diff options
m--------- | 3rdparty/vboot | 0 | ||||
-rw-r--r-- | payloads/libpayload/include/cbfs_glue.h | 4 | ||||
-rw-r--r-- | payloads/libpayload/libcbfs/cbfs.c | 9 | ||||
-rw-r--r-- | payloads/libpayload/tests/libcbfs/cbfs-verification-test.c | 4 | ||||
-rw-r--r-- | src/commonlib/bsd/cbfs_private.c | 5 | ||||
-rw-r--r-- | src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h | 3 | ||||
-rw-r--r-- | src/include/cbfs_glue.h | 2 | ||||
-rw-r--r-- | src/lib/cbfs.c | 14 | ||||
-rw-r--r-- | src/lib/metadata_hash.c | 3 | ||||
-rw-r--r-- | src/security/tpm/tspi/tspi.c | 3 | ||||
-rw-r--r-- | src/security/vboot/misc.h | 14 | ||||
-rw-r--r-- | src/security/vboot/mrc_cache_hash_tpm.c | 40 | ||||
-rw-r--r-- | src/security/vboot/tpm_common.c | 3 | ||||
-rw-r--r-- | src/soc/intel/alderlake/hsphy.c | 29 | ||||
-rw-r--r-- | src/soc/intel/common/block/cse/cse_lite.c | 8 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/mboot/mboot.c | 5 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/vboot_check.c | 7 | ||||
-rw-r--r-- | tests/lib/cbfs-verification-test.c | 7 | ||||
-rw-r--r-- | util/cbfstool/cbfs_glue.h | 1 | ||||
-rw-r--r-- | util/cbfstool/cbfs_image.c | 6 | ||||
-rw-r--r-- | util/cbfstool/cbfstool.c | 10 | ||||
-rw-r--r-- | util/cbfstool/platform_fixups.c | 4 |
22 files changed, 97 insertions, 84 deletions
diff --git a/3rdparty/vboot b/3rdparty/vboot -Subproject 18cb85b52d689b4cfbd49c6384ae2088b78af1e +Subproject b827ddb9b02228fc8064d7e03bdc6f05535d5e0 diff --git a/payloads/libpayload/include/cbfs_glue.h b/payloads/libpayload/include/cbfs_glue.h index 00d0ea943a..bff63eea4a 100644 --- a/payloads/libpayload/include/cbfs_glue.h +++ b/payloads/libpayload/include/cbfs_glue.h @@ -5,9 +5,11 @@ #include <libpayload-config.h> #include <boot_device.h> +#include <stdbool.h> #include <stdio.h> #define CBFS_ENABLE_HASHING CONFIG(LP_CBFS_VERIFICATION) +#define CBFS_HASH_HWCRYPTO cbfs_hwcrypto_allowed() #define ERROR(...) printf("CBFS ERROR: " __VA_ARGS__) #define LOG(...) printf("CBFS: " __VA_ARGS__) @@ -43,4 +45,6 @@ static inline size_t cbfs_dev_size(cbfs_dev_t dev) return dev->size; } +bool cbfs_hwcrypto_allowed(void); + #endif /* _CBFS_CBFS_GLUE_H */ diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c index 0694c4f7c5..a158ba8fa1 100644 --- a/payloads/libpayload/libcbfs/cbfs.c +++ b/payloads/libpayload/libcbfs/cbfs.c @@ -89,7 +89,7 @@ static bool cbfs_file_hash_mismatch(const void *buffer, size_t size, ERROR("'%s' does not have a file hash!\n", mdata->h.filename); return true; } - if (vb2_hash_verify(buffer, size, hash) != VB2_SUCCESS) { + if (vb2_hash_verify(cbfs_hwcrypto_allowed(), buffer, size, hash) != VB2_SUCCESS) { ERROR("'%s' file hash mismatch!\n", mdata->h.filename); return true; } @@ -223,3 +223,10 @@ void *_cbfs_unverified_area_load(const char *area, const char *name, void *buf, return do_load(&mdata, dev.offset + data_offset, buf, size_inout, true); } + +/* This should be overridden by payloads that want to enforce more explicit + policy on using HW crypto. */ +__weak bool cbfs_hwcrypto_allowed(void) +{ + return true; +} diff --git a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c index 8e50f39d45..25e402cca3 100644 --- a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c +++ b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c @@ -23,8 +23,10 @@ size_t vb2_digest_size(enum vb2_hash_algorithm hash_alg) return VB2_SHA256_DIGEST_SIZE; } -vb2_error_t vb2_hash_verify(const void *buf, uint32_t size, const struct vb2_hash *hash) +vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size, + const struct vb2_hash *hash) { + assert_true(allow_hwcrypto); check_expected_ptr(buf); check_expected(size); diff --git a/src/commonlib/bsd/cbfs_private.c b/src/commonlib/bsd/cbfs_private.c index e77c299e7b..b9221fc776 100644 --- a/src/commonlib/bsd/cbfs_private.c +++ b/src/commonlib/bsd/cbfs_private.c @@ -30,13 +30,10 @@ enum cb_err cbfs_walk(cbfs_dev_t dev, enum cb_err (*walker)(cbfs_dev_t dev, size const bool do_hash = CBFS_ENABLE_HASHING && metadata_hash; const size_t devsize = cbfs_dev_size(dev); struct vb2_digest_context dc; - vb2_error_t vbrv; assert(CBFS_ENABLE_HASHING || (!metadata_hash && !