7333a116b3
Used commands: perl -i -p0e 's|\/\*[\s*]*.*is free software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and\/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-2.0-only */|' $(cat filelist) perl -i -p0e 's|This[\s*]*program[\s*]*is[\s*]*free[\s*]*software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*either[\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License,[\s*]*or[\s*]*.at[\s*]*your[\s*]*option.*[\s*]*any[\s*]*later[\s*]*version.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-2.0-or-later */|' $(cat filelist) perl -i -p0e 's|\/\*[\s*]*.*This[\s*#]*program[\s*#]*is[\s*#]*free[\s*#]*software[;:,][\s*#]*you[\s*#]*can[\s*#]*redistribute[\s*#]*it[\s*#]*and/or[\s*#]*modify[\s*#]*it[\s*#]*under[\s*#]*the[\s*#]*terms[\s*#]*of[\s*#]*the[\s*#]*GNU[\s*#]*General[\s*#]*Public[\s*#]*License[\s*#]*as[\s*#]*published[\s*#]*by[\s*#]*the[\s*#]*Free[\s*#]*Software[\s*#]*Foundation[;:,][\s*#]*either[\s*#]*version[\s*#]*3[\s*#]*of[\s*#]*the[\s*#]*License[;:,][\s*#]*or[\s*#]*.at[\s*#]*your[\s*#]*option.*[\s*#]*any[\s*#]*later[\s*#]*version.[\s*#]*This[\s*#]*program[\s*#]*is[\s*#]*distributed[\s*#]*in[\s*#]*the[\s*#]*hope[\s*#]*that[\s*#]*it[\s*#]*will[\s*#]*be[\s*#]*useful[;:,][\s*#]*but[\s*#]*WITHOUT[\s*#]*ANY[\s*#]*WARRANTY[;:,][\s*#]*without[\s*#]*even[\s*#]*the[\s*#]*implied[\s*#]*warranty[\s*#]*of[\s*#]*MERCHANTABILITY[\s*#]*or[\s*#]*FITNESS[\s*#]*FOR[\s*#]*A[\s*#]*PARTICULAR[\s*#]*PURPOSE.[\s*#]*See[\s*#]*the[\s*#]*GNU[\s*#]*General[\s*#]*Public[\s*#]*License[\s*#]*for[\s*#]*more[\s*#]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-3.0-or-later */|' $(cat filelist) perl -i -p0e 's|(\#\#*)[\w]*.*is free software[:;][\#\s]*you[\#\s]*can[\#\s]*redistribute[\#\s]*it[\#\s]*and\/or[\#\s]*modify[\#\s]*it[\s\#]*under[\s \#]*the[\s\#]*terms[\s\#]*of[\s\#]*the[\s\#]*GNU[\s\#]*General[\s\#]*Public[\s\#]*License[\s\#]*as[\s\#]*published[\s\#]*by[\s\#]*the[\s\#]*Free[\s\#]*Software[\s\#]*Foundation[;,][\s\#]*version[\s\#]*2[\s\#]*of[\s\#]*the[\s\#]*License.*[\s\#]*This[\s\#]*program[\s\#]*is[\s\#]*distributed[\s\#]*in[\s\#]*the[\s\#]*hope[\s\#]*that[\s\#]*it[\s\#]*will[\#\s]*be[\#\s]*useful,[\#\s]*but[\#\s]*WITHOUT[\#\s]*ANY[\#\s]*WARRANTY;[\#\s]*without[\#\s]*even[\#\s]*the[\#\s]*implied[\#\s]*warranty[\#\s]*of[\#\s]*MERCHANTABILITY[\#\s]*or[\#\s]*FITNESS[\#\s]*FOR[\#\s]*A[\#\s]*PARTICULAR[\#\s]*PURPOSE.[\#\s]*See[\#\s]*the[\#\s]*GNU[\#\s]*General[\#\s]*Public[\#\s]*License[\#\s]*for[\#\s]*more[\#\s]*details.\s(#* *\n)*|\1 SPDX-License-Identifier: GPL-2.0-only\n\n|' $(cat filelist) perl -i -p0e 's|(\#\#*)[\w*]*.*is free software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and\/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.\s(#* *\n)*|\1 SPDX-License-Identifier: GPL-2.0-only\n\n|' $(cat filelist) Change-Id: I1008a63b804f355a916221ac994701d7584f60ff Signed-off-by: Patrick Georgi <pgeorgi@google.com> Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41177 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
726 lines
18 KiB
C
726 lines
18 KiB
C
/* Firmware Interface Table support */
|
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
|
|
