[M] Change in coreboot[master]: cbfs/vboot: Adapt to new vb2_digest API - coreboot-gerrit

3 Sep 2022

Julius Werner has submitted this change. ( https://review.coreboot.org/c/coreboot/+/66561 )
Change subject: cbfs/vboot: Adapt to new vb2_digest API
......................................................................
cbfs/vboot: Adapt to new vb2_digest API
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new
hwcrypto_allowed argument, to potentially let them try to call the
vb2ex_hwcrypto API for hash calculation. This change will open hardware
crypto acceleration up to all hash calculations in coreboot (most
notably CBFS verification). As part of this change, the
vb2_digest_buffer() function has been removed, so replace existing
instances in coreboot with the newer vb2_hash_calculate() API.
Due to the circular dependency of these changes with vboot, this patch
also needs to update the vboot submodule:
Updating from commit id 18cb85b5:
    2load_kernel.c: Expose load kernel as vb2_api
to commit id b827ddb9:
    tests: Ensure auxfw sync runs after EC sync
This brings in 15 new commits.
Signed-off-by: Julius Werner jwerner@chromium.org
Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Jakub Czapiga jacz@semihalf.com
---
M 3rdparty/vboot
M payloads/libpayload/include/cbfs_glue.h
M payloads/libpayload/libcbfs/cbfs.c
M payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
M src/commonlib/bsd/cbfs_private.c
M src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h
M src/include/cbfs_glue.h
M src/lib/cbfs.c
M src/lib/metadata_hash.c
M src/security/tpm/tspi/tspi.c
M src/security/vboot/misc.h
M src/security/vboot/mrc_cache_hash_tpm.c
M src/security/vboot/tpm_common.c
M src/soc/intel/alderlake/hsphy.c
M src/soc/intel/common/block/cse/cse_lite.c
M src/vendorcode/eltan/security/mboot/mboot.c
M src/vendorcode/eltan/security/verified_boot/vboot_check.c
M tests/lib/cbfs-verification-test.c
M util/cbfstool/cbfs_glue.h
M util/cbfstool/cbfs_image.c
M util/cbfstool/cbfstool.c
M util/cbfstool/platform_fixups.c
22 files changed, 130 insertions(+), 85 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Jakub Czapiga: Looks good to me, approved

diff --git a/3rdparty/vboot b/3rdparty/vboot
index 18cb85b..b827ddb 160000
--- a/3rdparty/vboot
+++ b/3rdparty/vboot
@@ -1 +1 @@
-Subproject commit 18cb85b52d689b4cfbd49c6384ae2088b78af1e0
+Subproject commit b827ddb9b02228fc8064d7e03bdc6f05535d5e03
diff --git a/payloads/libpayload/include/cbfs_glue.h b/payloads/libpayload/include/cbfs_glue.h
index 00d0ea9..bff63ee 100644
--- a/payloads/libpayload/include/cbfs_glue.h
+++ b/payloads/libpayload/include/cbfs_glue.h
@@ -5,9 +5,11 @@
#include <libpayload-config.h>
 #include <boot_device.h>
+#include <stdbool.h>
 #include <stdio.h>
#define CBFS_ENABLE_HASHING CONFIG(LP_CBFS_VERIFICATION)
+#define CBFS_HASH_HWCRYPTO cbfs_hwcrypto_allowed()
#define ERROR(...) printf("CBFS ERROR: " __VA_ARGS__)
 #define LOG(...) printf("CBFS: " __VA_ARGS__)
@@ -43,4 +45,6 @@
    return dev->size;
 }
+bool cbfs_hwcrypto_allowed(void);
+
