From d618aaceae69fa83f630da84036da8ee23ef43e1 Mon Sep 17 00:00:00 2001 From: Julius Werner Date: Tue, 26 Nov 2019 17:58:11 -0800 Subject: security/vboot: Use persistent context to read GBB flags With the persistent vboot context coreboot no longer needs to read GBB flags from flash itself -- it can just ask vboot for the cached result. This patch removes the existing GBB code and provides gbb_is_flag_set() (with a slightly better namespaced name) as a static inline instead. Change-Id: Ibc3ed0f3fbeb53d630925d47df4dc474b0ed07ee Signed-off-by: Julius Werner Reviewed-on: https://review.coreboot.org/c/coreboot/+/37261 Tested-by: build bot (Jenkins) Reviewed-by: Joel Kitching --- src/security/vboot/Makefile.inc | 2 - src/security/vboot/gbb.c | 80 --------------------------------------- src/security/vboot/gbb.h | 39 ------------------- src/security/vboot/misc.h | 11 ++++++ src/security/vboot/vboot_common.c | 4 +- 5 files changed, 13 insertions(+), 123 deletions(-) delete mode 100644 src/security/vboot/gbb.c delete mode 100644 src/security/vboot/gbb.h diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 010a06cfa7..5292bd142d 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -24,8 +24,6 @@ postcar-y += bootmode.c verstage-generic-ccopts += -D__VERSTAGE__ -ramstage-y += gbb.c - bootblock-y += vbnv.c verstage-y += vbnv.c romstage-y += vbnv.c diff --git a/src/security/vboot/gbb.c b/src/security/vboot/gbb.c deleted file mode 100644 index 5293033666..0000000000 --- a/src/security/vboot/gbb.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright 2018 Google LLC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#define NEED_VB20_INTERNALS /* Peeking into vb2_gbb_header */ - -#include -#include -#include -#include -#include -#include - -#define GBB_FMAP_REGION_NAME "GBB" - -/* Copy of GBB header read from boot media. */ -static struct vb2_gbb_header gbb_header; - -/* - * Read "GBB" region from SPI flash to obtain GBB header and validate - * signature. - * - * Return value: - * Success = 0 - * Error = 1 - */ -static int gbb_init(void) -{ - static bool init_done = false; - struct region_device gbb_rdev; - - if (init_done != false) - return 0; - - if (fmap_locate_area_as_rdev(GBB_FMAP_REGION_NAME, &gbb_rdev)) - return 1; - - if (rdev_readat(&gbb_rdev, &gbb_header, 0, - sizeof(struct vb2_gbb_header)) != - sizeof(struct vb2_gbb_header)) { - printk(BIOS_ERR, "%s: Failure to read GBB header!\n", __func__); - return 1; - } - - if (memcmp(gbb_header.signature, VB2_GBB_SIGNATURE, - VB2_GBB_SIGNATURE_SIZE)) { - printk(BIOS_ERR, "%s: Signature check failed!\n", __func__); - return 1; - } - - init_done = true; - return 0; -} - -uint32_t gbb_get_flags(void) -{ - if (gbb_init()) { - printk(BIOS_ERR, - "%s: Failure to initialize GBB. Returning flags as 0!\n", - __func__); - return 0; - } - return gbb_header.flags; -} - -bool gbb_is_flag_set(uint32_t flag) -{ - return !!(gbb_get_flags() & flag); -} diff --git a/src/security/vboot/gbb.h b/src/security/vboot/gbb.h deleted file mode 100644 index 389242a3a2..0000000000 --- a/src/security/vboot/gbb.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright 2018 Google LLC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#ifndef __SECURITY_VBOOT_GBB_H__ -#define __SECURITY_VBOOT_GBB_H__ - -#include - -/* In order to use VB2_GBB_FLAG_* macros from vboot, include vb2_api.h. */ - -/* - * Read flags field from GBB header. - * Return value: - * Success: 32-bit unsigned integer representing flags field from GBB header. - * Error : 0 - */ -uint32_t gbb_get_flags(void); - -/* - * Check if given flag is set in the flags field in GBB header. - * Return value: - * true: Flag is set. - * false: Flag is not set or failure to read GBB flags. - */ -bool gbb_is_flag_set(uint32_t flag); - -#endif /* __SECURITY_VBOOT_GBB_H__ */ diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h index 1b147992d8..471f838a9c 100644 --- a/src/security/vboot/misc.h +++ b/src/security/vboot/misc.h @@ -49,6 +49,17 @@ static inline int vboot_is_firmware_slot_a(const struct vb2_context *ctx) return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B); } +/* + * Check if given flag is set in the flags field in GBB header. + * Return value: + * true: Flag is set. + * false: Flag is not set. + */ +static inline bool vboot_is_gbb_flag_set(enum vb2_gbb_flag flag) +{ + return !!(vb2api_gbb_get_flags(vboot_get_context()) & flag); +} + /* * Locates firmware as a region device. Returns 0 on success, -1 on failure. */ diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c index a24b220a9c..458ed87982 100644 --- a/src/security/vboot/vboot_common.c +++ b/src/security/vboot/vboot_common.c @@ -19,7 +19,7 @@ #include #include #include -#include +#include #include #include #include @@ -31,7 +31,7 @@ int vboot_can_enable_udc(void) if (!vboot_developer_mode_enabled()) return 0; /* Enable if GBB flag is set */ - if (gbb_is_flag_set(VB2_GBB_FLAG_ENABLE_UDC)) + if (vboot_is_gbb_flag_set(VB2_GBB_FLAG_ENABLE_UDC)) return 1; /* Enable if VBNV flag is set */ if (vbnv_udc_enable_flag()) -- cgit v1.2.3