Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 2 | |
| 3 | #include <assert.h> |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 4 | #include <metadata_hash.h> |
Julius Werner | d96ca24 | 2022-08-08 18:08:35 -0700 | [diff] [blame] | 5 | #include <security/vboot/misc.h> |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 6 | #include <symbols.h> |
| 7 | |
Julius Werner | 6296ca8 | 2021-04-02 16:31:21 -0700 | [diff] [blame] | 8 | #if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 9 | __attribute__((used, section(".metadata_hash_anchor"))) |
| 10 | static struct metadata_hash_anchor metadata_hash_anchor = { |
| 11 | /* This is the only place in all of coreboot where we actually need to use this. */ |
| 12 | .magic = DO_NOT_USE_METADATA_HASH_ANCHOR_MAGIC_DO_NOT_USE, |
| 13 | .cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO } |
| 14 | }; |
| 15 | |
Julius Werner | 6296ca8 | 2021-04-02 16:31:21 -0700 | [diff] [blame] | 16 | static struct metadata_hash_anchor *get_anchor(void) |
| 17 | { |
| 18 | return &metadata_hash_anchor; |
| 19 | } |
| 20 | |
| 21 | void *metadata_hash_export_anchor(void) |
| 22 | { |
| 23 | return get_anchor(); |
| 24 | } |
| 25 | #else |
| 26 | static struct metadata_hash_anchor *anchor_ptr = NULL; |
| 27 | |
| 28 | static struct metadata_hash_anchor *get_anchor(void) |
| 29 | { |
| 30 | assert(anchor_ptr != NULL); |
| 31 | return anchor_ptr; |
| 32 | } |
| 33 | |
| 34 | void metadata_hash_import_anchor(void *ptr) |
| 35 | { |
| 36 | anchor_ptr = ptr; |
| 37 | } |
| 38 | #endif |
| 39 | |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 40 | struct vb2_hash *metadata_hash_get(void) |
| 41 | { |
Julius Werner | 6296ca8 | 2021-04-02 16:31:21 -0700 | [diff] [blame] | 42 | return &get_anchor()->cbfs_hash; |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 43 | } |
| 44 | |
| 45 | vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size) |
| 46 | { |
Julius Werner | 6296ca8 | 2021-04-02 16:31:21 -0700 | [diff] [blame] | 47 | struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo }; |
| 48 | memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()), |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 49 | vb2_digest_size(hash.algo)); |
Julius Werner | d96ca24 | 2022-08-08 18:08:35 -0700 | [diff] [blame] | 50 | return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash); |
Julius Werner | fdabf3f | 2020-05-06 17:06:35 -0700 | [diff] [blame] | 51 | } |