cbfstool: Add support for hashes as file metadata

They allow optimizing a verification of a whole CBFS image by only dealing with the headers (assuming you choose to trust the hash algorithm(s)). The format allows for multiple hashes for a single file, and cbfstool can handle them, but right now it can't generate such headers. Loosely based on Sol's work in http://review.coreboot.org/#/c/10147/, but using the compatible file attribute format. vboot is now a hard dependency of the build process, but we import it into the tree for quite a while now. Change-Id: I9f14f30537d676ce209ad612e7327c6f4810b313 Signed-off-by: Patrick Georgi <patrick@georgi-clan.de> Reviewed-on: http://review.coreboot.org/11767 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2015-10-01 15:54:04 +02:00
parent 44853371f1
commit 89f20340d5
5 changed files with 163 additions and 8 deletions
--- a/util/cbfstool/cbfs.h
+++ b/util/cbfstool/cbfs.h
@@ -19,8 +19,11 @@
 #ifndef __CBFS_H
 #define __CBFS_H

+#include "common.h"
 #include <stdint.h>

+#include <vb2_api.h>
+
 /* cbfstool will fail when trying to build a cbfs_file header that's larger
 * than MAX_CBFS_FILE_HEADER_BUFFER. 1K should give plenty of room. */
 #define MAX_CBFS_FILE_HEADER_BUFFER 1024
@@ -107,6 +110,7 @@ struct cbfs_file_attribute {
 #define CBFS_FILE_ATTR_TAG_UNUSED 0
 #define CBFS_FILE_ATTR_TAG_UNUSED2 0xffffffff
 #define CBFS_FILE_ATTR_TAG_COMPRESSION 0x42435a4c
+#define CBFS_FILE_ATTR_TAG_HASH 0x68736148

 struct cbfs_file_attr_compression {
 	uint32_t tag;
@@ -116,6 +120,14 @@ struct cbfs_file_attr_compression {
 	uint32_t decompressed_size;
 } __PACKED;

+struct cbfs_file_attr_hash {
+	uint32_t tag;
+	uint32_t len;
+	uint32_t hash_type;
+	/* hash_data is len - sizeof(struct) bytes */
+	uint8_t  hash_data[];
+} __PACKED;
+
 struct cbfs_stage {
 	uint32_t compression;
 	uint64_t entry;
@@ -203,6 +215,23 @@ static struct typedesc_t filetypes[] unused = {
 	{CBFS_COMPONENT_NULL, "null"}
 };

+static const struct typedesc_t types_cbfs_hash[] unused = {
+	{VB2_HASH_INVALID, "none"},
+	{VB2_HASH_SHA1, "sha1"},
+	{VB2_HASH_SHA256, "sha256"},
+	{VB2_HASH_SHA512, "sha512"},
+	{0, NULL}
+};
+
+static size_t widths_cbfs_hash[] unused = {
+	[VB2_HASH_INVALID] = 0,
+	[VB2_HASH_SHA1] = 20,
+	[VB2_HASH_SHA256] = 32,
+	[VB2_HASH_SHA512] = 64,
+};
+
+#define CBFS_NUM_SUPPORTED_HASHES ARRAY_SIZE(widths_cbfs_hash)
+
 #define CBFS_SUBHEADER(_p) ( (void *) ((((uint8_t *) (_p)) + ntohl((_p)->offset))) )

 /* cbfs_image.c */