diff options
| author | Jakub Czapiga <jacz@semihalf.com> | 2022-08-04 17:13:06 +0200 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-10-12 17:41:55 +0000 |
| commit | 0ca7a9e4dad2e9780690524ced9273fa07052179 (patch) | |
| tree | 9078489dc0f6e8e79aaf3ff80f2358b5dbc7e814 /futility/file_type_bios.h | |
| parent | aaeb307f882d0c2e1284636e8423af1d216f6362 (diff) | |
| download | vboot-0ca7a9e4dad2e9780690524ced9273fa07052179.tar.gz | |
firmware: host: futility: Add CBFS metadata hash supportstabilize-15183.14.B
This patch adds support for signing and verification of coreboot images
supporting VBOOT_CBFS_INTEGRATION. Images with config option
CONFIG_VBOOT_CBFS_INTEGRATION=y will be signed with CBFS metadata hash
in signature. vb2api_get_metadata_hash() should be used to extract hash
value from VBLOCK and then should be used to verify CBFS metadata.
To support full verification, CBFS file data verification should also be
enabled and correctly handled.
BUG=b:197114807
TEST=build with CB:66909 and boot on volteer/voxel with
CONFIG_VBOOT_CBFS_INTEGRATION=y
BRANCH=none
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Change-Id: I4075c84820949be24c423ed14e291c89a0032863
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3811754
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Diffstat (limited to 'futility/file_type_bios.h')
| -rw-r--r-- | futility/file_type_bios.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/futility/file_type_bios.h b/futility/file_type_bios.h index 469e3fd0..1f957b1c 100644 --- a/futility/file_type_bios.h +++ b/futility/file_type_bios.h @@ -8,6 +8,8 @@ #include <stdint.h> +#include "futility.h" + /* * The Chrome OS BIOS must contain specific FMAP areas, which we want to look * at in a certain order. @@ -22,6 +24,16 @@ enum bios_component { NUM_BIOS_COMPONENTS }; +static const char * const fmap_name[] = { + "GBB", /* BIOS_FMAP_GBB */ + "FW_MAIN_A", /* BIOS_FMAP_FW_MAIN_A */ + "FW_MAIN_B", /* BIOS_FMAP_FW_MAIN_B */ + "VBLOCK_A", /* BIOS_FMAP_VBLOCK_A */ + "VBLOCK_B", /* BIOS_FMAP_VBLOCK_B */ +}; +_Static_assert(ARRAY_SIZE(fmap_name) == NUM_BIOS_COMPONENTS, + "Size of fmap_name[] should match NUM_BIOS_COMPONENTS"); + /* Location information for each component */ struct bios_area_s { uint32_t offset; /* to avoid pointer math */ @@ -32,6 +44,10 @@ struct bios_area_s { /* VBLOCK only */ uint32_t flags; uint32_t version; + + /* FW_MAIN only */ + size_t fw_size; /* effective size from cbfstool (if available) */ + struct vb2_hash metadata_hash; }; /* State to track as we visit all components */ |