From 9360feaf5121fb0b4b2d63e3168effe066650071 Mon Sep 17 00:00:00 2001
From: Patrick Georgi <pgeorgi@google.com>
Date: Wed, 14 Mar 2018 21:11:21 +0100
Subject: smmstore: Add a key/val store facility in flash, mediated through SMM

It exposes an interface that is as generic as possible, so payloads
and/or kernels can use it for their data.

Change-Id: I9553922f9dfa60b9d4b3576973ad4b84d3fe2fb5
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/25182
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/drivers/smmstore/Kconfig      |  32 ++++++
 src/drivers/smmstore/Makefile.inc |   3 +
 src/drivers/smmstore/smi.c        |  83 ++++++++++++++
 src/drivers/smmstore/store.c      | 225 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 343 insertions(+)
 create mode 100644 src/drivers/smmstore/Kconfig
 create mode 100644 src/drivers/smmstore/Makefile.inc
 create mode 100644 src/drivers/smmstore/smi.c
 create mode 100644 src/drivers/smmstore/store.c

(limited to 'src/drivers/smmstore')

diff --git a/src/drivers/smmstore/Kconfig b/src/drivers/smmstore/Kconfig
new file mode 100644
index 0000000000..4bb48f7e08
--- /dev/null
+++ b/src/drivers/smmstore/Kconfig
@@ -0,0 +1,32 @@
+##
+## This file is part of the coreboot project.
+##
+## Copyright (C) 2018 The Chromium OS Authors.  All rights reserved.
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; version 2 of the License.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+##
+
+config SMMSTORE
+	bool "Support for flash based, SMM mediated data store"
+	default n
+	depends on BOOT_DEVICE_SUPPORTS_WRITES
+	select SPI_FLASH_SMM if BOOT_DEVICE_SPI_FLASH_RW_NOMMAP
+
+if SMMSTORE
+config SMMSTORE_REGION
+	string "fmap region in which SMM store file is kept"
+	default "RW_LEGACY" if CHROMEOS
+	default "COREBOOT"
+
+config SMMSTORE_FILENAME
+	string "SMM store file name"
+	default "smm store"
+
+endif
diff --git a/src/drivers/smmstore/Makefile.inc b/src/drivers/smmstore/Makefile.inc
new file mode 100644
index 0000000000..1cafe3a3cf
--- /dev/null
+++ b/src/drivers/smmstore/Makefile.inc
@@ -0,0 +1,3 @@
+ramstage-$(CONFIG_SMMSTORE) += store.c
+
+smm-$(CONFIG_SMMSTORE) += store.c smi.c
diff --git a/src/drivers/smmstore/smi.c b/src/drivers/smmstore/smi.c
new file mode 100644
index 0000000000..3bcf564e1a
--- /dev/null
+++ b/src/drivers/smmstore/smi.c
@@ -0,0 +1,83 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2018 The Chromium OS Authors.  All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <console/console.h>
+#include <smmstore.h>
+#include <stddef.h>
+#include <stdint.h>
+
+/*
+ * Check that the given range is legal.
+ *
+ * Legal means:
+ *  - not pointing into SMRAM
+ *  - ...?
