From fc58034a11e6965d67a7348bab0810401094b5ed Mon Sep 17 00:00:00 2001 From: Frans Hendriks Date: Fri, 14 Jun 2019 14:36:37 +0200 Subject: lib/prog_loaders.c: Add prog_locate_hook() There is no posibility to prevent loading images from cbfs at this stage For security features prog_locate_hook() is added. This hook can be used to prevent loading the image. BUG=N/A TEST=Created verified binary and verify logging on Facebook FBG-1701 Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7 Signed-off-by: Frans Hendriks Reviewed-on: https://review.coreboot.org/c/coreboot/+/30811 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin --- src/lib/prog_loaders.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/lib/prog_loaders.c') diff --git a/src/lib/prog_loaders.c b/src/lib/prog_loaders.c index 2ef6bdfc32..5048c99418 100644 --- a/src/lib/prog_loaders.c +++ b/src/lib/prog_loaders.c @@ -2,6 +2,7 @@ * This file is part of the coreboot project. * * Copyright 2015 Google Inc. + * Copyright (C) 2018-2019 Eltan B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -38,6 +39,9 @@ int prog_locate(struct prog *prog) { struct cbfsf file; + if (prog_locate_hook(prog)) + return -1; + cbfs_prepare_program_locate(); if (cbfs_boot_locate(&file, prog_name(prog), NULL)) @@ -74,6 +78,8 @@ fail: halt(); } +int __weak prog_locate_hook(struct prog *prog) { return 0; } + static void ramstage_cache_invalid(void) { printk(BIOS_ERR, "ramstage cache invalid.\n"); -- cgit v1.2.3