sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/vboot: Use persistent context to read GBB flags

Browse Source 
With the persistent vboot context coreboot no longer needs to read GBB
flags from flash itself -- it can just ask vboot for the cached result.
This patch removes the existing GBB code and provides gbb_is_flag_set()
(with a slightly better namespaced name) as a static inline instead.

Change-Id: Ibc3ed0f3fbeb53d630925d47df4dc474b0ed07ee
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37261
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
This commit is contained in:
Julius Werner
2019-11-26 17:58:11 -08:00
parent 3e8ef1028d
commit d618aaceae
5 changed files with 13 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/vboot/Makefile.inc
View File

@ -24,8 +24,6 @@ postcar-y += bootmode.c
verstage-generic-ccopts += -D__VERSTAGE__ verstage-generic-ccopts += -D__VERSTAGE__
ramstage-y += gbb.c
bootblock-y += vbnv.c bootblock-y += vbnv.c
verstage-y += vbnv.c verstage-y += vbnv.c
romstage-y += vbnv.c romstage-y += vbnv.c

80
src/security/vboot/gbb.c
View File

@ -1,80 +0,0 @@
/*
* This file is part of the coreboot project.
*
* Copyright 2018 Google LLC
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#define NEED_VB20_INTERNALS /* Peeking into vb2_gbb_header */
#include <commonlib/region.h>
#include <console/console.h>
#include <fmap.h>
#include <security/vboot/gbb.h>
#include <string.h>
#include <vb2_api.h>
#define GBB_FMAP_REGION_NAME "GBB"
/* Copy of GBB header read from boot media. */
static struct vb2_gbb_header gbb_header;
/*
* Read "GBB" region from SPI flash to obtain GBB header and validate
* signature.
*
* Return value:
* Success = 0
* Error = 1
*/
static int gbb_init(void)
{
static bool init_done = false;
struct region_device gbb_rdev;
if (init_done != false)
return 0;
if (fmap_locate_area_as_rdev(GBB_FMAP_REGION_NAME, &gbb_rdev))
return 1;
if (rdev_readat(&gbb_rdev, &gbb_header, 0,
sizeof(struct vb2_gbb_header)) !=
sizeof(struct vb2_gbb_header)) {
printk(BIOS_ERR, "%s: Failure to read GBB header!\n", __func__);
return 1;
}
if (memcmp(gbb_header.signature, VB2_GBB_SIGNATURE,
VB2_GBB_SIGNATURE_SIZE)) {
printk(BIOS_ERR, "%s: Signature check failed!\n", __func__);
return 1;
}
init_done = true;
return 0;
}
uint32_t gbb_get_flags(void)
{
if (gbb_init()) {
printk(BIOS_ERR,
"%s: Failure to initialize GBB. Returning flags as 0!\n",
__func__);
return 0;
}
return gbb_header.flags;
}
bool gbb_is_flag_set(uint32_t flag)
{
return !!(gbb_get_flags() & flag);
}

39
src/security/vboot/gbb.h
View File

@ -1,39 +0,0 @@
/*
* This file is part of the coreboot project.
*
* Copyright 2018 Google LLC
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef __SECURITY_VBOOT_GBB_H__
#define __SECURITY_VBOOT_GBB_H__
#include <stdint.h>
/* In order to use VB2_GBB_FLAG_* macros from vboot, include vb2_api.h. */
/*
* Read flags field from GBB header.
* Return value:
* Success: 32-bit unsigned integer representing flags field from GBB header.
* Error : 0
*/
uint32_t gbb_get_flags(void);
/*
* Check if given flag is set in the flags field in GBB header.
* Return value:
* true: Flag is set.
* false: Flag is not set or failure to read GBB flags.
*/
bool gbb_is_flag_set(uint32_t flag);
#endif /* __SECURITY_VBOOT_GBB_H__ */

11
src/security/vboot/misc.h
View File

@ -49,6 +49,17 @@ static inline int vboot_is_firmware_slot_a(const struct vb2_context *ctx)
return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B); return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B);
} }
/*
* Check if given flag is set in the flags field in GBB header.
* Return value:
* true: Flag is set.
* false: Flag is not set.
*/
static inline bool vboot_is_gbb_flag_set(enum vb2_gbb_flag flag)
{
return !!(vb2api_gbb_get_flags(vboot_get_context()) & flag);
}
/* /*
* Locates firmware as a region device. Returns 0 on success, -1 on failure. * Locates firmware as a region device. Returns 0 on success, -1 on failure.
*/ */

4
src/security/vboot/vboot_common.c
View File

@ -19,7 +19,7 @@
#include <fmap.h> #include <fmap.h>
#include <reset.h> #include <reset.h>
#include <stddef.h> #include <stddef.h>
#include <security/vboot/gbb.h> #include <security/vboot/misc.h>
#include <security/vboot/vboot_common.h> #include <security/vboot/vboot_common.h>
#include <security/vboot/vbnv.h> #include <security/vboot/vbnv.h>
#include <vb2_api.h> #include <vb2_api.h>
@ -31,7 +31,7 @@ int vboot_can_enable_udc(void)
if (!vboot_developer_mode_enabled()) if (!vboot_developer_mode_enabled())
return 0; return 0;
/* Enable if GBB flag is set */ /* Enable if GBB flag is set */
if (gbb_is_flag_set(VB2_GBB_FLAG_ENABLE_UDC)) if (vboot_is_gbb_flag_set(VB2_GBB_FLAG_ENABLE_UDC))
return 1; return 1;
/* Enable if VBNV flag is set */ /* Enable if VBNV flag is set */
if (vbnv_udc_enable_flag()) if (vbnv_udc_enable_flag())