From 204a4e6d9f2712dc9f78d44bb9820a7ab859f5d0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Ramasubramanian Date: Mon, 16 Oct 2023 21:08:57 +0000 Subject: [PATCH] soc/amd/common/psp_verstage: Add PSP_VERSTACK_STACK_IS_MAPPED config Crypto Engine in PSP prefers the buffer from Static RAM (SRAM). Hence if a buffer comes from within SRAM address range, then it is passed directly to Crypto Engine. Otherwise a bounce bufer from the stack is used. But on SoCs like Picasso where PSP Verstage stack is mapped to a virtual address space this check fails causing a bounce buffer to be used and hence a stack overflow. Fix this issue by assuming that the buffer comes from the SRAM always in such SoCs and pass the buffer directly to crypto engine. BUG=b:259649666 TEST=Build and boot to OS in Dalboz with unsigned PSP verstage. Change-Id: I2161c8f0720c770efa5c05aece9584c3cbe7712a Signed-off-by: Karthikeyan Ramasubramanian Reviewed-on: https://review.coreboot.org/c/coreboot/+/78426 Tested-by: build bot (Jenkins) Reviewed-by: Matt DeVillier --- src/soc/amd/common/psp_verstage/Kconfig | 8 ++++++++ src/soc/amd/common/psp_verstage/vboot_crypto.c | 5 ++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/soc/amd/common/psp_verstage/Kconfig b/src/soc/amd/common/psp_verstage/Kconfig index 526a4ae722..dc6ea1c3ee 100644 --- a/src/soc/amd/common/psp_verstage/Kconfig +++ b/src/soc/amd/common/psp_verstage/Kconfig @@ -35,3 +35,11 @@ config SEPARATE_SIGNED_PSPFW help Put signed AMD/PSP firmwares outside FW_MAIN_[AB] so vboot doesn't verify them, and rely on PSP's verification. + +config PSP_VERSTAGE_STACK_IS_MAPPED + bool + default y if SOC_AMD_PICASSO + default n + help + This configuration indicates whether the PSP Verstage stack is mapped to a virtual + address space. This has been the case so far only in Picasso SoC. diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c index b2c0c563f8..5ed351b604 100644 --- a/src/soc/amd/common/psp_verstage/vboot_crypto.c +++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c @@ -90,8 +90,11 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) * mapped address of SPI flash which makes crypto engine to return invalid address. * Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a * temporary buffer before passing it to crypto engine. + * + * Similarly in some SoCs, PSP verstage stack is mapped to a virtual address space. + * In those SoCs, assume that the buffer is from SRAM and pass it to crypto engine. */ - if (buf >= _sram && (buf + size) < _esram) + if (CONFIG(PSP_VERSTAGE_STACK_IS_MAPPED) || (buf >= _sram && (buf + size) < _esram)) return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size); while (size) {