 #endif /* _CBFS_CBFS_GLUE_H */
diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c
index 0694c4f..a158ba8 100644
--- a/payloads/libpayload/libcbfs/cbfs.c
+++ b/payloads/libpayload/libcbfs/cbfs.c
@@ -89,7 +89,7 @@
    	ERROR("'%s' does not have a file hash!\n", mdata->h.filename);
    	return true;
    }
-	if (vb2_hash_verify(buffer, size, hash) != VB2_SUCCESS) {
+	if (vb2_hash_verify(cbfs_hwcrypto_allowed(), buffer, size, hash) != VB2_SUCCESS) {
    	ERROR("'%s' file hash mismatch!\n", mdata->h.filename);
    	return true;
    }
@@ -223,3 +223,10 @@
return do_load(&mdata, dev.offset + data_offset, buf, size_inout, true);
 }
+
+/* This should be overridden by payloads that want to enforce more explicit
+   policy on using HW crypto. */
+__weak bool cbfs_hwcrypto_allowed(void)
+{
+	return true;
+}
diff --git a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
index 8e50f39..25e402c 100644
--- a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
+++ b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
@@ -23,8 +23,10 @@
    return VB2_SHA256_DIGEST_SIZE;
 }
-vb2_error_t vb2_hash_verify(const void *buf, uint32_t size, const struct vb2_hash *hash)
+vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size,
+			    const struct vb2_hash *hash)
 {
+	assert_true(allow_hwcrypto);
    check_expected_ptr(buf);
    check_expected(size);
diff --git a/src/commonlib/bsd/cbfs_private.c b/src/commonlib/bsd/cbfs_private.c
index e77c299..b9221fc 100644
--- a/src/commonlib/bsd/cbfs_private.c
+++ b/src/commonlib/bsd/cbfs_private.c
@@ -30,13 +30,10 @@
    const bool do_hash = CBFS_ENABLE_HASHING && metadata_hash;
    const size_t devsize = cbfs_dev_size(dev);
    struct vb2_digest_context dc;
-	vb2_error_t vbrv;
assert(CBFS_ENABLE_HASHING || (!metadata_hash && !(flags & CBFS_WALK_WRITEBACK_HASH)));
-	if (do_hash && (vbrv = vb2_digest_init(&dc, metadata_hash->algo))) {
-		ERROR("Metadata hash digest (%d) init error: %#x\n", metadata_hash->algo, vbrv);
+	if (do_hash && vb2_digest_init(&dc, CBFS_HASH_HWCRYPTO, metadata_hash->algo, 0))
    	return CB_ERR_ARG;
-	}
size_t offset = 0;
    enum cb_err ret_header;
diff --git a/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h b/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h
index 410bfd6..88f5b63 100644
--- a/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h
+++ b/src/commonlib/bsd/include/commonlib/bsd/cbfs_private.h
@@ -27,6 +27,9 @@
  * cbfs_dev_t		An opaque type representing a CBFS storage backend.
  * CBFS_ENABLE_HASHING	Should be 0 to avoid linking hashing features, 1 otherwise. (Only for
  *			metadata hashing. Host application needs to check file hashes itself.)
+ * CBFS_HASH_HWCRYPTO	Should evaluate to true to allow using vboot hardware crypto routines
+ *			for hashing, false to forbid. This macro may expand to a function call
+ *			to decide this at runtime.
  * ERROR(...)		printf-style macro to print errors.
  * LOG(...)		printf-style macro to print normal-operation log messages.
  * DEBUG(...)		printf-style macro to print detailed debug output.
