<p>Furquan Shaikh has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/25459">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">vboot: Add support for reading GBB flags<br><br>This change adds basic support for reading flags from GBB header<br>located in "GBB" section on SPI flash.<br><br>Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e<br>Signed-off-by: Furquan Shaikh <furquan@google.com><br>---<br>M src/security/vboot/Makefile.inc<br>A src/security/vboot/gbb.c<br>A src/security/vboot/gbb.h<br>3 files changed, 117 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/25459/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc</span><br><span>index 53462d9..6f18a35 100644</span><br><span>--- a/src/security/vboot/Makefile.inc</span><br><span>+++ b/src/security/vboot/Makefile.inc</span><br><span>@@ -23,6 +23,8 @@</span><br><span> </span><br><span> verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ramstage-y += gbb.c</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> bootblock-y += vbnv.c</span><br><span> verstage-y += vbnv.c</span><br><span> romstage-y += vbnv.c</span><br><span>diff --git a/src/security/vboot/gbb.c b/src/security/vboot/gbb.c</span><br><span>new file mode 100644</span><br><span>index 0000000..f217c79</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/vboot/gbb.c</span><br><span>@@ -0,0 +1,77 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2018 Google Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <commonlib/region.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <console/console.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <fmap.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <security/vboot/gbb.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <string.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#define GBB_FMAP_REGION_NAME "GBB"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static GoogleBinaryBlockHeader *gbb_header;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * Read "GBB" region from SPI flash to obtain GBB header and validate</span><br><span style="color: hsl(120, 100%, 40%);">+ * signature.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Return value:</span><br><span style="color: hsl(120, 100%, 40%);">+ * Success = 0</span><br><span style="color: hsl(120, 100%, 40%);">+ * Error = 1</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+static int gbb_init(void)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ static bool init_done = false;</span><br><span style="color: hsl(120, 100%, 40%);">+ static struct region_device gbb_rdev;</span><br><span style="color: hsl(120, 100%, 40%);">+ size_t gbb_region_sz;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (init_done != false)</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (fmap_locate_area_as_rdev(GBB_FMAP_REGION_NAME, &gbb_rdev))</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ gbb_header = rdev_mmap_full(&gbb_rdev);</span><br><span style="color: hsl(120, 100%, 40%);">+ gbb_region_sz = region_device_sz(&gbb_rdev);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (gbb_region_sz < sizeof(GoogleBinaryBlockHeader)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "%s: GBB header too small!\n", __func__);</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (memcmp(gbb_header->signature, GBB_SIGNATURE, GBB_SIGNATURE_SIZE)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "%s: Signature check failed!\n", __func__);</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ init_done = true;</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t gbb_get_flags(void)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ if (gbb_init()) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR,</span><br><span style="color: hsl(120, 100%, 40%);">+ "%s: Failure to initialize GBB. Returning flags as 0!\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ __func__);</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ return gbb_header->flags;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+bool gbb_is_flag_set(uint32_t flag)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ return !!(gbb_header->flags & flag);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span>diff --git a/src/security/vboot/gbb.h b/src/security/vboot/gbb.h</span><br><span>new file mode 100644</span><br><span>index 0000000..b7f0634</span><br><span>--- /dev/null</span><br><span>+++ b/src/security/vboot/gbb.h</span><br><span>@@ -0,0 +1,38 @@</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * This file is part of the coreboot project.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * Copyright 2018 Google Inc.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is free software; you can redistribute it and/or modify</span><br><span style="color: hsl(120, 100%, 40%);">+ * it under the terms of the GNU General Public License as published by</span><br><span style="color: hsl(120, 100%, 40%);">+ * the Free Software Foundation; version 2 of the License.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * This program is distributed in the hope that it will be useful,</span><br><span style="color: hsl(120, 100%, 40%);">+ * but WITHOUT ANY WARRANTY; without even the implied warranty of</span><br><span style="color: hsl(120, 100%, 40%);">+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span><br><span style="color: hsl(120, 100%, 40%);">+ * GNU General Public License for more details.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#ifndef __SECURITY_VBOOT_GBB_H__</span><br><span style="color: hsl(120, 100%, 40%);">+#define __SECURITY_VBOOT_GBB_H__</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#include <stdint.h></span><br><span style="color: hsl(120, 100%, 40%);">+#include <gbb_header.h></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * Read flags field from GBB header.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Return value:</span><br><span style="color: hsl(120, 100%, 40%);">+ * Success: 32-bit unsigned integer representing flags field from GBB header.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Error : 0</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t gbb_get_flags(void);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+ * Check if given flag is set in the flags field in GBB header.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Return value:</span><br><span style="color: hsl(120, 100%, 40%);">+ * true: Flag is set.</span><br><span style="color: hsl(120, 100%, 40%);">+ * false: Flag is not set or failure to read GBB flags.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+bool gbb_is_flag_set(uint32_t flag);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* __SECURITY_VBOOT_GBB_H__ */</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/25459">change 25459</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/25459"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e </div>
<div style="display:none"> Gerrit-Change-Number: 25459 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Furquan Shaikh <furquan@google.com> </div>