(flags & CBFS_WALK_WRITEBACK_HASH))); - if (do_hash && (vbrv = vb2_digest_init(&dc, metadata_hash->algo))) { - ERROR("Metadata hash digest (%d) init error: %#x\n", metadata_hash->algo, vbrv); + if (do_hash && vb2_digest_init(&dc, CBFS_HASH_HWCRYPTO, metadata_hash->algo, 0)) return CB_ERR_ARG; - } size_t offset = 0; enum cb_err ret_header; diff --git a/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h b/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h index 410bfd62ba..88f5b630bb 100644 --- a/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h +++ b/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h @@ -27,6 +27,9 @@ * cbfs_dev_t An opaque type representing a CBFS storage backend. * CBFS_ENABLE_HASHING Should be 0 to avoid linking hashing features, 1 otherwise. (Only for * metadata hashing. Host application needs to check file hashes itself.) + * CBFS_HASH_HWCRYPTO Should evaluate to true to allow using vboot hardware crypto routines + * for hashing, false to forbid. This macro may expand to a function call + * to decide this at runtime. * ERROR(...) printf-style macro to print errors. * LOG(...) printf-style macro to print normal-operation log messages. * DEBUG(...) printf-style macro to print detailed debug output. diff --git a/src/include/cbfs_glue.h b/src/include/cbfs_glue.h index 3170c37269..652cf1b805 100644 --- a/src/include/cbfs_glue.h +++ b/src/include/cbfs_glue.h @@ -5,6 +5,7 @@ #include <commonlib/region.h> #include <console/console.h> +#include <security/vboot/misc.h> #include <rules.h> /* @@ -18,6 +19,7 @@ */ #define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \ (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE)) +#define CBFS_HASH_HWCRYPTO vboot_hwcrypto_allowed() #define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__) #define LOG(...) printk(BIOS_INFO, "CBFS: " __VA_ARGS__) diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c index e1334f4152..4f2d9caea9 100644 --- a/src/lib/cbfs.c +++ b/src/lib/cbfs.c @@ -12,7 +12,7 @@ #include <list.h> #include <metadata_hash.h> #include <security/tpm/tspi/crtm.h> -#include <security/vboot/vboot_common.h> +#include <security/vboot/misc.h> #include <stdlib.h> #include <string.h> #include <symbols.h> @@ -160,7 +160,7 @@ static bool cbfs_file_hash_mismatch(const void *buffer, size_t size, ERROR("'%s' does not have a file hash!\n", mdata->h.filename); return true; } - if (vb2_hash_verify(buffer, size, hash) != VB2_SUCCESS) { + if (vb2_hash_verify(vboot_hwcrypto_allowed(), buffer, size, hash)) { ERROR("'%s' file hash mismatch!\n", mdata->h.filename); return true; } @@ -171,11 +171,15 @@ static bool cbfs_file_hash_mismatch(const void *buffer, size_t size, /* No need to re-hash file if we already have it from verification. */ if (!hash || hash->algo != TPM_MEASURE_ALGO) { - vb2_hash_calculate(buffer, size, TPM_MEASURE_ALGO, &calculated_hash); - hash = &calculated_hash; + if (vb2_hash_calculate(vboot_hwcrypto_allowed(), buffer, size, + TPM_MEASURE_ALGO, &calculated_hash)) + hash = NULL; + else + hash = &calculated_hash; } - if (tspi_cbfs_measurement(mdata->h.filename, be32toh(mdata->h.type), hash)) + if (!hash || + tspi_cbfs_measurement(mdata->h.filename, be32toh(mdata->h.type), hash)) ERROR("failed to measure '%s' into TCPA log\n", mdata->h.filename); /* We intentionally continue to boot on measurement