cbfs/vboot: Adapt to new vb2_digest API

CL:3825558 changes all vb2_digest and vb2_hash functions to take a new hwcrypto_allowed argument, to potentially let them try to call the vb2ex_hwcrypto API for hash calculation. This change will open hardware crypto acceleration up to all hash calculations in coreboot (most notably CBFS verification). As part of this change, the vb2_digest_buffer() function has been removed, so replace existing instances in coreboot with the newer vb2_hash_calculate() API. Due to the circular dependency of these changes with vboot, this patch also needs to update the vboot submodule: Updating from commit id 18cb85b5: 2load_kernel.c: Expose load kernel as vb2_api to commit id b827ddb9: tests: Ensure auxfw sync runs after EC sync This brings in 15 new commits. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2022-08-08 18:08:35 -07:00
parent b45b48de73
commit d96ca24652
22 changed files with 98 additions and 85 deletions
--- a/util/cbfstool/cbfs_glue.h
+++ b/util/cbfstool/cbfs_glue.h
@@ -6,6 +6,7 @@
 #include "cbfs_image.h"

 #define CBFS_ENABLE_HASHING 1
+#define CBFS_HASH_HWCRYPTO 0

 typedef const struct cbfs_image *cbfs_dev_t;

--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -1456,7 +1456,7 @@ int cbfs_print_entry_info(struct cbfs_image *image, struct cbfs_file *entry,
 			break;
 		}
 		char *hash_str = bintohex(attr->hash.raw, hash_len);
-		int valid = vb2_hash_verify(CBFS_SUBHEADER(entry),
+		int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry),
 			be32toh(entry->len), &attr->hash) == VB2_SUCCESS;
 		const char *valid_str = valid ? "valid" : "invalid";

@@ -1544,7 +1544,7 @@ static int cbfs_print_parseable_entry_info(struct cbfs_image *image,
 			if (!hash_len)
 				continue;
 			char *hash_str = bintohex(attr->hash.raw, hash_len);
-			int valid = vb2_hash_verify(CBFS_SUBHEADER(entry),
+			int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry),
 				be32toh(entry->len), &attr->hash) == VB2_SUCCESS;
 			fprintf(fp, "%shash:%s:%s:%s", sep,
 				vb2_get_hash_algorithm_name(attr->hash.algo),
@@ -1873,7 +1873,7 @@ int cbfs_add_file_hash(struct cbfs_file *header, struct buffer *buffer,
 	if (attr == NULL)
 		return -1;

-	if (vb2_hash_calculate(buffer_get(buffer), buffer_size(buffer),
+	if (vb2_hash_calculate(false, buffer_get(buffer), buffer_size(buffer),
 			       alg, &attr->hash) != VB2_SUCCESS)
 		return -1;

--- a/util/cbfstool/cbfstool.c
+++ b/util/cbfstool/cbfstool.c
@@ -271,12 +271,12 @@ static int maybe_update_fmap_hash(void)
 	if (mhc->cbfs_hash.algo == VB2_HASH_INVALID)
 		return 0;

-	uint8_t fmap_hash[VB2_MAX_DIGEST_SIZE];
+	struct vb2_hash fmap_hash;
 	const struct fmap *fmap = partitioned_file_get_fmap(param.image_file);
-	if (!fmap || vb2_digest_buffer((const void *)fmap, fmap_size(fmap),
-			mhc->cbfs_hash.algo, fmap_hash, sizeof(fmap_hash)))
+	if (!fmap || vb2_hash_calculate(false, fmap, fmap_size(fmap),
+					mhc->cbfs_hash.algo, &fmap_hash))
 		return -1;
-	return update_anchor(mhc, fmap_hash);
+	return update_anchor(mhc, fmap_hash.raw);
 }

 static bool verification_exclude(enum cbfs_type type)
@@ -1511,7 +1511,7 @@ static enum cb_err verify_walker(__always_unused cbfs_dev_t dev, size_t offset,
 	if (!hash)
 		return CB_ERR;
 	void *file_data = arg + offset + data_offset;
-	if (vb2_hash_verify(file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS)
+	if (vb2_hash_verify(false, file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS)
 		return CB_CBFS_HASH_MISMATCH;
 	return CB_CBFS_NOT_FOUND;
 }
--- a/util/cbfstool/platform_fixups.c
+++ b/util/cbfstool/platform_fixups.c
@@ -67,7 +67,7 @@ static void *qualcomm_find_hash(struct buffer *in, size_t bb_offset, struct vb2_
 	}

 	/* Pass out the actual hash of the current bootblock segment in |real_hash|. */
-	if (vb2_hash_calculate(buffer_get(&elf) + pelf.phdr[bb_segment].p_offset,
+	if (vb2_hash_calculate(false, buffer_get(&elf) + pelf.phdr[bb_segment].p_offset,
 			       pelf.phdr[bb_segment].p_filesz, VB2_HASH_SHA384, real_hash)) {
 		ERROR("fixups: vboot digest error\n");
 		goto destroy_elf;
@@ -159,7 +159,7 @@ static void *mediatek_find_hash(struct buffer *bootblock, struct vb2_hash *real_
 		return NULL;
 	}

-	if (vb2_hash_calculate(buffer_get(&buffer),
+	if (vb2_hash_calculate(false, buffer_get(&buffer),
 			       MEDIATEK_BOOTBLOCK_GFH_SIZE + data_size,
 			       VB2_HASH_SHA256, real_hash)) {
 		ERROR("fixups: MediaTek: vboot digest error\n");