GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B 

In the existing implementation CSE RW metadata file is generated by
scripts and to avoid incompitable issues between coreboot and the
scripts this patch adds the follwing changes,
* Move the metadata generation to the coreboot Makefile.
* Add CBFS component type struct to create a metadata file during
  the compile time.
* Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config
  and update the major, minor, hotfix and build versions using the
  compile time flags.
* Compute the hash of CSE RW binary in hex format using the openssl
  and use the HASH_BYTEARRAY macro to convert the 64 character hex
  values into the array.
* Add the me_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B
  regions.

BUG=b:169077783
TEST= Built for dedede. Verify that metadata file was generated
and added to the FW_MAIN_A/B. Extracted it using cbfstool and
verfied that metadata was generated properly.

Change-Id: I412581400a9606fa17cf4398faffda923f07b320
Signed-off-by: V Sowmya <v.sowmya@intel.com>
Signed-off-by: Maulik V Vaghela <maulik.v.vaghela@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47431
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
This commit is contained in:
V Sowmya 2020-11-11 07:04:13 +05:30 committed by Furquan Shaikh
parent f99055266b
commit 338b83c7b8
5 changed files with 86 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/soc/intel/common/block/cse/Kconfig
View File

@ -41,6 +41,12 @@ config SOC_INTEL_CSE_RW_CBFS_NAME
help help
CBFS entry name for Intel CSE CBFS RW blob CBFS entry name for Intel CSE CBFS RW blob
config SOC_INTEL_CSE_RW_METADATA_CBFS_NAME
string "CBFS name for CSE RW metadata file"
default "me_rw.metadata"
help
CBFS name for Intel CSE CBFS RW metadata file
config SOC_INTEL_CSE_RW_FILE config SOC_INTEL_CSE_RW_FILE
string "Intel CSE CBFS RW path and filename" string "Intel CSE CBFS RW path and filename"
default "" default ""

29
src/soc/intel/common/block/cse/Makefile.inc
View File

@ -4,6 +4,7 @@ ramstage-$(CONFIG_SOC_INTEL_COMMON_BLOCK_CSE) += cse.c
ramstage-$(CONFIG_SOC_INTEL_CSE_LITE_SKU) += cse_lite.c ramstage-$(CONFIG_SOC_INTEL_CSE_LITE_SKU) += cse_lite.c
smm-$(CONFIG_SOC_INTEL_COMMON_BLOCK_HECI_DISABLE_IN_SMM) += disable_heci.c smm-$(CONFIG_SOC_INTEL_COMMON_BLOCK_HECI_DISABLE_IN_SMM) += disable_heci.c
ifeq ($(CONFIG_SOC_INTEL_CSE_RW_UPDATE),y)
ifneq ($(CONFIG_SOC_INTEL_CSE_RW_FILE),"") ifneq ($(CONFIG_SOC_INTEL_CSE_RW_FILE),"")
CSE_LITE_ME_RW = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME)) CSE_LITE_ME_RW = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME))
regions-for-file-$(CSE_LITE_ME_RW) = FW_MAIN_A,FW_MAIN_B regions-for-file-$(CSE_LITE_ME_RW) = FW_MAIN_A,FW_MAIN_B
@ -11,4 +12,32 @@ cbfs-files-y += $(CSE_LITE_ME_RW)
$(CSE_LITE_ME_RW)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) $(CSE_LITE_ME_RW)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE))
$(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW) $(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW)
$(CSE_LITE_ME_RW)-type := raw $(CSE_LITE_ME_RW)-type := raw
else
$(error "CSE RW file path is missing and need to be set by mainboard config")
endif
# Extract the CSE RW firmware version and update the cse_rw_metadata structure
ifneq ($(CONFIG_SOC_INTEL_CSE_RW_VERSION),"")
CSE_RW_VERSION:=$(subst ., ,$(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_VERSION)))
MAJOR := $(word 1, $(CSE_RW_VERSION))
MINOR := $(word 2, $(CSE_RW_VERSION))
HOTFIX := $(word 3, $(CSE_RW_VERSION))
BUILD := $(word 4, $(CSE_RW_VERSION))
CPPFLAGS_common += -DCSE_RW_MAJOR=$(MAJOR) -DCSE_RW_MINOR=$(MINOR) -DCSE_RW_HOTFIX=$(HOTFIX) -DCSE_RW_BUILD=$(BUILD)
else
$(error "CSE RW version is missing and need to be set by mainboard config")
endif
# Compute the hash of the CSE RW binary and update the cse_rw_metadata structure
CSE_RW_PATH := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE))
HASH := $(shell openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -)
CPPFLAGS_common += -DCSE_RW_SHA256=$(HASH)
# Add the CSE RW metadata file to FW_MAIN_A/B
CSE_RW_METADATA = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME))
regions-for-file-$(CSE_RW_METADATA) = FW_MAIN_A,FW_MAIN_B
cbfs-files-y += $(CSE_RW_METADATA)
$(CSE_RW_METADATA)-file := cse_rw_metadata.c:struct
$(CSE_RW_METADATA)-name := $(CSE_RW_METADATA)
$(CSE_RW_METADATA)-type := raw
endif endif

