diff options
| author | Wim Vervoorn <wvervoorn@eltan.com> | 2019-11-14 11:45:03 +0100 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2019-11-16 20:39:03 +0000 |
| commit | 46cc24d94e9a1a225d10637650f56ff2272ba3dc (patch) | |
| tree | ae351174f8493a1b4bc4393129f856c436b94afe /src/vendorcode/eltan/security/verified_boot | |
| parent | c50847e51ed0351d262b844919d67bee6372b25a (diff) | |
| download | coreboot-46cc24d94e9a1a225d10637650f56ff2272ba3dc.tar.xz | |
vendorcode/security/eltan: Allocate memory from bootmem to speed up hashing
The verified_boot_check_cbfsfile() will now try to allocate a buffer from
bootmem if the item in the list has the VERIFIED_BOOT_COPY_BLOCK attribute
set. For large payloads this speeds up the hash operation.
BUG=N/A
TEST=build
Change-Id: Ifa0c93632c59d05ae6d32f8785009a3c3568abc5
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36822
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Diffstat (limited to 'src/vendorcode/eltan/security/verified_boot')
| -rw-r--r-- | src/vendorcode/eltan/security/verified_boot/vboot_check.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 0633042539..9fb83707bf 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -14,6 +14,7 @@ * GNU General Public License for more details. */ #include <boot_device.h> +#include <bootmem.h> #include <cbfs.h> #include <vboot_check.h> #include <vboot_common.h> @@ -183,13 +184,32 @@ void verified_boot_check_cbfsfile(const char *name, uint32_t type, uint32_t hash start = cbfs_boot_map_with_leak(name, type & ~VERIFIED_BOOT_COPY_BLOCK, &size); if (start && size) { /* Speed up processing by copying the file content to memory first */ - if (!ENV_ROMSTAGE_OR_BEFORE && (type & VERIFIED_BOOT_COPY_BLOCK) && (buffer) && - (*buffer) && ((uint32_t) start > (uint32_t)(~(CONFIG_CBFS_SIZE-1)))) { + if (!ENV_ROMSTAGE_OR_BEFORE && (type & VERIFIED_BOOT_COPY_BLOCK)) { + + if ((buffer) && (*buffer) && (*filesize >= size) && + ((uint32_t) start > (uint32_t)(~(CONFIG_CBFS_SIZE-1)))) { + + /* Use the buffer passed in if possible */ printk(BIOS_DEBUG, "%s: move buffer to memory\n", __func__); - /* Move the file to a memory bufferof which we know it doesn't harm */ - memcpy(*buffer, start, size); - start = *buffer; - printk(BIOS_DEBUG, "%s: done\n", __func__); + /* Move the file to memory buffer passed in */ + memcpy(*buffer, start, size); + start = *buffer; + printk(BIOS_DEBUG, "%s: done\n", __func__); + + } else if (ENV_RAMSTAGE) { + /* Try to allocate a buffer from boot_mem */ + void *local_buffer = bootmem_allocate_buffer(size); + + if (local_buffer) { + + /* Use the allocated buffer */ + printk(BIOS_DEBUG, "%s: move file to memory\n", + __func__); + memcpy(local_buffer, start, size); + start = local_buffer; + printk(BIOS_DEBUG, "%s: done\n", __func__); + } + } } verified_boot_check_buffer(name, start, size, hash_index, pcr); } else { |