#include <inttypes.h>
|
|
#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include "fit.h"
|
|
|
|
/* FIXME: This code assumes it is being executed on a little endian machine. */
|
|
|
|
#define FIT_POINTER_LOCATION 0xffffffc0
|
|
#define FIT_TABLE_LOWEST_ADDRESS ((uint32_t)(-(16 << 20)))
|
|
#define FIT_ENTRY_CHECKSUM_VALID 0x80
|
|
#define FIT_HEADER_VERSION 0x0100
|
|
#define FIT_HEADER_ADDRESS "_FIT_ "
|
|
#define FIT_MICROCODE_VERSION 0x0100
|
|
#define FIT_TXT_VERSION 0x0100
|
|
|
|
#define FIT_SIZE_ALIGNMENT 16
|
|
|
|
struct fit_entry {
|
|
/**
|
|
* Address is the base address of the firmware component
|
|
* must be aligned on 16 byte boundary
|
|
*/
|
|
uint64_t address;
|
|
/**
|
|
* Size is the span of the component in multiple of 16 bytes
|
|
* Bits [24:31] are reserved and must be set to 0
|
|
*/
|
|
uint32_t size_reserved;
|
|
/**
|
|
* Component's version number in binary coded decimal (BCD) format.
|
|
* For the FIT header entry, the value in this field will indicate the
|
|
* revision number of the FIT data structure. The upper byte of the
|
|
* revision field indicates the major revision and the lower byte
|
|
* indicates the minor revision.
|
|
*/
|
|
uint16_t version;
|
|
/**
|
|
* FIT types 0x00 to 0x7F
|
|
* Bit 7 (C_V) indicates whether component has valid checksum.
|
|
*/
|
|
uint8_t type_checksum_valid;
|
|
/**
|
|
* Component's checksum. The modulo sum of all the bytes in the
|
|
* component and the value in this field (Chksum) must add up to zero.
|
|
* This field is only valid if the C_V flag is non-zero.
|
|
*/
|
|
uint8_t checksum;
|
|
} __packed;
|
|
|
|
struct fit_table {
|
|
struct fit_entry header;
|
|
struct fit_entry entries[];
|
|
} __packed;
|
|
|
|
struct microcode_header {
|
|
uint32_t version;
|
|
uint32_t revision;
|
|
uint32_t date;
|
|
uint32_t processor_signature;
|
|
uint32_t checksum;
|
|
uint32_t loader_revision;
|
|
uint32_t processor_flags;
|
|
uint32_t data_size;
|
|
uint32_t total_size;
|
|
uint8_t reserved[12];
|
|
} __packed;
|
|
|
|
struct microcode_entry {
|
|
int offset;
|
|
int size;
|
|
};
|
|
|
|
static inline void *rom_buffer_pointer(struct buffer *buffer, int offset)
|
|
{
|
|
return &buffer->data[offset];
|
|
}
|
|
|
|
static inline size_t fit_entry_size_bytes(const struct fit_entry *entry)
|
|
{
|
|
return (entry->size_reserved & 0xffffff) << 4;
|
|
}
|
|
|
|
static inline void fit_entry_update_size(struct fit_entry *entry,
|
|
const int size_bytes)
|
|
{
|
|
/* Size is multiples of 16 bytes. */
|
|
entry->size_reserved = (size_bytes >> 4) & 0xffffff;
|
|
}
|
|
|
|
static inline void fit_entry_add_size(struct fit_entry *entry,
|
|
const int size_bytes)
|
|
{
|
|
int size = fit_entry_size_bytes(entry);
|
|
size += size_bytes;
|
|
fit_entry_update_size(entry, size);
|
|
}
|
|
|
|
static inline int fit_entry_type(struct fit_entry *entry)
|
|
{
|
|
return entry->type_checksum_valid & ~FIT_ENTRY_CHECKSUM_VALID;
|
|
}
|
|
|
|
/*
|
|
* Get an offset from a host pointer. This function assumes the ROM is located
|
|
* in the host address space at [4G - romsize -> 4G). It also assume all
|
|
* pointers have values within this address range.
