blob: 1b66186278610e5a29ce88faf1a49384e906dd2b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef __VBOOT_MISC_H__
#define __VBOOT_MISC_H__
#include <assert.h>
#include <security/vboot/vboot_common.h>
#include <vb2_api.h>
/*
* Source: security/vboot/common.c
*/
struct vb2_context *vboot_get_context(void);
/*
* Returns 1 if firmware slot A is used, 0 if slot B is used.
*/
static inline int vboot_is_firmware_slot_a(struct vb2_context *ctx)
{
return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B);
}
/*
* Check if given flag is set in the flags field in GBB header.
*/
static inline bool vboot_is_gbb_flag_set(enum vb2_gbb_flag flag)
{
return !!(vb2api_gbb_get_flags(vboot_get_context()) & flag);
}
/*
* Locates firmware as a region device. Returns 0 on success, -1 on failure.
*/
int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw);
/*
* The stage loading code is compiled and entered from multiple stages. The
* helper functions below attempt to provide more clarity on when certain
* code should be called. They are implemented inline for better compile-time
* code elimination.
*/
static inline int verification_should_run(void)
{
if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
return ENV_SEPARATE_VERSTAGE;
else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
return ENV_RAMINIT;
else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
return ENV_BOOTBLOCK;
else
dead_code();
}
static inline int verstage_should_load(void)
{
if (CONFIG(VBOOT_SEPARATE_VERSTAGE) && !CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK))
return ENV_BOOTBLOCK;
else
return 0;
}
static inline int vboot_logic_executed(void)
{
extern int vboot_executed; /* should not be globally accessible */
/* If we are in the stage that runs verification, or in the stage that
both loads the verstage and is returned to from it afterwards, we
need to check a global to see if verification has run. */
if (verification_should_run() ||
(verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE)))
return vboot_executed;
if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) {
/* All other stages are "after the bootblock" */
return !ENV_BOOTBLOCK;
} else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
/* Post-RAM stages are "after the romstage" */
return !ENV_ROMSTAGE_OR_BEFORE;
} else if (CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK)) {
return !ENV_SEPARATE_VERSTAGE;
} else {
dead_code();
}
}
static inline bool vboot_hwcrypto_allowed(void)
{
/* When not using vboot firmware verification, HW crypto is always allowed. */
if (!CONFIG(VBOOT))
return 1;
/* Before vboot runs we can't check for HW crypto, so err on the side of caution. */
if (!vboot_logic_executed())
return 0;
/* Otherwise, vboot can decide. */
return vb2api_hwcrypto_allowed(vboot_get_context());
}
#endif /* __VBOOT_MISC_H__ */
|