diff options
| author | Julius Werner <jwerner@chromium.org> | 2019-12-12 13:23:06 -0800 |
|---|---|---|
| committer | Julius Werner <jwerner@chromium.org> | 2019-12-13 20:14:26 +0000 |
| commit | f8e1764bb9696782ad3e525be8be34c3a9e14588 (patch) | |
| tree | 35087fb9f64d011304aabb77a5e00d87d5d701a8 /src/security/vboot/common.c | |
| parent | 9b7c23292454ad8c04ec82fa03d276bc425fe315 (diff) | |
| download | coreboot-f8e1764bb9696782ad3e525be8be34c3a9e14588.tar.xz | |
security/vboot: Ensure firmware body size is respected again
CB:36845 simplified how coreboot finds the RW CBFS after vboot has and
eliminated a layer of caching. Unfortunately, we missed the fact that
the former cached value didn't exactly match the FMAP section... it was
in fact truncated to the data actually used by vboot. That patch
unintentionally broke this truncation which leads to performance
regressions on certain CBFS accesses.
This patch makes use of a new API function added to vboot (CL:1965920)
which we can use to retrieve the real firmware body length as before.
(Also stop making all the vb2_context pointers const. vboot generally
never marks context pointers as const in its API functions, even when
the function doesn't modify the context. Therefore constifying it inside
coreboot just makes things weird because it prevents you from calling
random API functions for no reason. If we really want const context
pointers, that's a refactoring that would have to start inside vboot
first.)
This patch brings in upstream vboot commit 4b0408d2:
2019-12-12 Julius Werner 2lib: Move firmware body size reporting to
separate function
Change-Id: I167cd40cb435dbae7f09d6069c9f1ffc1d99fe13
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37680
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
Diffstat (limited to 'src/security/vboot/common.c')
| -rw-r--r-- | src/security/vboot/common.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c index c21fe155a5..214f6fa208 100644 --- a/src/security/vboot/common.c +++ b/src/security/vboot/common.c @@ -68,8 +68,7 @@ struct vb2_context *vboot_get_context(void) return vboot_ctx; } -int vboot_locate_firmware(const struct vb2_context *ctx, - struct region_device *fw) +int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw) { const char *name; @@ -78,7 +77,12 @@ int vboot_locate_firmware(const struct vb2_context *ctx, else name = "FW_MAIN_B"; - return fmap_locate_area_as_rdev(name, fw); + int ret = fmap_locate_area_as_rdev(name, fw); + if (ret) + return ret; + + /* Truncate area to the size that was actually signed by vboot. */ + return rdev_chain(fw, fw, 0, vb2api_get_firmware_size(ctx)); } static void vboot_setup_cbmem(int unused) |