|
|
*/
|
|
static inline int ptr_to_offset(fit_offset_converter_t helper,
|
|
const struct buffer *region, uint32_t host_ptr)
|
|
{
|
|
return helper(region, -host_ptr);
|
|
}
|
|
|
|
/*
|
|
* Get a pointer from an offset. This function assumes the ROM is located
|
|
* in the host address space at [4G - romsize -> 4G). It also assume all
|
|
* pointers have values within this address range.
|
|
*/
|
|
static inline uint32_t offset_to_ptr(fit_offset_converter_t helper,
|
|
const struct buffer *region, int offset)
|
|
{
|
|
return -helper(region, offset);
|
|
}
|
|
|
|
/*
|
|
* Return the number of FIT entries.
|
|
*/
|
|
static inline size_t fit_table_entries(const struct fit_table *fit)
|
|
{
|
|
if (!fit)
|
|
return 0;
|
|
|
|
return (fit_entry_size_bytes(&fit->header) / FIT_SIZE_ALIGNMENT) - 1;
|
|
}
|
|
|
|
/*
|
|
* Return the number of unused entries.
|
|
*/
|
|
static inline size_t fit_free_space(struct fit_table *fit,
|
|
const size_t max_entries)
|
|
{
|
|
if (!fit)
|
|
return 0;
|
|
|
|
return max_entries - fit_table_entries(fit);
|
|
}
|
|
|
|
/*
|
|
* Sort entries by type and fill gaps (entries with type unused).
|
|
* To be called after adding or deleting entries.
|
|
*
|
|
* This one is critical, as mentioned in Chapter 1.2.1 "FIT Ordering Rules"
|
|
* "Firmware Interface Table BIOS Specification".
|
|
*
|
|
* We need to use a stable sorting algorithm, as the order of
|
|
* FIT_TYPE_BIOS_STARTUP matter for measurements.
|
|
*/
|
|
static void sort_fit_table(struct fit_table *fit)
|
|
{
|
|
struct fit_entry tmp;
|
|
size_t i, j;
|
|
int swapped;
|
|
|
|
/* Bubble sort entries */
|
|
for (j = 0; j < fit_table_entries(fit) - 1; j++) {
|
|
swapped = 0;
|
|
for (i = 0; i < fit_table_entries(fit) - j - 1; i++) {
|
|
if (fit->entries[i].type_checksum_valid <=
|
|
fit->entries[i + 1].type_checksum_valid)
|
|
continue;
|
|
/* SWAP entries */
|
|
memcpy(&tmp, &fit->entries[i], sizeof(tmp));
|
|
memcpy(&fit->entries[i], &fit->entries[i + 1],
|
|
sizeof(fit->entries[i]));
|
|
memcpy(&fit->entries[i + 1], &tmp,
|
|
sizeof(fit->entries[i + 1]));
|
|
swapped = 1;
|
|
}
|
|
if (!swapped)
|
|
break;
|
|
}
|
|
}
|
|
|
|
static int fit_table_verified(struct fit_table *table)
|
|
{
|
|
if (!table)
|
|
return 0;
|
|
|
|
/* Check that the address field has the proper signature. */
|
|
if (strncmp((const char *)&table->header.address, FIT_HEADER_ADDRESS,
|
|
sizeof(table->header.address)))
|
|
return 0;
|
|
|
|
if (table->header.version != FIT_HEADER_VERSION)
|
|
return 0;
|
|
|
|
if (fit_entry_type(&table->header) != FIT_TYPE_HEADER)
|
|
return 0;
|
|
|
|
/* Assume that the FIT table contains at least the header */
|
|
if (fit_entry_size_bytes(&table->header) < sizeof(struct fit_entry))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Update the FIT checksum.
