From 7632ce03920ae3dfdced2e7d856bf988c0aa3835 Mon Sep 17 00:00:00 2001 From: Furquan Shaikh Date: Thu, 29 Mar 2018 14:49:40 -0700 Subject: vboot: Add support for reading GBB flags This change adds basic support for reading flags from GBB header located in "GBB" section on SPI flash. Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e Signed-off-by: Furquan Shaikh Reviewed-on: https://review.coreboot.org/25459 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin --- src/security/vboot/Makefile.inc | 2 ++ src/security/vboot/gbb.c | 77 +++++++++++++++++++++++++++++++++++++++++ src/security/vboot/gbb.h | 39 +++++++++++++++++++++ 3 files changed, 118 insertions(+) create mode 100644 src/security/vboot/gbb.c create mode 100644 src/security/vboot/gbb.h (limited to 'src/security') diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 53462d9531..6f18a35de5 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -23,6 +23,8 @@ postcar-y += bootmode.c verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__ +ramstage-y += gbb.c + bootblock-y += vbnv.c verstage-y += vbnv.c romstage-y += vbnv.c diff --git a/src/security/vboot/gbb.c b/src/security/vboot/gbb.c new file mode 100644 index 0000000000..8f57c798b2 --- /dev/null +++ b/src/security/vboot/gbb.c @@ -0,0 +1,77 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2018 Google LLC + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include +#include +#include +#include +#include +#include + +#define GBB_FMAP_REGION_NAME "GBB" + +/* Copy of GBB header read from boot media. */ +static GoogleBinaryBlockHeader gbb_header; + +/* + * Read "GBB" region from SPI flash to obtain GBB header and validate + * signature. + * + * Return value: + * Success = 0 + * Error = 1 + */ +static int gbb_init(void) +{ + static bool init_done = false; + struct region_device gbb_rdev; + + if (init_done != false) + return 0; + + if (fmap_locate_area_as_rdev(GBB_FMAP_REGION_NAME, &gbb_rdev)) + return 1; + + if (rdev_readat(&gbb_rdev, &gbb_header, 0, + sizeof(GoogleBinaryBlockHeader)) != + sizeof(GoogleBinaryBlockHeader)) { + printk(BIOS_ERR, "%s: Failure to read GBB header!\n", __func__); + return 1; + } + + if (memcmp(gbb_header.signature, GBB_SIGNATURE, GBB_SIGNATURE_SIZE)) { + printk(BIOS_ERR, "%s: Signature check failed!\n", __func__); + return 1; + } + + init_done = true; + return 0; +} + +uint32_t gbb_get_flags(void) +{ + if (gbb_init()) { + printk(BIOS_ERR, + "%s: Failure to initialize GBB. Returning flags as 0!\n", + __func__); + return 0; + } + return gbb_header.flags; +} + +bool gbb_is_flag_set(uint32_t flag) +{ + return !!(gbb_get_flags() & flag); +} diff --git a/src/security/vboot/gbb.h b/src/security/vboot/gbb.h new file mode 100644 index 0000000000..550548d613 --- /dev/null +++ b/src/security/vboot/gbb.h @@ -0,0 +1,39 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2018 Google LLC + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __SECURITY_VBOOT_GBB_H__ +#define __SECURITY_VBOOT_GBB_H__ + +#include + +/* In order to use GBB_FLAG_* macros from vboot, include gbb_header.h. */ + +/* + * Read flags field from GBB header. + * Return value: + * Success: 32-bit unsigned integer representing flags field from GBB header. + * Error : 0 + */ +uint32_t gbb_get_flags(void); + +/* + * Check if given flag is set in the flags field in GBB header. + * Return value: + * true: Flag is set. + * false: Flag is not set or failure to read GBB flags. + */ +bool gbb_is_flag_set(uint32_t flag); + +#endif /* __SECURITY_VBOOT_GBB_H__ */ -- cgit v1.2.3