arg->timestamps, arg->num_timestamps); } diff --git a/src/lib/decompressor.c b/src/lib/decompressor.c index 8ae9358e6a..1d160e0c60 100644 --- a/src/lib/decompressor.c +++ b/src/lib/decompressor.c @@ -3,6 +3,7 @@ #include <bootblock_common.h> #include <commonlib/bsd/compression.h> #include <delay.h> +#include <metadata_hash.h> #include <program_loading.h> #include <symbols.h> #include <timestamp.h> @@ -42,6 +43,9 @@ void main(void) if (CONFIG(COLLECT_TIMESTAMPS)) arg.base_timestamp = timestamp_get(); + if (CONFIG(CBFS_VERIFICATION)) + arg.metadata_hash_anchor = metadata_hash_export_anchor(); + decompressor_soc_init(); if (CONFIG(COLLECT_TIMESTAMPS)) diff --git a/src/lib/metadata_hash.c b/src/lib/metadata_hash.c index a823c5f26f..5619efea7f 100644 --- a/src/lib/metadata_hash.c +++ b/src/lib/metadata_hash.c @@ -5,6 +5,7 @@ #include <metadata_hash.h> #include <symbols.h> +#if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR __attribute__((used, section(".metadata_hash_anchor"))) static struct metadata_hash_anchor metadata_hash_anchor = { /* This is the only place in all of coreboot where we actually need to use this. */ @@ -12,15 +13,39 @@ static struct metadata_hash_anchor metadata_hash_anchor = { .cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO } }; +static struct metadata_hash_anchor *get_anchor(void) +{ + return &metadata_hash_anchor; +} + +void *metadata_hash_export_anchor(void) +{ + return get_anchor(); +} +#else +static struct metadata_hash_anchor *anchor_ptr = NULL; + +static struct metadata_hash_anchor *get_anchor(void) +{ + assert(anchor_ptr != NULL); + return anchor_ptr; +} + +void metadata_hash_import_anchor(void *ptr) +{ + anchor_ptr = ptr; +} +#endif + struct vb2_hash *metadata_hash_get(void) { - return &metadata_hash_anchor.cbfs_hash; + return &get_anchor()->cbfs_hash; } vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size) { - struct vb2_hash hash = { .algo = metadata_hash_anchor.cbfs_hash.algo }; - memcpy(hash.raw, metadata_hash_anchor_fmap_hash(&metadata_hash_anchor), + struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo }; + memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()), vb2_digest_size(hash.algo)); return vb2_hash_verify(fmap_buffer, fmap_size, &hash); } |