|
|
* To be called after modifiying the table.
|
|
*/
|
|
static void update_fit_checksum(struct fit_table *fit)
|
|
{
|
|
int size_bytes;
|
|
uint8_t *buffer;
|
|
uint8_t result;
|
|
int i;
|
|
|
|
if (!fit)
|
|
return;
|
|
|
|
fit->header.checksum = 0;
|
|
size_bytes = fit_entry_size_bytes(&fit->header);
|
|
result = 0;
|
|
buffer = (void *)fit;
|
|
for (i = 0; i < size_bytes; i++)
|
|
result += buffer[i];
|
|
fit->header.checksum = -result;
|
|
}
|
|
|
|
/*
|
|
* Return a pointer to the next free entry.
|
|
* Caller must take care if enough space is available.
|
|
*/
|
|
static struct fit_entry *get_next_free_entry(struct fit_table *fit)
|
|
{
|
|
return &fit->entries[fit_table_entries(fit)];
|
|
}
|
|
|
|
static void fit_location_from_cbfs_header(uint32_t *current_offset,
|
|
uint32_t *file_length, void *ptr)
|
|
{
|
|
struct buffer buf;
|
|
struct cbfs_file header;
|
|
memset(&buf, 0, sizeof(buf));
|
|
|
|
buf.data = ptr;
|
|
buf.size = sizeof(header);
|
|
|
|
bgets(&buf, header.magic, sizeof(header.magic));
|
|
header.len = xdr_be.get32(&buf);
|
|
header.type = xdr_be.get32(&buf);
|
|
header.attributes_offset = xdr_be.get32(&buf);
|
|
header.offset = xdr_be.get32(&buf);
|
|
|
|
*current_offset = header.offset;
|
|
*file_length = header.len;
|
|
}
|
|
|
|
static int
|
|
parse_microcode_blob(struct cbfs_image *image,
|
|
const char *blob_name,
|
|
size_t *mcus_found,
|
|
struct microcode_entry *mcus,
|
|
const size_t max_fit_entries)
|
|
{
|
|
size_t num_mcus;
|
|
uint32_t current_offset;
|
|
uint32_t file_length;
|
|
struct cbfs_file *mcode_file;
|
|
|
|
mcode_file = cbfs_get_entry(image, blob_name);
|
|
if (!mcode_file)
|
|
return 1;
|
|
|
|
fit_location_from_cbfs_header(¤t_offset, &file_length,
|
|
mcode_file);
|
|
current_offset += cbfs_get_entry_addr(image, mcode_file);
|
|
|
|
num_mcus = 0;
|
|
while (file_length > sizeof(struct microcode_header)) {
|
|
const struct microcode_header *mcu_header;
|
|
|
|
mcu_header = rom_buffer_pointer(&image->buffer, current_offset);
|
|
if (!mcu_header) {
|
|
ERROR("Couldn't parse microcode header.\n");
|
|
return 1;
|
|
}
|
|
|
|
/* Newer microcode updates include a size field, whereas older
|
|
* containers set it at 0 and are exactly 2048 bytes long */
|
|
uint32_t total_size = mcu_header->total_size ?: 2048;
|
|
|
|
/* Quickly sanity check a prospective microcode update. */
|
|
if (total_size < sizeof(*mcu_header))
|
|
break;
|
|
|
|
/* FIXME: Should the checksum be validated? */
|
|
mcus[num_mcus].offset = current_offset;
|
|
mcus[num_mcus].size = total_size;
|
|
|
|
/* Proceed to next payload. */
|
|
current_offset += mcus[num_mcus].size;
|
|
file_length -= mcus[num_mcus].size;
|
|
num_mcus++;
|
|
/* Reached limit of FIT entries. */
|
|
if (num_mcus == max_fit_entries)
|
|
break;
|
|
if (file_length < sizeof(struct microcode_header))
|
|
break;
|
|
}
|
|
|
|
/* Update how many microcode updates we found. */
|
|
*mcus_found = num_mcus;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* There can be zero or more FIT_TYPE_MICROCODE entries */
|
|
static void update_fit_ucode_entry(struct fit_table *fit,
|
|
struct fit_entry *entry,
|
|
const uint64_t mcu_addr)
|
|
{
|
|
entry->address = mcu_addr;
|
|
/*
|
|
* While loading MCU, its size is not referred from FIT and
|
|
* rather from the MCU header, hence we can assign zero here.
