1 /* SPDX-License-Identifier: GPL-2.0-only */
2
3 #include <assert.h>
4 #include <cbmem.h>
5 #include <console/console.h>
6 #include <fmap.h>
7 #include <vb2_api.h>
8 #include <security/vboot/misc.h>
9 #include <security/vboot/symbols.h>
10 #include <security/vboot/vboot_common.h>
11
12 static struct vb2_context *vboot_ctx;
13
vboot_get_workbuf(void)14 static void *vboot_get_workbuf(void)
15 {
16 void *wb = NULL;
17
18 if (ENV_HAS_CBMEM)
19 wb = cbmem_find(CBMEM_ID_VBOOT_WORKBUF);
20
21 if (!wb && !CONFIG(VBOOT_STARTS_IN_ROMSTAGE) && preram_symbols_available())
22 wb = _vboot2_work;
23
24 assert(wb);
25
26 return wb;
27 }
28
vboot_get_context(void)29 struct vb2_context *vboot_get_context(void)
30 {
31 void *wb;
32 vb2_error_t rv;
33
34 /* Return if context has already been initialized/restored. */
35 if (vboot_ctx)
36 return vboot_ctx;
37
38 wb = vboot_get_workbuf();
39
40 /* Restore context from a previous stage. */
41 if (vboot_logic_executed()) {
42 rv = vb2api_reinit(wb, &vboot_ctx);
43 if (rv != VB2_SUCCESS)
44 die("%s: vb2api_reinit returned %#x\n", __func__, rv);
45 return vboot_ctx;
46 }
47
48 assert(verification_should_run());
49
50 /* Initialize vb2_shared_data and friends. */
51 rv = vb2api_init(wb, VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE, &vboot_ctx);
52 assert(rv == VB2_SUCCESS);
53
54 return vboot_ctx;
55 }
56
vboot_locate_firmware(struct vb2_context * ctx,struct region_device * fw)57 int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw)
58 {
59 const char *name;
60
61 if (vboot_is_firmware_slot_a(ctx))
62 name = "FW_MAIN_A";
63 else
64 name = "FW_MAIN_B";
65
66 int ret = fmap_locate_area_as_rdev(name, fw);
67 if (ret)
68 return ret;
69
70 /*
71 * Truncate area to the size that was actually signed by vboot.
72 * It is only required for old verification mechanism calculating full body hash.
73 * New verification mechanism uses signature with zero data size, so truncation
74 * is not possible.
75 */
76 if (!CONFIG(VBOOT_CBFS_INTEGRATION))
77 return rdev_chain(fw, fw, 0, vb2api_get_firmware_size(ctx));
78
79 return 0;
80 }
81
vboot_setup_cbmem(int unused)82 static void vboot_setup_cbmem(int unused)
83 {
84 vb2_error_t rv;
85 const size_t cbmem_size = VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE;
86 void *wb_cbmem = cbmem_add(CBMEM_ID_VBOOT_WORKBUF, cbmem_size);
87 assert(wb_cbmem);
88 /*
89 * On platforms where VBOOT_STARTS_BEFORE_BOOTBLOCK, the verification
90 * occurs before the main processor starts running. The vboot data-
91 * structure is available in the _vboot2_work memory area as soon
92 * as the main processor is released.
93 *
94 * For platforms where VBOOT_STARTS_IN_BOOTBLOCK, vboot verification
95 * occurs before CBMEM is brought online, using pre-RAM. In order to
96 * make vboot data structures available downstream, copy vboot workbuf
97 * from SRAM/CAR into CBMEM.
98 *
99 * For platforms where VBOOT_STARTS_IN_ROMSTAGE, verification occurs
100 * after CBMEM is brought online. Directly initialize vboot data
101 * structures in CBMEM, which will also be available downstream.
102 */
103 if (!CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
104 rv = vb2api_relocate(wb_cbmem, _vboot2_work, cbmem_size,
105 &vboot_ctx);
106 else
107 rv = vb2api_init(wb_cbmem, cbmem_size, &vboot_ctx);
108
109 assert(rv == VB2_SUCCESS);
110 }
111 CBMEM_CREATION_HOOK(vboot_setup_cbmem);
112