Gitiles
Code Review Sign In
review.coreboot.org / coreboot / caa0c0e71a594b6b9930f243966ee973724dd490 / . / src / lib / metadata_hash.c
blob: 8779b7c032214505518583fe6dafe21e66dfc16d [file] [log] [blame]
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]2
3#include <assert.h>
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]4#include <metadata_hash.h>
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]5#include <security/vboot/misc.h>
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]6#include <symbols.h>
7
Julius Werner6296ca82021-04-02 16:31:21 -0700[diff] [blame]8#if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]9__attribute__((used, section(".metadata_hash_anchor")))
10static struct metadata_hash_anchor metadata_hash_anchor = {
11 /* This is the only place in all of coreboot where we actually need to use this. */
12 .magic = DO_NOT_USE_METADATA_HASH_ANCHOR_MAGIC_DO_NOT_USE,
13 .cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO }
14};
15
Julius Werner6296ca82021-04-02 16:31:21 -0700[diff] [blame]16static struct metadata_hash_anchor *get_anchor(void)
17{
18 return &metadata_hash_anchor;
19}
20
21void *metadata_hash_export_anchor(void)
22{
23 return get_anchor();
24}
25#else
26static struct metadata_hash_anchor *anchor_ptr = NULL;
27
28static struct metadata_hash_anchor *get_anchor(void)
29{
30 assert(anchor_ptr != NULL);
31 return anchor_ptr;
32}
33
34void metadata_hash_import_anchor(void *ptr)
35{
36 anchor_ptr = ptr;
37}
38#endif
39
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]40struct vb2_hash *metadata_hash_get(void)
41{
Julius Werner6296ca82021-04-02 16:31:21 -0700[diff] [blame]42 return &get_anchor()->cbfs_hash;
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]43}
44
45vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size)
46{
Julius Werner6296ca82021-04-02 16:31:21 -0700[diff] [blame]47 struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo };
48 memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()),
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]49 vb2_digest_size(hash.algo));
Julius Wernerd96ca242022-08-08 18:08:35 -0700[diff] [blame]50 return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash);
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]51}