cbfstool: Add support for hashes as file metadata
They allow optimizing a verification of a whole CBFS image by only dealing with the headers (assuming you choose to trust the hash algorithm(s)). The format allows for multiple hashes for a single file, and cbfstool can handle them, but right now it can't generate such headers. Loosely based on Sol's work in http://review.coreboot.org/#/c/10147/, but using the compatible file attribute format. vboot is now a hard dependency of the build process, but we import it into the tree for quite a while now. Change-Id: I9f14f30537d676ce209ad612e7327c6f4810b313 Signed-off-by: Patrick Georgi <patrick@georgi-clan.de> Reviewed-on: http://review.coreboot.org/11767 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
committed by
Patrick Georgi
parent
44853371f1
commit
89f20340d5
@@ -19,8 +19,11 @@
|
||||
#ifndef __CBFS_H
|
||||
#define __CBFS_H
|
||||
|
||||
#include "common.h"
|
||||
#include <stdint.h>
|
||||
|
||||
#include <vb2_api.h>
|
||||
|
||||
/* cbfstool will fail when trying to build a cbfs_file header that's larger
|
||||
* than MAX_CBFS_FILE_HEADER_BUFFER. 1K should give plenty of room. */
|
||||
#define MAX_CBFS_FILE_HEADER_BUFFER 1024
|
||||
@@ -107,6 +110,7 @@ struct cbfs_file_attribute {
|
||||
#define CBFS_FILE_ATTR_TAG_UNUSED 0
|
||||
#define CBFS_FILE_ATTR_TAG_UNUSED2 0xffffffff
|
||||
#define CBFS_FILE_ATTR_TAG_COMPRESSION 0x42435a4c
|
||||
#define CBFS_FILE_ATTR_TAG_HASH 0x68736148
|
||||
|
||||
struct cbfs_file_attr_compression {
|
||||
uint32_t tag;
|
||||
@@ -116,6 +120,14 @@ struct cbfs_file_attr_compression {
|
||||
uint32_t decompressed_size;
|
||||
} __PACKED;
|
||||
|
||||
struct cbfs_file_attr_hash {
|
||||
uint32_t tag;
|
||||
uint32_t len;
|
||||
uint32_t hash_type;
|
||||
/* hash_data is len - sizeof(struct) bytes */
|
||||
uint8_t hash_data[];
|
||||
} __PACKED;
|
||||
|
||||
struct cbfs_stage {
|
||||
uint32_t compression;
|
||||
uint64_t entry;
|
||||
@@ -203,6 +215,23 @@ static struct typedesc_t filetypes[] unused = {
|
||||
{CBFS_COMPONENT_NULL, "null"}
|
||||
};
|
||||
|
||||
static const struct typedesc_t types_cbfs_hash[] unused = {
|
||||
{VB2_HASH_INVALID, "none"},
|
||||
{VB2_HASH_SHA1, "sha1"},
|
||||
{VB2_HASH_SHA256, "sha256"},
|
||||
{VB2_HASH_SHA512, "sha512"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
static size_t widths_cbfs_hash[] unused = {
|
||||
[VB2_HASH_INVALID] = 0,
|
||||
[VB2_HASH_SHA1] = 20,
|
||||
[VB2_HASH_SHA256] = 32,
|
||||
[VB2_HASH_SHA512] = 64,
|
||||
};
|
||||
|
||||
#define CBFS_NUM_SUPPORTED_HASHES ARRAY_SIZE(widths_cbfs_hash)
|
||||
|
||||
#define CBFS_SUBHEADER(_p) ( (void *) ((((uint8_t *) (_p)) + ntohl((_p)->offset))) )
|
||||
|
||||
/* cbfs_image.c */
|
||||
|
Reference in New Issue
Block a user