sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cbfs: Add file data hashing for CONFIG_CBFS_VERIFICATION

Browse Source 
This patch adds file data hashing for CONFIG_CBFS_VERIFICATION. With
this, all CBFS accesses using the new CBFS APIs (cbfs_load/_map/_alloc
and variants) will be fully verified when verification is enabled. (Note
that some use of legacy APIs remains and thus the CBFS_VERIFICATION
feature is not fully finished.)

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ic9fff279f69cf3b7c38a0dc2ff3c970eaa756aa8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52084
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
Julius Werner
2021-04-02 15:58:05 -07:00
committed by Patrick Georgi
parent eca99af229
commit fccf1221a2
3 changed files with 74 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/commonlib/bsd/cbfs_private.c
View File

@ -190,3 +190,26 @@ const void *cbfs_find_attr(const union cbfs_mdata *mdata, uint32_t attr_tag, siz
return NULL;
}
const struct vb2_hash *cbfs_file_hash(const union cbfs_mdata *mdata)
{
/* Hashes are variable-length attributes, so need to manually check the length. */
const struct cbfs_file_attr_hash *attr =
cbfs_find_attr(mdata, CBFS_FILE_ATTR_TAG_HASH, 0);
if (!attr)
return NULL; /* no hash */
const size_t asize = be32toh(attr->len);
const struct vb2_hash *hash = &attr->hash;
const size_t hsize = vb2_digest_size(hash->algo);
if (!hsize) {
ERROR("Hash algo %u for '%s' unsupported.\n", hash->algo, mdata->h.filename);
return NULL;
}
if (hsize != asize - offsetof(struct cbfs_file_attr_hash, hash.raw)) {
ERROR("Hash attribute size for '%s' (%zu) incorrect for algo %u.\n",
mdata->h.filename, asize, hash->algo);
return NULL;
}
return hash;
}

3
src/commonlib/bsd/include/commonlib/bsd/cbfs_mdata.h
View File

@ -24,4 +24,7 @@ union cbfs_mdata {
else caller is responsible for checking the |len| field to avoid reading out-of-bounds. */
const void *cbfs_find_attr(const union cbfs_mdata *mdata, uint32_t attr_tag, size_t size_check);
/* Returns pointer to CBFS file hash structure in metadata attributes, or NULL if invalid. */
const struct vb2_hash *cbfs_file_hash(const union cbfs_mdata *mdata);
#endif /* _COMMONLIB_BSD_CBFS_MDATA_H_ */