From 5fb435a6916ee2d60a6196cc159a579663782b3d Mon Sep 17 00:00:00 2001 From: Kangheui Won Date: Wed, 22 Dec 2021 12:24:17 +1100 Subject: soc/amd/(common,mendocino)/psp_verstage: Pass PSP FW hash table Copy AMD PSP fw hash table into memory, then pass it to the PSP. The PSP will use this hash to verify it's the correct firmware bundled with coreboot build and not replaced. BUG=b:203597980 TEST=Build Skyrim BIOS image with the hash table and boot to OS after PSP verified the binaries against the hash table. Change-Id: I84bea97c89620d0388b27891a898ffde77052239 Signed-off-by: Kangheui Won Signed-off-by: Karthikeyan Ramasubramanian Reviewed-on: https://review.coreboot.org/c/coreboot/+/60291 Reviewed-by: Tim Van Patten Reviewed-by: Jon Murphy Tested-by: build bot (Jenkins) --- src/soc/amd/common/psp_verstage/include/psp_verstage.h | 2 ++ src/soc/amd/common/psp_verstage/psp_verstage.c | 6 ++++++ 2 files changed, 8 insertions(+) (limited to 'src/soc/amd/common') diff --git a/src/soc/amd/common/psp_verstage/include/psp_verstage.h b/src/soc/amd/common/psp_verstage/include/psp_verstage.h index 3b524c310c..e740332862 100644 --- a/src/soc/amd/common/psp_verstage/include/psp_verstage.h +++ b/src/soc/amd/common/psp_verstage/include/psp_verstage.h @@ -66,4 +66,6 @@ int platform_set_sha_op(enum vb2_hash_algorithm hash_alg, struct sha_generic_data *sha_op); void platform_report_mode(int developer_mode_enabled); +void update_psp_fw_hash_table(const char *fname); + #endif /* PSP_VERSTAGE_H */ diff --git a/src/soc/amd/common/psp_verstage/psp_verstage.c b/src/soc/amd/common/psp_verstage/psp_verstage.c index b928a27e27..0dc3314ca5 100644 --- a/src/soc/amd/common/psp_verstage/psp_verstage.c +++ b/src/soc/amd/common/psp_verstage/psp_verstage.c @@ -74,6 +74,7 @@ static uint32_t update_boot_region(struct vb2_context *ctx) uint32_t psp_dir_addr, bios_dir_addr; uint32_t *psp_dir_in_spi, *bios_dir_in_spi; const char *fname; + const char *hash_fname; void *amdfw_location; void *boot_dev_base = rdev_mmap_full(boot_device_ro()); @@ -85,8 +86,10 @@ static uint32_t update_boot_region(struct vb2_context *ctx) if (vboot_is_firmware_slot_a(ctx)) { fname = "apu/amdfw_a"; + hash_fname = "apu/amdfw_a_hash"; } else { fname = "apu/amdfw_b"; + hash_fname = "apu/amdfw_b_hash"; } amdfw_location = cbfs_map(fname, NULL); @@ -130,6 +133,9 @@ static uint32_t update_boot_region(struct vb2_context *ctx) return POSTCODE_UPDATE_PSP_BIOS_DIR_ERROR; } + if (CONFIG(SEPARATE_SIGNED_PSPFW)) + update_psp_fw_hash_table(hash_fname); + return 0; } -- cgit v1.2.3