diff --git a/src/include/cbfs_glue.h b/src/include/cbfs_glue.h
index 3170c37..652cf1b 100644
--- a/src/include/cbfs_glue.h
+++ b/src/include/cbfs_glue.h
@@ -5,6 +5,7 @@
#include <commonlib/region.h>
 #include <console/console.h>
+#include <security/vboot/misc.h>
 #include <rules.h>
/*
@@ -18,6 +19,7 @@
  */
 #define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \
    		     (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE))
+#define CBFS_HASH_HWCRYPTO vboot_hwcrypto_allowed()
#define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__)
 #define LOG(...) printk(BIOS_INFO, "CBFS: " __VA_ARGS__)
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index e1334f4..4f2d9ca 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -12,7 +12,7 @@
 #include <list.h>
 #include <metadata_hash.h>
 #include <security/tpm/tspi/crtm.h>
-#include <security/vboot/vboot_common.h>
+#include <security/vboot/misc.h>
 #include <stdlib.h>
 #include <string.h>
 #include <symbols.h>
@@ -160,7 +160,7 @@
    		ERROR("'%s' does not have a file hash!\n", mdata->h.filename);
    		return true;
    	}
-		if (vb2_hash_verify(buffer, size, hash) != VB2_SUCCESS) {
+		if (vb2_hash_verify(vboot_hwcrypto_allowed(), buffer, size, hash)) {
    		ERROR("'%s' file hash mismatch!\n", mdata->h.filename);
    		return true;
    	}
@@ -171,11 +171,15 @@
/* No need to re-hash file if we already have it from verification. */
    	if (!hash || hash->algo != TPM_MEASURE_ALGO) {
-			vb2_hash_calculate(buffer, size, TPM_MEASURE_ALGO, &calculated_hash);
-			hash = &calculated_hash;
+			if (vb2_hash_calculate(vboot_hwcrypto_allowed(), buffer, size,
+					       TPM_MEASURE_ALGO, &calculated_hash))
+				hash = NULL;
+			else
+				hash = &calculated_hash;
    	}
-		if (tspi_cbfs_measurement(mdata->h.filename, be32toh(mdata->h.type), hash))
+		if (!hash ||
+		    tspi_cbfs_measurement(mdata->h.filename, be32toh(mdata->h.type), hash))
    		ERROR("failed to measure '%s' into TCPA log\n", mdata->h.filename);
    		/* We intentionally continue to boot on measurement errors. */
    }
diff --git a/src/lib/metadata_hash.c b/src/lib/metadata_hash.c
index e10f6ff..8779b7c 100644
--- a/src/lib/metadata_hash.c
+++ b/src/lib/metadata_hash.c
@@ -2,6 +2,7 @@
#include <assert.h>
 #include <metadata_hash.h>
+#include <security/vboot/misc.h>
 #include <symbols.h>
#if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR
@@ -46,5 +47,5 @@
    struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo };
    memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()),
           vb2_digest_size(hash.algo));
-	return vb2_hash_verify(fmap_buffer, fmap_size, &hash);
+	return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash);
 }
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index 891f915..7bf8d6c 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -266,7 +266,8 @@
digest_len = vb2_digest_size(TPM_MEASURE_ALGO);
    assert(digest_len <= sizeof(digest));
-	if (vb2_digest_init(&ctx, TPM_MEASURE_ALGO)) {
+	if (vb2_digest_init(&ctx, vboot_hwcrypto_allowed(), TPM_MEASURE_ALGO,
+			    region_device_sz(rdev))) {
    	printk(BIOS_ERR, "TPM: Error initializing hash.\n");
    	return TPM_E_HASH_ERROR;
    }
diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h
index c39af08..8310647 100644
--- a/src/security/vboot/misc.h
+++ b/src/security/vboot/misc.h
@@ -87,4 +87,18 @@
    }
 }
+static inline bool vboot_hwcrypto_allowed(void)
+{
