GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

soc/amd/common/psp_verstage: Pass SRAM buffer to Crypto Engine 

Crypto engine prefers the buffer from SRAM. CBFS verification may pass
the mapped address of a CBFS file from SPI flash. This causes PSP crypto
engine to return invalid address. Hence if the buffer is from SRAM, pass
it directly to crypto engine. Else copy into a temporary buffer before
passing it to crypto engine.

BUG=b🅱️227809919
TEST=Build and boot to OS in skyrim with CBFS verification enabled using
both x86 verstage and PSP verstage.

Change-Id: Ie9bc9e786f302e7938969c8093d5405b5a85b711
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68184
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
This commit is contained in:
Karthikeyan Ramasubramanian 2022-10-05 23:48:18 -06:00 committed by Raul Rangel
parent 69451f17a1
commit 26aa7503a7
1 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/soc/amd/common/psp_verstage/vboot_crypto.c
View File

@ -6,9 +6,11 @@
#include <commonlib/bsd/helpers.h> #include <commonlib/bsd/helpers.h>
#include <console/console.h> #include <console/console.h>
#include "psp_verstage.h" #include "psp_verstage.h"
#include <soc/psp_verstage_addr.h>
#include <stddef.h> #include <stddef.h>
#include <string.h> #include <string.h>
#include <swab.h> #include <swab.h>
#include <symbols.h>
#include <vb2_api.h> #include <vb2_api.h>
static struct sha_generic_data sha_op; static struct sha_generic_data sha_op;
@ -40,9 +42,10 @@ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_
return VB2_SUCCESS; return VB2_SUCCESS;
} }
vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) static vb2_error_t vb2ex_hwcrypto_digest_extend_psp_sram(const uint8_t *buf, uint32_t size)
{ {
uint32_t retval; uint32_t retval;
sha_op.Data = (uint8_t *)buf; sha_op.Data = (uint8_t *)buf;
if (!sha_op_size_remaining) { if (!sha_op_size_remaining) {
@ -76,6 +79,39 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
return VB2_SUCCESS; return VB2_SUCCESS;
} }
vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size)
{
vb2_error_t retval;
uint32_t offset = 0, copy_size;
/*
* Crypto engine prefers the buffer from SRAM. CBFS verification may pass the
* mapped address of SPI flash which makes crypto engine to return invalid address.
* Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a
* temporary buffer before passing it to crypto engine.
*/
if (buf >= _sram && (buf + size) < _esram)
return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size);
while (size) {
uint8_t block[CONFIG_VBOOT_HASH_BLOCK_SIZE];
copy_size = size < CONFIG_VBOOT_HASH_BLOCK_SIZE ?
size : CONFIG_VBOOT_HASH_BLOCK_SIZE;
memcpy(block, buf + offset, copy_size);
retval = vb2ex_hwcrypto_digest_extend_psp_sram(block, copy_size);
if (retval != VB2_SUCCESS)
return retval;
size -= copy_size;
offset += copy_size;
}
return VB2_SUCCESS;
}
/* Copy the hash back to verstage */ /* Copy the hash back to verstage */
vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size) vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size)
{ {