soc/amd/common/psp_verstage: Add PSP_VERSTACK_STACK_IS_MAPPED config

Crypto Engine in PSP prefers the buffer from Static RAM (SRAM). Hence if
a buffer comes from within SRAM address range, then it is passed
directly to Crypto Engine. Otherwise a bounce bufer from the stack is
used. But on SoCs like Picasso where PSP Verstage stack is mapped to a
virtual address space this check fails causing a bounce buffer to be
used and hence a stack overflow. Fix this issue by assuming that the
buffer comes from the SRAM always in such SoCs and pass the buffer
directly to crypto engine.

BUG=b:259649666
TEST=Build and boot to OS in Dalboz with unsigned PSP verstage.

Change-Id: I2161c8f0720c770efa5c05aece9584c3cbe7712a
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78426
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
This commit is contained in:
Karthikeyan Ramasubramanian 2023-10-16 21:08:57 +00:00 committed by Matt DeVillier
parent 64ba070fd1
commit 204a4e6d9f
2 changed files with 12 additions and 1 deletions

View File

@ -35,3 +35,11 @@ config SEPARATE_SIGNED_PSPFW
help help
Put signed AMD/PSP firmwares outside FW_MAIN_[AB] so vboot doesn't verify them, Put signed AMD/PSP firmwares outside FW_MAIN_[AB] so vboot doesn't verify them,
and rely on PSP's verification. and rely on PSP's verification.
config PSP_VERSTAGE_STACK_IS_MAPPED
bool
default y if SOC_AMD_PICASSO
default n
help
This configuration indicates whether the PSP Verstage stack is mapped to a virtual
address space. This has been the case so far only in Picasso SoC.

View File

@ -90,8 +90,11 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
* mapped address of SPI flash which makes crypto engine to return invalid address. * mapped address of SPI flash which makes crypto engine to return invalid address.
* Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a * Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a
* temporary buffer before passing it to crypto engine. * temporary buffer before passing it to crypto engine.
*
* Similarly in some SoCs, PSP verstage stack is mapped to a virtual address space.
* In those SoCs, assume that the buffer is from SRAM and pass it to crypto engine.
*/ */
if (buf >= _sram && (buf + size) < _esram) if (CONFIG(PSP_VERSTAGE_STACK_IS_MAPPED) || (buf >= _sram && (buf + size) < _esram))
return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size); return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size);
while (size) { while (size) {