+	/* When not using vboot firmware verification, HW crypto is always allowed. */
+	if (!CONFIG(VBOOT))
+		return 1;
+
+	/* Before vboot runs we can't check for HW crypto, so err on the side of caution. */
+	if (!vboot_logic_executed())
+		return 0;
+
+	/* Otherwise, vboot can decide. */
+	return vb2api_hwcrypto_allowed(vboot_get_context());
+}
+
 #endif /* __VBOOT_MISC_H__ */
diff --git a/src/security/vboot/mrc_cache_hash_tpm.c b/src/security/vboot/mrc_cache_hash_tpm.c
index 77c23f6..f67eae4 100644
--- a/src/security/vboot/mrc_cache_hash_tpm.c
+++ b/src/security/vboot/mrc_cache_hash_tpm.c
@@ -2,27 +2,16 @@
#include <security/vboot/antirollback.h>
 #include <program_loading.h>
-#include <security/vboot/vboot_common.h>
 #include <vb2_api.h>
 #include <security/tpm/tss.h>
+#include <security/vboot/misc.h>
 #include <security/vboot/mrc_cache_hash_tpm.h>
 #include <console/console.h>
 #include <string.h>
void mrc_cache_update_hash(uint32_t index, const uint8_t *data, size_t size)
 {
-	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
-	static const uint8_t dead_hash[VB2_SHA256_DIGEST_SIZE] = {
-		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */
-		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */
-		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */
-		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */
-		0xba, 0xad, 0xda, 0x1a, /* BAADDA1A */
-		0xde, 0xad, 0xde, 0xad, /* DEADDEAD */
-		0xde, 0xad, 0xda, 0x1a, /* DEADDA1A */
-		0xba, 0xad, 0xba, 0xad, /* BAADBAAD */
-	};
-	const uint8_t *hash_ptr = data_hash;
+	struct vb2_hash hash;
/* Initialize TPM driver. */
    if (tlcl_lib_init() != VB2_SUCCESS) {
@@ -31,8 +20,8 @@
    }
/* Calculate hash of data generated by MRC. */
-	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
-			      sizeof(data_hash))) {
+	if (vb2_hash_calculate(vboot_hwcrypto_allowed(), data, size,
+			       VB2_HASH_SHA256, &hash)) {
    	printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data. "
    	       "Not updating TPM hash space.\n");
    	/*
@@ -40,13 +29,13 @@
    	 * currently stored in TPM hash space is no longer
    	 * valid. If we are not able to calculate hash of the
    	 * data being updated, reset all the bits in TPM hash
-		 * space to pre-defined hash pattern.
+		 * space to zero to invalidate it.
    	 */
-		hash_ptr = dead_hash;
+		memset(hash.raw, 0, VB2_SHA256_DIGEST_SIZE);
    }
/* Write hash of data to TPM space. */
-	if (antirollback_write_space_mrc_hash(index, hash_ptr, VB2_SHA256_DIGEST_SIZE)
+	if (antirollback_write_space_mrc_hash(index, hash.sha256, sizeof(hash.sha256))
        != TPM_SUCCESS) {
    	printk(BIOS_ERR, "MRC: Could not save hash to TPM.\n");
    	return;
@@ -57,15 +46,7 @@
int mrc_cache_verify_hash(uint32_t index, const uint8_t *data, size_t size)
 {
-	uint8_t data_hash[VB2_SHA256_DIGEST_SIZE];
-	uint8_t tpm_hash[VB2_SHA256_DIGEST_SIZE];
-
-	/* Calculate hash of data read from MRC_CACHE. */
-	if (vb2_digest_buffer(data, size, VB2_HASH_SHA256, data_hash,
-			      sizeof(data_hash))) {
-		printk(BIOS_ERR, "MRC: SHA-256 calculation failed for data.\n");
-		return 0;
-	}
+	struct vb2_hash tpm_hash = { .algo = VB2_HASH_SHA256 };
/* Initialize TPM driver. */
    if (tlcl_lib_init() != VB2_SUCCESS) {
@@ -74,13 +55,14 @@
    }
/* Read hash of MRC data saved in TPM. */
-	if (antirollback_read_space_mrc_hash(index, tpm_hash, sizeof(tpm_hash))
+	if (antirollback_read_space_mrc_hash(index, tpm_hash.sha256, sizeof(tpm_hash.sha256))