+ *
+ * returns 0 on success, -1 on failure
+ */
+static int range_check(void *start, size_t size)
+{
+	// TODO: fill in
+	return 0;
+}
+
+/* Param is usually EBX, ret in EAX */
+uint32_t smmstore_exec(uint8_t command, void *param)
+{
+	uint32_t ret = SMMSTORE_RET_FAILURE;
+
+	switch (command) {
+	case SMMSTORE_CMD_READ: {
+		printk(BIOS_DEBUG, "Reading from SMM store\n");
+		struct smmstore_params_read *params = param;
+
+		if (range_check(params->buf, params->bufsize) != 0)
+			break;
+
+		if (smmstore_read_region(params->buf, &params->bufsize) == 0)
+			ret = SMMSTORE_RET_SUCCESS;
+		break;
+	}
+
+	case SMMSTORE_CMD_APPEND: {
+		printk(BIOS_DEBUG, "Appending into SMM store\n");
+		struct smmstore_params_append *params = param;
+
+		if (range_check(params->key, params->keysize) != 0)
+			break;
+		if (range_check(params->val, params->valsize) != 0)
+			break;
+
+		if (smmstore_append_data(params->key, params->keysize,
+					 params->val, params->valsize) == 0)
+			ret = SMMSTORE_RET_SUCCESS;
+		break;
+	}
+
+	case SMMSTORE_CMD_CLEAR: {
+		if (smmstore_clear_region() == 0)
+			ret = SMMSTORE_RET_SUCCESS;
+		break;
+	}
+
+	default:
+		printk(BIOS_DEBUG,
+			"Unknown SMM store command: 0x%02x\n", command);
+		ret = SMMSTORE_RET_UNSUPPORTED;
+		break;
+	}
+
+	return ret;
+}
diff --git a/src/drivers/smmstore/store.c b/src/drivers/smmstore/store.c
new file mode 100644
index 0000000000..67d38ee143
--- /dev/null
+++ b/src/drivers/smmstore/store.c
@@ -0,0 +1,225 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2018 The Chromium OS Authors.  All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <boot_device.h>
+#include <cbfs.h>
+#include <commonlib/region.h>
+#include <console/console.h>
+#include <smmstore.h>
+#include <string.h>
+
+/*
+ * The region format is still not finalized, but so far it looks like this:
+ *   (
+ *    uint32le_t key_sz
+ *    uint32le_t value_sz
+ *    uint8_t key[key_sz]
+ *    uint8_t value[value_sz]
+ *    uint8_t active
+ *    align to 4 bytes
+ *   )*
+ *   uint32le_t endmarker = 0xffffffff
+ *
+ * active needs to be set to 0x00 for the entry to be valid. This satisfies
+ * the constraint that entries are either complete or will be ignored, as long
+ * as flash is written sequentially and into a fully erased block.
+ *
+ * Future additions to the format will split the region in half with an active
+ * block marker to allow safe compaction (ie. write the new data in the unused
+ * region, mark it active after the write completed). Otherwise a well-timed
+ * crash/reboot could clear out all variables.
+ */
+
+/*
+ * Return a region device that points into the store file.
+ *
+ * It's the image builder's responsibility to make it block aligned so that
+ * erase works without destroying other data.
+ *
+ * It doesn't cache the location to cope with flash changing underneath (eg
+ * due to an update)
+ *
+ * returns 0 on success, -1 on failure
+ * outputs the valid store rdev in rstore
+ */
+static int lookup_store(struct region_device *rstore)
+{
+	struct cbfsf file;
+	if (cbfs_locate_file_in_region(&file,
+		CONFIG_SMMSTORE_REGION, CONFIG_SMMSTORE_FILENAME, NULL) < 0) {
+		printk(BIOS_WARNING, "smm store: "
+			"Unable to find SMM store file in region '%s'\n",
+			CONFIG_SMMSTORE_REGION);
+		return -1;
+	}
+
+	cbfs_file_data(rstore, &file);
+
+	return 0;
+}
+
+/*
+ * Read entire store into user provided buffer
+ *
+ * returns 0 on success, -1 on failure
+ * writes up to `*bufsize` bytes into `buf` and updates `*bufsize`
+ */
