erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CBFS verification: support Top Swap redundancy

Browse source 
Separating the bootblock into two copies (in BOOTBLOCK and TOPSWAP fmap
regions) breaks the CBFS verification as TSPI CRTM knows nothing about
the new regions and looks for bootblock in a hard-coded COREBOOT fmap
region.

Introduce and use cbfs_unverified_area_type_alloc() which is an
extension of cbfs_unverified_area_alloc(), very similar to how
cbfs_ro_type_map() is an extension of cbfs_ro_map().  This allows to
specify a region of the bootblock file and skip verification because
bootblock serves as a container of hashes and is not verified itself.

The branching is done on the state of RTC BUC to always use the current
bootblock.  Somewhat confusingly, the measurement always uses BOOTBLOCK
region because with active Top Swap that's the way to access a
memory-mapped TOPSWAP region.

Makefile.mk now verifies both COREBOOT and COREBOOT_TS regions.
cbfstool needed a few updates as well:
 - recognize both "BOOTBLOCK" and "TOPSWAP" regions
 - recognize both "COREBOOT" and "COREBOOT_TS" regions
 - reset metadata cache before processing each region as cache may now
   be invalid

SMM doesn't link with vboot functions, so cbfs_file_hash_mismatch() has
to skip verification in SMM due to the use of CMOS options backend.

This is a part of the bootblock redundancy feature proposed
on the mailing list:
https://mail.coreboot.org/archives/list/coreboot@coreboot.org/thread/C6JN2PB7K7D67EG7OIKB6BBERZU5YV35/

Tested by successfully booting into Protectli VP6670 with Top Swap and
CBFS Verification features enabled and Top Swap state being toggled.

Change-Id: Ia75e714ae84d8c0ae09b27495e3056313b109999
Signed-off-by: Filip Gołaś <filip.golas@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/89691
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Filip Gołaś 2025-12-10 16:44:24 +02:00 committed by Matt DeVillier
commit 7c7feca258
7 changed files with 96 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/include/cbfs.h
View file

@ -201,7 +201,8 @@ void *_cbfs_alloc(const char *name, cbfs_allocator_t allocator, void *arg,
size_t *size_out, bool force_ro, enum cbfs_type *type);
void *_cbfs_unverified_area_alloc(const char *area, const char *name,
cbfs_allocator_t allocator, void *arg, size_t *size_out);
cbfs_allocator_t allocator, void *arg, size_t *size_out,
enum cbfs_type *type);
struct _cbfs_default_allocator_arg {
void *buf;
@ -242,7 +243,14 @@ static inline void *cbfs_unverified_area_alloc(const char *area, const char *nam
cbfs_allocator_t allocator, void *arg,
size_t *size_out)
{
return _cbfs_unverified_area_alloc(area, name, allocator, arg, size_out);
return _cbfs_unverified_area_alloc(area, name, allocator, arg, size_out, NULL);
}
static inline void *cbfs_unverified_area_type_alloc(const char *area, const char *name,
cbfs_allocator_t allocator, void *arg,
size_t *size_out, enum cbfs_type *type)
{
return _cbfs_unverified_area_alloc(area, name, allocator, arg, size_out, type);
}
static inline void *cbfs_map(const char *name, size_t *size_out)
@ -268,7 +276,7 @@ static inline void *cbfs_ro_type_map(const char *name, size_t *size_out, enum cb
static inline void *cbfs_unverified_area_map(const char *area, const char *name,
size_t *size_out)
{
return _cbfs_unverified_area_alloc(area, name, NULL, NULL, size_out);
return _cbfs_unverified_area_alloc(area, name, NULL, NULL, size_out, NULL);
}
static inline size_t _cbfs_load(const char *name, void *buf, size_t size, bool force_ro,
@ -307,7 +315,7 @@ static inline size_t cbfs_unverified_area_load(const char *area, const char *nam
void *buf, size_t size)
{
struct _cbfs_default_allocator_arg arg = { .buf = buf, .buf_size = size };
if (_cbfs_unverified_area_alloc(area, name, _cbfs_default_allocator, &arg, &size))
if (_cbfs_unverified_area_alloc(area, name, _cbfs_default_allocator, &arg, &size, NULL))
return size;
else
return 0;
@ -341,7 +349,7 @@ static inline void *cbfs_unverified_area_cbmem_alloc(const char *area, const cha
uint32_t cbmem_id, size_t *size_out)
{
return _cbfs_unverified_area_alloc(area, name, _cbfs_cbmem_allocator,
(void *)(uintptr_t)cbmem_id, size_out);
(void *)(uintptr_t)cbmem_id, size_out, NULL);
}
static inline size_t cbfs_get_size(const char *name)