Karthik Ramasubramanian has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/78426?usp=email )
Change subject: soc/amd/common/psp_verstage: Add PSP_VERSTACK_STACK_IS_MAPPED config ......................................................................
soc/amd/common/psp_verstage: Add PSP_VERSTACK_STACK_IS_MAPPED config
Crypto Engine in PSP prefers the buffer from Static RAM (SRAM). Hence if a buffer comes from within SRAM address range, then it is passed directly to Crypto Engine. Otherwise a bounce bufer from the stack is used. But on SoCs like Picasso where PSP Verstage stack is mapped to a virtual address space this check fails causing a bounce buffer to be used and hence a stack overflow. Fix this issue by assuming that the buffer comes from the SRAM always in such SoCs and pass the buffer directly to crypto engine.
BUG=b:259649666 TEST=Build and boot to OS in Dalboz with unsigned PSP verstage.
Change-Id: I2161c8f0720c770efa5c05aece9584c3cbe7712a Signed-off-by: Karthikeyan Ramasubramanian kramasub@google.com --- M src/soc/amd/common/psp_verstage/Kconfig M src/soc/amd/common/psp_verstage/vboot_crypto.c 2 files changed, 12 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/26/78426/1
diff --git a/src/soc/amd/common/psp_verstage/Kconfig b/src/soc/amd/common/psp_verstage/Kconfig index 526a4ae7..bed307d 100644 --- a/src/soc/amd/common/psp_verstage/Kconfig +++ b/src/soc/amd/common/psp_verstage/Kconfig @@ -35,3 +35,11 @@ help Put signed AMD/PSP firmwares outside FW_MAIN_[AB] so vboot doesn't verify them, and rely on PSP's verification. + +config PSP_VERSTAGE_STACK_IS_MAPPED + bool + default y if SOC_AMD_PICASSO + default n + help + This configuration indicates whether the PSP Verstage stack is mapped to a virtual + address space. This has been the case so far only only in Picasso SoC. diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c index b2c0c56..5ed351b 100644 --- a/src/soc/amd/common/psp_verstage/vboot_crypto.c +++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c @@ -90,8 +90,11 @@ * mapped address of SPI flash which makes crypto engine to return invalid address. * Hence if the buffer is from SRAM, pass it to crypto engine. Else copy into a * temporary buffer before passing it to crypto engine. + * + * Similarly in some SoCs, PSP verstage stack is mapped to a virtual address space. + * In those SoCs, assume that the buffer is from SRAM and pass it to crypto engine. */ - if (buf >= _sram && (buf + size) < _esram) + if (CONFIG(PSP_VERSTAGE_STACK_IS_MAPPED) || (buf >= _sram && (buf + size) < _esram)) return vb2ex_hwcrypto_digest_extend_psp_sram(buf, size);
while (size) {