errors. */ } diff --git a/src/lib/metadata_hash.c b/src/lib/metadata_hash.c index e10f6ffee5..8779b7c032 100644 --- a/src/lib/metadata_hash.c +++ b/src/lib/metadata_hash.c @@ -2,6 +2,7 @@ #include <assert.h> #include <metadata_hash.h> +#include <security/vboot/misc.h> #include <symbols.h> #if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR @@ -46,5 +47,5 @@ vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size) struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo }; memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()), vb2_digest_size(hash.algo)); - return vb2_hash_verify(fmap_buffer, fmap_size, &hash); + return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash); } diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 891f915327..7bf8d6c293 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -266,7 +266,8 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, digest_len = vb2_digest_size(TPM_MEASURE_ALGO); assert(digest_len <= sizeof(digest)); - if (vb2_digest_init(&ctx, TPM_MEASURE_ALGO)) { + if (vb2_digest_init(&ctx, vboot_hwcrypto_allowed(), TPM_MEASURE_ALGO, + region_device_sz(rdev))) { printk(BIOS_ERR, "TPM: Error initializing hash.\n"); return TPM_E_HASH_ERROR; } diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h index c39af08f1b..8310647760 100644 --- a/src/security/vboot/misc.h +++ b/src/security/vboot/misc.h @@ -87,4 +87,18 @@ static inline int vboot_logic_executed(void) } } +static inline bool vboot_hwcrypto_allowed(void) +{ + /* When not using vboot firmware verification, HW crypto is always allowed. */ + if (!CONFIG(VBOOT)) + return 1; + + /* Before vboot runs we can't check for HW crypto, so err on the side of caution. */ + if (!vboot_logic_executed()) + return 0; + + /* Otherwise, vboot can decide. */ + return vb2api_hwcrypto_allowed(vboot_get_context()); +} + #endif /* __VBOOT_MISC_H__ */ diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c index 77c23f63e4..f67eae48cb 100644 --- a/src/security/vboot/mrc_cache_hash_tpm.c +++ b/src/security/vboot/mrc_cache_hash_tpm.c @@ -2,27 +2,16 @@ #include <security/vboot/antirollback.h> #include <program_loading.h> -#include <security/vboot/vboot_common.h> #include <vb2_api.h> #include <security/tpm/tss.h> +#include <security/vboot/misc.h> #include <security/vboot/mrc_cache_hash_tpm.h> #include <console/console.h> #include <string.h> void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size) { - uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; - static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = { - 0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ - 0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ - 0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ - 0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ - 0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */ - 0xde, 0xad, 0xde, 0xad, /* DEADDEAD */ - 0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */ - 0xba, 0xad, 0xba, 0xad, /* BAADBAAD */ - }; - const uint8_t *hash_ptr = data_hash; + struct vb2_hash hash; /* Initialize TPM driver. */ if (tlcl_lib_init() != VB2_SUCCESS) { @@ -31,8 +20,8 @@ void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size) } /* Calculate hash of data generated by MRC. */ - if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, - sizeof(data_hash))) { + if (vb2_hash_calculate(vboot_hwcrypto_allowed(), data, size, + VB2_HASH_SHA256, &hash)) { printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. " "Not updating TPM hash space.