summaryrefslogtreecommitdiff
path: root/src/soc/intel
diff options
context:
space:
mode:
Diffstat (limited to 'src/soc/intel')
-rw-r--r--src/soc/intel/common/block/cse/Makefile.inc14
-rw-r--r--src/soc/intel/common/block/cse/cse_lite.c62
2 files changed, 7 insertions, 69 deletions
diff --git a/src/soc/intel/common/block/cse/Makefile.inc b/src/soc/intel/common/block/cse/Makefile.inc
index 6798c684e5..33277571f6 100644
--- a/src/soc/intel/common/block/cse/Makefile.inc
+++ b/src/soc/intel/common/block/cse/Makefile.inc
@@ -82,8 +82,9 @@ CSE_RW_FILE := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE))
endif
CSE_LITE_ME_RW = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME))
-regions-for-file-$(CSE_LITE_ME_RW) = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME)), \
- $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME))
+
+regions-for-file-$(CSE_LITE_ME_RW) = FW_MAIN_A,FW_MAIN_B
+
cbfs-files-y += $(CSE_LITE_ME_RW)
$(CSE_LITE_ME_RW)-file := $(CSE_RW_FILE)
$(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW)
@@ -102,15 +103,6 @@ $(CSE_RW_VERSION)-file := $(obj)/cse_rw.version
$(CSE_RW_VERSION)-name := $(CSE_RW_VERSION)
$(CSE_RW_VERSION)-type := raw
-$(obj)/cse_rw.hash: $(CSE_RW_FILE)
- openssl dgst -sha256 -binary $< > $@
-
-CSE_RW_HASH = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME))
-regions-for-file-$(CSE_RW_HASH) = FW_MAIN_A,FW_MAIN_B
-cbfs-files-y += $(CSE_RW_HASH)
-$(CSE_RW_HASH)-file := $(obj)/cse_rw.hash
-$(CSE_RW_HASH)-name := $(CSE_RW_HASH)
-$(CSE_RW_HASH)-type := raw
endif
ifeq ($(CONFIG_SOC_INTEL_CSE_SUB_PART_UPDATE),y)
diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c
index d21c933dca..8e8e221687 100644
--- a/src/soc/intel/common/block/cse/cse_lite.c
+++ b/src/soc/intel/common/block/cse/cse_lite.c
@@ -785,18 +785,6 @@ static enum cb_err cse_get_target_rdev(struct region_device *target_rdev)
return CB_SUCCESS;
}
-static const char *cse_get_source_rdev_fmap(void)
-{
- struct vb2_context *ctx = vboot_get_context();
- if (ctx == NULL)
- return NULL;
-
- if (vboot_is_firmware_slot_a(ctx))
- return CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME;
-
- return CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME;
-}
-
/*
* Compare versions of CSE CBFS sub-component and CSE sub-component partition
* In case of CSE component comparison:
@@ -816,29 +804,6 @@ static int cse_compare_sub_part_version(const struct fw_version *a, const struct
return a->build - b->build;
}
-/* The function calculates SHA-256 of CSE RW blob and compares it with the provided SHA value */
-static bool cse_verify_cbfs_rw_sha256(const uint8_t *expected_rw_blob_sha,
- const void *rw_blob, const size_t rw_blob_sz)
-
-{
- struct vb2_hash calculated;
-
- if (vb2_hash_calculate(vboot_hwcrypto_allowed(), rw_blob, rw_blob_sz,
- VB2_HASH_SHA256, &calculated)) {
- printk(BIOS_ERR, "cse_lite: CSE CBFS RW's SHA-256 calculation has failed\n");
- return false;
- }
-
- if (memcmp(expected_rw_blob_sha, calculated.sha256, sizeof(calculated.sha256))) {
- printk(BIOS_ERR, "cse_lite: Computed CBFS RW's SHA-256 does not match with"
- "the provided SHA in the metadata\n");
- return false;
- }
- printk(BIOS_SPEW, "cse_lite: Computed SHA of CSE CBFS RW Image matches the"
- " provided hash in the metadata\n");
- return true;
-}
-
static enum cb_err cse_erase_rw_region(const struct region_device *target_rdev)
{
if (rdev_eraseat(target_rdev, 0, region_device_sz(target_rdev)) < 0) {
@@ -1014,39 +979,21 @@ static enum csme_failure_reason cse_trigger_fw_update(enum cse_update_status sta
struct region_device *target_rdev)
{
enum csme_failure_reason rv;
- uint8_t *cbfs_rw_hash;
void *cse_cbfs_rw = NULL;
size_t size;
- const char *area_name = cse_get_source_rdev_fmap();
- if (!area_name)
- return CSE_LITE_SKU_RW_BLOB_NOT_FOUND;
-
if (CONFIG(SOC_INTEL_CSE_LITE_COMPRESS_ME_RW)) {
- cse_cbfs_rw = cbfs_unverified_area_cbmem_alloc(area_name,
- CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, CBMEM_ID_CSE_UPDATE, &size);
+ cse_cbfs_rw = cbfs_cbmem_alloc(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME,
+ CBMEM_ID_CSE_UPDATE, &size);
} else {
- cse_cbfs_rw = cbfs_unverified_area_map(area_name,
- CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, &size);
+ cse_cbfs_rw = cbfs_map(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, &size);
}
+
if (!cse_cbfs_rw) {
printk(BIOS_ERR, "cse_lite: CSE CBFS RW blob could not be mapped\n");
return CSE_LITE_SKU_RW_BLOB_NOT_FOUND;
}
- cbfs_rw_hash = cbfs_map(CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME, NULL);
- if (!cbfs_rw_hash) {
- printk(BIOS_ERR, "cse_lite: Failed to get %s\n",
- CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME);
- rv = CSE_LITE_SKU_RW_METADATA_NOT_FOUND;
- goto error_exit;
- }
-
- if (!cse_verify_cbfs_rw_sha256(cbfs_rw_hash, cse_cbfs_rw, size)) {
- rv = CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH;
- goto error_exit;
- }
-
if (cse_prep_for_rw_update(status) != CB_SUCCESS) {
rv = CSE_COMMUNICATION_ERROR;
goto error_exit;
@@ -1056,7 +1003,6 @@ static enum csme_failure_reason cse_trigger_fw_update(enum cse_update_status sta
rv = cse_update_rw(cse_cbfs_rw, size, target_rdev);
error_exit:
- cbfs_unmap(cbfs_rw_hash);
cbfs_unmap(cse_cbfs_rw);
return rv;
}