security/vboot: Add Kconfig symbol to set hashing block size

Generally, this size probably doesn't matter very much, but in the
case of picasso's psp_verstage, the hash is being calculated by
hardware using relatively expensive system calls.  By increasing the
block size, we can save roughly 140ms of boot and resume time.

TEST=Build & boot see that boot time has decreased.
BRANCH=Zork
BUG=b:169217270 - Zork: SHA calculation in vboot takes too long

Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: I68eecbbdfadcbf14288dc6e849397724fb66e0b2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46901
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Kangheui Won <khwon@chromium.org>
This commit is contained in:
Martin Roth 2020-10-28 11:38:57 -06:00 committed by Felix Held
parent 83729bd430
commit 8839b7f109
2 changed files with 12 additions and 3 deletions

View File

@ -369,6 +369,17 @@ config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
hex "Keyblock preamble flags" hex "Keyblock preamble flags"
default 0x0 default 0x0
config VBOOT_HASH_BLOCK_SIZE
hex
default 0x400
help
Set the default hash size. Generally 1k is reasonable, but in some
cases it may improve hashing speed to increase the size.
Note that this buffer is allocated in the stack. Although the
build should fail if the stack size is exceeded, it's something to
be aware of when changing the size.
endmenu # Keys endmenu # Keys
endif # VBOOT endif # VBOOT
endmenu # Verified Boot (vboot) endmenu # Verified Boot (vboot)

View File

@ -19,8 +19,6 @@
/* The max hash size to expect is for SHA512. */ /* The max hash size to expect is for SHA512. */
#define VBOOT_MAX_HASH_SIZE VB2_SHA512_DIGEST_SIZE #define VBOOT_MAX_HASH_SIZE VB2_SHA512_DIGEST_SIZE
#define TODO_BLOCK_SIZE 1024
/* exports */ /* exports */
vb2_error_t vb2ex_read_resource(struct vb2_context *ctx, vb2_error_t vb2ex_read_resource(struct vb2_context *ctx,
@ -144,7 +142,7 @@ static vb2_error_t hash_body(struct vb2_context *ctx,
{ {
uint64_t load_ts; uint64_t load_ts;
uint32_t remaining; uint32_t remaining;
uint8_t block[TODO_BLOCK_SIZE]; uint8_t block[CONFIG_VBOOT_HASH_BLOCK_SIZE];
uint8_t hash_digest[VBOOT_MAX_HASH_SIZE]; uint8_t hash_digest[VBOOT_MAX_HASH_SIZE];
const size_t hash_digest_sz = sizeof(hash_digest); const size_t hash_digest_sz = sizeof(hash_digest);
size_t block_size = sizeof(block); size_t block_size = sizeof(block);