From 0bcee882982543bcc3212ad7cdac47403d9de9c7 Mon Sep 17 00:00:00 2001 From: Joel Kitching Date: Mon, 11 Feb 2019 15:37:49 +0800 Subject: vboot: copy data structures to CBMEM for downstream use For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot verification occurs before CBMEM is brought online. In order to make vboot data structures available downstream, copy vb2_working_data from CAR/SRAM into CBMEM when CBMEM comes online. Create VBOOT_MIGRATE_WORKING_DATA config option to toggle this functionality. BUG=b:124141368, b:124192753 TEST=Built and deployed on eve with STARTS_IN_BOOTBLOCK TEST=Built and deployed on eve with STARTS_IN_ROMSTAGE TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x BRANCH=none Change-Id: I62c11268a83927bc00ae9bd93b1b31363b38e8cf Signed-off-by: Joel Kitching Reviewed-on: https://review.coreboot.org/c/coreboot/+/31329 Tested-by: build bot (Jenkins) Reviewed-by: Julius Werner --- src/commonlib/include/commonlib/cbmem_id.h | 2 +- src/include/symbols.h | 7 ++ src/security/vboot/Kconfig | 15 ++++ src/security/vboot/common.c | 137 ++++++++++++++--------------- src/security/vboot/misc.h | 4 +- src/security/vboot/vboot_loader.c | 7 +- src/security/vboot/vboot_logic.c | 1 + 7 files changed, 97 insertions(+), 76 deletions(-) (limited to 'src') diff --git a/src/commonlib/include/commonlib/cbmem_id.h b/src/commonlib/include/commonlib/cbmem_id.h index 2e0eeb6189..af79a59075 100644 --- a/src/commonlib/include/commonlib/cbmem_id.h +++ b/src/commonlib/include/commonlib/cbmem_id.h @@ -67,7 +67,7 @@ #define CBMEM_ID_TIMESTAMP 0x54494d45 #define CBMEM_ID_TPM2_TCG_LOG 0x54504d32 #define CBMEM_ID_VBOOT_HANDOFF 0x780074f0 -#define CBMEM_ID_VBOOT_SEL_REG 0x780074f1 +#define CBMEM_ID_VBOOT_SEL_REG 0x780074f1 /* deprecated */ #define CBMEM_ID_VBOOT_WORKBUF 0x78007343 #define CBMEM_ID_VPD 0x56504420 #define CBMEM_ID_WIFI_CALIBRATION 0x57494649 diff --git a/src/include/symbols.h b/src/include/symbols.h index 8786db78bd..c35e19123b 100644 --- a/src/include/symbols.h +++ b/src/include/symbols.h @@ -67,4 +67,11 @@ DECLARE_REGION(bl31) */ #define DECLARE_OPTIONAL_REGION(name) asm (".weak _" #name ", _e" #name) +/* Returns true when pre-RAM symbols are known to the linker. + * (Does not necessarily mean that the memory is accessible.) */ +static inline int preram_symbols_available(void) +{ + return !IS_ENABLED(CONFIG_CACHE_AS_RAM) || ENV_CACHE_AS_RAM; +} + #endif /* __SYMBOLS_H */ diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index a382e670c4..ea5f2a3c2a 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -107,6 +107,21 @@ config VBOOT_STARTS_IN_ROMSTAGE memory initialization). This implies that vboot working data is allocated in CBMEM. +config VBOOT_MIGRATE_WORKING_DATA + bool + default y if CACHE_AS_RAM + depends on !VBOOT_STARTS_IN_ROMSTAGE + help + In order to make vboot data structures available downstream, + migrate verified boot working data to CBMEM after CBMEM comes + online, when VBOOT_STARTS_IN_BOOTBLOCK is employed. This should + always be enabled on x86 architectures to migrate data from CAR + before losing access in ramstage, and should almost always be + disabled in SRAM architectures, where access to SRAM is usually + retained. Any SRAM platform where the original location of the + VBOOT_WORKBUF region becomes inaccessible in later stages should + manually select this option. + config VBOOT_MOCK_SECDATA bool "Mock secdata for firmware verification" default n diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c index 59c830f1bc..ade1b2c415 100644 --- a/src/security/vboot/common.c +++ b/src/security/vboot/common.c @@ -15,8 +15,11 @@ #include #include +#include #include +#include #include +#include #include #include #include @@ -40,82 +43,77 @@ struct vb2_working_data { uint32_t buffer_size; }; -static const size_t vb_work_buf_size = 16 * KiB; - -static struct vb2_working_data * const vboot_get_working_data(void) -{ - if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) - /* cbmem_add() does a cbmem_find() first. */ - return cbmem_add(CBMEM_ID_VBOOT_WORKBUF, vb_work_buf_size); - else - return (struct vb2_working_data *)_vboot2_work; -} - +/* TODO(kitching): Use VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE instead. */ static size_t vb2_working_data_size(void) { if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) - return vb_work_buf_size; - else + return 12 * KiB; + + else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) && + preram_symbols_available()) return REGION_SIZE(vboot2_work); + + die("impossible!"); } -static struct selected_region *vb2_selected_region(void) +static struct vb2_working_data * const vb2_get_working_data(void) { - struct selected_region *sel_reg = NULL; - - /* Ramstage and postcar always uses cbmem as a source of truth. */ - if (ENV_RAMSTAGE || ENV_POSTCAR) - sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG); - else if (ENV_ROMSTAGE) { - /* Try cbmem first. Fall back on working data if not found. */ - sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG); - - if (sel_reg == NULL) { - struct vb2_working_data *wd = vboot_get_working_data(); - sel_reg = &wd->selected_region; - } - } else { - /* Stages such as bootblock and verstage use working data. */ - struct vb2_working_data *wd = vboot_get_working_data(); - sel_reg = &wd->selected_region; - } - - return sel_reg; + struct vb2_working_data *wd = NULL; + + if (cbmem_possibly_online()) + wd = cbmem_find(CBMEM_ID_VBOOT_WORKBUF); + + if (wd == NULL && CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) && + preram_symbols_available()) + wd = (struct vb2_working_data *)_vboot2_work; + + assert(wd != NULL); + + return wd; } void vb2_init_work_context(struct vb2_context *ctx) { struct vb2_working_data *wd; - size_t work_size; - /* First initialize the working data region. */ - work_size = vb2_working_data_size(); - wd = vboot_get_working_data(); - memset(wd, 0, work_size); + /* First initialize the working data struct. */ + wd = vb2_get_working_data(); + memset(wd, 0, sizeof(struct vb2_working_data)); /* * vboot prefers 16-byte alignment. This takes away 16 bytes * from the VBOOT2_WORK region, but the vboot devs said that's okay. */ wd->buffer_offset = ALIGN_UP(sizeof(*wd), 16); - wd->buffer_size = work_size - wd->buffer_offset; + wd->buffer_size = vb2_working_data_size() - wd->buffer_offset; /* Initialize the vb2_context. */ memset(ctx, 0, sizeof(*ctx)); ctx->workbuf = (void *)vb2_get_shared_data(); ctx->workbuf_size = wd->buffer_size; +} +void vb2_finalize_work_context(struct vb2_context *ctx) +{ + /* + * Shrink buffer_size so that vb2_migrate_cbmem knows how much + * of vb2_working_data needs to be copied into CBMEM (if applicable), + * and so that downstream users know how much of the workbuf is + * currently used. + */ + vb2_get_working_data()->buffer_size = ctx->workbuf_used; } struct vb2_shared_data *vb2_get_shared_data(void) { - struct vb2_working_data *wd = vboot_get_working_data(); + struct vb2_working_data *wd = vb2_get_working_data(); return (void *)((uintptr_t)wd + wd->buffer_offset); } int vb2_get_selected_region(struct region *region) { - const struct selected_region *reg = vb2_selected_region(); + const struct selected_region *reg = + &vb2_get_working_data()->selected_region; if (reg == NULL) return -1; @@ -131,7 +129,7 @@ int vb2_get_selected_region(struct region *region) void vb2_set_selected_region(const struct region *region) { - struct selected_region *reg = vb2_selected_region(); + struct selected_region *reg = &vb2_get_working_data()->selected_region; assert(reg != NULL); @@ -141,40 +139,41 @@ void vb2_set_selected_region(const struct region *region) int vb2_is_slot_selected(void) { - const struct selected_region *reg = vb2_selected_region(); + struct selected_region *reg = &vb2_get_working_data()->selected_region; assert(reg != NULL); return reg->size > 0; } -void vb2_store_selected_region(void) -{ - const struct vb2_working_data *wd; - struct selected_region *sel_reg; - - /* Always use the working data in this path since it's the object - * which has the result.. */ - wd = vboot_get_working_data(); - - sel_reg = cbmem_add(CBMEM_ID_VBOOT_SEL_REG, sizeof(*sel_reg)); - - assert(sel_reg != NULL); - - sel_reg->offset = wd->selected_region.offset; - sel_reg->size = wd->selected_region.size; -} - +#if CONFIG(VBOOT_MIGRATE_WORKING_DATA) /* - * For platforms that employ VBOOT_STARTS_IN_ROMSTAGE, the vboot - * verification doesn't happen until after cbmem is brought online. - * Therefore, the selected region contents would not be initialized - * so don't automatically add results when cbmem comes online. + * For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot + * verification occurs before CBMEM is brought online, using pre-RAM. + * In order to make vboot data structures available downstream, copy + * vb2_working_data from SRAM/CAR into CBMEM on platforms where this + * memory later becomes unavailable. */ -#if !CONFIG(VBOOT_STARTS_IN_ROMSTAGE) -static void vb2_store_selected_region_cbmem(int unused) +static void vb2_migrate_cbmem(int unused) +{ + const struct vb2_working_data *wd_preram = + (struct vb2_working_data *)_vboot2_work; + size_t cbmem_size = wd_preram->buffer_offset + wd_preram->buffer_size; + struct vb2_working_data *wd_cbmem = + cbmem_add(CBMEM_ID_VBOOT_WORKBUF, cbmem_size); + printk(BIOS_DEBUG, + "VBOOT: copying vb2_working_data (%zu bytes) to CBMEM...\n", + cbmem_size); + memcpy(wd_cbmem, wd_preram, cbmem_size); + assert(wd_cbmem != NULL); +} +ROMSTAGE_CBMEM_INIT_HOOK(vb2_migrate_cbmem) +#elif CONFIG(VBOOT_STARTS_IN_ROMSTAGE) +static void vb2_setup_cbmem(int unused) { - vb2_store_selected_region(); + struct vb2_working_data *wd_cbmem = + cbmem_add(CBMEM_ID_VBOOT_WORKBUF, vb2_working_data_size()); + assert(wd_cbmem != NULL); } -ROMSTAGE_CBMEM_INIT_HOOK(vb2_store_selected_region_cbmem) +ROMSTAGE_CBMEM_INIT_HOOK(vb2_setup_cbmem) #endif diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h index b5e3fcfe94..f1dff614c9 100644 --- a/src/security/vboot/misc.h +++ b/src/security/vboot/misc.h @@ -24,6 +24,7 @@ struct vb2_shared_data; void vboot_fill_handoff(void); void vb2_init_work_context(struct vb2_context *ctx); +void vb2_finalize_work_context(struct vb2_context *ctx); struct vb2_shared_data *vb2_get_shared_data(void); /* Returns 0 on success. < 0 on failure. */ @@ -32,9 +33,6 @@ void vb2_set_selected_region(const struct region *region); int vb2_is_slot_selected(void); int vb2_logic_executed(void); -/* Store the selected region in cbmem for later use. */ -void vb2_store_selected_region(void); - void vb2_save_recovery_reason_vbnv(void); #endif /* __VBOOT_MISC_H__ */ diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index b6c216d5fa..dd8c15c68f 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -27,6 +27,9 @@ _Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) + CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1, "vboot must either start in bootblock or romstage (not both!)"); +_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) || + !CONFIG(VBOOT_MIGRATE_WORKING_DATA), + "no need to migrate working data after CBMEM is already up!"); _Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) || CONFIG(VBOOT_STARTS_IN_BOOTBLOCK), "stand-alone verstage must start in (i.e. after) bootblock"); @@ -126,10 +129,8 @@ static void vboot_prepare(void) * other platforms the vboot cbmem objects are initialized when * cbmem comes online. */ - if (ENV_ROMSTAGE && CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) { - vb2_store_selected_region(); + if (ENV_ROMSTAGE && CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) vboot_fill_handoff(); - } } static int vboot_locate(struct cbfs_props *props) diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 4aab795871..d5bfa89191 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -438,5 +438,6 @@ void verstage_main(void) printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B'); vb2_set_selected_region(region_device_region(&fw_main)); + vb2_finalize_work_context(&ctx); timestamp_add_now(TS_END_VBOOT); } -- cgit v1.2.3