Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43400 )
Change subject: util/cbfstool/fit.c: Add support for adding Boot Guard manifests ......................................................................
util/cbfstool/fit.c: Add support for adding Boot Guard manifests
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: I2c33d3c1dd2267ae5e0bccb57b716135598ea197 --- M util/cbfstool/fit.c 1 file changed, 69 insertions(+), 7 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/00/43400/1
diff --git a/util/cbfstool/fit.c b/util/cbfstool/fit.c index 44573ca..e7aa8d7 100644 --- a/util/cbfstool/fit.c +++ b/util/cbfstool/fit.c @@ -76,6 +76,11 @@ int size; };
+static inline int fit_entry_type(const struct fit_entry *entry) +{ + return entry->type_checksum_valid & ~FIT_ENTRY_CHECKSUM_VALID; +} + static inline void *rom_buffer_pointer(struct buffer *buffer, int offset) { return &buffer->data[offset]; @@ -83,12 +88,30 @@
static inline size_t fit_entry_size_bytes(const struct fit_entry *entry) { + /* + * Do not shift the data to not loose MSB. Boot policy and Key Manifest + * are not multiples of 16 bytes. The size is adjusted in FIT entry + * adding function. + */ + if(fit_entry_type(entry) == FIT_TYPE_BOOT_POLICY || + fit_entry_type(entry) == FIT_TYPE_KEY_MANIFEST) + return (entry->size_reserved & 0xffffff); + return (entry->size_reserved & 0xffffff) << 4; }
static inline void fit_entry_update_size(struct fit_entry *entry, const int size_bytes) { + /* + * Do nothing for Boot policy and Key Manifest since these are not + * multiples of 16 bytes. The size is adjusted in FIT entry adding + * function. + */ + if(fit_entry_type(entry) == FIT_TYPE_BOOT_POLICY || + fit_entry_type(entry) == FIT_TYPE_KEY_MANIFEST) + return; + /* Size is multiples of 16 bytes. */ entry->size_reserved = (size_bytes >> 4) & 0xffffff; } @@ -101,11 +124,6 @@ fit_entry_update_size(entry, size); }
-static inline int fit_entry_type(struct fit_entry *entry) -{ - return entry->type_checksum_valid & ~FIT_ENTRY_CHECKSUM_VALID; -} - /* * Get an offset from a host pointer. This function assumes the ROM is located * in the host address space at [4G - romsize -> 4G). It also assume all @@ -434,6 +452,44 @@ fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); }
+/* + * There can be zero or one FIT_TYPE_BOOT_POLICY entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_boot_policy_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t boot_policy_addr, + uint32_t boot_policy_size) +{ + entry->address = boot_policy_addr; + /* Boot Policy Manifest size is not multiple of 16 bytes */ + fit_entry_update_size(entry, boot_policy_size << 4); + entry->type_checksum_valid = FIT_TYPE_BOOT_POLICY; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + +/* + * There can be zero or one FIT_TYPE_KEY_MANIFEST entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_key_manifest_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t key_manifest_addr, + uint32_t key_manifest_size) +{ + entry->address = key_manifest_addr; + /* Key Manifest size is not multiple of 16 bytes */ + fit_entry_update_size(entry, key_manifest_size << 4); + entry->type_checksum_valid = FIT_TYPE_KEY_MANIFEST; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + /* Special case for ucode CBFS file, as it might contain more than one ucode */ int fit_add_microcode_file(struct fit_table *fit, struct cbfs_image *image, @@ -626,10 +682,10 @@ case FIT_TYPE_BIOS_STARTUP: case FIT_TYPE_BIOS_POLICY: case FIT_TYPE_TXT_POLICY: - return 1; - case FIT_TYPE_TPM_POLICY: case FIT_TYPE_KEY_MANIFEST: case FIT_TYPE_BOOT_POLICY: + return 1; + case FIT_TYPE_TPM_POLICY: default: return 0; } @@ -684,6 +740,12 @@ case FIT_TYPE_TXT_POLICY: update_fit_txt_policy_entry(fit, entry, offset); break; + case FIT_TYPE_KEY_MANIFEST: + update_fit_key_manifest_entry(fit, entry, offset, len); + break; + case FIT_TYPE_BOOT_POLICY: + update_fit_boot_policy_entry(fit, entry, offset, len); + break; default: return 1; }