|
|
*/
|
|
entry->size_reserved = 0;
|
|
entry->type_checksum_valid = FIT_TYPE_MICROCODE;
|
|
entry->version = FIT_MICROCODE_VERSION;
|
|
entry->checksum = 0;
|
|
fit_entry_add_size(&fit->header, sizeof(struct fit_entry));
|
|
}
|
|
|
|
/*
|
|
* There can be zero or one FIT_TYPE_BIOS_ACM entry per table.
|
|
* In case there's a FIT_TYPE_BIOS_ACM entry, at least one
|
|
* FIT_TYPE_BIOS_STARTUP entry must exist.
|
|
*
|
|
* The caller has to provide valid arguments as those aren't verfied.
|
|
*/
|
|
static void update_fit_bios_acm_entry(struct fit_table *fit,
|
|
struct fit_entry *entry,
|
|
const uint64_t acm_addr)
|
|
{
|
|
entry->address = acm_addr;
|
|
/*
|
|
* The Address field points to a BIOS ACM. The Address field points to
|
|
* the first byte of the AC module header. When BIOS ACM is loaded in
|
|
* Authenticated Code RAM, one MTRR base/limit pair is used to map it.
|
|
*/
|
|
entry->size_reserved = 0;
|
|
entry->type_checksum_valid = FIT_TYPE_BIOS_ACM;
|
|
entry->version = FIT_TXT_VERSION;
|
|
entry->checksum = 0;
|
|
fit_entry_add_size(&fit->header, sizeof(struct fit_entry));
|
|
}
|
|
|
|
/*
|
|
* In case there's a FIT_TYPE_BIOS_ACM entry, at least one
|
|
* FIT_TYPE_BIOS_STARTUP entry must exist.
|
|
*
|
|
* The caller has to provide valid arguments as those aren't verfied.
|
|
*/
|
|
static void update_fit_bios_startup_entry(struct fit_table *fit,
|
|
struct fit_entry *entry,
|
|
const uint64_t sm_addr,
|
|
const uint32_t sm_size)
|
|
{
|
|
entry->address = sm_addr;
|
|
assert(sm_size % 16 == 0);
|
|
/*
|
|
* BIOS Startup code is defined as the code that gets control at the
|
|
* reset vector and continues the chain of trust in TCG-compliant
|
|
* fashion. In addition, this code may also configure memory and SMRAM.
|
|
*/
|
|
fit_entry_update_size(entry, sm_size);
|
|
entry->type_checksum_valid = FIT_TYPE_BIOS_STARTUP;
|
|
entry->version = FIT_TXT_VERSION;
|
|
entry->checksum = 0;
|
|
fit_entry_add_size(&fit->header, sizeof(struct fit_entry));
|
|
}
|
|
|
|
/*
|
|
* There can be zero or one FIT_TYPE_BIOS_POLICY Record in the FIT.
|
|
* If the platform uses the hash comparison method and employs a
|
|
* failsafe bootblock, one FIT_TYPE_BIOS_POLICY entry is needed to
|
|
* contain the failsafe hash.
