diff options
| author | Julius Werner <jwerner@chromium.org> | 2022-07-29 16:09:49 -0700 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-08-04 01:57:56 +0000 |
| commit | 91ae3a544c237655379173a8e818c1057576166b (patch) | |
| tree | 023cb42d208d449bb3e18e48ecc0136f7e210b49 | |
| parent | b671c3553d0e2a596db2dddbf8042441c11cc6ab (diff) | |
| download | vboot-91ae3a544c237655379173a8e818c1057576166b.tar.gz | |
futility: gscvd: Allow verification ranges in SI_ALL section
Recent discussions have brought us to the conclusion that we probably
want to include the SI_DESC section on Intel mainboards in the GSCVD
verified areas, since it contains soft straps that may affect
pre-coreboot behavior. The problem is that while this section itself
generally doesn't change, it is part of the larger Intel-specific SI_ALL
section that also contains the ME code and data -- which _can_ be
overwritten, so we usually place it in the RW part of the flash. The
section is instead protected from unauthorized software access by
platform-specific mechanisms.
This patch modifies `futility gscvd` so that it will also accept
verification ranges in an SI_ALL region (if it exists), not just in
WP_RO.
BRANCH=none
BUG=none
TEST=Modified coreboot to add SI_DESC range, verified ranges on Joxer.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Iacff931f7cb34a41d3d878eee395b97ba2452c2d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3794950
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
| -rw-r--r-- | futility/cmd_gscvd.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/futility/cmd_gscvd.c b/futility/cmd_gscvd.c index 57e79ef6..458c7549 100644 --- a/futility/cmd_gscvd.c +++ b/futility/cmd_gscvd.c @@ -188,9 +188,6 @@ static bool range_fits(const struct gscvd_ro_range *range, in_range(range->offset + range->size, ah)) return true; - ERROR("Range %#x..+%#x does not fit in %s\n", range->offset, - range->size, ah->area_name); - return false; } @@ -234,6 +231,7 @@ static int verify_ranges(const struct gscvd_ro_ranges *ranges, { size_t i; FmapAreaHeader *wp_ro; + FmapAreaHeader *si_all; int errorcount; if (!fmap_find_by_name(file->data, file->len, NULL, "WP_RO", &wp_ro)) { @@ -241,13 +239,24 @@ static int verify_ranges(const struct gscvd_ro_ranges *ranges, return 1; } + /* Intel boards can have an SI_ALL region that's not in WP_RO but is + protected by platform-specific mechanisms, and may still contain + components that we want to protect from physical attack. */ + if (!fmap_find_by_name(file->data, file->len, NULL, "SI_ALL", &si_all)) + si_all = NULL; + errorcount = 0; for (i = 0; i < ranges->range_count; i++) { size_t j; - /* Must fit into WP_RO. */ - if (!range_fits(ranges->ranges + i, wp_ro)) + /* Must fit into WP_RO or SI_ALL. */ + if (!range_fits(ranges->ranges + i, wp_ro) && + (!si_all || !range_fits(ranges->ranges + i, si_all))) { + ERROR("Range %#x..+%#x does not fit in WP_RO/SI_ALL\n", + ranges->ranges[i].offset, + ranges->ranges[i].size); errorcount++; + } /* Must not overlap with RO_GSCVD. */ if (range_overlaps(ranges->ranges + i, |