        != TPM_SUCCESS) {
    	printk(BIOS_ERR, "MRC: Could not read hash from TPM.\n");
    	return 0;
    }
-	if (memcmp(tpm_hash, data_hash, sizeof(tpm_hash))) {
+	/* Calculate hash of data read from MRC_CACHE and compare. */
+	if (vb2_hash_verify(vboot_hwcrypto_allowed(), data, size, &tpm_hash)) {
    	printk(BIOS_ERR, "MRC: Hash comparison failed.\n");
    	return 0;
    }
diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c
index 7fb2a9d..e67cc01 100644
--- a/src/security/vboot/tpm_common.c
+++ b/src/security/vboot/tpm_common.c
@@ -1,8 +1,9 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
#include <security/tpm/tspi.h>
-#include <vb2_api.h>
 #include <security/vboot/tpm_common.h>
+#include <vb2_api.h>
+#include <vb2_sha.h>
#define TPM_PCR_BOOT_MODE "VBOOT: boot mode"
 #define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID"
diff --git a/src/soc/intel/alderlake/hsphy.c b/src/soc/intel/alderlake/hsphy.c
index e958d72..9d41600 100644
--- a/src/soc/intel/alderlake/hsphy.c
+++ b/src/soc/intel/alderlake/hsphy.c
@@ -10,6 +10,7 @@
 #include <device/pci_ops.h>
 #include <intelblocks/cse.h>
 #include <intelblocks/systemagent.h>
+#include <security/vboot/misc.h>
 #include <soc/hsphy.h>
 #include <soc/iomap.h>
 #include <soc/pci_devs.h>
@@ -105,42 +106,28 @@
static int verify_hsphy_hash(void *buf, uint32_t buf_size, uint8_t *hash_buf, uint8_t hash_alg)
 {
-	enum vb2_hash_algorithm alg;
-	uint32_t hash_size;
-	uint8_t hash_calc[MAX_HASH_SIZE];
+	struct vb2_hash hash;
switch (hash_alg) {
    case HASHALG_SHA256:
-		alg = VB2_HASH_SHA256;
-		hash_size = VB2_SHA256_DIGEST_SIZE;
+		hash.algo = VB2_HASH_SHA256;
    	break;
    case HASHALG_SHA384:
-		alg = VB2_HASH_SHA384;
-		hash_size = VB2_SHA384_DIGEST_SIZE;
+		hash.algo = VB2_HASH_SHA384;
    	break;
    case HASHALG_SHA512:
-		alg = VB2_HASH_SHA512;
-		hash_size = VB2_SHA512_DIGEST_SIZE;
+		hash.algo = VB2_HASH_SHA512;
    	break;
    case HASHALG_SHA1:
    default:
    	printk(BIOS_ERR, "Hash alg %d not supported, trying SHA384\n", hash_alg);
-		alg = VB2_HASH_SHA384;
-		hash_size = VB2_SHA384_DIGEST_SIZE;
+		hash.algo = VB2_HASH_SHA384;
    	break;
    }
+	memcpy(hash.raw, hash_buf, vb2_digest_size(hash.algo));
-	if (vb2_digest_buffer(buf, buf_size, alg, hash_calc, hash_size)) {
-		printk(BIOS_ERR, "HSPHY SHA calculation failed\n");
-		return -1;
-	}
-
-	if (memcmp(hash_buf, hash_calc, hash_size)) {
+	if (vb2_hash_verify(vboot_hwcrypto_allowed(), buf, buf_size, &hash) != VB2_SUCCESS) {
    	printk(BIOS_ERR, "HSPHY SHA hashes do not match\n");
-		printk(BIOS_DEBUG, "Hash from CSME:\n");
-		hexdump(hash_buf, hash_size);
-		printk(BIOS_DEBUG, "Calculated hash:\n");
-		hexdump(hash_calc, hash_size);
    	return -1;
    }
diff --git a/src/soc/intel/common/block/cse/cse_lite.c b/src/soc/intel/common/block/cse/cse_lite.c
index 40ae995..1d30a8d 100644
--- a/src/soc/intel/common/block/cse/cse_lite.c
+++ b/src/soc/intel/common/block/cse/cse_lite.c
@@ -544,15 +544,15 @@
    	const void *rw_blob, const size_t rw_blob_sz)
{
-	uint8_t rw_comp_sha[VB2_SHA256_DIGEST_SIZE];
+	struct vb2_hash calculated;
-	if (vb2_digest_buffer(rw_blob, rw_blob_sz, VB2_HASH_SHA256, rw_comp_sha,
-				VB2_SHA256_DIGEST_SIZE)) {
+	if (vb2_hash_calculate(vboot_hwcrypto_allowed(), rw_blob, rw_blob_sz,
+			       VB2_HASH_SHA256, &calculated)) {
    	printk(BIOS_ERR, "cse_lite: CSE CBFS RW's SHA-256 calculation has failed\n");
