erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coreboot/util/cbfstool/cbfs_sections.h
Filip Gołaś 7c7feca258 CBFS verification: support Top Swap redundancy 
Separating the bootblock into two copies (in BOOTBLOCK and TOPSWAP fmap
regions) breaks the CBFS verification as TSPI CRTM knows nothing about
the new regions and looks for bootblock in a hard-coded COREBOOT fmap
region.

Introduce and use cbfs_unverified_area_type_alloc() which is an
extension of cbfs_unverified_area_alloc(), very similar to how
cbfs_ro_type_map() is an extension of cbfs_ro_map().  This allows to
specify a region of the bootblock file and skip verification because
bootblock serves as a container of hashes and is not verified itself.

The branching is done on the state of RTC BUC to always use the current
bootblock.  Somewhat confusingly, the measurement always uses BOOTBLOCK
region because with active Top Swap that's the way to access a
memory-mapped TOPSWAP region.

Makefile.mk now verifies both COREBOOT and COREBOOT_TS regions.
cbfstool needed a few updates as well:
 - recognize both "BOOTBLOCK" and "TOPSWAP" regions
 - recognize both "COREBOOT" and "COREBOOT_TS" regions
 - reset metadata cache before processing each region as cache may now
   be invalid

SMM doesn't link with vboot functions, so cbfs_file_hash_mismatch() has
to skip verification in SMM due to the use of CMOS options backend.

This is a part of the bootblock redundancy feature proposed
on the mailing list:
https://mail.coreboot.org/archives/list/coreboot@coreboot.org/thread/C6JN2PB7K7D67EG7OIKB6BBERZU5YV35/

Tested by successfully booting into Protectli VP6670 with Top Swap and
CBFS Verification features enabled and Top Swap state being toggled.

Change-Id: Ia75e714ae84d8c0ae09b27495e3056313b109999
Signed-off-by: Filip Gołaś <filip.golas@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/89691
Reviewed-by: Michał Kopeć <michal.kopec@3mdeb.com>
Reviewed-by: Filip Lewiński <filip.lewinski@3mdeb.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2025-12-20 17:39:43 +00:00

46 lines
1.4 KiB
C
Raw Blame History

/* fmap_sections.h, track which sections of the image will contain CBFSes */
/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef CBFS_SECTIONS_H_
#define CBFS_SECTIONS_H_
#include "fmd.h"
#include <stdbool.h>
#define SECTION_NAME_FMAP "FMAP"
#define SECTION_NAME_PRIMARY_CBFS "COREBOOT"
#define SECTION_NAME_TOPSWAP_CBFS "COREBOOT_TS"
#define SECTION_NAME_BOOTBLOCK "BOOTBLOCK"
#define SECTION_NAME_TOPSWAP "TOPSWAP"
#define SECTION_ANNOTATION_CBFS "CBFS"
typedef const struct descriptor_node *cbfs_section_iterator_t;
/** @return Iterator pointing to first CBFS section, or NULL if none exist */
cbfs_section_iterator_t cbfs_sections_iterator(void);
/**
* Advance iterator to point to the next CBFS section.
* If it was already pointing to the last such section, it will be set to NULL.
*
* @param it (Non-NULL) pointer to (possibly NULL) iterator to be updated
* @return Whether it was successfully advanced (wasn't already NULL)
*/
bool cbfs_sections_iterator_advance(cbfs_section_iterator_t *it);
/**
* @param it Iterator, which must currently be non-NULL
* @return Section to which it points
*/
const struct flashmap_descriptor *cbfs_sections_iterator_deref(
cbfs_section_iterator_t it);
/** @return Whether a section named SECTION_NAME_PRIMARY_CBFS is in the list. */
bool cbfs_sections_primary_cbfs_accounted_for(void);
/** Reclaim the space used to store knowledge of which sections are CBFSes. */
void cbfs_sections_cleanup(void);
#endif
Reference in a new issue View git blame Copy permalink