9
src/soc/intel/common/block/cse/cse_lite.c
View File

@ -9,7 +9,6 @@
#include <intelblocks/cse.h> #include <intelblocks/cse.h>
#include <security/vboot/vboot_common.h> #include <security/vboot/vboot_common.h>
#include <security/vboot/misc.h> #include <security/vboot/misc.h>
#include <vb2_api.h>
#include <soc/intel/common/reset.h> #include <soc/intel/common/reset.h>
/* CSE RW version size reserved in the CSE CBFS RW binary */ /* CSE RW version size reserved in the CSE CBFS RW binary */
@ -110,14 +109,6 @@ enum bp_info_flags {
BP_INFO_READ_ONLY_CFG = 1 << 2, BP_INFO_READ_ONLY_CFG = 1 << 2,
}; };
/* Boot Partition FW Version */
struct fw_version {
uint16_t major;
uint16_t minor;
uint16_t hotfix;
uint16_t build;
} __packed;
/* CSE boot partition entry info */ /* CSE boot partition entry info */
struct cse_bp_entry { struct cse_bp_entry {
/* Boot partition version */ /* Boot partition version */

32
src/soc/intel/common/block/cse/cse_rw_metadata.c Normal file
View File

@ -0,0 +1,32 @@
/* SPDX-License-Identifier: GPL-2.0-only */
#include <intelblocks/cse.h>
#define HASH_TO_ARRAY(x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15, x16,\
x17, x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28, x29, x30,\
x31, x32) { 0x##x1, 0x##x2, 0x##x3, 0x##x4, 0x##x5, 0x##x6, 0x##x7,\
0x##x8, 0x##x9, 0x##x10, 0x##x11, 0x##x12, 0x##x13, 0x##x14, 0x##x15,\
0x##x16, 0x##x17, 0x##x18, 0x##x19, 0x##x20, 0x##x21, 0x##x22, 0x##x23,\
0x##x24, 0x##x25, 0x##x26, 0x##x27, 0x##x28, 0x##x29, 0x##x30, 0x##x31,\
0x##x32 }
#define HASH_BYTEARRAY(...) HASH_TO_ARRAY(__VA_ARGS__)
/*
* This structure contains the CSE RW version and hash details which are filled during the
* compile time.
* Makefile will extract the following details and updates the structure variable via the
* compile time flags.
* CSE RW version: Extract the version string from the SOC_INTEL_CSE_RW_VERSION config and
* assign the major, minor, hotfix and build versions.
* CSE RW hash: Compute the hash of CSE RW binary in hex format using the openssl and use the
* HASH_BYTEARRAY macro to convert the 64 character hex values into the array.
*/
struct cse_rw_metadata metadata = {
.version = {
.major = CSE_RW_MAJOR,
.minor = CSE_RW_MINOR,
.build = CSE_RW_BUILD,
.hotfix = CSE_RW_HOTFIX,
},
.sha256 = HASH_BYTEARRAY(CSE_RW_SHA256),
};

19
src/soc/intel/common/block/include/intelblocks/cse.h
View File

@ -4,6 +4,7 @@
#define SOC_INTEL_COMMON_CSE_H #define SOC_INTEL_COMMON_CSE_H
#include <types.h> #include <types.h>
#include <vb2_api.h>
/* MKHI Command groups */ /* MKHI Command groups */
#define MKHI_GROUP_ID_CBM 0x0 #define MKHI_GROUP_ID_CBM 0x0
@ -61,6 +62,24 @@ struct mkhi_hdr {
uint8_t result; uint8_t result;
} __packed; } __packed;
/* CSE FW Version */
struct fw_version {
uint16_t major;
uint16_t minor;
uint16_t hotfix;
uint16_t build;
} __packed;
/*
* CSE RW metadata structure
* fw_version - CSE RW firmware version
* sha256 - Hash of the CSE RW binary.
*/
struct cse_rw_metadata {
struct fw_version version;
uint8_t sha256[VB2_SHA256_DIGEST_SIZE];
};
/* set up device for use in early boot enviroument with temp bar */ /* set up device for use in early boot enviroument with temp bar */
void heci_init(uintptr_t bar); void heci_init(uintptr_t bar);
/* /*