From de1459082b08cf17c5e0c82fde5430801eec46ff Mon Sep 17 00:00:00 2001
From: Werner Zeh <werner.zeh@siemens.com>
Date: Mon, 23 May 2022 13:19:38 +0200
Subject: [PATCH] soc/intel/apollolake: Compare patched FIT pointer with the
 pre-defined

Since the FIT pointer is patched at runtime there is no guarantee that
the pre-defined one will match the patched one. Add a check and print a
warning at runtime if both addresses (pre-defined and patched) do not
match as in this case an offline computed hash for the bootblock will
differ from the runtime one.

Change-Id: Ib1b02ec43af183caa9f5b08b3c485879b423c40f
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64598
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
---
 src/soc/intel/apollolake/bootblock/bootblock_measure.c | 7 +++++++
 src/soc/intel/apollolake/bootblock/fit.c               | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/soc/intel/apollolake/bootblock/bootblock_measure.c b/src/soc/intel/apollolake/bootblock/bootblock_measure.c
index bd8e5b0105..e34e69b051 100644
--- a/src/soc/intel/apollolake/bootblock/bootblock_measure.c
+++ b/src/soc/intel/apollolake/bootblock/bootblock_measure.c
@@ -7,6 +7,7 @@
 #include <stdint.h>
 #include <symbols.h>
 
+extern const uint64_t fit_ptr;
 /* This region device covers the shared SRAM that gets mapped at bootblock runtime. */
 static const struct mem_region_device sram_rdev =
 		MEM_REGION_DEV_RO_INIT(SHARED_SRAM_BASE, SHARED_SRAM_SIZE);
@@ -50,5 +51,11 @@ int tspi_soc_measure_bootblock(int pcr_index)
 		return 1;
 	if (tpm_measure_region(&ifwi_bootblock, pcr_index, "IFWI: bootblock"))
 		return 1;
+	printk(BIOS_DEBUG, "FIT pointer patched to 0x%llx by TXE.\n", fit_ptr);
+	/* Check if the patched FIT pointer address  matches the pre-defined one. */
+	if (fit_ptr != SHARED_SRAM_BASE) {
+		printk(BIOS_WARNING,
+			"Runtime FIT pointer does not match the pre-defined address!\n");
+	}
 	return 0;
 }
diff --git a/src/soc/intel/apollolake/bootblock/fit.c b/src/soc/intel/apollolake/bootblock/fit.c
index 0728f53cbd..28207be248 100644
--- a/src/soc/intel/apollolake/bootblock/fit.c
+++ b/src/soc/intel/apollolake/bootblock/fit.c
@@ -1,11 +1,13 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
 
 #include <stdint.h>
+#include <soc/iomap.h>
 
 /*
  * At runtime TXE creates the FIT table in the shared SRAM and patches the bootblock
  * at the fixed address 4G - 64 byte with a pointer to this FIT table. In order to be able
  * to pre-compute the PCR value for the bootblock this FIT pointer needs to be added to the
  * image as well. Since the FIT location is fixed in TXE, this can be done at build time.
+ * TXE places the table right at the start of the shared SRAM.
  */
-__attribute__((used, __section__(".fit_pointer"))) const uint64_t fit_ptr = 0xfffe0000;
+__attribute__((used, __section__(".fit_pointer"))) const uint64_t fit_ptr = SHARED_SRAM_BASE;