    	return false;
    }
-	if (memcmp(expected_rw_blob_sha, rw_comp_sha, VB2_SHA256_DIGEST_SIZE)) {
+	if (memcmp(expected_rw_blob_sha, calculated.sha256, sizeof(calculated.sha256))) {
    	printk(BIOS_ERR, "cse_lite: Computed CBFS RW's SHA-256 does not match with"
    			"the provided SHA in the metadata\n");
    	return false;
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c
index 575c5fc..c26ac8f 100644
--- a/src/vendorcode/eltan/security/mboot/mboot.c
+++ b/src/vendorcode/eltan/security/mboot/mboot.c
@@ -128,9 +128,10 @@
    	/* The hash is provided as data */
    	memcpy(digest->digest.sha256, (void *)hashData, hashDataLen);
    } else {
-		if (vb2_digest_buffer(hashData, hashDataLen, VB2_HASH_SHA256, digest->digest.sha256,
-					VB2_SHA256_DIGEST_SIZE))
+		struct vb2_hash tmp;
+		if (vb2_hash_calculate(false, hashData, hashDataLen, VB2_HASH_SHA256, &tmp))
    		return TPM_E_IOERROR;
+		memcpy(digest->digest.sha256, tmp.sha256, sizeof(tmp.sha256));
    }
printk(BIOS_DEBUG, "%s: SHA256 Hash Digest:\n", __func__);
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
index 09da5c5..649adc2 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
@@ -145,9 +145,12 @@
           start, (int)size);
if (start && size) {
+		struct vb2_hash tmp_hash;
-		status = vb2_digest_buffer((const uint8_t *)start, size, HASH_ALG, digest,
-					   DIGEST_SIZE);
+		status = vb2_hash_calculate(false, start, size, HASH_ALG, &tmp_hash);
+		if (!status)
+			memcpy(digest, tmp_hash.raw, DIGEST_SIZE);
+
    	if ((CONFIG(VENDORCODE_ELTAN_VBOOT) && memcmp((void *)(
    	    (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC +
    	    sizeof(digest) * hash_index), digest, sizeof(digest))) || status) {
diff --git a/tests/lib/cbfs-verification-test.c b/tests/lib/cbfs-verification-test.c
index 263fbec..b1a39bc 100644
--- a/tests/lib/cbfs-verification-test.c
+++ b/tests/lib/cbfs-verification-test.c
@@ -28,8 +28,10 @@
    return VB2_SHA256_DIGEST_SIZE;
 }
-vb2_error_t vb2_hash_verify(const void *buf, uint32_t size, const struct vb2_hash *hash)
+vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size,
+			    const struct vb2_hash *hash)
 {
+	assert_true(allow_hwcrypto);
    check_expected_ptr(buf);
    check_expected(size);
    assert_int_equal(hash->algo, VB2_HASH_SHA256);
@@ -56,7 +58,8 @@
    return 0;
 }
-vb2_error_t vb2_digest_init(struct vb2_digest_context *dc, enum vb2_hash_algorithm hash_alg)
+vb2_error_t vb2_digest_init(struct vb2_digest_context *dc, bool allow_hwcrypto,
+			    enum vb2_hash_algorithm hash_alg, uint32_t data_size)
 {
    if (hash_alg != VB2_HASH_SHA256) {
    	fail_msg("Unsupported hash algorithm: %d\n", hash_alg);
diff --git a/util/cbfstool/cbfs_glue.h b/util/cbfstool/cbfs_glue.h
index 11786be..77f22e5 100644
--- a/util/cbfstool/cbfs_glue.h
+++ b/util/cbfstool/cbfs_glue.h
@@ -6,6 +6,7 @@
 #include "cbfs_image.h"
#define CBFS_ENABLE_HASHING 1
+#define CBFS_HASH_HWCRYPTO 0
typedef const struct cbfs_image *cbfs_dev_t;
diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index 97ad995..182b185 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -1456,7 +1456,7 @@
    		break;
    	}
    	char *hash_str = bintohex(attr->hash.raw, hash_len);
-		int valid = vb2_hash_verify(CBFS_SUBHEADER(entry),
+		int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry),
    		be32toh(entry->len), &attr->hash) == VB2_SUCCESS;
    	const char *valid_str = valid ? "valid" : "invalid";
