cbfs: Add CBFS_TYPE_INTEL_FIT and exclude it from CBFS verification

The Intel Firmware Interface Table (FIT) is a bit of an annoying outlier among CBFS files because it gets manipulated by a separate utility (ifittool) after cbfstool has already added it to the image. This will break file hashes created for CBFS verification. This is not actually a problem when booting, since coreboot never actually loads the FIT from CBFS -- instead, it's only in the image for use by platform-specific mechanisms that run before coreboot's bootblock. But having an invalid file hash in the CBFS image is confusing when you want to verify that the image is correctly built for verification. This patch adds a new CBFS file type "intel_fit" which is only used for the intel_fit (and intel_fit_ts, if applicable) file containing the FIT. cbfstool will avoid generating and verifying file hashes for this type, like it already does for the "bootblock" and "cbfs header" types. (Note that this means that any attempt to use the CBFS API to actually access this file from coreboot will result in a verification error when CBFS verification is enabled.) Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1c1bb6dab0c9ccc6e78529758a42ad3194cd130c Reviewed-on: https://review.coreboot.org/c/coreboot/+/64736 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-05-27 18:33:15 -07:00 · 2022-05-27 18:33:15 -07:00 · af20fd748b
parent 0057262b38
commit af20fd748b
4 changed files with 17 additions and 3 deletions
--- a/src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h
+++ b/src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h
@ -30,6 +30,7 @@ enum cbfs_type {
 	CBFS_TYPE_VSA		= 0x51,
 	CBFS_TYPE_MBI		= 0x52,
 	CBFS_TYPE_MICROCODE	= 0x53,
 	CBFS_TYPE_INTEL_FIT	= 0x54,
 	CBFS_TYPE_FSP		= 0x60,
 	CBFS_TYPE_MRC		= 0x61,
 	CBFS_TYPE_MMA		= 0x62,
--- a/src/cpu/intel/fit/Makefile.inc
+++ b/src/cpu/intel/fit/Makefile.inc
@ -8,7 +8,7 @@ bootblock-y += fit.c
 cbfs-files-y += intel_fit
 intel_fit-file := fit_table.c:struct
-intel_fit-type := raw
+intel_fit-type := intel_fit
 intel_fit-align := 16
 $(call add_intermediate, set_fit_ptr, $(IFITTOOL))
@ -41,7 +41,7 @@ endif # FIT_ENTRY
 cbfs-files-y += intel_fit_ts
 intel_fit_ts-file := fit_table.c:struct
-intel_fit_ts-type := raw
+intel_fit_ts-type := intel_fit
 intel_fit_ts-align := 16
 endif # CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK
--- a/util/cbfstool/cbfs.h
+++ b/util/cbfstool/cbfs.h
@ -40,6 +40,7 @@ static struct typedesc_t filetypes[] unused = {
 	{CBFS_TYPE_VSA, "vsa"},
 	{CBFS_TYPE_MBI, "mbi"},
 	{CBFS_TYPE_MICROCODE, "microcode"},
 	{CBFS_TYPE_INTEL_FIT, "intel_fit"},
 	{CBFS_TYPE_FSP, "fsp"},
 	{CBFS_TYPE_MRC, "mrc"},
 	{CBFS_TYPE_CMOS_DEFAULT, "cmos_default"},
--- a/util/cbfstool/cbfstool.c
+++ b/util/cbfstool/cbfstool.c
@ -279,6 +279,18 @@ static int maybe_update_fmap_hash(void)
 	return update_anchor(mhc, fmap_hash);
 }
 static bool verification_exclude(enum cbfs_type type)
 {
 	switch (type) {
 	case CBFS_TYPE_BOOTBLOCK:
 	case CBFS_TYPE_CBFSHEADER:
 	case CBFS_TYPE_INTEL_FIT:
 		return true;
 	default:
 		return false;
 	}
 }
 static bool region_is_flashmap(const char *region)
 {
 	return partitioned_file_region_check_magic(param.image_file, region,
@ -872,7 +884,7 @@ static int cbfs_add_component(const char *filename,
 	/* Bootblock and CBFS header should never have file hashes. When adding
 	   the bootblock it is important that we *don't* look up the metadata
 	   hash yet (before it is added) or we'll cache an outdated result. */
-	if (param.type != CBFS_TYPE_BOOTBLOCK && param.type != CBFS_TYPE_CBFSHEADER) {
+	if (!verification_exclude(param.type)) {
 		enum vb2_hash_algorithm mh_algo = get_mh_cache()->cbfs_hash.algo;
 		if (mh_algo != VB2_HASH_INVALID && param.hash != mh_algo) {
 			if (param.hash == VB2_HASH_INVALID) {