diff options
| author | Julius Werner <jwerner@chromium.org> | 2021-04-02 16:31:21 -0700 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2021-04-06 07:49:15 +0000 |
| commit | 6296ca8ad9137a12094ad5d49d6f937dcf502105 (patch) | |
| tree | 6ff17f7e96a11982d84e87618fbef11855c640bc /src/include | |
| parent | fccf1221a23d3fe5ca57cff6bb6a71d75e67041f (diff) | |
| download | coreboot-6296ca8ad9137a12094ad5d49d6f937dcf502105.tar.xz | |
decompressor: Add CBFS_VERIFICATION support
CBFS_VERIFICATION requires the CBFS metadata hash anchor to be linked
into an uncompressed stage, but for platforms using COMPRESS_BOOTBLOCK,
this is only the decompressor stage. The first CBFS accesses are made in
the bootblock stage after decompression, so if we want to make
CBFS_VERIFICATION work on those platforms, we have to pass the metadata
hash anchor from the decompressor into the bootblock. This patch does
just that. (Note that this relies on the decompressor data remaining
valid in memory for as long as the metadata hash anchor is needed. This
is always true even for OVERLAP_DECOMPRESSOR_ROMSTAGE() situations
because the FMAP and CBFS metadata necessarily need to have finished
verification before a new stage could be loaded.)
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I2e6d7384cfb8339a24369eb6c01fc12f911c974e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52085
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/bootblock_common.h | 1 | ||||
| -rw-r--r-- | src/include/metadata_hash.h | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/include/bootblock_common.h b/src/include/bootblock_common.h index da627d23d4..fccd23524d 100644 --- a/src/include/bootblock_common.h +++ b/src/include/bootblock_common.h @@ -35,6 +35,7 @@ void bootblock_main_with_timestamp(uint64_t base_timestamp, /* This is the argument structure passed from decompressor to bootblock. */ struct bootblock_arg { uint64_t base_timestamp; + void *metadata_hash_anchor; uint32_t num_timestamps; struct timestamp_entry timestamps[]; }; diff --git a/src/include/metadata_hash.h b/src/include/metadata_hash.h index 2d3b8a86bc..bfa7ef1fb6 100644 --- a/src/include/metadata_hash.h +++ b/src/include/metadata_hash.h @@ -6,6 +6,11 @@ #include <commonlib/bsd/metadata_hash.h> +/* Return a pointer to the whole anchor. Only used for decompressor builds. */ +void *metadata_hash_export_anchor(void); +/* Import a pointer that points to the anchor. Only used for decompressor builds. */ +void metadata_hash_import_anchor(void *ptr); + /* Verify the an FMAP data structure with the FMAP hash that is stored together with the CBFS metadata hash in the bootblock's metadata hash anchor (when CBFS verification is enabled). */ vb2_error_t metadata_hash_verify_fmap(const void *fmap_base, size_t fmap_size); |