Gitiles
Code Review Sign In
review.coreboot.org / coreboot / a2bc2540c2d004b475b401ccf0b162c2452857bb / . / src / security / vboot / misc.h
blob: a7069f38fed5f7f258e697b1cd58d523bc97460a [file] [log] [blame]
Angel Pons986d50e2020-04-02 23:48:53 +0200[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]2
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]3#ifndef __VBOOT_MISC_H__
4#define __VBOOT_MISC_H__
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]5
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]6#include <assert.h>
Philipp Deppenwiesefea24292017-10-17 17:02:29 +0200[diff] [blame]7#include <security/vboot/vboot_common.h>
Joel Kitching814c8652020-02-14 13:18:06 +0800[diff] [blame]8#include <vb2_api.h>
Aaron Durbinb5a20b22015-10-06 17:29:03 -0500[diff] [blame]9
Joel Kitching8d0f5992019-03-13 18:10:52 +0800[diff] [blame]10/*
Joel Kitchingaf8471c2019-03-13 22:38:07 +0800[diff] [blame]11 * Source: security/vboot/common.c
12 */
Joel Kitching2332c742019-10-23 15:01:37 +0800[diff] [blame]13struct vb2_context *vboot_get_context(void);
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]14
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]15/*
16 * Returns 1 if firmware slot A is used, 0 if slot B is used.
17 */
Julius Wernerf8e17642019-12-12 13:23:06 -0800[diff] [blame]18static inline int vboot_is_firmware_slot_a(struct vb2_context *ctx)
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]19{
20 return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B);
21}
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]22
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]23/*
Julius Wernerd618aac2019-11-26 17:58:11 -0800[diff] [blame]24 * Check if given flag is set in the flags field in GBB header.
25 * Return value:
26 * true: Flag is set.
27 * false: Flag is not set.
28 */
29static inline bool vboot_is_gbb_flag_set(enum vb2_gbb_flag flag)
30{
31 return !!(vb2api_gbb_get_flags(vboot_get_context()) & flag);
32}
33
34/*
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]35 * Locates firmware as a region device. Returns 0 on success, -1 on failure.
36 */
Julius Wernerf8e17642019-12-12 13:23:06 -0800[diff] [blame]37int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw);
Joel Kitchingaf8471c2019-03-13 22:38:07 +0800[diff] [blame]38
39/*
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]40 * The stage loading code is compiled and entered from multiple stages. The
41 * helper functions below attempt to provide more clarity on when certain
42 * code should be called. They are implemented inline for better compile-time
43 * code elimination.
44 */
45
46static inline int verification_should_run(void)
47{
48 if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
Julius Werner21a40532020-04-21 16:03:53 -0700[diff] [blame]49 return ENV_SEPARATE_VERSTAGE;
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]50 else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
Arthur Heymansa2bc2542021-05-29 08:10:49 +0200[diff] [blame^]51 return ENV_RAMINIT;
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]52 else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
53 return ENV_BOOTBLOCK;
54 else
Nico Huberdb2c8df2020-04-06 23:02:12 +0200[diff] [blame]55 dead_code();
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]56}
57
58static inline int verstage_should_load(void)
59{
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]60 if (CONFIG(VBOOT_SEPARATE_VERSTAGE) && !CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK))
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]61 return ENV_BOOTBLOCK;
62 else
63 return 0;
64}
65
66static inline int vboot_logic_executed(void)
67{
68 extern int vboot_executed; /* should not be globally accessible */
69
70 /* If we are in the stage that runs verification, or in the stage that
71 both loads the verstage and is returned to from it afterwards, we
Elyes HAOUAS58f3fd62020-01-05 13:14:06 +0100[diff] [blame]72 need to check a global to see if verification has run. */
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]73 if (verification_should_run() ||
74 (verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE)))
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]75 return vboot_executed;
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]76
77 if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) {
78 /* All other stages are "after the bootblock" */
79 return !ENV_BOOTBLOCK;
80 } else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
81 /* Post-RAM stages are "after the romstage" */
Kyösti Mälkkib590a042019-09-12 17:09:55 +0300[diff] [blame]82 return !ENV_ROMSTAGE_OR_BEFORE;
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]83 } else if (CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK)) {
84 return !ENV_SEPARATE_VERSTAGE;
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]85 } else {
Nico Huberdb2c8df2020-04-06 23:02:12 +0200[diff] [blame]86 dead_code();
Julius Werner998dc172019-05-09 14:16:13 -0700[diff] [blame]87 }
88}
89
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]90static inline bool vboot_hwcrypto_allowed(void)
91{
92 /* When not using vboot firmware verification, HW crypto is always allowed. */
93 if (!CONFIG(VBOOT))
94 return 1;
95
96 /* Before vboot runs we can't check for HW crypto, so err on the side of caution. */
97 if (!vboot_logic_executed())
98 return 0;
99
100 /* Otherwise, vboot can decide. */
101 return vb2api_hwcrypto_allowed(vboot_get_context());
102}
103
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]104#endif /* __VBOOT_MISC_H__ */