Attention is currently required from: Jakub Czapiga, Caveh Jalali, Julius Werner, Boris Mittelberg.
Yu-Ping Wu has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/69762 )
Change subject: vboot: Fix hash digest size, padding and comparison ......................................................................
Patch Set 2:
(4 comments)
File src/ec/google/chromeec/vboot_storage.c:
https://review.coreboot.org/c/coreboot/+/69762/comment/74cd18ee_37790a7b PS2, Line 18: match doesn't exceed
https://review.coreboot.org/c/coreboot/+/69762/comment/abb9833e_e976e85f PS2, Line 21: memset(data, 0, sizeof(data)); I believe this (memset, memcpy, and the size check) is already handled in `google_chromeec_vstore_write`, so we only need to fix the assertion statement.
https://review.coreboot.org/c/coreboot/+/69762/comment/69248a35_95a1ec52 PS2, Line 50: assert(digest_size == EC_VSTORE_SLOT_SIZE); Also here?
File src/security/vboot/vboot_logic.c:
https://review.coreboot.org/c/coreboot/+/69762/comment/a0471fac_f088a702 PS2, Line 99: memset(full_slot_hash, 0, sizeof(full_slot_hash)); Can we do this only when `slot_hash_sz < saved_hash_sz`?
``` uint8_t full_slot_hash[VBOOT_MAX_HASH_SIZE] = {0}; if (slot_hash_sz < saved_hash_sz) { memcpy(full_slot_hash, ...); slot_hash = full_slot_hash; } ```