summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2018-11-08 10:59:40 +0100
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2019-02-25 22:29:16 +0000
commit66f9a09916368bfab09da42ef0beed84a4bb7206 (patch)
tree57ab1cd5851055c117db7fee991d03207b28c69d /src/lib
parentbacd57dfaf7b4c5d3bc5400dbd82b896d0ed23cc (diff)
downloadcoreboot-66f9a09916368bfab09da42ef0beed84a4bb7206.tar.xz
security/vboot: Add measured boot mode
* Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/cbfs.c35
1 files changed, 21 insertions, 14 deletions
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index a5c9f85238..3e2ccf3db4 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -26,6 +26,7 @@
#include <timestamp.h>
#include <fmap.h>
#include "fmap_config.h"
+#include <security/vboot/vboot_crtm.h>
#define ERROR(x...) printk(BIOS_ERR, "CBFS: " x)
#define LOG(x...) printk(BIOS_INFO, "CBFS: " x)
@@ -59,7 +60,12 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type)
return -1;
}
- return cbfs_locate(fh, &rdev, name, type);
+ int ret = cbfs_locate(fh, &rdev, name, type);
+ if (!ret)
+ if (vboot_measure_cbfs_hook(fh, name))
+ return -1;
+
+ return ret;
}
void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size)
@@ -79,13 +85,13 @@ void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size)
}
int cbfs_locate_file_in_region(struct cbfsf *fh, const char *region_name,
- const char *name, uint32_t *type)
+ const char *name, uint32_t *type)
{
struct region_device rdev;
if (fmap_locate_area_as_rdev(region_name, &rdev)) {
LOG("%s region not found while looking for %s\n",
- region_name, name);
+ region_name, name);
return -1;
}
@@ -107,7 +113,7 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset,
case CBFS_COMPRESS_LZ4:
if ((ENV_BOOTBLOCK || ENV_VERSTAGE) &&
- !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES))
+ !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES))
return 0;
/* Load the compressed image to the end of the available memory
@@ -130,7 +136,7 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset,
if (ENV_ROMSTAGE && IS_ENABLED(CONFIG_POSTCAR_STAGE))
return 0;
if ((ENV_ROMSTAGE || ENV_POSTCAR)
- && !IS_ENABLED(CONFIG_COMPRESS_RAMSTAGE))
+ && !IS_ENABLED(CONFIG_COMPRESS_RAMSTAGE))
return 0;
void *map = rdev_mmap(rdev, offset, in_size);
if (map == NULL)
@@ -157,9 +163,9 @@ static inline int tohex4(unsigned int c)
static void tohex16(unsigned int val, char *dest)
{
- dest[0] = tohex4(val>>12);
- dest[1] = tohex4((val>>8) & 0xf);
- dest[2] = tohex4((val>>4) & 0xf);
+ dest[0] = tohex4(val >> 12);
+ dest[1] = tohex4((val >> 8) & 0xf);
+ dest[2] = tohex4((val >> 4) & 0xf);
dest[3] = tohex4(val & 0xf);
}
@@ -167,8 +173,8 @@ void *cbfs_boot_map_optionrom(uint16_t vendor, uint16_t device)
{
char name[17] = "pciXXXX,XXXX.rom";
- tohex16(vendor, name+3);
- tohex16(device, name+8);
+ tohex16(vendor, name + 3);
+ tohex16(device, name + 8);
return cbfs_boot_map_with_leak(name, CBFS_TYPE_OPTIONROM, NULL);
}
@@ -202,8 +208,9 @@ size_t cbfs_boot_load_file(const char *name, void *buf, size_t buf_size,
return 0;
if (cbfsf_decompression_info(&fh, &compression_algo,
- &decompressed_size) < 0
- || decompressed_size > buf_size)
+ &decompressed_size)
+ < 0
+ || decompressed_size > buf_size)
return 0;
return cbfs_load_and_decompress(&fh.data, 0, region_device_sz(&fh.data),
@@ -249,7 +256,7 @@ int cbfs_prog_stage_load(struct prog *pstage)
/* Hacky way to not load programs over read only media. The stages
* that would hit this path initialize themselves. */
if (ENV_VERSTAGE && !IS_ENABLED(CONFIG_NO_XIP_EARLY_STAGES) &&
- IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) {
+ IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) {
void *mapping = rdev_mmap(fh, foffset, fsize);
rdev_munmap(fh, mapping);
if (mapping == load)
@@ -354,7 +361,7 @@ int cbfs_boot_region_properties(struct cbfs_props *props)
continue;
LOG("'%s' located CBFS at [%zx:%zx)\n",
- ops->name, props->offset, props->offset + props->size);
+ ops->name, props->offset, props->offset + props->size);
return 0;
}