34ec32d54b
If LP_VBOOT_CBFS_INTEGRATION is enabled, then libcbfs will reboot with vboot failure in non-recovery mode on CBFS file hash mismatch. BUg=b:197114807 TEST=Build with VBOOT_CBFS_INTEGRATION enabled and boot on google/ovis4es device Change-Id: Ic0f62212b7217b384e8c4cbd9535fe4243301f8c Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77726 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
245 lines
6.1 KiB
C
245 lines
6.1 KiB
C
/* SPDX-License-Identifier: BSD-3-Clause */
|
|
|
|
#include <libpayload-config.h>
|
|
#include <arch/virtual.h>
|
|
#include <assert.h>
|
|
#include <cbfs.h>
|
|
#include <cbfs_glue.h>
|
|
#include <commonlib/bsd/cbfs_private.h>
|
|
#include <commonlib/bsd/fmap_serialized.h>
|
|
#include <libpayload.h>
|
|
#include <lp_vboot.h>
|
|
#include <lz4.h>
|
|
#include <lzma.h>
|
|
#include <string.h>
|
|
#include <sysinfo.h>
|
|
|
|
|
|
static const struct cbfs_boot_device *cbfs_get_boot_device(bool force_ro)
|
|
{
|
|
static struct cbfs_boot_device ro;
|
|
static struct cbfs_boot_device rw;
|
|
|
|
if (!force_ro) {
|
|
if (!rw.dev.size) {
|
|
rw.dev.offset = lib_sysinfo.cbfs_offset;
|
|
rw.dev.size = lib_sysinfo.cbfs_size;
|
|
rw.mcache = phys_to_virt(lib_sysinfo.cbfs_rw_mcache_offset);
|
|
rw.mcache_size = lib_sysinfo.cbfs_rw_mcache_size;
|
|
}
|
|
return &rw;
|
|
}
|
|
|
|
if (ro.dev.size)
|
|
return &ro;
|
|
|
|
if (fmap_locate_area("COREBOOT", &ro.dev.offset, &ro.dev.size))
|
|
return NULL;
|
|
|
|
ro.mcache = phys_to_virt(lib_sysinfo.cbfs_ro_mcache_offset);
|
|
ro.mcache_size = lib_sysinfo.cbfs_ro_mcache_size;
|
|
|
|
return &ro;
|
|
}
|
|
|
|
ssize_t _cbfs_boot_lookup(const char *name, bool force_ro, union cbfs_mdata *mdata)
|
|
{
|
|
const struct cbfs_boot_device *cbd = cbfs_get_boot_device(force_ro);
|
|
if (!cbd)
|
|
return CB_ERR;
|
|
|
|
size_t data_offset;
|
|
enum cb_err err = CB_CBFS_CACHE_FULL;
|
|
if (cbd->mcache_size)
|
|
err = cbfs_mcache_lookup(cbd->mcache, cbd->mcache_size, name, mdata,
|
|
&data_offset);
|
|
|
|
if (err == CB_CBFS_CACHE_FULL)
|
|
err = cbfs_lookup(&cbd->dev, name, mdata, &data_offset, NULL);
|
|
|
|
/* Fallback to RO if possible. */
|
|
if (CONFIG(LP_ENABLE_CBFS_FALLBACK) && !force_ro && err == CB_CBFS_NOT_FOUND) {
|
|
LOG("Fall back to RO region for '%s'\n", name);
|
|
return _cbfs_boot_lookup(name, true, mdata);
|
|
}
|
|
|
|
if (err) {
|
|
if (err == CB_CBFS_NOT_FOUND)
|
|
LOG("'%s' not found.\n", name);
|
|
else
|
|
ERROR("Error %d when looking up '%s'\n", err, name);
|
|
return err;
|
|
}
|
|
|
|
return cbd->dev.offset + data_offset;
|
|
}
|
|
|
|
void cbfs_unmap(void *mapping)
|
|
{
|
|
free(mapping);
|
|
}
|
|
|
|
static bool cbfs_file_hash_mismatch(const void *buffer, size_t size,
|
|
const union cbfs_mdata *mdata, bool skip_verification)
|
|
{
|
|
if (!CONFIG(LP_CBFS_VERIFICATION) || skip_verification)
|
|
return false;
|
|
|
|
const struct vb2_hash *hash = cbfs_file_hash(mdata);
|
|
if (!hash) {
|
|
ERROR("'%s' does not have a file hash!\n", mdata->h.filename);
|
|
return true;
|
|
}
|
|
vb2_error_t rv = vb2_hash_verify(cbfs_hwcrypto_allowed(), buffer, size, hash);
|
|
if (rv != VB2_SUCCESS) {
|
|
ERROR("'%s' file hash mismatch!\n", mdata->h.filename);
|
|
if (CONFIG(LP_VBOOT_CBFS_INTEGRATION) && !vboot_recovery_mode_enabled())
|
|
vboot_fail_and_reboot(vboot_get_context(), VB2_RECOVERY_FW_BODY, rv);
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
static size_t cbfs_load_and_decompress(size_t offset, size_t in_size, void *buffer,
|
|
size_t buffer_size, uint32_t compression,
|
|
const union cbfs_mdata *mdata, bool skip_verification)
|
|
{
|
|
void *load = buffer;
|
|
size_t out_size = 0;
|
|
|
|