|
|
* If the platform uses the Signature verification method, one
|
|
* FIT_TYPE_BIOS_POLICY entry is needed. In this case, the entry
|
|
* contains the OEM key, hash of the BIOS and signature over the hash
|
|
* using the OEM key.
|
|
* In all other cases, the FIT_TYPE_BIOS_POLICY record is not required.
|
|
*
|
|
* The caller has to provide valid arguments as those aren't verfied.
|
|
*/
|
|
static void update_fit_bios_policy_entry(struct fit_table *fit,
|
|
struct fit_entry *entry,
|
|
const uint64_t lcp_policy_addr,
|
|
const uint32_t lcp_policy_size)
|
|
{
|
|
entry->address = lcp_policy_addr;
|
|
fit_entry_update_size(entry, lcp_policy_size);
|
|
entry->type_checksum_valid = FIT_TYPE_BIOS_POLICY;
|
|
entry->version = FIT_TXT_VERSION;
|
|
entry->checksum = 0;
|
|
fit_entry_add_size(&fit->header, sizeof(struct fit_entry));
|
|
}
|
|
|
|
/*
|
|
* There can be zero or one FIT_TYPE_TXT_POLICY entries
|
|
*
|
|
* The caller has to provide valid arguments as those aren't verfied.
|
|
*/
|
|
static void update_fit_txt_policy_entry(struct fit_table *fit,
|
|
struct fit_entry *entry,
|
|
uint64_t txt_policy_addr)
|
|
{
|
|
entry->address = txt_policy_addr;
|
|
/*
|
|
* Points to the flag indicating if TXT is enabled on this platform.
|
|
* If not present, TXT is not disabled by FIT.
|
|
*/
|
|
entry->size_reserved = 0;
|
|
entry->type_checksum_valid = FIT_TYPE_TXT_POLICY;
|
|
entry->version = 0x1;
|
|
entry->checksum = 0;
|
|
fit_entry_add_size(&fit->header, sizeof(struct fit_entry));
|
|
}
|
|
|
|
/* Special case for ucode CBFS file, as it might contain more than one ucode */
|
|
int fit_add_microcode_file(struct fit_table *fit,
|
|
struct cbfs_image *image,
|
|
const char *blob_name,
|
|
fit_offset_converter_t offset_helper,
|
|
const size_t max_fit_entries)
|
|
{
|
|
struct microcode_entry *mcus;
|
|
|
|
size_t i;
|
|
size_t mcus_found;
|
|
|
|
mcus = malloc(sizeof(*mcus) * max_fit_entries);
|
|
if (!mcus) {
|
|
ERROR("Couldn't allocate memory for microcode entries.\n");
|
|
return 1;
|
|
}
|
|
|
|
if (parse_microcode_blob(image, blob_name, &mcus_found, mcus,
|
|
max_fit_entries)) {
|
|
ERROR("Couldn't parse microcode blob.\n");
|
|
free(mcus);
|
|
return 1;
|
|
}
|
|
|
|
if (mcus_found > fit_free_space(fit, max_fit_entries)) {
|
|
ERROR("Maximum of FIT entries reached.\n");
|
|
free(mcus);
|
|
return 1;
|
|
}
|
|
|
|
for (i = 0; i < mcus_found; i++) {
|
|
if (fit_add_entry(fit,
|
|
offset_to_ptr(offset_helper, &image->buffer,
|
|
mcus[i].offset),
|
|
0,
|
|
FIT_TYPE_MICROCODE,
|
|
max_fit_entries)) {
|
|
|
|
free(mcus);
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
free(mcus);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Return a pointer to the active FIT.
