From 7ed4039703552b4f7d6165cc1e895ca8c6d280e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Sat, 11 Jul 2020 15:50:55 +0200 Subject: util/cbfstool/fit.c: Add support for adding Boot Guard manifests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I8221590cad16cffea3f8b50dd880a77934b78ea8 Signed-off-by: Arthur Heymans Signed-off-by: Christian Walter Signed-off-by: Michał Żygowski Reviewed-on: https://review.coreboot.org/c/coreboot/+/48469 Tested-by: build bot (Jenkins) Reviewed-by: Angel Pons --- util/cbfstool/fit.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) (limited to 'util/cbfstool') diff --git a/util/cbfstool/fit.c b/util/cbfstool/fit.c index 44573cadee..63956dd7f9 100644 --- a/util/cbfstool/fit.c +++ b/util/cbfstool/fit.c @@ -434,6 +434,43 @@ static void update_fit_txt_policy_entry(struct fit_table *fit, fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); } +/* + * There can be zero or one FIT_TYPE_BOOT_POLICY entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_boot_policy_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t boot_policy_addr, + uint32_t boot_policy_size) +{ + entry->address = boot_policy_addr; + entry->type_checksum_valid = FIT_TYPE_BOOT_POLICY; + entry->size_reserved = boot_policy_size; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + +/* + * There can be zero or one FIT_TYPE_KEY_MANIFEST entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_key_manifest_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t key_manifest_addr, + uint32_t key_manifest_size) +{ + entry->address = key_manifest_addr; + + entry->type_checksum_valid = FIT_TYPE_KEY_MANIFEST; + entry->size_reserved = key_manifest_size; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + /* Special case for ucode CBFS file, as it might contain more than one ucode */ int fit_add_microcode_file(struct fit_table *fit, struct cbfs_image *image, @@ -626,10 +663,10 @@ int fit_is_supported_type(const enum fit_type type) case FIT_TYPE_BIOS_STARTUP: case FIT_TYPE_BIOS_POLICY: case FIT_TYPE_TXT_POLICY: - return 1; - case FIT_TYPE_TPM_POLICY: case FIT_TYPE_KEY_MANIFEST: case FIT_TYPE_BOOT_POLICY: + return 1; + case FIT_TYPE_TPM_POLICY: default: return 0; } @@ -684,6 +721,12 @@ int fit_add_entry(struct fit_table *fit, case FIT_TYPE_TXT_POLICY: update_fit_txt_policy_entry(fit, entry, offset); break; + case FIT_TYPE_KEY_MANIFEST: + update_fit_key_manifest_entry(fit, entry, offset, len); + break; + case FIT_TYPE_BOOT_POLICY: + update_fit_boot_policy_entry(fit, entry, offset, len); + break; default: return 1; } -- cgit v1.2.3