Patrick Georgi submitted this change.

View Change

Approvals: build bot (Jenkins): Verified Aaron Durbin: Looks good to me, approved
lib/prog_loaders.c: Add prog_locate_hook()

There is no posibility to prevent loading images from cbfs at this stage
For security features prog_locate_hook() is added. This hook can be used
to prevent loading the image.

BUG=N/A
TEST=Created verified binary and verify logging on Facebook FBG-1701

Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30811
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
---
M src/include/program_loading.h
M src/lib/prog_loaders.c
2 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/src/include/program_loading.h b/src/include/program_loading.h
index 6dec192..601847d 100644
--- a/src/include/program_loading.h
+++ b/src/include/program_loading.h
@@ -3,6 +3,7 @@
*
* Copyright 2015 Google Inc.
* Copyright (C) 2014 Imagination Technologies
+ * Copyright (C) 2018 Eltan B.V.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -138,6 +139,12 @@

/* Locate the identified program to run. Return 0 on success. < 0 on error. */
int prog_locate(struct prog *prog);
+/* The prog_locate_hook() is called prior to CBFS traversal. The hook can be
+ * used to implement policy that allows or prohibits further progress through
+ * prog_locate(). The type and name field within struct prog are the only valid
+ * fields. A 0 return value allows further progress while a non-zero return
+ * value prohibits further progress */
+int prog_locate_hook(struct prog *prog);

/* Run the program described by prog. */
void prog_run(struct prog *prog);
diff --git a/src/lib/prog_loaders.c b/src/lib/prog_loaders.c
index 2ef6bdf..5048c99 100644
--- a/src/lib/prog_loaders.c
+++ b/src/lib/prog_loaders.c
@@ -2,6 +2,7 @@
* This file is part of the coreboot project.
*
* Copyright 2015 Google Inc.
+ * Copyright (C) 2018-2019 Eltan B.V.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,6 +39,9 @@
{
struct cbfsf file;

+ if (prog_locate_hook(prog))
+ return -1;
+
cbfs_prepare_program_locate();

if (cbfs_boot_locate(&file, prog_name(prog), NULL))
@@ -74,6 +78,8 @@
halt();
}

+int __weak prog_locate_hook(struct prog *prog) { return 0; }
+
static void ramstage_cache_invalid(void)
{
printk(BIOS_ERR, "ramstage cache invalid.\n");

To view, visit change 30811. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7
Gerrit-Change-Number: 30811
Gerrit-PatchSet: 13
Gerrit-Owner: Frans Hendriks <fhendriks@eltan.com>
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Felix Held <felix-coreboot@felixheld.de>
Gerrit-Reviewer: Frans Hendriks <fhendriks@eltan.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Gerrit-Reviewer: Wim Vervoorn
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Angel Pons <th3fanbus@gmail.com>
Gerrit-CC: Arthur Heymans <arthur@aheymans.xyz>
Gerrit-CC: Julius Werner <jwerner@chromium.org>
Gerrit-CC: Nico Huber <nico.h@gmx.de>
Gerrit-CC: Patrick Rudolph
Gerrit-CC: Patrick Rudolph <patrick.rudolph@9elements.com>
Gerrit-CC: Patrick Rudolph <siro@das-labor.org>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-MessageType: merged