|
|
*/
|
|
struct fit_table *fit_get_table(struct buffer *bootblock,
|
|
fit_offset_converter_t offset_fn,
|
|
uint32_t topswap_size)
|
|
{
|
|
struct fit_table *fit;
|
|
uint32_t *fit_pointer;
|
|
|
|
fit_pointer = rom_buffer_pointer(bootblock,
|
|
ptr_to_offset(offset_fn, bootblock,
|
|
FIT_POINTER_LOCATION));
|
|
|
|
/* Ensure pointer is below 4GiB and within 16MiB of 4GiB */
|
|
if (fit_pointer[1] != 0 || fit_pointer[0] < FIT_TABLE_LOWEST_ADDRESS) {
|
|
ERROR("FIT not found.\n");
|
|
return NULL;
|
|
}
|
|
|
|
fit = rom_buffer_pointer(bootblock,
|
|
ptr_to_offset(offset_fn, bootblock, *fit_pointer));
|
|
if (!fit_table_verified(fit)) {
|
|
ERROR("FIT not found.\n");
|
|
return NULL;
|
|
}
|
|
|
|
if (topswap_size) {
|
|
struct fit_table *fit2 = (struct fit_table *)((uintptr_t)fit -
|
|
topswap_size);
|
|
if (!fit_table_verified(fit2)) {
|
|
ERROR("second FIT is invalid\n");
|
|
return NULL;
|
|
}
|
|
fit = fit2;
|
|
}
|
|
|
|
DEBUG("Operating on table (0x%x)\n", *fit_pointer - topswap_size);
|
|
|
|
return fit;
|
|
}
|
|
|
|
/*
|
|
* Dump the current FIT in human readable format to stdout.
|
|
*/
|
|
int fit_dump(struct fit_table *fit)
|
|
{
|
|
size_t i;
|
|
|
|
if (!fit)
|
|
return 1;
|
|
|
|
printf("\n");
|
|
printf(" FIT table:\n");
|
|
|
|
if (fit_table_entries(fit) < 1) {
|
|
printf(" empty\n\n");
|
|
return 0;
|
|
}
|
|
|
|
printf(" %-6s %-20s %-16s %-8s\n", "Index", "Type", "Addr", "Size");
|
|
|
|
for (i = 0; i < fit_table_entries(fit); i++) {
|
|
const char *name;
|
|
|
|
switch (fit->entries[i].type_checksum_valid) {
|
|
case FIT_TYPE_MICROCODE:
|
|
name = "Microcode";
|
|
break;
|
|
case FIT_TYPE_BIOS_ACM:
|
|
name = "BIOS ACM";
|
|
break;
|
|
case FIT_TYPE_BIOS_STARTUP:
|
|
name = "BIOS Startup Module";
|
|
break;
|
|
case FIT_TYPE_TPM_POLICY:
|
|
name = "TPM Policy";
|
|
break;
|
|
case FIT_TYPE_BIOS_POLICY:
|
|
name = "BIOS Policy";
|
|
break;
|
|
case FIT_TYPE_TXT_POLICY:
|
|
name = "TXT Policy";
|
|
break;
|
|
case FIT_TYPE_KEY_MANIFEST:
|
|
name = "Key Manifest";
|
|
break;
|
|
case FIT_TYPE_BOOT_POLICY:
|
|
name = "Boot Policy";
|
|
break;
|
|
case FIT_TYPE_CSE_SECURE_BOOT:
|
|
name = "CSE SecureBoot";
|
|
break;
|
|
case FIT_TYPE_TXTSX_POLICY:
|
|
name = "TXTSX policy";
|
|
break;
|
|
case FIT_TYPE_JMP_DEBUG_POLICY:
|
|
name = "JMP debug policy";
|
|
break;
|
|
case FIT_TYPE_UNUSED:
|
|
name = "unused";
|
|
break;
|
|
default:
|
|
name = "unknown";
|
|
}
|
|
|
|
printf(" %6zd %-20s 0x%08"PRIx64" 0x%08zx\n", i, name,
|
|
fit->entries[i].address,
|
|
fit_entry_size_bytes(&fit->entries[i]));
|
|
}
|
|
printf("\n");
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Remove all entries from table.
