summaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
Diffstat (limited to 'src/include')
-rw-r--r--src/include/cbfs.h10
-rw-r--r--src/include/cbfs_glue.h15
-rw-r--r--src/include/metadata_hash.h21
3 files changed, 44 insertions, 2 deletions
diff --git a/src/include/cbfs.h b/src/include/cbfs.h
index 8d4c2209d2..cad01c623d 100644
--- a/src/include/cbfs.h
+++ b/src/include/cbfs.h
@@ -7,6 +7,7 @@
#include <commonlib/cbfs.h>
#include <program_loading.h>
#include <types.h>
+#include <vb2_sha.h>
/***********************************************
* Perform CBFS operations on the boot device. *
@@ -74,4 +75,13 @@ void cbfs_boot_device_find_mcache(struct cbfs_boot_device *cbd, uint32_t id);
*/
const struct cbfs_boot_device *cbfs_get_boot_device(bool force_ro);
+/*
+ * Builds the mcache (if |cbd->mcache| is set) and verifies |metadata_hash| (if
+ * it is not NULL). If CB_CBFS_CACHE_FULL is returned, the mcache is incomplete
+ * but still valid and the metadata hash was still verified. Should be called
+ * once per *boot* (not once per stage) before the first CBFS access.
+ */
+cb_err_t cbfs_init_boot_device(const struct cbfs_boot_device *cbd,
+ struct vb2_hash *metadata_hash);
+
#endif
diff --git a/src/include/cbfs_glue.h b/src/include/cbfs_glue.h
index ebfbc2e7ae..ffca83ef06 100644
--- a/src/include/cbfs_glue.h
+++ b/src/include/cbfs_glue.h
@@ -5,8 +5,19 @@
#include <commonlib/region.h>
#include <console/console.h>
-
-#define CBFS_ENABLE_HASHING 0
+#include <rules.h>
+
+/*
+ * This flag prevents linking hashing functions into stages where they're not required. We don't
+ * need them at all if verification is disabled. If verification is enabled without TOCTOU
+ * safety, we only need to verify the metadata hash in the initial stage and can assume it stays
+ * valid in later stages. If TOCTOU safety is required, we may need them in every stage to
+ * reverify metadata that had to be reloaded from flash (e.g. because it didn't fit the mcache).
+ * Note that this only concerns metadata hashing -- file access functions may still link hashing
+ * routines independently for file data hashing.
+ */
+#define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \
+ (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE))
#define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__)
#define LOG(...) printk(BIOS_ERR, "CBFS: " __VA_ARGS__)
diff --git a/src/include/metadata_hash.h b/src/include/metadata_hash.h
new file mode 100644
index 0000000000..2d3b8a86bc
--- /dev/null
+++ b/src/include/metadata_hash.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* This file is part of the coreboot project. */
+
+#ifndef _METADATA_HASH_H_
+#define _METADATA_HASH_H_
+
+#include <commonlib/bsd/metadata_hash.h>
+
+/* Verify the an FMAP data structure with the FMAP hash that is stored together with the CBFS
+ metadata hash in the bootblock's metadata hash anchor (when CBFS verification is enabled). */
+vb2_error_t metadata_hash_verify_fmap(const void *fmap_base, size_t fmap_size);
+
+#if CONFIG(CBFS_VERIFICATION)
+/* Get the (RO) CBFS metadata hash for this CBFS image, which forms the root of trust for CBFS
+ verification. This function is only available in the bootblock. */
+struct vb2_hash *metadata_hash_get(void);
+#else
+static inline struct vb2_hash *metadata_hash_get(void) { return NULL; }
+#endif
+
+#endif