coreboot-kgpe-d16/util/cbfstool
Julius Werner 81dc20e744 cbfs: Move stage header into a CBFS attribute
The CBFS stage header is part of the file data (not the header) from
CBFS's point of view, which is problematic for verification: in pre-RAM
environments, there's usually not enough scratch space in CBFS_CACHE to
load the full stage into memory, so it must be directly loaded into its
final destination. However, that destination is decided from reading the
stage header. There's no way we can verify the stage header without
loading the whole file and we can't load the file without trusting the
information in the stage header.

To solve this problem, this patch changes the CBFS stage format to move
the stage header out of the file contents and into a separate CBFS
attribute. Attributes are part of the metadata, so they have already
been verified before the file is loaded.

Since CBFS stages are generally only meant to be used by coreboot itself
and the coreboot build system builds cbfstool and all stages together in
one go, maintaining backwards-compatibility should not be necessary. An
older version of coreboot will build the old version of cbfstool and a
newer version of coreboot will build the new version of cbfstool before
using it to add stages to the final image, thus cbfstool and coreboot's
stage loader should stay in sync. This only causes problems when someone
stashes away a copy of cbfstool somewhere and later uses it to try to
extract stages from a coreboot image built from a different revision...
a debugging use-case that is hopefully rare enough that affected users
can manually deal with finding a matching version of cbfstool.

The SELF (payload) format, on the other hand, is designed to be used for
binaries outside of coreboot that may use independent build systems and
are more likely to be added with a potentially stale copy of cbfstool,
so it would be more problematic to make a similar change for SELFs. It
is not necessary for verification either, since they're usually only
used in post-RAM environments and selfload() already maps SELFs to
CBFS_CACHE before loading them to their final destination anyway (so
they can be hashed at that time).

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I8471ad7494b07599e24e82b81e507fcafbad808a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46484
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-17 08:10:00 +00:00
..
console treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
flashmap util: Use SPDX headers 2020-05-11 19:38:40 +00:00
lz4 lz4: Fix out-of-bounds reads 2020-03-02 15:03:03 +00:00
lzma util/cbfstool/lzma: Make clang-11+'s indentation checker happy 2020-02-01 19:51:31 +00:00
.gitignore util/cbfstool/.gitignore: Add ifittool 2020-12-07 14:02:38 +00:00
amdcompress.c util/cbfstool/amdcompress: fix argument requirement 2020-11-15 16:49:30 +00:00
cbfs-mkpayload.c cbfstool: Use cbfs_serialized.h and standard vboot helpers 2020-12-03 00:00:33 +00:00
cbfs-mkstage.c cbfs: Move stage header into a CBFS attribute 2021-03-17 08:10:00 +00:00
cbfs-payload-linux.c cbfstool: Use cbfs_serialized.h and standard vboot helpers 2020-12-03 00:00:33 +00:00
cbfs.h cbfstool: Add support for platform "fixups" when modifying bootblock 2021-03-13 04:17:35 +00:00
cbfs_glue.h cbfstool: Support CONFIG_CBFS_VERIFICATION and metadata hash anchor 2021-03-13 04:16:20 +00:00
cbfs_image.c cbfs: Move stage header into a CBFS attribute 2021-03-17 08:10:00 +00:00
cbfs_image.h cbfstool: Hide hash printing behind -v and add to parseable output 2020-12-03 00:08:03 +00:00
cbfs_sections.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
cbfs_sections.h cbfstool: Support CONFIG_CBFS_VERIFICATION and metadata hash anchor 2021-03-13 04:16:20 +00:00
cbfscomptool.c cbfstool: Use cbfs_serialized.h and standard vboot helpers 2020-12-03 00:00:33 +00:00
cbfstool.c cbfs: Move stage header into a CBFS attribute 2021-03-17 08:10:00 +00:00
coff.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
common.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
common.h cbfs: Move stage header into a CBFS attribute 2021-03-17 08:10:00 +00:00
compress.c cbfstool: Use cbfs_serialized.h and standard vboot helpers 2020-12-03 00:00:33 +00:00
default-x86.fmd drivers/vpd: Add VPD region to default FMAP when selected 2021-01-04 23:12:35 +00:00
default.fmd drivers/mrc_cache: Always generate an FMAP region 2018-01-20 16:11:44 +00:00
description.md util: Add description.md to each util 2018-07-26 13:26:50 +00:00
elf.h cbfstool: Add support for platform "fixups" when modifying bootblock 2021-03-13 04:17:35 +00:00
elfheaders.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
elfparsing.h util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
EXAMPLE
fdt.h treewide: replace GPLv2 long form headers with SPDX header 2020-05-06 22:20:57 +00:00
fit.c util/cbfstool/fit.c: Add support for adding Boot Guard manifests 2020-12-11 07:33:51 +00:00
fit.h util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
flashmap_tests.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
fmap_from_fmd.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
fmap_from_fmd.h util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
fmaptool.c util/cbfstool/fmaptool: Generate list of terminal sections 2020-12-08 18:59:05 +00:00
fmd.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
fmd.h util/cbfstool/fmd: make flashmap_flags bitfield struct elements unsigned 2020-09-23 13:39:14 +00:00
fmd_parser.c_shipped cbfstool: Support new FMD flag "PRESERVE" 2019-03-05 20:51:39 +00:00
fmd_parser.h_shipped cbfstool: Support new FMD flag "PRESERVE" 2019-03-05 20:51:39 +00:00
fmd_parser.y util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
fmd_scanner.c_shipped treewide: Remove trailing whitespace 2021-02-17 17:30:05 +00:00
fmd_scanner.h_shipped treewide: Remove trailing whitespace 2021-02-17 17:30:05 +00:00
fmd_scanner.l util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
fv.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
ifittool.c util/cbfstool/ifittool: Remove dead code 2021-03-16 15:32:41 +00:00
ifwitool.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
linux.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
linux_trampoline.c util/cbfstool: Add SPDX header to generated linux_trampoline code, too 2020-05-11 19:39:12 +00:00
linux_trampoline.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
linux_trampoline.S util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
Makefile util/cbfstool: Update Makefiles 2021-02-25 10:03:05 +00:00
Makefile.inc cbfstool: Add support for platform "fixups" when modifying bootblock 2021-03-13 04:17:35 +00:00
option.h util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
partitioned_file.c util/cbfstool: unbreak compilation on FreeBSD 2021-01-13 12:07:17 +00:00
partitioned_file.h util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
platform_fixups.c cbfstool: Add support for platform "fixups" when modifying bootblock 2021-03-13 04:17:35 +00:00
ProcessorBind.h util: Use SPDX headers 2020-05-11 19:38:40 +00:00
rmodtool.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00
rmodule.c cbfs: Move stage header into a CBFS attribute 2021-03-17 08:10:00 +00:00
rmodule.h rmodtool: Make memlayout symbols absolute and do not relocate them 2021-02-18 02:32:06 +00:00
swab.h cbfstool: Add header file for ntohl & htonl on Apple 2016-01-20 16:10:20 +01:00
xdr.c util/: Replace GPLv2 boiler plate with SPDX header 2020-05-09 21:22:08 +00:00