DEBUG("Decompressing %zu bytes from '%s' to %p with algo %d\n", in_size,
|
|
mdata->h.filename, buffer, compression);
|
|
|
|
if (compression != CBFS_COMPRESS_NONE) {
|
|
load = malloc(in_size);
|
|
if (!load) {
|
|
ERROR("'%s' buffer allocation failed\n", mdata->h.filename);
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
if (boot_device_read(load, offset, in_size) != in_size) {
|
|
ERROR("'%s' failed to read contents of file\n", mdata->h.filename);
|
|
goto out;
|
|
}
|
|
|
|
if (cbfs_file_hash_mismatch(load, in_size, mdata, skip_verification))
|
|
goto out;
|
|
|
|
switch (compression) {
|
|
case CBFS_COMPRESS_NONE:
|
|
out_size = in_size;
|
|
break;
|
|
case CBFS_COMPRESS_LZ4:
|
|
if (!CONFIG(LP_LZ4))
|
|
goto out;
|
|
out_size = ulz4fn(load, in_size, buffer, buffer_size);
|
|
break;
|
|
case CBFS_COMPRESS_LZMA:
|
|
if (!CONFIG(LP_LZMA))
|
|
goto out;
|
|
out_size = ulzman(load, in_size, buffer, buffer_size);
|
|
break;
|
|
default:
|
|
ERROR("'%s' decompression algo %d not supported\n", mdata->h.filename,
|
|
compression);
|
|
}
|
|
out:
|
|
if (load != buffer)
|
|
free(load);
|
|
return out_size;
|
|
}
|
|
|
|
static void *do_load(union cbfs_mdata *mdata, ssize_t offset, void *buf, size_t *size_inout,
|
|
bool skip_verification)
|
|
{
|
|
bool malloced = false;
|
|
size_t buf_size = 0;
|
|
size_t out_size;
|
|
uint32_t compression = CBFS_COMPRESS_NONE;
|
|
const struct cbfs_file_attr_compression *cattr =
|
|
cbfs_find_attr(mdata, CBFS_FILE_ATTR_TAG_COMPRESSION, sizeof(*cattr));
|
|
if (cattr) {
|
|
compression = be32toh(cattr->compression);
|
|
out_size = be32toh(cattr->decompressed_size);
|
|
} else {
|
|
out_size = be32toh(mdata->h.len);
|
|
}
|
|
|
|
if (size_inout) {
|
|
buf_size = *size_inout;
|
|
*size_inout = out_size;
|
|
}
|
|
|
|
if (buf) {
|
|
if (!size_inout || buf_size < out_size) {
|
|
ERROR("'%s' buffer too small\n", mdata->h.filename);
|
|
return NULL;
|
|
}
|
|
} else {
|
|
buf = malloc(out_size);
|
|
if (!buf) {
|
|
ERROR("'%s' allocation failure\n", mdata->h.filename);
|
|
return NULL;
|
|
}
|
|
malloced = true;
|
|
}
|
|
|
|
if (cbfs_load_and_decompress(offset, be32toh(mdata->h.len), buf, out_size, compression,
|
|
mdata, skip_verification)
|
|
!= out_size) {
|
|
if (malloced)
|
|
free(buf);
|
|
return NULL;
|
|
}
|
|
|
|
return buf;
|
|
}
|
|
|
|
void *_cbfs_load(const char *name, void *buf, size_t *size_inout, bool force_ro)
|
|
{
|
|
ssize_t offset;
|
|
union cbfs_mdata mdata;
|
|
|
|
DEBUG("%s(name='%s', buf=%p, force_ro=%s)\n", __func__, name, buf,
|
|
force_ro ? "true" : "false");
|
|
|
|
offset = _cbfs_boot_lookup(name, force_ro, &mdata);
|
|
if (offset < 0)
|
|
return NULL;
|
|
|
|
return do_load(&mdata, offset, buf, size_inout, false);
|
|
}
|
|
|
|
void *_cbfs_unverified_area_load(const char *area, const char *name, void *buf,
|
|
size_t *size_inout)
|
|
{
|
|
struct cbfs_dev dev;
|
|
union cbfs_mdata mdata;
|
|
size_t data_offset;
|
|
|
|
DEBUG("%s(area='%s', name='%s', buf=%p)\n", __func__, area, name, buf);
|
|
|
|
if (fmap_locate_area(area, &dev.offset, &dev.size) != CB_SUCCESS)
|
|
return NULL;
|
|
|
|
if (cbfs_lookup(&dev, name, &mdata, &data_offset, NULL)) {
|
|
ERROR("'%s' not found in '%s'\n", name, area);
|
|
return NULL;
|
|
}
|
|
|
|
return do_load(&mdata, dev.offset + data_offset, buf, size_inout, true);
|
|
}
|
|
|
|
/* This should be overridden by payloads that want to enforce more explicit
|
|
policy on using HW crypto. */
|
|
__weak bool cbfs_hwcrypto_allowed(void)
|
|
{
|
|
/* Avoid compiling vboot calls to prevent linker errors. */
|
|
if (!CONFIG(LP_CBFS_VERIFICATION))
|
|
return true;
|
|
|
|
return vb2api_hwcrypto_allowed(vboot_get_context());
|
|
}
|