Furquan Shaikh has submitted this change. ( https://review.coreboot.org/c/coreboot/+/47431 )
Change subject: soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B ......................................................................
soc/intel/common: Generate the CSE RW metadata and add to FW_MAIN_A/B
In the existing implementation CSE RW metadata file is generated by scripts and to avoid incompitable issues between coreboot and the scripts this patch adds the follwing changes, * Move the metadata generation to the coreboot Makefile. * Add CBFS component type struct to create a metadata file during the compile time. * Extract the CSE RW version from SOC_INTEL_CSE_RW_VERSION config and update the major, minor, hotfix and build versions using the compile time flags. * Compute the hash of CSE RW binary in hex format using the openssl and use the HASH_BYTEARRAY macro to convert the 64 character hex values into the array. * Add the me_rw.metadata cbfs file to FW_MAIN_A and FW_MAIN_B regions.
BUG=b:169077783 TEST= Built for dedede. Verify that metadata file was generated and added to the FW_MAIN_A/B. Extracted it using cbfstool and verfied that metadata was generated properly.
Change-Id: I412581400a9606fa17cf4398faffda923f07b320 Signed-off-by: V Sowmya v.sowmya@intel.com Signed-off-by: Maulik V Vaghela maulik.v.vaghela@intel.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/47431 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Furquan Shaikh furquan@google.com Reviewed-by: Karthik Ramasubramanian kramasub@google.com --- M src/soc/intel/common/block/cse/Kconfig M src/soc/intel/common/block/cse/Makefile.inc M src/soc/intel/common/block/cse/cse_lite.c A src/soc/intel/common/block/cse/cse_rw_metadata.c M src/soc/intel/common/block/include/intelblocks/cse.h 5 files changed, 86 insertions(+), 9 deletions(-)
Approvals: build bot (Jenkins): Verified Furquan Shaikh: Looks good to me, approved Karthik Ramasubramanian: Looks good to me, approved
diff --git a/src/soc/intel/common/block/cse/Kconfig b/src/soc/intel/common/block/cse/Kconfig index a2c8928..b427b15 100644 --- a/src/soc/intel/common/block/cse/Kconfig +++ b/src/soc/intel/common/block/cse/Kconfig @@ -41,6 +41,12 @@ help CBFS entry name for Intel CSE CBFS RW blob
+config SOC_INTEL_CSE_RW_METADATA_CBFS_NAME + string "CBFS name for CSE RW metadata file" + default "me_rw.metadata" + help + CBFS name for Intel CSE CBFS RW metadata file + config SOC_INTEL_CSE_RW_FILE string "Intel CSE CBFS RW path and filename" default "" diff --git a/src/soc/intel/common/block/cse/Makefile.inc b/src/soc/intel/common/block/cse/Makefile.inc index 11cc3c2..1bc69c5 100644 --- a/src/soc/intel/common/block/cse/Makefile.inc +++ b/src/soc/intel/common/block/cse/Makefile.inc @@ -4,6 +4,7 @@ ramstage-$(CONFIG_SOC_INTEL_CSE_LITE_SKU) += cse_lite.c smm-$(CONFIG_SOC_INTEL_COMMON_BLOCK_HECI_DISABLE_IN_SMM) += disable_heci.c
+ifeq ($(CONFIG_SOC_INTEL_CSE_RW_UPDATE),y) ifneq ($(CONFIG_SOC_INTEL_CSE_RW_FILE),"") CSE_LITE_ME_RW = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME)) regions-for-file-$(CSE_LITE_ME_RW) = FW_MAIN_A,FW_MAIN_B @@ -11,4 +12,32 @@ $(CSE_LITE_ME_RW)-file := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) $(CSE_LITE_ME_RW)-name := $(CSE_LITE_ME_RW) $(CSE_LITE_ME_RW)-type := raw +else +$(error "CSE RW file path is missing and need to be set by mainboard config") +endif + +# Extract the CSE RW firmware version and update the cse_rw_metadata structure +ifneq ($(CONFIG_SOC_INTEL_CSE_RW_VERSION),"") +CSE_RW_VERSION:=$(subst ., ,$(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_VERSION))) +MAJOR := $(word 1, $(CSE_RW_VERSION)) +MINOR := $(word 2, $(CSE_RW_VERSION)) +HOTFIX := $(word 3, $(CSE_RW_VERSION)) +BUILD := $(word 4, $(CSE_RW_VERSION)) +CPPFLAGS_common += -DCSE_RW_MAJOR=$(MAJOR) -DCSE_RW_MINOR=$(MINOR) -DCSE_RW_HOTFIX=$(HOTFIX) -DCSE_RW_BUILD=$(BUILD) +else +$(error "CSE RW version is missing and need to be set