+int smmstore_read_region(void *buf, ssize_t *bufsize)
+{
+	struct region_device store;
+
+	if (bufsize == NULL)
+		return -1;
+
+	*bufsize = 0;
+	if (lookup_store(&store) < 0) {
+		printk(BIOS_WARNING, "reading region failed\n");
+		return -1;
+	}
+
+	ssize_t tx = min(*bufsize, region_device_sz(&store));
+	*bufsize = rdev_readat(&store, buf, 0, tx);
+
+	if (*bufsize < 0)
+		return -1;
+
+	return 0;
+}
+
+/*
+ * Append data to region
+ *
+ * Returns 0 on success, -1 on failure
+ */
+int smmstore_append_data(void *key, uint32_t key_sz,
+	void *value, uint32_t value_sz)
+{
+	struct region_device store;
+
+	if (lookup_store(&store) < 0) {
+		printk(BIOS_WARNING, "reading region failed\n");
+		return -1;
+	}
+
+	ssize_t data_sz = region_device_sz(&store);
+
+	/* scan for end */
+	ssize_t end = 0;
+	uint32_t k_sz, v_sz;
+	while (end < data_sz) {
+		/* make odd corner cases identifiable, eg. invalid v_sz */
+		k_sz = 0;
+
+		if (rdev_readat(&store, &k_sz, end, sizeof(k_sz)) < 0) {
+			printk(BIOS_WARNING, "failed reading key size\n");
+			return -1;
+		}
+
+		/* found the end */
+		if (k_sz == 0xffffffff)
+			break;
+
+		/* something is fishy here:
+		 * Avoid wrapping (since data_size < MAX_UINT32_T / 2) while
+		 * other problems are covered by the loop condition
+		 */
+		if (k_sz > data_sz) {
+			printk(BIOS_WARNING, "key size out of bounds\n");
+			return -1;
+		}
+
+		if (rdev_readat(&store, &v_sz, end + 4, sizeof(v_sz)) < 0) {
+			printk(BIOS_WARNING, "failed reading value size\n");
+			return -1;
+		}
+
+		if (v_sz > data_sz) {
+			printk(BIOS_WARNING, "value size out of bounds\n");
+			return -1;
+		}
+
+		end += 8 + k_sz + v_sz + 1;
+		end = ALIGN_UP(end, sizeof(uint32_t));
+	}
+
+	printk(BIOS_WARNING, "used smm store size might be 0x%zx bytes\n", end);
+
+	if (k_sz != 0xffffffff) {
+		printk(BIOS_WARNING,
+			"eof of data marker looks invalid: 0x%x\n", k_sz);
+		return -1;
+	}
+
+	printk(BIOS_WARNING, "used size looks legit\n");
+
+	printk(BIOS_WARNING, "open (%zx, %zx) for writing\n",
+		region_device_offset(&store), region_device_sz(&store));
+	if (boot_device_rw_subregion(&store.region, &store) < 0) {
+		printk(BIOS_WARNING, "couldn't open store for writing\n");
+		return -1;
+	}
+
+	uint32_t record_sz = 8 + key_sz + value_sz + 1;
+	if (end + record_sz >= data_sz) {
+		printk(BIOS_WARNING, "not enough space for new data\n");
+		return -1;
+	}
+
+	if (rdev_writeat(&store, &key_sz, end, 4) != 4) {
+		printk(BIOS_WARNING, "failed writing key size\n");
+	}
+	end += 4;
+	if (rdev_writeat(&store, &value_sz, end, 4) != 4) {
+		printk(BIOS_WARNING, "failed writing value size\n");
+	}
+	end += 4;
+	if (rdev_writeat(&store, key, end, key_sz) != key_sz) {
+		printk(BIOS_WARNING, "failed writing key data\n");
+	}
+	end += key_sz;
+	if (rdev_writeat(&store, value, end, value_sz) != value_sz) {
+		printk(BIOS_WARNING, "failed writing value data\n");
+	}
+	end += value_sz;
+	uint8_t nul = 0;
+	if (rdev_writeat(&store, &nul, end, 1) != 1) {
+		printk(BIOS_WARNING, "failed writing termination\n");
+	}
+
+	return 0;
+}
+
+/*
+ * Clear region
+ *
+ * Returns 0 on success, -1 on failure, including partial erase
+ */
+int smmstore_clear_region(void)
+{
+	struct region_device store;
+
+	if (lookup_store(&store) < 0) {
+		printk(BIOS_WARNING, "smm store: reading region failed\n");
+		return -1;
+	}
+
+	ssize_t res = rdev_eraseat(&store, 0, region_device_sz(&store));
+	if (res != region_device_sz(&store)) {
+		printk(BIOS_WARNING, "smm store: erasing region failed\n");
+		return -1;
+	}
+
+	return 0;
+}
-- 
cgit v1.2.3