/* SPDX-License-Identifier: GPL-2.0-only */ #include <assert.h> #include <metadata_hash.h> #include <security/vboot/misc.h> #include <symbols.h> #if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR __attribute__((used, section(".metadata_hash_anchor"))) static struct metadata_hash_anchor metadata_hash_anchor = { /* This is the only place in all of coreboot where we actually need to use this. */ .magic = DO_NOT_USE_METADATA_HASH_ANCHOR_MAGIC_DO_NOT_USE, .cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO } }; static struct metadata_hash_anchor *get_anchor(void) { return &metadata_hash_anchor; } void *metadata_hash_export_anchor(void) { return get_anchor(); } #else static struct metadata_hash_anchor *anchor_ptr = NULL; static struct metadata_hash_anchor *get_anchor(void) { assert(anchor_ptr != NULL); return anchor_ptr; } void metadata_hash_import_anchor(void *ptr) { anchor_ptr = ptr; } #endif struct vb2_hash *metadata_hash_get(void) { return &get_anchor()->cbfs_hash; } vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size) { struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo }; memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()), vb2_digest_size(hash.algo)); return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash); }