mrc_cache: Move mrc_cache_*_hash functions into mrc_cache driver

This CL would remove these calls from fsp 2.0. Platforms that select MRC_STASH_TO_CBMEM, updating the TPM NVRAM space is moved from romstage (when data stashed to CBMEM) to ramstage (when data is written back to SPI flash. BUG=b:150502246 BRANCH=None TEST=make sure memory training still works on nami Change-Id: I3088ca6927c7dbc65386c13e868afa0462086937 Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-10-16 12:30:05 -07:00 · 2020-10-16 12:30:05 -07:00 · 1fed53f08a
parent 9f8ac64bae
commit 1fed53f08a
3 changed files with 12 additions and 13 deletions
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@ -19,18 +19,12 @@
 #include <symbols.h>
 #include <timestamp.h>
 #include <security/vboot/vboot_common.h>
-#include <security/vboot/mrc_cache_hash_tpm.h>
 #include <security/tpm/tspi.h>
 #include <vb2_api.h>
 #include <types.h>

 static uint8_t temp_ram[CONFIG_FSP_TEMP_RAM_SIZE] __aligned(sizeof(uint64_t));

-/* TPM MRC hash functionality depends on vboot starting before memory init. */
-_Static_assert(!CONFIG(MRC_SAVE_HASH_IN_TPM) ||
-	       CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
-	       "for TPM MRC hash functionality, vboot must start in bootblock");
-
 static void save_memory_training_data(bool s3wake, uint32_t fsp_version)
 {
 	size_t  mrc_data_size;
@ -54,9 +48,6 @@ static void save_memory_training_data(bool s3wake, uint32_t fsp_version)
 	if (mrc_cache_stash_data(MRC_TRAINING_DATA, fsp_version, mrc_data,
 				mrc_data_size) < 0)
 		printk(BIOS_ERR, "Failed to stash MRC data\n");
-
-	if (CONFIG(MRC_SAVE_HASH_IN_TPM))
-		mrc_cache_update_hash(mrc_data, mrc_data_size);
 }

 static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
@ -121,10 +112,6 @@ static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, uint32_t fsp_version)
 	if (data == NULL)
 		return;

-	if (CONFIG(MRC_SAVE_HASH_IN_TPM) &&
-	    !mrc_cache_verify_hash(data, mrc_size))
-		return;
-
 	/* MRC cache found */
 	arch_upd->NvsBufferPtr = data;

--- a/src/drivers/mrc_cache/mrc_cache.c
+++ b/src/drivers/mrc_cache/mrc_cache.c
@ -10,6 +10,7 @@
 #include <fmap.h>
 #include <ip_checksum.h>
 #include <region_file.h>
+#include <security/vboot/mrc_cache_hash_tpm.h>
 #include <security/vboot/vboot_common.h>
 #include <spi_flash.h>

@ -82,6 +83,11 @@ static const struct cache_region *cache_regions[] = {
 	&variable_data,
 };

+/* TPM MRC hash functionality depends on vboot starting before memory init. */
+_Static_assert(!CONFIG(MRC_SAVE_HASH_IN_TPM) ||
+	       CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
+	       "for TPM MRC hash functionality, vboot must start in bootblock");
+
 static int lookup_region_by_name(const char *name, struct region *r)
 {
 	if (fmap_locate_area(name, r) == 0)
@ -185,6 +191,9 @@ static int mrc_data_valid(const struct mrc_metadata *md,
 		return -1;
 	}

+	if (CONFIG(MRC_SAVE_HASH_IN_TPM) && !mrc_cache_verify_hash(data, data_size))
+		return -1;
+
 	return 0;
 }

@ -443,6 +452,8 @@ static void update_mrc_cache_by_type(int type,
 	} else {
 		printk(BIOS_DEBUG, "MRC: updated '%s'.\n", cr->name);
 		log_event_cache_update(cr->elog_slot, UPDATE_SUCCESS);
+		if (CONFIG(MRC_SAVE_HASH_IN_TPM))
+			mrc_cache_update_hash(new_data, new_data_size);
 	}
 }

--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@ -119,6 +119,7 @@ ramstage-y += common.c
 postcar-y += common.c

 romstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
+ramstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c

 ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)