diff options
| author | Jakub Czapiga <jacz@semihalf.com> | 2022-08-04 17:13:06 +0200 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-10-12 17:41:55 +0000 |
| commit | 0ca7a9e4dad2e9780690524ced9273fa07052179 (patch) | |
| tree | 9078489dc0f6e8e79aaf3ff80f2358b5dbc7e814 /host/lib/include/cbfstool.h | |
| parent | aaeb307f882d0c2e1284636e8423af1d216f6362 (diff) | |
| download | vboot-0ca7a9e4dad2e9780690524ced9273fa07052179.tar.gz | |
firmware: host: futility: Add CBFS metadata hash supportstabilize-15183.14.B
This patch adds support for signing and verification of coreboot images
supporting VBOOT_CBFS_INTEGRATION. Images with config option
CONFIG_VBOOT_CBFS_INTEGRATION=y will be signed with CBFS metadata hash
in signature. vb2api_get_metadata_hash() should be used to extract hash
value from VBLOCK and then should be used to verify CBFS metadata.
To support full verification, CBFS file data verification should also be
enabled and correctly handled.
BUG=b:197114807
TEST=build with CB:66909 and boot on volteer/voxel with
CONFIG_VBOOT_CBFS_INTEGRATION=y
BRANCH=none
Signed-off-by: Jakub Czapiga <czapiga@google.com>
Change-Id: I4075c84820949be24c423ed14e291c89a0032863
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3811754
Commit-Queue: Julius Werner <jwerner@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Diffstat (limited to 'host/lib/include/cbfstool.h')
| -rw-r--r-- | host/lib/include/cbfstool.h | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/host/lib/include/cbfstool.h b/host/lib/include/cbfstool.h index acc6e927..863039ec 100644 --- a/host/lib/include/cbfstool.h +++ b/host/lib/include/cbfstool.h @@ -4,9 +4,34 @@ */ #include "2return_codes.h" +#include "2sha.h" #define ENV_CBFSTOOL "CBFSTOOL" #define DEFAULT_CBFSTOOL "cbfstool" vb2_error_t cbfstool_truncate(const char *file, const char *region, size_t *new_size); + +/* + * Check whether image under `file` path supports CBFS_VERIFICATION, + * and contains metadata hash. Hash found is available under *hash. If it was + * not found, then hash type will be set to VB2_HASH_INVALID. + * + * If `region` is NULL, then region option will not be passed to cbfstool. + * Operations will be performed on default `COREBOOT` region. + */ +vb2_error_t cbfstool_get_metadata_hash(const char *file, const char *region, + struct vb2_hash *hash); + +/* + * Get value of `config` file field. + * + * This function extracts "config" file from selected region, parses it to find + * value of `config_field`, and returns it to `value` as allocated string + * (which has to be freed) or NULL if value was not found. + * + * If `region` is NULL, then region option will not be passed to cbfstool. + * Operations will be performed on default `COREBOOT` region. + */ +vb2_error_t cbfstool_get_config_value(const char *file, const char *region, + const char *config_field, char **value); |