|
|
*/
|
|
int fit_clear_table(struct fit_table *fit)
|
|
{
|
|
if (!fit)
|
|
return 1;
|
|
|
|
memset(fit->entries, 0,
|
|
sizeof(struct fit_entry) * fit_table_entries(fit));
|
|
|
|
/* Reset entry counter in header */
|
|
fit_entry_update_size(&fit->header, sizeof(fit->header));
|
|
|
|
update_fit_checksum(fit);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Returns true if the FIT type is know and can be added to the table.
|
|
*/
|
|
int fit_is_supported_type(const enum fit_type type)
|
|
{
|
|
switch (type) {
|
|
case FIT_TYPE_MICROCODE:
|
|
case FIT_TYPE_BIOS_ACM:
|
|
case FIT_TYPE_BIOS_STARTUP:
|
|
case FIT_TYPE_BIOS_POLICY:
|
|
case FIT_TYPE_TXT_POLICY:
|
|
return 1;
|
|
case FIT_TYPE_TPM_POLICY:
|
|
case FIT_TYPE_KEY_MANIFEST:
|
|
case FIT_TYPE_BOOT_POLICY:
|
|
default:
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Adds an known entry to the FIT.
|
|
* len is optional for same types and might be zero.
|
|
* offset is an absolute address in 32-bit protected mode address space.
|
|
*/
|
|
int fit_add_entry(struct fit_table *fit,
|
|
const uint32_t offset,
|
|
const uint32_t len,
|
|
const enum fit_type type,
|
|
const size_t max_fit_entries)
|
|
{
|
|
struct fit_entry *entry;
|
|
|
|
if (!fit) {
|
|
ERROR("Internal error.");
|
|
return 1;
|
|
}
|
|
|
|
if (fit_free_space(fit, max_fit_entries) < 1) {
|
|
ERROR("No space left in FIT.");
|
|
return 1;
|
|
}
|
|
|
|
if (!fit_is_supported_type(type)) {
|
|
ERROR("Unsupported FIT type %u\n", type);
|
|
return 1;
|
|
}
|
|
|
|
DEBUG("Adding new entry type %u at offset %zd\n", type,
|
|
fit_table_entries(fit));
|
|
|
|
entry = get_next_free_entry(fit);
|
|
|
|
switch (type) {
|
|
case FIT_TYPE_MICROCODE:
|
|
update_fit_ucode_entry(fit, entry, offset);
|
|
break;
|
|
case FIT_TYPE_BIOS_ACM:
|
|
update_fit_bios_acm_entry(fit, entry, offset);
|
|
break;
|
|
case FIT_TYPE_BIOS_STARTUP:
|
|
update_fit_bios_startup_entry(fit, entry, offset, len);
|
|
break;
|
|
case FIT_TYPE_BIOS_POLICY:
|
|
update_fit_bios_policy_entry(fit, entry, offset, len);
|
|
break;
|
|
case FIT_TYPE_TXT_POLICY:
|
|
update_fit_txt_policy_entry(fit, entry, offset);
|
|
break;
|
|
default:
|
|
return 1;
|
|
}
|
|
|
|
sort_fit_table(fit);
|
|
|
|
update_fit_checksum(fit);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Delete one entry from table.
|
|
*/
|
|
int fit_delete_entry(struct fit_table *fit,
|
|
const size_t idx)
|
|
{
|
|
if (!fit) {
|
|
ERROR("Internal error.");
|
|
return 1;
|
|
}
|
|
|
|
if (idx >= fit_table_entries(fit)) {
|
|
ERROR("Index out of range.");
|
|
return 1;
|
|
}
|
|
|
|
memset(&fit->entries[idx], 0, sizeof(struct fit_entry));
|
|
|
|
fit->entries[idx].type_checksum_valid = FIT_TYPE_UNUSED;
|
|
|
|
sort_fit_table(fit);
|
|
|
|
/* The unused entry is now the last one */
|
|
fit_entry_add_size(&fit->header, -(int)sizeof(struct fit_entry));
|
|
|
|
update_fit_checksum(fit);
|
|
|
|
return 0;
|
|
}
|