diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 0633042539..9fb83707bf 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -14,6 +14,7 @@ * GNU General Public License for more details. */ #include +#include #include #include #include @@ -183,13 +184,32 @@ void verified_boot_check_cbfsfile(const char *name, uint32_t type, uint32_t hash start = cbfs_boot_map_with_leak(name, type & ~VERIFIED_BOOT_COPY_BLOCK, &size); if (start && size) { /* Speed up processing by copying the file content to memory first */ - if (!ENV_ROMSTAGE_OR_BEFORE && (type & VERIFIED_BOOT_COPY_BLOCK) && (buffer) && - (*buffer) && ((uint32_t) start > (uint32_t)(~(CONFIG_CBFS_SIZE-1)))) { + if (!ENV_ROMSTAGE_OR_BEFORE && (type & VERIFIED_BOOT_COPY_BLOCK)) { + + if ((buffer) && (*buffer) && (*filesize >= size) && + ((uint32_t) start > (uint32_t)(~(CONFIG_CBFS_SIZE-1)))) { + + /* Use the buffer passed in if possible */ printk(BIOS_DEBUG, "%s: move buffer to memory\n", __func__); - /* Move the file to a memory bufferof which we know it doesn't harm */ - memcpy(*buffer, start, size); - start = *buffer; - printk(BIOS_DEBUG, "%s: done\n", __func__); + /* Move the file to memory buffer passed in */ + memcpy(*buffer, start, size); + start = *buffer; + printk(BIOS_DEBUG, "%s: done\n", __func__); + + } else if (ENV_RAMSTAGE) { + /* Try to allocate a buffer from boot_mem */ + void *local_buffer = bootmem_allocate_buffer(size); + + if (local_buffer) { + + /* Use the allocated buffer */ + printk(BIOS_DEBUG, "%s: move file to memory\n", + __func__); + memcpy(local_buffer, start, size); + start = local_buffer; + printk(BIOS_DEBUG, "%s: done\n", __func__); + } + } } verified_boot_check_buffer(name, start, size, hash_index, pcr); } else {