GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/prog_loaders.c: Add prog_locate_hook() 

There is no posibility to prevent loading images from cbfs at this stage
For security features prog_locate_hook() is added. This hook can be used
to prevent loading the image.

BUG=N/A
TEST=Created verified binary and verify logging on Facebook FBG-1701

Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30811
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
This commit is contained in:
Frans Hendriks 2019-06-14 14:36:37 +02:00 committed by Patrick Georgi
parent 11b910281e
commit fc58034a11
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/include/program_loading.h
View File

@ -3,6 +3,7 @@
* *
* Copyright 2015 Google Inc. * Copyright 2015 Google Inc.
* Copyright (C) 2014 Imagination Technologies * Copyright (C) 2014 Imagination Technologies
* Copyright (C) 2018 Eltan B.V.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -138,6 +139,12 @@ static inline void prog_set_entry(struct prog *prog, void *e, void *arg)
/* Locate the identified program to run. Return 0 on success. < 0 on error. */ /* Locate the identified program to run. Return 0 on success. < 0 on error. */
int prog_locate(struct prog *prog); int prog_locate(struct prog *prog);
/* The prog_locate_hook() is called prior to CBFS traversal. The hook can be
* used to implement policy that allows or prohibits further progress through
* prog_locate(). The type and name field within struct prog are the only valid
* fields. A 0 return value allows further progress while a non-zero return
* value prohibits further progress */
int prog_locate_hook(struct prog *prog);
/* Run the program described by prog. */ /* Run the program described by prog. */
void prog_run(struct prog *prog); void prog_run(struct prog *prog);

6
src/lib/prog_loaders.c
View File

@ -2,6 +2,7 @@
* This file is part of the coreboot project. * This file is part of the coreboot project.
* *
* Copyright 2015 Google Inc. * Copyright 2015 Google Inc.
* Copyright (C) 2018-2019 Eltan B.V.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -38,6 +39,9 @@ int prog_locate(struct prog *prog)
{ {
struct cbfsf file; struct cbfsf file;
if (prog_locate_hook(prog))
return -1;
cbfs_prepare_program_locate(); cbfs_prepare_program_locate();
if (cbfs_boot_locate(&file, prog_name(prog), NULL)) if (cbfs_boot_locate(&file, prog_name(prog), NULL))
@ -74,6 +78,8 @@ fail:
halt(); halt();
} }
int __weak prog_locate_hook(struct prog *prog) { return 0; }
static void ramstage_cache_invalid(void) static void ramstage_cache_invalid(void)
{ {
printk(BIOS_ERR, "ramstage cache invalid.\n"); printk(BIOS_ERR, "ramstage cache invalid.\n");