GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/security/vboot/vboot_loader.c
Julius Werner f8e1764bb9 security/vboot: Ensure firmware body size is respected again 
CB:36845 simplified how coreboot finds the RW CBFS after vboot has and
eliminated a layer of caching. Unfortunately, we missed the fact that
the former cached value didn't exactly match the FMAP section... it was
in fact truncated to the data actually used by vboot. That patch
unintentionally broke this truncation which leads to performance
regressions on certain CBFS accesses.

This patch makes use of a new API function added to vboot (CL:1965920)
which we can use to retrieve the real firmware body length as before.

(Also stop making all the vb2_context pointers const. vboot generally
never marks context pointers as const in its API functions, even when
the function doesn't modify the context. Therefore constifying it inside
coreboot just makes things weird because it prevents you from calling
random API functions for no reason. If we really want const context
pointers, that's a refactoring that would have to start inside vboot
first.)

This patch brings in upstream vboot commit 4b0408d2:
2019-12-12 Julius Werner   2lib: Move firmware body size reporting to
			   separate function

Change-Id: I167cd40cb435dbae7f09d6069c9f1ffc1d99fe13
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37680
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
2019-12-13 20:14:26 +00:00

92 lines
2.6 KiB
C
Raw Blame History

/*
* This file is part of the coreboot project.
*
* Copyright 2015 Google, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#include <cbfs.h>
#include <console/console.h>
#include <ec/google/chromeec/ec.h>
#include <rmodule.h>
#include <security/vboot/misc.h>
#include <security/vboot/symbols.h>
#include <security/vboot/vboot_common.h>
/* Ensure vboot configuration is valid: */
_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) +
CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1,
"vboot must either start in bootblock or romstage (not both!)");
_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) ||
CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
"stand-alone verstage must start in (i.e. after) bootblock");
_Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) ||
CONFIG(VBOOT_SEPARATE_VERSTAGE),
"return from verstage only makes sense for separate verstages");
int vboot_executed;
void vboot_run_logic(void)
{
if (verification_should_run()) {
/* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */
verstage_main();
vboot_executed = 1;
} else if (verstage_should_load()) {
struct cbfsf file;
struct prog verstage =
PROG_INIT(PROG_VERSTAGE,
CONFIG_CBFS_PREFIX "/verstage");
printk(BIOS_DEBUG, "VBOOT: Loading verstage.\n");
/* load verstage from RO */
if (cbfs_boot_locate(&file, prog_name(&verstage), NULL))
die("failed to load verstage");
cbfs_file_data(prog_rdev(&verstage), &file);
if (cbfs_prog_stage_load(&verstage))
die("failed to load verstage");
/* verify and select a slot */
prog_run(&verstage);
/* This is not actually possible to hit this condition at
* runtime, but this provides a hint to the compiler for dead
* code elimination below. */
if (!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
return;
vboot_executed = 1;
}
}
static int vboot_locate(struct region_device *rdev)
{
struct vb2_context *ctx;
/* Don't honor vboot results until the vboot logic has run. */
if (!vboot_logic_executed())
return -1;
ctx = vboot_get_context();
if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
return -1;
return vboot_locate_firmware(ctx, rdev);
}
const struct cbfs_locator vboot_locator = {
.name = "VBOOT",
.locate = vboot_locate,
};
Reference in a new issue View git blame Copy permalink