@@ -1544,7 +1544,7 @@
    		if (!hash_len)
    			continue;
    		char *hash_str = bintohex(attr->hash.raw, hash_len);
-			int valid = vb2_hash_verify(CBFS_SUBHEADER(entry),
+			int valid = vb2_hash_verify(false, CBFS_SUBHEADER(entry),
    			be32toh(entry->len), &attr->hash) == VB2_SUCCESS;
    		fprintf(fp, "%shash:%s:%s:%s", sep,
    			vb2_get_hash_algorithm_name(attr->hash.algo),
@@ -1873,7 +1873,7 @@
    if (attr == NULL)
    	return -1;
-	if (vb2_hash_calculate(buffer_get(buffer), buffer_size(buffer),
+	if (vb2_hash_calculate(false, buffer_get(buffer), buffer_size(buffer),
    		       alg, &attr->hash) != VB2_SUCCESS)
    	return -1;
diff --git a/util/cbfstool/cbfstool.c b/util/cbfstool/cbfstool.c
index c2191d2..5cb787d 100644
--- a/util/cbfstool/cbfstool.c
+++ b/util/cbfstool/cbfstool.c
@@ -271,12 +271,12 @@
    if (mhc->cbfs_hash.algo == VB2_HASH_INVALID)
    	return 0;
-	uint8_t fmap_hash[VB2_MAX_DIGEST_SIZE];
+	struct vb2_hash fmap_hash;
    const struct fmap *fmap = partitioned_file_get_fmap(param.image_file);
-	if (!fmap || vb2_digest_buffer((const void *)fmap, fmap_size(fmap),
-			mhc->cbfs_hash.algo, fmap_hash, sizeof(fmap_hash)))
+	if (!fmap || vb2_hash_calculate(false, fmap, fmap_size(fmap),
+					mhc->cbfs_hash.algo, &fmap_hash))
    	return -1;
-	return update_anchor(mhc, fmap_hash);
+	return update_anchor(mhc, fmap_hash.raw);
 }
static bool verification_exclude(enum cbfs_type type)
@@ -1511,7 +1511,7 @@
    if (!hash)
    	return CB_ERR;
    void *file_data = arg + offset + data_offset;
-	if (vb2_hash_verify(file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS)
+	if (vb2_hash_verify(false, file_data, be32toh(mdata->h.len), hash) != VB2_SUCCESS)
    	return CB_CBFS_HASH_MISMATCH;
    return CB_CBFS_NOT_FOUND;
 }
diff --git a/util/cbfstool/platform_fixups.c b/util/cbfstool/platform_fixups.c
index b2e12cf..12a5ad7 100644
--- a/util/cbfstool/platform_fixups.c
+++ b/util/cbfstool/platform_fixups.c
@@ -67,7 +67,7 @@
    }
/* Pass out the actual hash of the current bootblock segment in |real_hash|. */
-	if (vb2_hash_calculate(buffer_get(&elf) + pelf.phdr[bb_segment].p_offset,
+	if (vb2_hash_calculate(false, buffer_get(&elf) + pelf.phdr[bb_segment].p_offset,
    		       pelf.phdr[bb_segment].p_filesz, VB2_HASH_SHA384, real_hash)) {
    	ERROR("fixups: vboot digest error\n");
    	goto destroy_elf;
@@ -159,7 +159,7 @@
    	return NULL;
    }
-	if (vb2_hash_calculate(buffer_get(&buffer),
+	if (vb2_hash_calculate(false, buffer_get(&buffer),
    		       MEDIATEK_BOOTBLOCK_GFH_SIZE + data_size,
    		       VB2_HASH_SHA256, real_hash)) {
    	ERROR("fixups: MediaTek: vboot digest error\n");
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/66561
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e
Gerrit-Change-Number: 66561
Gerrit-PatchSet: 10
Gerrit-Owner: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Christian Walter christian.walter@9elements.com
Gerrit-Reviewer: Erik van den Bogaert ebogaert@eltan.com
Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com
Gerrit-Reviewer: Jakub Czapiga jacz@semihalf.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Kangheui Won khwon@chromium.org
Gerrit-Reviewer: Kangheui Won khwon@google.com
Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org
Gerrit-Reviewer: Yu-Ping Wu yupingso@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Reka Norman rekanorman@chromium.org
Gerrit-MessageType: merged



    