coreboot-kgpe-d16/src/include/cbfs_glue.h

/* SPDX-License-Identifier: GPL-2.0-only */

#ifndef _CBFS_GLUE_H_
#define _CBFS_GLUE_H_

#include <commonlib/region.h>
#include <console/console.h>
#include <rules.h>

/*
 * This flag prevents linking hashing functions into stages where they're not required. We don't
 * need them at all if verification is disabled. If verification is enabled without TOCTOU
 * safety, we only need to verify the metadata hash in the initial stage and can assume it stays
 * valid in later stages. If TOCTOU safety is required, we may need them in every stage to
 * reverify metadata that had to be reloaded from flash (e.g. because it didn't fit the mcache).
 * Note that this only concerns metadata hashing -- file access functions may still link hashing
 * routines independently for file data hashing.
 */
#define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \
			     (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE))

#define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__)
#define LOG(...) printk(BIOS_ERR, "CBFS: " __VA_ARGS__)
#define DEBUG(...) do { \
	if (CONFIG(DEBUG_CBFS)) \
		printk(BIOS_SPEW, "CBFS DEBUG: " __VA_ARGS__); \
} while (0)

typedef const struct region_device *cbfs_dev_t;

static inline ssize_t cbfs_dev_read(cbfs_dev_t dev, void *buffer, size_t offset, size_t size)
{
	return rdev_readat(dev, buffer, offset, size);
}

static inline size_t cbfs_dev_size(cbfs_dev_t dev)
{
	return region_device_sz(dev);
}

#endif	/* _CBFS_GLUE_H_ */
cbfs: Hook up to new CBFS implementation This patch hooks coreboot up to the new commonlib/bsd CBFS implementation. This is intended as the "minimum viable patch" that makes the new implementation useable with the smallest amount of changes -- that is why some of this may look a bit roundabout (returning the whole metadata for a file but then just using that to fill out the rdevs of the existing struct cbfsf). Future changes will migrate the higher level CBFS APIs one-by-one to use the new implementation directly (rather than translated into the results of the old one), at which point this will become more efficient. Change-Id: I4d112d1239475920de2d872dac179c245275038d Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38422 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> 2019-12-12 01:50:02 +01:00			`/* SPDX-License-Identifier: GPL-2.0-only */`

			`#ifndef _CBFS_GLUE_H_`
			`#define _CBFS_GLUE_H_`

			`#include <commonlib/region.h>`
			`#include <console/console.h>`
cbfs: Add verification for RO CBFS metadata hash This patch adds the first stage of the new CONFIG_CBFS_VERIFICATION feature. It's not useful to end-users in this stage so it cannot be selected in menuconfig (and should not be used other than for development) yet. With this patch coreboot can verify the metadata hash of the RO CBFS when it starts booting, but it does not verify individual files yet. Likewise, verifying RW CBFSes with vboot is not yet supported. Verification is bootstrapped from a "metadata hash anchor" structure that is embedded in the bootblock code and marked by a unique magic number. This anchor contains both the CBFS metadata hash and a separate hash for the FMAP which is required to find the primary CBFS. Both are verified on first use in the bootblock (and halt the system on failure). The CONFIG_TOCTOU_SAFETY option is also added for illustrative purposes to show some paths that need to be different when full protection against TOCTOU (time-of-check vs. time-of-use) attacks is desired. For normal verification it is sufficient to check the FMAP and the CBFS metadata hash only once in the bootblock -- for TOCTOU verification we do the same, but we need to be extra careful that we do not re-read the FMAP or any CBFS metadata in later stages. This is mostly achieved by depending on the CBFS metadata cache and FMAP cache features, but we allow for one edge case in case the RW CBFS metadata cache overflows (which may happen during an RW update and could otherwise no longer be fixed because mcache size is defined by RO code). This code is added to demonstrate design intent but won't really matter until RW CBFS verification can be supported. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I8930434de55eb938b042fdada9aa90218c0b5a34 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41120 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> 2020-05-07 02:06:35 +02:00			`#include <rules.h>`

			`/*`
			`* This flag prevents linking hashing functions into stages where they're not required. We don't`
			`* need them at all if verification is disabled. If verification is enabled without TOCTOU`
			`* safety, we only need to verify the metadata hash in the initial stage and can assume it stays`
			`* valid in later stages. If TOCTOU safety is required, we may need them in every stage to`
			`* reverify metadata that had to be reloaded from flash (e.g. because it didn't fit the mcache).`
			`* Note that this only concerns metadata hashing -- file access functions may still link hashing`
			`* routines independently for file data hashing.`
			`*/`
			`#define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \`
			`(CONFIG(TOCTOU_SAFETY) \|\| ENV_INITIAL_STAGE))`
cbfs: Hook up to new CBFS implementation This patch hooks coreboot up to the new commonlib/bsd CBFS implementation. This is intended as the "minimum viable patch" that makes the new implementation useable with the smallest amount of changes -- that is why some of this may look a bit roundabout (returning the whole metadata for a file but then just using that to fill out the rdevs of the existing struct cbfsf). Future changes will migrate the higher level CBFS APIs one-by-one to use the new implementation directly (rather than translated into the results of the old one), at which point this will become more efficient. Change-Id: I4d112d1239475920de2d872dac179c245275038d Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38422 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> 2019-12-12 01:50:02 +01:00
			`#define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__)`
			`#define LOG(...) printk(BIOS_ERR, "CBFS: " __VA_ARGS__)`
			`#define DEBUG(...) do { \`
			`if (CONFIG(DEBUG_CBFS)) \`
			`printk(BIOS_SPEW, "CBFS DEBUG: " __VA_ARGS__); \`
			`} while (0)`

			`typedef const struct region_device *cbfs_dev_t;`

			`static inline ssize_t cbfs_dev_read(cbfs_dev_t dev, void *buffer, size_t offset, size_t size)`
			`{`
			`return rdev_readat(dev, buffer, offset, size);`
			`}`

			`static inline size_t cbfs_dev_size(cbfs_dev_t dev)`
			`{`
			`return region_device_sz(dev);`
			`}`

			`#endif /* _CBFS_GLUE_H_ */`