lib/prog_loaders.c: Add prog_locate_hook() There is no posibility to prevent loading images from cbfs at this stage For security features prog_locate_hook() is added. This hook can be used to prevent loading the image. BUG=N/A TEST=Created verified binary and verify logging on Facebook FBG-1701 Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/30811 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>

commit: fc58034a11e6965d67a7348bab0810401094b5ed [log] [tgz]
author: Frans Hendriks <fhendriks@eltan.com> Fri Jun 14 14:36:37 2019 +0200
committer: Patrick Georgi <pgeorgi@google.com> Mon Oct 28 11:54:44 2019 +0000
tree: 3faed4a9b4fdc6cf76b066489c73d1f32b468506
parent: 11b910281e93e648612a7ad8422ee7e30a73e923 [diff] [blame]
diff --git a/src/lib/prog_loaders.c b/src/lib/prog_loaders.c
index 2ef6bdf..5048c99 100644
--- a/src/lib/prog_loaders.c
+++ b/src/lib/prog_loaders.c

@@ -2,6 +2,7 @@
  * This file is part of the coreboot project.
  *
  * Copyright 2015 Google Inc.
+ * Copyright (C) 2018-2019 Eltan B.V.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -38,6 +39,9 @@
 {
 	struct cbfsf file;
 
+	if (prog_locate_hook(prog))
+		return -1;
+
 	cbfs_prepare_program_locate();
 
 	if (cbfs_boot_locate(&file, prog_name(prog), NULL))
@@ -74,6 +78,8 @@
 	halt();
 }
 
+int __weak prog_locate_hook(struct prog *prog) { return 0; }
+
 static void ramstage_cache_invalid(void)
 {
 	printk(BIOS_ERR, "ramstage cache invalid.\n");
commit	fc58034a11e6965d67a7348bab0810401094b5ed	[log] [tgz]
author	Frans Hendriks <fhendriks@eltan.com>	Fri Jun 14 14:36:37 2019 +0200
committer	Patrick Georgi <pgeorgi@google.com>	Mon Oct 28 11:54:44 2019 +0000
tree	3faed4a9b4fdc6cf76b066489c73d1f32b468506
parent	11b910281e93e648612a7ad8422ee7e30a73e923 [diff] [blame]