Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 89f20340d5a4c14ab76d3612cd33fff8894602ec^! / . / util / cbfstool / cbfs.h
commit89f20340d5a4c14ab76d3612cd33fff8894602ec[log] [tgz]
authorPatrick Georgi <patrick@georgi-clan.de>Thu Oct 01 15:54:04 2015 +0200
committerPatrick Georgi <pgeorgi@google.com>Thu Oct 01 20:14:26 2015 +0000
treea44cf61e958eb121de01bd17bc1cb4691ad8d455
parent44853371f108b85a36775b72b894c93b24d7b7f7 [diff] [blame]
cbfstool: Add support for hashes as file metadata

They allow optimizing a verification of a whole CBFS image by only
dealing with the headers (assuming you choose to trust the hash
algorithm(s)).

The format allows for multiple hashes for a single file, and cbfstool
can handle them, but right now it can't generate such headers.

Loosely based on Sol's work in http://review.coreboot.org/#/c/10147/,
but using the compatible file attribute format. vboot is now a hard
dependency of the build process, but we import it into the tree for
quite a while now.

Change-Id: I9f14f30537d676ce209ad612e7327c6f4810b313
Signed-off-by: Patrick Georgi <patrick@georgi-clan.de>
Reviewed-on: http://review.coreboot.org/11767
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>

diff --git a/util/cbfstool/cbfs.h b/util/cbfstool/cbfs.h
index 579afa6..8621805 100644
--- a/util/cbfstool/cbfs.h
+++ b/util/cbfstool/cbfs.h

@@ -19,8 +19,11 @@
 #ifndef __CBFS_H
 #define __CBFS_H
 
+#include "common.h"
 #include <stdint.h>
 
+#include <vb2_api.h>
+
 /* cbfstool will fail when trying to build a cbfs_file header that's larger
  * than MAX_CBFS_FILE_HEADER_BUFFER. 1K should give plenty of room. */
 #define MAX_CBFS_FILE_HEADER_BUFFER 1024
@@ -107,6 +110,7 @@
 #define CBFS_FILE_ATTR_TAG_UNUSED 0
 #define CBFS_FILE_ATTR_TAG_UNUSED2 0xffffffff
 #define CBFS_FILE_ATTR_TAG_COMPRESSION 0x42435a4c
+#define CBFS_FILE_ATTR_TAG_HASH 0x68736148
 
 struct cbfs_file_attr_compression {
 	uint32_t tag;
@@ -116,6 +120,14 @@
 	uint32_t decompressed_size;
 } __PACKED;
 
+struct cbfs_file_attr_hash {
+	uint32_t tag;
+	uint32_t len;
+	uint32_t hash_type;
+	/* hash_data is len - sizeof(struct) bytes */
+	uint8_t  hash_data[];
+} __PACKED;
+
 struct cbfs_stage {
 	uint32_t compression;
 	uint64_t entry;
@@ -203,6 +215,23 @@
 	{CBFS_COMPONENT_NULL, "null"}
 };
 
+static const struct typedesc_t types_cbfs_hash[] unused = {
+	{VB2_HASH_INVALID, "none"},
+	{VB2_HASH_SHA1, "sha1"},
+	{VB2_HASH_SHA256, "sha256"},
+	{VB2_HASH_SHA512, "sha512"},
+	{0, NULL}
+};
+
+static size_t widths_cbfs_hash[] unused = {
+	[VB2_HASH_INVALID] = 0,
+	[VB2_HASH_SHA1] = 20,
+	[VB2_HASH_SHA256] = 32,
+	[VB2_HASH_SHA512] = 64,
+};
+
+#define CBFS_NUM_SUPPORTED_HASHES ARRAY_SIZE(widths_cbfs_hash)
+
 #define CBFS_SUBHEADER(_p) ( (void *) ((((uint8_t *) (_p)) + ntohl((_p)->offset))) )
 
 /* cbfs_image.c */