libpayload/vboot: Add vboot context initialization and management code
To fully and easily implement fallback/recovery in libcbfs with vboot
support the codebase requires access to vboot context. Moving context
management to libpayload allows to avoid unnecessary overhead and code
complication and still allows payloads to access it in a way it was
designed. Access to this codebase will also allow implementation of e.g.
vboot_fail_and_reboot() and other helpful utilities used by coreboot and
depthcharge.
BUG=b:197114807
TEST=make unit-tests
TEST=Build and boot on google/ovis4es with CL:4839296 and
VBOOT_CBFS_INTEGRATION enabled
Change-Id: Id719be7c4f07251201424b7dc6c1125c6b5756d8
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77635
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
diff --git a/payloads/libpayload/include/lp_vboot.h b/payloads/libpayload/include/lp_vboot.h
new file mode 100644
index 0000000..56ec460
--- /dev/null
+++ b/payloads/libpayload/include/lp_vboot.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#ifndef _LP_VBOOT_H_
+#define _LP_VBOOT_H_
+
+#include <vb2_api.h>
+
+struct vb2_context *vboot_get_context(void);
+
+#endif /* _LP_VBOOT_H_ */
diff --git a/payloads/libpayload/libc/Makefile.inc b/payloads/libpayload/libc/Makefile.inc
index 96d1312..bc706ae 100644
--- a/payloads/libpayload/libc/Makefile.inc
+++ b/payloads/libpayload/libc/Makefile.inc
@@ -40,6 +40,10 @@
libc-$(CONFIG_LP_LIBC) += fmap.c
libc-$(CONFIG_LP_LIBC) += fpmath.c
+ifeq ($(CONFIG_LP_VBOOT_LIB),y)
+libc-$(CONFIG_LP_LIBC) += lp_vboot.c
+endif
+
ifeq ($(CONFIG_LP_LIBC),y)
libc-srcs += $(coreboottop)/src/commonlib/bsd/elog.c
endif
diff --git a/payloads/libpayload/libc/lp_vboot.c b/payloads/libpayload/libc/lp_vboot.c
new file mode 100644
index 0000000..b7717c7
--- /dev/null
+++ b/payloads/libpayload/libc/lp_vboot.c
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <libpayload-config.h>
+#include <arch/virtual.h>
+#include <assert.h>
+#include <libpayload.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sysinfo.h>
+#include <vb2_api.h>
+#include <lp_vboot.h>
+
+struct vb2_context *vboot_get_context(void)
+{
+ static struct vb2_context *ctx;
+
+ if (ctx)
+ return ctx;
+
+ die_if(lib_sysinfo.vboot_workbuf == 0, "vboot workbuf pointer is not set\n");
+
+ /* Use the firmware verification workbuf from coreboot. */
+ vb2_error_t rv = vb2api_reinit(phys_to_virt(lib_sysinfo.vboot_workbuf), &ctx);
+
+ die_if(rv, "vboot workbuf could not be initialized, error: %#x\n", rv);
+
+ return ctx;
+}
diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c
index 3dc19d2..08e312a 100644
--- a/payloads/libpayload/libcbfs/cbfs.c
+++ b/payloads/libpayload/libcbfs/cbfs.c
@@ -8,6 +8,7 @@
#include <commonlib/bsd/cbfs_private.h>
#include <commonlib/bsd/fmap_serialized.h>
#include <libpayload.h>
+#include <lp_vboot.h>
#include <lz4.h>
#include <lzma.h>
#include <string.h>
@@ -232,5 +233,9 @@
policy on using HW crypto. */
__weak bool cbfs_hwcrypto_allowed(void)
{
- return true;
+ /* Avoid compiling vboot calls to prevent linker errors. */
+ if (!CONFIG(LP_CBFS_VERIFICATION))
+ return true;
+
+ return vb2api_hwcrypto_allowed(vboot_get_context());
}
diff --git a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
index 25e402c..9c07727 100644
--- a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
+++ b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
@@ -42,6 +42,16 @@
return VB2_ERROR_SHA_MISMATCH;
}
+bool vb2api_hwcrypto_allowed(struct vb2_context *ctx)
+{
+ return true;
+}
+
+struct vb2_context *vboot_get_context(void)
+{
+ return NULL;
+}
+
unsigned long ulzman(const unsigned char *src, unsigned long srcn, unsigned char *dst,
unsigned long dstn)
{