| /* SPDX-License-Identifier: GPL-2.0-only */ |
| |
| #include <assert.h> |
| #include <cbmem.h> |
| #include <console/console.h> |
| #include <fmap.h> |
| #include <vb2_api.h> |
| #include <security/vboot/misc.h> |
| #include <security/vboot/symbols.h> |
| #include <security/vboot/vboot_common.h> |
| |
| static struct vb2_context *vboot_ctx; |
| |
| static void *vboot_get_workbuf(void) |
| { |
| void *wb = NULL; |
| |
| if (ENV_HAS_CBMEM) |
| wb = cbmem_find(CBMEM_ID_VBOOT_WORKBUF); |
| |
| if (!wb && !CONFIG(VBOOT_STARTS_IN_ROMSTAGE) && preram_symbols_available()) |
| wb = _vboot2_work; |
| |
| assert(wb); |
| |
| return wb; |
| } |
| |
| struct vb2_context *vboot_get_context(void) |
| { |
| void *wb; |
| vb2_error_t rv; |
| |
| /* Return if context has already been initialized/restored. */ |
| if (vboot_ctx) |
| return vboot_ctx; |
| |
| wb = vboot_get_workbuf(); |
| |
| /* Restore context from a previous stage. */ |
| if (vboot_logic_executed()) { |
| rv = vb2api_reinit(wb, &vboot_ctx); |
| if (rv != VB2_SUCCESS) |
| die("%s: vb2api_reinit returned %#x\n", __func__, rv); |
| return vboot_ctx; |
| } |
| |
| assert(verification_should_run()); |
| |
| /* Initialize vb2_shared_data and friends. */ |
| rv = vb2api_init(wb, VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE, &vboot_ctx); |
| assert(rv == VB2_SUCCESS); |
| |
| return vboot_ctx; |
| } |
| |
| int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw) |
| { |
| const char *name; |
| |
| if (vboot_is_firmware_slot_a(ctx)) |
| name = "FW_MAIN_A"; |
| else |
| name = "FW_MAIN_B"; |
| |
| int ret = fmap_locate_area_as_rdev(name, fw); |
| if (ret) |
| return ret; |
| |
| /* |
| * Truncate area to the size that was actually signed by vboot. |
| * It is only required for old verification mechanism calculating full body hash. |
| * New verification mechanism uses signature with zero data size, so truncation |
| * is not possible. |
| */ |
| if (!CONFIG(VBOOT_CBFS_INTEGRATION)) |
| return rdev_chain(fw, fw, 0, vb2api_get_firmware_size(ctx)); |
| |
| return 0; |
| } |
| |
| static void vboot_setup_cbmem(int unused) |
| { |
| vb2_error_t rv; |
| const size_t cbmem_size = VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE; |
| void *wb_cbmem = cbmem_add(CBMEM_ID_VBOOT_WORKBUF, cbmem_size); |
| assert(wb_cbmem); |
| /* |
| * On platforms where VBOOT_STARTS_BEFORE_BOOTBLOCK, the verification |
| * occurs before the main processor starts running. The vboot data- |
| * structure is available in the _vboot2_work memory area as soon |
| * as the main processor is released. |
| * |
| * For platforms where VBOOT_STARTS_IN_BOOTBLOCK, vboot verification |
| * occurs before CBMEM is brought online, using pre-RAM. In order to |
| * make vboot data structures available downstream, copy vboot workbuf |
| * from SRAM/CAR into CBMEM. |
| * |
| * For platforms where VBOOT_STARTS_IN_ROMSTAGE, verification occurs |
| * after CBMEM is brought online. Directly initialize vboot data |
| * structures in CBMEM, which will also be available downstream. |
| */ |
| if (!CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) |
| rv = vb2api_relocate(wb_cbmem, _vboot2_work, cbmem_size, |
| &vboot_ctx); |
| else |
| rv = vb2api_init(wb_cbmem, cbmem_size, &vboot_ctx); |
| |
| assert(rv == VB2_SUCCESS); |
| } |
| CBMEM_CREATION_HOOK(vboot_setup_cbmem); |