d96ca24652
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new
hwcrypto_allowed argument, to potentially let them try to call the
vb2ex_hwcrypto API for hash calculation. This change will open hardware
crypto acceleration up to all hash calculations in coreboot (most
notably CBFS verification). As part of this change, the
vb2_digest_buffer() function has been removed, so replace existing
instances in coreboot with the newer vb2_hash_calculate() API.
Due to the circular dependency of these changes with vboot, this patch
also needs to update the vboot submodule:
Updating from commit id 18cb85b5:
2load_kernel.c: Expose load kernel as vb2_api
to commit id b827ddb9:
tests: Ensure auxfw sync runs after EC sync
This brings in 15 new commits.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
51 lines
1.3 KiB
C
51 lines
1.3 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
|
|
#include <assert.h>
|
|
#include <metadata_hash.h>
|
|
#include <security/vboot/misc.h>
|
|
#include <symbols.h>
|
|
|
|
#if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR
|
|
__attribute__((used, section(".metadata_hash_anchor")))
|
|
static struct metadata_hash_anchor metadata_hash_anchor = {
|
|
/* This is the only place in all of coreboot where we actually need to use this. */
|
|
.magic = DO_NOT_USE_METADATA_HASH_ANCHOR_MAGIC_DO_NOT_USE,
|
|
.cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO }
|
|
};
|
|
|
|
static struct metadata_hash_anchor *get_anchor(void)
|
|
{
|
|
return &metadata_hash_anchor;
|
|
}
|
|
|
|
void *metadata_hash_export_anchor(void)
|
|
{
|
|
return get_anchor();
|
|
}
|
|
#else
|
|
static struct metadata_hash_anchor *anchor_ptr = NULL;
|
|
|
|
static struct metadata_hash_anchor *get_anchor(void)
|
|
{
|
|
assert(anchor_ptr != NULL);
|
|
return anchor_ptr;
|
|
}
|
|
|
|
void metadata_hash_import_anchor(void *ptr)
|
|
{
|
|
anchor_ptr = ptr;
|
|
}
|
|
#endif
|
|
|
|
struct vb2_hash *metadata_hash_get(void)
|
|
{
|
|
return &get_anchor()->cbfs_hash;
|
|
}
|
|
|
|
vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size)
|
|
{
|
|
struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo };
|
|
memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()),
|
|
vb2_digest_size(hash.algo));
|
|
return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash);
|
|
}
|