Hello build bot (Jenkins), Nico Huber, Angel Pons, Aaron Durbin,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38421
to look at the new patch set (#8).
Change subject: commonlib/bsd: Add new CBFS core implementation ......................................................................
commonlib/bsd: Add new CBFS core implementation
This patch adds a new CBFS implementation that is intended to replace the existing commonlib/cbfs.c. The new implementation is designed to meet a bunch of current and future goals that in aggregate make it easier to start from scratch than to adapt the exisiting implementation:
1. Be BSD-licensed so it can evetually be shared with libpayload. 2. Allow generating/verifying a master hash for future CBFS per-file verification (see [1][2]). 3. Be very careful about reading (not mmaping) all data only once, to be suitable for eventual TOCTOU-safe verification. 4. Make it possibly to efficiently implement all current and future firmware use cases (both with and without verification).
The main primitive is the cbfs_walk() function which will traverse a CBFS and call a callback for every file. cbfs_lookup() uses this to implement the most common use case of finding a file so that it can be read. A host application using this code (e.g. coreboot, libpayload, cbfstool) will need to provide a <cbfs_glue.h> header to provide the glue to access the respective CBFS storage backend implementation.
This patch merely adds the code, the next patch will integrate it into coreboot.
[1]: https://www.youtube.com/watch?v=Hs_EhewBgtM [2]: https://osfc.io/uploads/talk/paper/47/The_future_of_firmware_verification_in...
Change-Id: Ica64c1751fa37686814c0247460c399261d5814c Signed-off-by: Julius Werner jwerner@chromium.org --- M MAINTAINERS A src/commonlib/bsd/cbfs_private.c M src/commonlib/bsd/include/commonlib/bsd/cb_err.h A src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h M src/commonlib/bsd/include/commonlib/bsd/cbfs_serialized.h 5 files changed, 269 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/21/38421/8