Julius Werner | 1cd013b | 2019-12-11 16:50:02 -0800 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
| 2 | |
| 3 | #ifndef _CBFS_GLUE_H_ |
| 4 | #define _CBFS_GLUE_H_ |
| 5 | |
| 6 | #include <commonlib/region.h> |
| 7 | #include <console/console.h> |
Julius Werner | d96ca24 | 2022-08-08 18:08:35 -0700 | [diff] [blame] | 8 | #include <security/vboot/misc.h> |
Julius Werner | 1cd013b | 2019-12-11 16:50:02 -0800 | [diff] [blame] | 9 | |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 10 | /* |
| 11 | * This flag prevents linking hashing functions into stages where they're not required. We don't |
| 12 | * need them at all if verification is disabled. If verification is enabled without TOCTOU |
| 13 | * safety, we only need to verify the metadata hash in the initial stage and can assume it stays |
| 14 | * valid in later stages. If TOCTOU safety is required, we may need them in every stage to |
| 15 | * reverify metadata that had to be reloaded from flash (e.g. because it didn't fit the mcache). |
Jakub Czapiga | 967a76b | 2022-08-19 12:25:27 +0200 | [diff] [blame] | 16 | * Moreover, if VBOOT_CBFS_INTEGRATION and verification are both enabled, then hashing functions |
| 17 | * are required during verification stage. |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 18 | * Note that this only concerns metadata hashing -- file access functions may still link hashing |
| 19 | * routines independently for file data hashing. |
| 20 | */ |
| 21 | #define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \ |
Jakub Czapiga | 967a76b | 2022-08-19 12:25:27 +0200 | [diff] [blame] | 22 | (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE || \ |
| 23 | (CONFIG(VBOOT_CBFS_INTEGRATION) && \ |
| 24 | (verification_should_run() || \ |
| 25 | (verstage_should_load() && \ |
| 26 | CONFIG(VBOOT_RETURN_FROM_VERSTAGE)))))) |
Julius Werner | d96ca24 | 2022-08-08 18:08:35 -0700 | [diff] [blame] | 27 | #define CBFS_HASH_HWCRYPTO vboot_hwcrypto_allowed() |
Julius Werner | 1cd013b | 2019-12-11 16:50:02 -0800 | [diff] [blame] | 28 | |
| 29 | #define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__) |
Wim Vervoorn | e48bd3a | 2021-04-01 10:23:13 +0200 | [diff] [blame] | 30 | #define LOG(...) printk(BIOS_INFO, "CBFS: " __VA_ARGS__) |
Julius Werner | 1cd013b | 2019-12-11 16:50:02 -0800 | [diff] [blame] | 31 | #define DEBUG(...) do { \ |
| 32 | if (CONFIG(DEBUG_CBFS)) \ |
| 33 | printk(BIOS_SPEW, "CBFS DEBUG: " __VA_ARGS__); \ |
| 34 | } while (0) |
| 35 | |
| 36 | typedef const struct region_device *cbfs_dev_t; |
| 37 | |
| 38 | static inline ssize_t cbfs_dev_read(cbfs_dev_t dev, void *buffer, size_t offset, size_t size) |
| 39 | { |
| 40 | return rdev_readat(dev, buffer, offset, size); |
| 41 | } |
| 42 | |
| 43 | static inline size_t cbfs_dev_size(cbfs_dev_t dev) |
| 44 | { |
| 45 | return region_device_sz(dev); |
| 46 | } |
| 47 | |
| 48 | #endif /* _CBFS_GLUE_H_ */ |