by mainboard config") +endif + +# Compute the hash of the CSE RW binary and update the cse_rw_metadata structure +CSE_RW_PATH := $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_FILE)) +HASH := $(shell openssl dgst -sha256 -hex $(CSE_RW_PATH) | cut -d " " -f2 | fold -w2 | paste -sd',' -) +CPPFLAGS_common += -DCSE_RW_SHA256=$(HASH) + +# Add the CSE RW metadata file to FW_MAIN_A/B +CSE_RW_METADATA = $(call strip_quotes,$(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME)) +regions-for-file-$(CSE_RW_METADATA) = FW_MAIN_A,FW_MAIN_B +cbfs-files-y += $(CSE_RW_METADATA) +$(CSE_RW_METADATA)-file := cse_rw_metadata.c:struct +$(CSE_RW_METADATA)-name := $(CSE_RW_METADATA) +$(CSE_RW_METADATA)-type := raw endif diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c index edb35c4..39f2cda 100644 --- a/src/soc/intel/common/block/cse/cse_lite.c +++ b/src/soc/intel/common/block/cse/cse_lite.c @@ -9,7 +9,6 @@ #include <intelblocks/cse.h> #include <security/vboot/vboot_common.h> #include <security/vboot/misc.h> -#include <vb2_api.h> #include <soc/intel/common/reset.h>
/* CSE RW version size reserved in the CSE CBFS RW binary */ @@ -110,14 +109,6 @@ BP_INFO_READ_ONLY_CFG = 1 << 2, };
-/* Boot Partition FW Version */ -struct fw_version { - uint16_t major; - uint16_t minor; - uint16_t hotfix; - uint16_t build; -} __packed; - /* CSE boot partition entry info */ struct cse_bp_entry { /* Boot partition version */ diff --git a/src/soc/intel/common/block/cse/cse_rw_metadata.c b/src/soc/intel/common/block/cse/cse_rw_metadata.c new file mode 100644 index 0000000..3f7e779 --- /dev/null +++ b/src/soc/intel/common/block/cse/cse_rw_metadata.c @@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include <intelblocks/cse.h> + +#define HASH_TO_ARRAY(x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15, x16,\ + x17, x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28, x29, x30,\ + x31, x32) { 0x##x1, 0x##x2, 0x##x3, 0x##x4, 0x##x5, 0x##x6, 0x##x7,\ + 0x##x8, 0x##x9, 0x##x10, 0x##x11, 0x##x12, 0x##x13, 0x##x14, 0x##x15,\ + 0x##x16, 0x##x17, 0x##x18, 0x##x19, 0x##x20, 0x##x21, 0x##x22, 0x##x23,\ + 0x##x24, 0x##x25, 0x##x26, 0x##x27, 0x##x28, 0x##x29, 0x##x30, 0x##x31,\ + 0x##x32 } +#define HASH_BYTEARRAY(...) HASH_TO_ARRAY(__VA_ARGS__) + +/* + * This structure contains the CSE RW version and hash details which are filled during the + * compile time. + * Makefile will extract the following details and updates the structure variable via the + * compile time flags. + * CSE RW version: Extract the version string from the SOC_INTEL_CSE_RW_VERSION config and + * assign the major, minor, hotfix and build versions. + * CSE RW hash: Compute the hash of CSE RW binary in hex format using the openssl and use the + * HASH_BYTEARRAY macro to convert the 64 character hex values into the array. + */ +struct cse_rw_metadata metadata = { + .version = { + .major = CSE_RW_MAJOR, + .minor = CSE_RW_MINOR, + .build = CSE_RW_BUILD, + .hotfix = CSE_RW_HOTFIX, + }, + .sha256 = HASH_BYTEARRAY(CSE_RW_SHA256), +}; diff --git a/src/soc/intel/common/block/include/intelblocks/cse.h b/src/soc/intel/common/block/include/intelblocks/cse.h index f554933..64ee0dd 100644 --- a/src/soc/intel/common/block/include/intelblocks/cse.h +++ b/src/soc/intel/common/block/include/intelblocks/cse.h @@ -4,6 +4,7 @@ #define SOC_INTEL_COMMON_CSE_H
#include <types.h> +#include <vb2_api.h>
/* MKHI Command groups */ #define MKHI_GROUP_ID_CBM 0x0 @@ -61,6 +62,24 @@ uint8_t result; } __packed;
+/* CSE FW Version */ +struct fw_version { + uint16_t major; + uint16_t minor; + uint16_t hotfix; + uint16_t build; +} __packed; + +/* + * CSE RW metadata structure + * fw_version - CSE RW firmware version + * sha256 - Hash of the CSE RW binary. + */ +struct cse_rw_metadata { + struct fw_version version; + uint8_t sha256[VB2_SHA256_DIGEST_SIZE]; +}; + /* set up device for use in early boot enviroument with temp bar */ void heci_init(uintptr_t bar); /*