From 61ef0e4aa564df122283764056bf1e06a7b16cec Mon Sep 17 00:00:00 2001
From: Arthur Heymans <arthur@aheymans.xyz>
Date: Thu, 12 Jan 2023 11:29:57 +0100
Subject: [PATCH] security/vboot: Check RW_NVRAM at buildtime

This avoids runtime failures of lacking a RW_NVRAM section in fmap or
one having a size too small.

Change-Id: I3415bd719428a23b21210eb2176dbe15fa44eb9c
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71868
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
---
 src/security/vboot/Makefile.inc | 5 +++++
 src/security/vboot/vbnv_flash.c | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index 2f8cb8215e..8747e027d7 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -71,6 +71,11 @@ romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
 ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
 postcar-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
 
+$(call src-to-obj,bootblock,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,verstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,romstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,ramstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
+$(call src-to-obj,postcar,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
 bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
 verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
 romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
diff --git a/src/security/vboot/vbnv_flash.c b/src/security/vboot/vbnv_flash.c
index f39ad4f244..8a4fd09981 100644
--- a/src/security/vboot/vbnv_flash.c
+++ b/src/security/vboot/vbnv_flash.c
@@ -3,6 +3,7 @@
 #include <commonlib/region.h>
 #include <console/console.h>
 #include <fmap.h>
+#include <fmap_config.h>
 #include <string.h>
 #include <vb2_api.h>
 #include <security/vboot/vboot_common.h>
@@ -44,6 +45,9 @@ static inline int can_overwrite(uint8_t current, uint8_t new)
 	return (current & new) == new;
 }
 
+_Static_assert(FMAP_SECTION_RW_NVRAM_SIZE >= BLOB_SIZE,
+	       "RW_NVRAM FMAP section not present or too small");
+
 static int init_vbnv(void)
 {
 	struct vbnv_flash_ctx *ctx = &vbnv_flash;