/* SPDX-License-Identifier: GPL-2.0-only */

#include <assert.h>
#include <metadata_hash.h>
#include <security/vboot/misc.h>
#include <symbols.h>

#if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR
__attribute__((used, section(".metadata_hash_anchor")))
static struct metadata_hash_anchor metadata_hash_anchor = {
	/* This is the only place in all of coreboot where we actually need to use this. */
	.magic = DO_NOT_USE_METADATA_HASH_ANCHOR_MAGIC_DO_NOT_USE,
	.cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO }
};

static struct metadata_hash_anchor *get_anchor(void)
{
	return &metadata_hash_anchor;
}

void *metadata_hash_export_anchor(void)
{
	return get_anchor();
}
#else
static struct metadata_hash_anchor *anchor_ptr = NULL;

static struct metadata_hash_anchor *get_anchor(void)
{
	assert(anchor_ptr != NULL);
	return anchor_ptr;
}

void metadata_hash_import_anchor(void *ptr)
{
	anchor_ptr = ptr;
}
#endif

struct vb2_hash *metadata_hash_get(void)
{
	return &get_anchor()->cbfs_hash;
}

vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size)
{
	struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo };
	memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()),
	       vb2_digest_size(hash.algo));
	return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash);
}