soc/amd/common/psp_verstage: Pass SRAM buffer to Crypto Engine

Crypto engine prefers the buffer from SRAM. CBFS verification may pass the mapped address of a CBFS file from SPI flash. This causes PSP crypto engine to return invalid address. Hence if the buffer is from SRAM, pass it directly to crypto engine. Else copy into a temporary buffer before passing it to crypto engine. BUG=b🅱️227809919 TEST=Build and boot to OS in skyrim with CBFS verification enabled using both x86 verstage and PSP verstage. Change-Id: Ie9bc9e786f302e7938969c8093d5405b5a85b711 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68184 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-10-05 23:48:18 -06:00 · 2022-10-05 23:48:18 -06:00 · 26aa7503a7
parent 69451f17a1
commit 26aa7503a7
1 changed files with 37 additions and 1 deletions
--- a/src/soc/amd/common/psp_verstage/vboot_crypto.c
+++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c
@ -6,9 +6,11 @@
 #include <commonlib/bsd/helpers.h>
 #include <console/console.h>
 #include "psp_verstage.h"
+#include <soc/psp_verstage_addr.h>
 #include <stddef.h>
 #include <string.h>
 #include <swab.h>
+#include <symbols.h>
 #include <vb2_api.h>

 static struct sha_generic_data sha_op;
@ -40,9 +42,10 @@ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_
 	return VB2_SUCCESS;
 }

-vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
+static vb2_error_t vb2ex_hwcrypto_digest_extend_psp_sram(const uint8_t *buf, uint32_t size)
 {
 	uint32_t retval;
+
 	sha_op.Data = (uint8_t *)buf;

 	if (!sha_op_size_remaining) {
@ -76,6 +79,39 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
 	return VB2_SUCCESS;
 }

+
+vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
+{
+	vb2_error_t retval;
+	uint32_t offset = 0, copy_size;
+
+	/*
+	 * Crypto engine prefers the buffer from SRAM. CBFS verification may pass the
+	 * mapped address of SPI flash which makes crypto engine to return invalid address.
+	 * Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a
+	 * temporary buffer before passing it to crypto engine.
+	 */
+	if (buf >= _sram && (buf + size) < _esram)
+		return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size);
+
+	while (size) {
+		uint8_t block[CONFIG_VBOOT_HASH_BLOCK_SIZE];
+
+		copy_size = size < CONFIG_VBOOT_HASH_BLOCK_SIZE ?
+					size : CONFIG_VBOOT_HASH_BLOCK_SIZE;
+		memcpy(block, buf + offset, copy_size);
+
+		retval = vb2ex_hwcrypto_digest_extend_psp_sram(block, copy_size);
+		if (retval != VB2_SUCCESS)
+			return retval;
+
+		size -= copy_size;
+		offset += copy_size;
+	}
+
+	return VB2_SUCCESS;
+}
+
 /* Copy the hash back to verstage */
 vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size)
 {