diff options
author | Kangheui Won <khwon@chromium.org> | 2021-02-02 17:32:06 +1100 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-03-09 09:52:23 +0000 |
commit | a2b582f6e1915f061bd89214560736ed34cceef7 (patch) | |
tree | a1fa6cf7eacd203ed6c0db6705b958846d8560cd /firmware | |
parent | 810195426623690a476c15e7ac0fadb4d17418d2 (diff) | |
download | vboot-a2b582f6e1915f061bd89214560736ed34cceef7.tar.gz |
vboot: add support for HW accel in kernel verification
Add support for using HW hashing acceleration in kernel verification.
BUG=b:162551138
BRANCH=zork
TEST=CC=x86_64-pc-linux-gnu-clang make runtests
Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: Ia03ff7f49bd18393c0daeab72348414fa059e0cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2639456
Reviewed-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2common.c | 32 | ||||
-rw-r--r-- | firmware/lib/vboot_kernel.c | 6 |
2 files changed, 27 insertions, 11 deletions
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index a88bc2e0..8267f8ce 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -190,9 +190,9 @@ vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, const struct vb2_workbuf *wb) { struct vb2_workbuf wblocal = *wb; - struct vb2_digest_context *dc; uint8_t *digest; uint32_t digest_size; + vb2_error_t rv; if (sig->data_size > size) { VB2_DEBUG("Data buffer smaller than length of signed data.\n"); @@ -208,16 +208,26 @@ vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, if (!digest) return VB2_ERROR_VDATA_WORKBUF_DIGEST; - /* Hashing requires temp space for the context */ - dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc)); - if (!dc) - return VB2_ERROR_VDATA_WORKBUF_HASHING; - - VB2_TRY(vb2_digest_init(dc, key->hash_alg)); - VB2_TRY(vb2_digest_extend(dc, data, sig->data_size)); - VB2_TRY(vb2_digest_finalize(dc, digest, digest_size)); - - vb2_workbuf_free(&wblocal, sizeof(*dc)); + if (key->allow_hwcrypto) { + rv = vb2ex_hwcrypto_digest_init(key->hash_alg, sig->data_size); + if (rv == VB2_SUCCESS) { + VB2_DEBUG("Using HW crypto engine for hash_alg %d\n", key->hash_alg); + VB2_TRY(vb2ex_hwcrypto_digest_extend(data, sig->data_size)); + VB2_TRY(vb2ex_hwcrypto_digest_finalize(digest, digest_size)); + } else if (rv == VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED) { + VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n", + key->hash_alg); + VB2_TRY(vb2_digest_buffer(data, sig->data_size, key->hash_alg, + digest, digest_size)); + } else { + VB2_DEBUG("HW crypto init error : %d\n", rv); + return rv; + } + } else { + VB2_DEBUG("HW crypto forbidden by TPM flag, using SW\n"); + VB2_TRY(vb2_digest_buffer(data, sig->data_size, key->hash_alg, + digest, digest_size)); + } return vb2_verify_digest(key, sig, digest, &wblocal); } diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 495b360d..470f19e5 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -137,6 +137,9 @@ static vb2_error_t vb2_verify_kernel_vblock( return VB2_ERROR_VBLOCK_KERNEL_SUBKEY; } + if (vb2_hwcrypto_allowed(ctx)) + kernel_subkey2.allow_hwcrypto = 1; + /* Verify the keyblock. */ int keyblock_valid = 1; /* Assume valid */ struct vb2_keyblock *keyblock = get_keyblock(kbuf); @@ -412,6 +415,9 @@ static vb2_error_t vb2_load_partition( return VB2_ERROR_LOAD_PARTITION_DATA_KEY; } + if (vb2_hwcrypto_allowed(ctx)) + data_key.allow_hwcrypto = 1; + /* Verify kernel data */ if (VB2_SUCCESS != vb2_verify_data(kernbuf, kernbuf_size, &preamble->body_signature, |