vboot: Add support for reading GBB flags
This change adds basic support for reading flags from GBB header located in "GBB" section on SPI flash. Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/25459 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
committed by
Patrick Georgi
parent
a6464b7ffd
commit
7632ce0392
@@ -23,6 +23,8 @@ postcar-y += bootmode.c
|
||||
|
||||
verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__
|
||||
|
||||
ramstage-y += gbb.c
|
||||
|
||||
bootblock-y += vbnv.c
|
||||
verstage-y += vbnv.c
|
||||
romstage-y += vbnv.c
|
||||
|
77
src/security/vboot/gbb.c
Normal file
77
src/security/vboot/gbb.c
Normal file
@@ -0,0 +1,77 @@
|
||||
/*
|
||||
* This file is part of the coreboot project.
|
||||
*
|
||||
* Copyright 2018 Google LLC
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#include <commonlib/region.h>
|
||||
#include <console/console.h>
|
||||
#include <fmap.h>
|
||||
#include <gbb_header.h>
|
||||
#include <security/vboot/gbb.h>
|
||||
#include <string.h>
|
||||
|
||||
#define GBB_FMAP_REGION_NAME "GBB"
|
||||
|
||||
/* Copy of GBB header read from boot media. */
|
||||
static GoogleBinaryBlockHeader gbb_header;
|
||||
|
||||
/*
|
||||
* Read "GBB" region from SPI flash to obtain GBB header and validate
|
||||
* signature.
|
||||
*
|
||||
* Return value:
|
||||
* Success = 0
|
||||
* Error = 1
|
||||
*/
|
||||
static int gbb_init(void)
|
||||
{
|
||||
static bool init_done = false;
|
||||
struct region_device gbb_rdev;
|
||||
|
||||
if (init_done != false)
|
||||
return 0;
|
||||
|
||||
if (fmap_locate_area_as_rdev(GBB_FMAP_REGION_NAME, &gbb_rdev))
|
||||
return 1;
|
||||
|
||||
if (rdev_readat(&gbb_rdev, &gbb_header, 0,
|
||||
sizeof(GoogleBinaryBlockHeader)) !=
|
||||
sizeof(GoogleBinaryBlockHeader)) {
|
||||
printk(BIOS_ERR, "%s: Failure to read GBB header!\n", __func__);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (memcmp(gbb_header.signature, GBB_SIGNATURE, GBB_SIGNATURE_SIZE)) {
|
||||
printk(BIOS_ERR, "%s: Signature check failed!\n", __func__);
|
||||
return 1;
|
||||
}
|
||||
|
||||
init_done = true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
uint32_t gbb_get_flags(void)
|
||||
{
|
||||
if (gbb_init()) {
|
||||
printk(BIOS_ERR,
|
||||
"%s: Failure to initialize GBB. Returning flags as 0!\n",
|
||||
__func__);
|
||||
return 0;
|
||||
}
|
||||
return gbb_header.flags;
|
||||
}
|
||||
|
||||
bool gbb_is_flag_set(uint32_t flag)
|
||||
{
|
||||
return !!(gbb_get_flags() & flag);
|
||||
}
|
39
src/security/vboot/gbb.h
Normal file
39
src/security/vboot/gbb.h
Normal file
@@ -0,0 +1,39 @@
|
||||
/*
|
||||
* This file is part of the coreboot project.
|
||||
*
|
||||
* Copyright 2018 Google LLC
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; version 2 of the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*/
|
||||
|
||||
#ifndef __SECURITY_VBOOT_GBB_H__
|
||||
#define __SECURITY_VBOOT_GBB_H__
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/* In order to use GBB_FLAG_* macros from vboot, include gbb_header.h. */
|
||||
|
||||
/*
|
||||
* Read flags field from GBB header.
|
||||
* Return value:
|
||||
* Success: 32-bit unsigned integer representing flags field from GBB header.
|
||||
* Error : 0
|
||||
*/
|
||||
uint32_t gbb_get_flags(void);
|
||||
|
||||
/*
|
||||
* Check if given flag is set in the flags field in GBB header.
|
||||
* Return value:
|
||||
* true: Flag is set.
|
||||
* false: Flag is not set or failure to read GBB flags.
|
||||
*/
|
||||
bool gbb_is_flag_set(uint32_t flag);
|
||||
|
||||
#endif /* __SECURITY_VBOOT_GBB_H__ */
|
Reference in New Issue
Block a user