From 0655f78041ef617844f436306fa5431e211f4431 Mon Sep 17 00:00:00 2001 From: Julius Werner Date: Wed, 11 Dec 2019 16:19:48 -0800 Subject: commonlib/bsd: Add new CBFS core implementation This patch adds a new CBFS implementation that is intended to replace the existing commonlib/cbfs.c. The new implementation is designed to meet a bunch of current and future goals that in aggregate make it easier to start from scratch than to adapt the exisiting implementation: 1. Be BSD-licensed so it can evetually be shared with libpayload. 2. Allow generating/verifying a metadata hash for future CBFS per-file verification (see [1][2]). 3. Be very careful about reading (not mmaping) all data only once, to be suitable for eventual TOCTOU-safe verification. 4. Make it possible to efficiently implement all current and future firmware use cases (both with and without verification). The main primitive is the cbfs_walk() function which will traverse a CBFS and call a callback for every file. cbfs_lookup() uses this to implement the most common use case of finding a file so that it can be read. A host application using this code (e.g. coreboot, libpayload, cbfstool) will need to provide a header to provide the glue to access the respective CBFS storage backend implementation. This patch merely adds the code, the next patch will integrate it into coreboot. [1]: https://www.youtube.com/watch?v=Hs_EhewBgtM [2]: https://osfc.io/uploads/talk/paper/47/The_future_of_firmware_verification_in_coreboot.pdf (Note: In early discussions the metadata hash was called "master hash".) Change-Id: Ica64c1751fa37686814c0247460c399261d5814c Signed-off-by: Julius Werner Reviewed-on: https://review.coreboot.org/c/coreboot/+/38421 Reviewed-by: Aaron Durbin Tested-by: build bot (Jenkins) --- MAINTAINERS | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'MAINTAINERS') diff --git a/MAINTAINERS b/MAINTAINERS index d867c78465..ba88813509 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -694,8 +694,13 @@ OPTION ROM EXECUTION & X86EMU F: src/device/oprom/ CBFS -F: src/include/cbfs.h -F: src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h +M: Julius Werner +F: src/include/cbfs* +F: src/commonlib/bsd/include/commonlib/bsd/cbfs* +F: src/commonlib/bsd/cbfs* +F: src/lib/cbfs.c + +CBFSTOOL F: util/cbfstool/ CBMEM -- cgit v1.2.3