Separating the bootblock into two copies (in BOOTBLOCK and TOPSWAP fmap
regions) breaks the CBFS verification as TSPI CRTM knows nothing about
the new regions and looks for bootblock in a hard-coded COREBOOT fmap
region.
Introduce and use cbfs_unverified_area_type_alloc() which is an
extension of cbfs_unverified_area_alloc(), very similar to how
cbfs_ro_type_map() is an extension of cbfs_ro_map(). This allows to
specify a region of the bootblock file and skip verification because
bootblock serves as a container of hashes and is not verified itself.
The branching is done on the state of RTC BUC to always use the current
bootblock. Somewhat confusingly, the measurement always uses BOOTBLOCK
region because with active Top Swap that's the way to access a
memory-mapped TOPSWAP region.
Makefile.mk now verifies both COREBOOT and COREBOOT_TS regions.
cbfstool needed a few updates as well:
- recognize both "BOOTBLOCK" and "TOPSWAP" regions
- recognize both "COREBOOT" and "COREBOOT_TS" regions
- reset metadata cache before processing each region as cache may now
be invalid
SMM doesn't link with vboot functions, so cbfs_file_hash_mismatch() has
to skip verification in SMM due to the use of CMOS options backend.
This is a part of the bootblock redundancy feature proposed
on the mailing list:
https://mail.coreboot.org/archives/list/coreboot@coreboot.org/thread/C6JN2PB7K7D67EG7OIKB6BBERZU5YV35/
Tested by successfully booting into Protectli VP6670 with Top Swap and
CBFS Verification features enabled and Top Swap state being toggled.
Change-Id: Ia75e714ae84d8c0ae09b27495e3056313b109999
Signed-off-by: Filip Gołaś <filip.golas@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/89691
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
7c7feca258