Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 4f1dda7447025e42b73a31307db94c69fa5d277e / . / src / security / vboot / common.c
blob: 88b166ce6ac67136b04393f917982124d2a2e750 [file] [log] [blame]
Angel Pons986d50e2020-04-02 23:48:53 +0200[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]2
Furquan Shaikha6c5ddd2016-07-22 06:59:40 -0700[diff] [blame]3#include <assert.h>
Aaron Durbin0e571fd2015-05-08 17:14:15 -0500[diff] [blame]4#include <cbmem.h>
Yu-Ping Wu4f1dda72023-10-30 16:45:32 +0800[diff] [blame^]5#include <console/console.h>
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]6#include <fmap.h>
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]7#include <vb2_api.h>
Philipp Deppenwiesefea24292017-10-17 17:02:29 +0200[diff] [blame]8#include <security/vboot/misc.h>
9#include <security/vboot/symbols.h>
10#include <security/vboot/vboot_common.h>
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]11
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]12static struct vb2_context *vboot_ctx;
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]13
Yu-Ping Wu63b97002019-11-26 13:31:32 +0800[diff] [blame]14static void *vboot_get_workbuf(void)
Aaron Durbinb5933662015-10-07 16:03:41 -0500[diff] [blame]15{
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]16 void *wb = NULL;
Aaron Durbinb5933662015-10-07 16:03:41 -0500[diff] [blame]17
Arthur Heymansb7cbb7c2023-08-11 11:31:05 +0200[diff] [blame]18 if (ENV_HAS_CBMEM)
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]19 wb = cbmem_find(CBMEM_ID_VBOOT_WORKBUF);
Aaron Durbinb5933662015-10-07 16:03:41 -0500[diff] [blame]20
Elyes Haouasaebccac2022-09-13 09:56:22 +0200[diff] [blame]21 if (!wb && !CONFIG(VBOOT_STARTS_IN_ROMSTAGE) && preram_symbols_available())
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]22 wb = _vboot2_work;
Aaron Durbinb5933662015-10-07 16:03:41 -0500[diff] [blame]23
Elyes Haouasaebccac2022-09-13 09:56:22 +0200[diff] [blame]24 assert(wb);
Joel Kitching0bcee882019-02-11 15:37:49 +0800[diff] [blame]25
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]26 return wb;
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]27}
28
29struct vb2_context *vboot_get_context(void)
30{
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]31 void *wb;
Yu-Ping Wu4f1dda72023-10-30 16:45:32 +0800[diff] [blame^]32 vb2_error_t rv;
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]33
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]34 /* Return if context has already been initialized/restored. */
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]35 if (vboot_ctx)
36 return vboot_ctx;
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]37
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]38 wb = vboot_get_workbuf();
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]39
40 /* Restore context from a previous stage. */
41 if (vboot_logic_executed()) {
Yu-Ping Wu4f1dda72023-10-30 16:45:32 +0800[diff] [blame^]42 rv = vb2api_reinit(wb, &vboot_ctx);
43 if (rv != VB2_SUCCESS)
44 die("%s: vb2api_reinit returned %#x\n", __func__, rv);
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]45 return vboot_ctx;
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]46 }
47
48 assert(verification_should_run());
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]49
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]50 /* Initialize vb2_shared_data and friends. */
Yu-Ping Wu4f1dda72023-10-30 16:45:32 +0800[diff] [blame^]51 rv = vb2api_init(wb, VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE, &vboot_ctx);
52 assert(rv == VB2_SUCCESS);
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]53
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]54 return vboot_ctx;
Daisuke Nojirie5d13782014-12-18 11:59:06 -0800[diff] [blame]55}
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]56
Julius Wernerf8e17642019-12-12 13:23:06 -0800[diff] [blame]57int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw)
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]58{
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]59 const char *name;
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]60
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]61 if (vboot_is_firmware_slot_a(ctx))
62 name = "FW_MAIN_A";
63 else
64 name = "FW_MAIN_B";
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]65
Julius Wernerf8e17642019-12-12 13:23:06 -0800[diff] [blame]66 int ret = fmap_locate_area_as_rdev(name, fw);
67 if (ret)
68 return ret;
69
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]70 /*
71 * Truncate area to the size that was actually signed by vboot.
72 * It is only required for old verification mechanism calculating full body hash.
73 * New verification mechanism uses signature with zero data size, so truncation
74 * is not possible.
75 */
76 if (!CONFIG(VBOOT_CBFS_INTEGRATION))
77 return rdev_chain(fw, fw, 0, vb2api_get_firmware_size(ctx));
78
79 return 0;
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]80}
Aaron Durbinb5933662015-10-07 16:03:41 -0500[diff] [blame]81
Joel Kitchingaf8471c2019-03-13 22:38:07 +0800[diff] [blame]82static void vboot_setup_cbmem(int unused)
Joel Kitching0bcee882019-02-11 15:37:49 +0800[diff] [blame]83{
Joel Kitching8a3bc3b2020-02-08 10:58:48 +0800[diff] [blame]84 vb2_error_t rv;
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]85 const size_t cbmem_size = VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE;
86 void *wb_cbmem = cbmem_add(CBMEM_ID_VBOOT_WORKBUF, cbmem_size);
Elyes Haouasaebccac2022-09-13 09:56:22 +0200[diff] [blame]87 assert(wb_cbmem);
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]88 /*
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]89 * On platforms where VBOOT_STARTS_BEFORE_BOOTBLOCK, the verification
90 * occurs before the main processor starts running. The vboot data-
91 * structure is available in the _vboot2_work memory area as soon
92 * as the main processor is released.
93 *
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]94 * For platforms where VBOOT_STARTS_IN_BOOTBLOCK, vboot verification
95 * occurs before CBMEM is brought online, using pre-RAM. In order to
96 * make vboot data structures available downstream, copy vboot workbuf
97 * from SRAM/CAR into CBMEM.
Joel Kitching8a3bc3b2020-02-08 10:58:48 +0800[diff] [blame]98 *
99 * For platforms where VBOOT_STARTS_IN_ROMSTAGE, verification occurs
100 * after CBMEM is brought online. Directly initialize vboot data
101 * structures in CBMEM, which will also be available downstream.
Yu-Ping Wua2962da2019-11-26 10:47:35 +0800[diff] [blame]102 */
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]103 if (!CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
Joel Kitching8a3bc3b2020-02-08 10:58:48 +0800[diff] [blame]104 rv = vb2api_relocate(wb_cbmem, _vboot2_work, cbmem_size,
105 &vboot_ctx);
106 else
107 rv = vb2api_init(wb_cbmem, cbmem_size, &vboot_ctx);
108
109 assert(rv == VB2_SUCCESS);
Joel Kitching0bcee882019-02-11 15:37:49 +0800[diff] [blame]110}
Kyösti Mälkkifa3bc042022-03-31 07:40:10 +0300[diff] [blame]111CBMEM_CREATION_HOOK(vboot_setup_cbmem);