[S] Change in coreboot[master]: vboot: Allow for comparison of hash without zero-padding
Julius Werner has submitted this change. ( https://review.coreboot.org/c/coreboot/+/69762 )
Change subject: vboot: Allow for comparison of hash without zero-padding ......................................................................
vboot: Allow for comparison of hash without zero-padding
Adjust asserts to allow to store and compare (at S3 resume) hashes without padding to maximum hash length / slot size.
Signed-off-by: Jakub Czapiga jacz@semihalf.com Change-Id: If6d46e0b58dbca86af56221b7ff2606ab2d1799a Reviewed-on: https://review.coreboot.org/c/coreboot/+/69762 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Julius Werner jwerner@chromium.org Reviewed-by: Yu-Ping Wu yupingso@google.com Reviewed-by: Eric Lai eric_lai@quanta.corp-partner.google.com --- M src/ec/google/chromeec/vboot_storage.c M src/security/vboot/vboot_logic.c 2 files changed, 21 insertions(+), 3 deletions(-)
Approvals: build bot (Jenkins): Verified Julius Werner: Looks good to me, approved Yu-Ping Wu: Looks good to me, approved Eric Lai: Looks good to me, approved
diff --git a/src/ec/google/chromeec/vboot_storage.c b/src/ec/google/chromeec/vboot_storage.c index f708b3e..63e1314 100644 --- a/src/ec/google/chromeec/vboot_storage.c +++ b/src/ec/google/chromeec/vboot_storage.c @@ -14,8 +14,8 @@ uint32_t lock_status; int num_slots;
- /* Ensure the digests being saved match the EC's slot size. */ - assert(digest_size == EC_VSTORE_SLOT_SIZE); + /* Ensure the digests being saved does not exceed the EC's slot size. */ + assert(digest_size > 0 && digest_size <= EC_VSTORE_SLOT_SIZE);
if (google_chromeec_vstore_write(slot, digest, digest_size)) return -1; diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 98a044c..f7b4801 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -86,7 +86,7 @@ uint8_t saved_hash[VBOOT_MAX_HASH_SIZE]; const size_t saved_hash_sz = sizeof(saved_hash);
- assert(slot_hash_sz == saved_hash_sz); + assert(slot_hash_sz <= saved_hash_sz);
printk(BIOS_DEBUG, "Platform is resuming.\n");
-
Julius Werner (Code Review)