\n"); /* @@ -40,13 +29,13 @@ void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size) * currently stored in TPM hash space is no longer * valid. If we are not able to calculate hash of the * data being updated, reset all the bits in TPM hash - * space to pre-defined hash pattern. + * space to zero to invalidate it. */ - hash_ptr = dead_hash; + memset(hash.raw, 0, VB2_SHA256_DIGEST_SIZE); } /* Write hash of data to TPM space. */ - if (antirollback_write_space_mrc_hash(index, hash_ptr, VB2_SHA256_DIGEST_SIZE) + if (antirollback_write_space_mrc_hash(index, hash.sha256, sizeof(hash.sha256)) != TPM_SUCCESS) { printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n"); return; @@ -57,15 +46,7 @@ void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size) int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size) { - uint8_t data_hash[VB2_SHA256_DIGEST_SIZE]; - uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE]; - - /* Calculate hash of data read from MRC_CACHE. */ - if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash, - sizeof(data_hash))) { - printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n"); - return 0; - } + struct vb2_hash tpm_hash = { .algo = VB2_HASH_SHA256 }; /* Initialize TPM driver. */ if (tlcl_lib_init() != VB2_SUCCESS) { @@ -74,13 +55,14 @@ int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size) } /* Read hash of MRC data saved in TPM. */ - if (antirollback_read_space_mrc_hash(index, tpm_hash, sizeof(tpm_hash)) + if (antirollback_read_space_mrc_hash(index, tpm_hash.sha256, sizeof(tpm_hash.sha256)) != TPM_SUCCESS) { printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n"); return 0; } - if (memcmp(tpm_hash, data_hash, sizeof(tpm_hash))) { + /* Calculate hash of data read from MRC_CACHE and compare. */ + if (vb2_hash_verify(vboot_hwcrypto_allowed(), data, size, &tpm_hash)) { printk(BIOS_ERR, "MRC: Hash comparison failed.\n"); return 0; } diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c index 7fb2a9d3c5..e67cc01322 100644 --- a/src/security/vboot/tpm_common.c +++ b/src/security/vboot/tpm_common.c @@ -1,8 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0-only */ #include <security/tpm/tspi.h> -#include <vb2_api.h> #include <security/vboot/tpm_common.h> +#include <vb2_api.h> +#include <vb2_sha.h> #define TPM_PCR_BOOT_MODE "VBOOT: boot mode" #define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID" diff --git a/src/soc/intel/alderlake/hsphy.c b/src/soc/intel/alderlake/hsphy.c index e958d723f3..9d41600e0f 100644 --- a/src/soc/intel/alderlake/hsphy.c +++ b/src/soc/intel/alderlake/hsphy.c @@ -10,6 +10,7 @@ #include <device/pci_ops.h> #include <intelblocks/cse.h> #include <intelblocks/systemagent.h> +#include <security/vboot/misc.h> #include <soc/hsphy.h> #include <soc/iomap.h> #include <soc/pci_devs.h> @@ -105,42 +106,28 @@ static int heci_get_hsphy_payload(void *buf, uint32_t *buf_size, uint8_t *hash_b static int verify_hsphy_hash(void *buf, uint32_t buf_size, uint8_t *hash_buf, uint8_t hash_alg) { - enum vb2_hash_algorithm alg; - uint32_t hash_size; - uint8_t hash_calc[MAX_HASH_SIZE]; + struct vb2_hash hash; switch (hash_alg) { case HASHALG_SHA256: - alg = VB2_HASH_SHA256; - hash_size = VB2_SHA256_DIGEST_SIZE; + hash.algo = VB2_HASH_SHA256; break; case HASHALG_SHA384: - alg = VB2_HASH_SHA384; - hash_size = VB2_SHA384_DIGEST_SIZE; + hash.algo = VB2_HASH_SHA384; break; case HASHALG_SHA512: - alg = VB2_HASH_SHA512; - hash_size = VB2_SHA512_DIGEST_SIZE; + hash.algo = VB2_HASH_SHA512; break; case HASHALG_SHA1: default: printk(BIOS_ERR, "Hash alg %d not supported, trying SHA384\n", hash_alg); - alg = VB2_HASH_SHA384; - hash_size = VB2_SHA384_DIGEST_SIZE; + hash.algo = VB2_HASH_SHA384; break; } + memcpy(hash.raw, hash_buf, vb2_digest_size(hash.algo)); - if (vb2_digest_buffer(buf, buf_size, alg, hash_calc, hash_size)) { - printk(BIOS_ERR, "HSPHY SHA calculation failed\n"); - return -1; - } - - if (memcmp(hash_buf, hash_calc, hash_size)) { + if (vb2_hash_verify(vboot_hwcrypto_allowed(), buf, buf_size, &hash) != VB2_SUCCESS) { printk(BIOS_ERR, "HSPHY SHA hashes do not match\n"); - printk(BIOS_DEBUG, "Hash from CSME:\n"); - hexdump(hash_buf, hash_size); - printk(BIOS_DEBUG, "Calculated hash:\n"); - hexdump(hash_calc, hash_size); return -1; } diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c index 40ae9953ec..1d30a8d0d5 100644 --- a/src/soc/intel/common/block/cse/cse_lite.c +++ b/src/soc/intel/common/block/cse/cse_lite.c @@ -544,15 +544,15 @@ static bool cse_verify_cbfs_rw_sha256(const uint8_t *expected_rw_blob_sha, const void *rw_blob, const size_t rw_blob_sz) { - uint8_t rw_comp_sha[VB2_SHA256_DIGEST_SIZE]; + struct vb2_hash calculated; - if (vb2_digest_buffer(rw_blob, rw_blob_sz, VB2_HASH_SHA256, rw_comp_sha, - VB2_SHA256_DIGEST_SIZE)) { + if (vb2_hash_calculate(vboot_hwcrypto_allowed(), rw_blob, rw_blob_sz, + VB2_HASH_SHA256, &calculated)) { printk(BIOS_ERR, "cse_lite: CSE CBFS RW's SHA-256 calculation has failed\n"); return false; } - if (memcmp(expected_rw_blob_sha, rw_comp_sha, VB2_SHA256_DIGEST_SIZE)) { + if (memcmp(expected_rw_blob_sha, calculated.sha256, sizeof(calculated.sha256))) { printk(BIOS_ERR, "cse_lite: Computed CBFS RW's SHA-256 does not match with" "the provided SHA in the metadata\n"); return false; diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c index 575c5fc022..c26ac8f39d 100644 --- a/src/vendorcode/eltan/security/mboot/mboot.c +++ b/src/vendorcode/eltan/security/mboot/mboot.c @@ -128,9 +128,10 @@ int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLe /* The hash is provided as data */ memcpy(digest->digest.sha256, (void *)hashData, hashDataLen); } else { - if (vb2_digest_buffer(hashData, hashDataLen, VB2_HASH_SHA256, digest->digest.sha256, - VB2_SHA256_DIGEST_SIZE)) + struct vb2_hash tmp; + if (vb2_hash_calculate(false, hashData, hashDataLen, VB2_HASH_SHA256, &tmp)) return TPM_E_IOERROR; + memcpy(digest->digest.sha256, tmp.sha256, sizeof(tmp.sha256)); } printk(BIOS_DEBUG, "%s: SHA256 Hash Digest:\n", __func__); diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 09da5c50ad..649adc285d 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -145,9 +145,12 @@ static void verified_boot_check_buffer(const char *name, void *start, size_t siz start, (int)size); if (start && size) { + struct vb2_hash tmp_hash; + + status = vb2_hash_calculate(false, start, size, HASH_ALG, &tmp_hash); + if (!status) + memcpy(digest, tmp_hash.raw, DIGEST_SIZE); - status = vb2_digest_buffer((const uint8_t *)start, size, HASH_ALG, digest, - DIGEST_SIZE); if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)( (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC + sizeof(digest) * hash_index), digest, sizeof(digest))) || status) { diff --git a/tests/lib/cbfs-verification-test.c b/tests/lib/cbfs-verification-test.c index 263fbecc16..b1a39bcaac 100644 --- a/tests/lib/cbfs-verification-test.c +++ b/tests/lib/cbfs-verification-test.c @@ -28,8 +28,10 @@ size_t vb2_digest_size(enum vb2_hash_algorithm hash_alg) return VB2_SHA256_DIGEST_SIZE; } -vb2_error_t vb2_hash_verify(const void *buf, uint32_t size, const struct vb2_hash *hash) +vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size, + const struct vb2_hash *hash) { + assert_true(allow_hwcrypto); check_expected_ptr(buf); check_expected(size); assert_int_equal(hash->algo, VB2_HASH_SHA256); @@ -56,7 +58,8 @@ size_t ulz4fn(const void *src, size_t srcn, void *dst, size_t dstn) return 0; } -vb2_error_t vb2_digest_init(struct vb2_digest_context *dc, enum vb2_hash_algorithm hash_alg) +vb2_error_t vb2_digest_init(struct vb2_digest_context *dc, bool allow_hwcrypto, + enum vb2_hash_algorithm hash_alg, uint32_t data_size) { if (hash_alg != VB2_HASH_SHA256) { fail_msg("Unsupported hash algorithm: %d\n", hash_alg); diff --git a/util/cbfstool/cbfs_glue.h b/util/cbfstool/cbfs_glue.h index 11786bece4..77f22e5a33 100644 --- a/util/cbfstool/cbfs_glue.h +++ b/util/cbfstool/cbfs_glue.h @@ -6,6 +6,7 @@ #include "cbfs_image.h" #define CBFS_ENABLE_HASHING 1 +#define CBFS_HASH_HWCRYPTO 0 typedef const struct cbfs_image *cbfs_dev_t; diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c index 97ad995545..182b185558 100644 --- a/util/cbfstool/cbfs_image.c +++ b/util/cbfstool/cbfs_image.c @@ -1456,7 +1456,7 @@ int cbfs_print_entry_info(struct cbfs_image *image, struct cbfs_file *entry, break; } char *hash_str = bintohex(attr->hash.raw, hash_len); - int valid = vb2_hash_verify(CBFS_SUBHEADER(entry), + int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry), be32toh(entry->len), &attr->hash) == VB2_SUCCESS; const char *valid_str = valid ? "valid" : "invalid"; @@ -1544,7 +1544,7 @@ static int cbfs_print_parseable_entry_info(struct cbfs_image *image, if (!hash_len) continue; char *hash_str = bintohex(attr->hash.raw, hash_len); - int valid = vb2_hash_verify(CBFS_SUBHEADER(entry), + int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry), be32toh(entry->len), &attr->hash) == VB2_SUCCESS; fprintf(fp, "%shash:%s:%s:%s", sep, vb2_get_hash_algorithm_name(attr->hash.algo), @@ -1873,7 +1873,7 @@ int cbfs_add_file_hash(struct cbfs_file *header, struct buffer *buffer, if (attr == NULL) return -1; - if (vb2_hash_calculate(buffer_get(buffer), buffer_size(buffer), + if (vb2_hash_calculate(false, buffer_get(buffer), buffer_size(buffer), alg, &attr->hash) != VB2_SUCCESS) return -1; diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c index c2191d27a5..5cb787d1c2 100644 --- a/util/cbfstool/cbfstool.c +++ b/util/cbfstool/cbfstool.c @@ -271,12 +271,12 @@ static int maybe_update_fmap_hash(void) if (mhc->cbfs_hash.algo == VB2_HASH_INVALID) return 0; - uint8_t fmap_hash[VB2_MAX_DIGEST_SIZE]; + struct vb2_hash fmap_hash; const struct fmap *fmap = partitioned_file_get_fmap(param.image_file); - if (!fmap || vb2_digest_buffer((const void *)fmap, fmap_size(fmap), - mhc->cbfs_hash.algo, fmap_hash, sizeof(fmap_hash))) + if (!fmap || vb2_hash_calculate(false, fmap, fmap_size(fmap), + mhc->cbfs_hash.algo, &fmap_hash)) return -1; - return update_anchor(mhc, fmap_hash); + return update_anchor(mhc, fmap_hash.raw); } static bool verification_exclude(enum cbfs_type type) @@ -1511,7 +1511,7 @@ static enum cb_err verify_walker(__always_unused cbfs_dev_t dev, size_t offset, if (!hash) return CB_ERR; void *file_data = arg + offset + data_offset; - if (vb2_hash_verify(file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS) + if (vb2_hash_verify(false, file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS) return CB_CBFS_HASH_MISMATCH; return CB_CBFS_NOT_FOUND; } diff --git a/util/cbfstool/platform_fixups.c b/util/cbfstool/platform_fixups.c index b2e12cf6a2..12a5ad7371 100644 --- a/util/cbfstool/platform_fixups.c +++ b/util/cbfstool/platform_fixups.c @@ -67,7 +67,7 @@ static void *qualcomm_find_hash(struct buffer *in, size_t bb_offset, struct vb2_ } /* Pass out the actual hash of the current bootblock segment in |real_hash|. */ - if (vb2_hash_calculate(buffer_get(&elf) + pelf.phdr[bb_segment].p_offset, + if (vb2_hash_calculate(false, buffer_get(&elf) + pelf.phdr[bb_segment].p_offset, pelf.phdr[bb_segment].p_filesz, VB2_HASH_SHA384, real_hash)) { ERROR("fixups: vboot digest error\n"); goto destroy_elf; @@ -159,7 +159,7 @@ static void *mediatek_find_hash(struct buffer *bootblock, struct vb2_hash *real_ return NULL; } - if (vb2_hash_calculate(buffer_get(&buffer), + if (vb2_hash_calculate(false, buffer_get(&buffer), MEDIATEK_BOOTBLOCK_GFH_SIZE + data_size, VB2_HASH_SHA256, real_hash)) { ERROR("fixups: MediaTek: vboot digest error\n"); |