Change in coreboot[master]: util/cbfstool/fit.c: Add support for adding Boot Guard manifests
Hello Michał Żygowski, Christian Walter,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/48469
to review the following change.
Change subject: util/cbfstool/fit.c: Add support for adding Boot Guard manifests ......................................................................
util/cbfstool/fit.c: Add support for adding Boot Guard manifests
Change-Id: I8221590cad16cffea3f8b50dd880a77934b78ea8 Signed-off-by: Arthur Heymans arthur@aheymans.xyz Signed-off-by: Christian Walter christian.walter@9elements.com Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com --- M util/cbfstool/fit.c 1 file changed, 45 insertions(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/69/48469/1
diff --git a/util/cbfstool/fit.c b/util/cbfstool/fit.c index 44573ca..63956dd 100644 --- a/util/cbfstool/fit.c +++ b/util/cbfstool/fit.c @@ -434,6 +434,43 @@ fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); }
+/* + * There can be zero or one FIT_TYPE_BOOT_POLICY entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_boot_policy_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t boot_policy_addr, + uint32_t boot_policy_size) +{ + entry->address = boot_policy_addr; + entry->type_checksum_valid = FIT_TYPE_BOOT_POLICY; + entry->size_reserved = boot_policy_size; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + +/* + * There can be zero or one FIT_TYPE_KEY_MANIFEST entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_key_manifest_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t key_manifest_addr, + uint32_t key_manifest_size) +{ + entry->address = key_manifest_addr; + + entry->type_checksum_valid = FIT_TYPE_KEY_MANIFEST; + entry->size_reserved = key_manifest_size; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + /* Special case for ucode CBFS file, as it might contain more than one ucode */ int fit_add_microcode_file(struct fit_table *fit, struct cbfs_image *image, @@ -626,10 +663,10 @@ case FIT_TYPE_BIOS_STARTUP: case FIT_TYPE_BIOS_POLICY: case FIT_TYPE_TXT_POLICY: - return 1; - case FIT_TYPE_TPM_POLICY: case FIT_TYPE_KEY_MANIFEST: case FIT_TYPE_BOOT_POLICY: + return 1; + case FIT_TYPE_TPM_POLICY: default: return 0; } @@ -684,6 +721,12 @@ case FIT_TYPE_TXT_POLICY: update_fit_txt_policy_entry(fit, entry, offset); break; + case FIT_TYPE_KEY_MANIFEST: + update_fit_key_manifest_entry(fit, entry, offset, len); + break; + case FIT_TYPE_BOOT_POLICY: + update_fit_boot_policy_entry(fit, entry, offset, len); + break; default: return 1; }
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48469 )
Change subject: util/cbfstool/fit.c: Add support for adding Boot Guard manifests ......................................................................
Patch Set 1: Code-Review+2
Hung-Te Lin has submitted this change. ( https://review.coreboot.org/c/coreboot/+/48469 )
Change subject: util/cbfstool/fit.c: Add support for adding Boot Guard manifests ......................................................................
util/cbfstool/fit.c: Add support for adding Boot Guard manifests
Change-Id: I8221590cad16cffea3f8b50dd880a77934b78ea8 Signed-off-by: Arthur Heymans arthur@aheymans.xyz Signed-off-by: Christian Walter christian.walter@9elements.com Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/48469 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Angel Pons th3fanbus@gmail.com --- M util/cbfstool/fit.c 1 file changed, 45 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Angel Pons: Looks good to me, approved
diff --git a/util/cbfstool/fit.c b/util/cbfstool/fit.c index 44573ca..63956dd 100644 --- a/util/cbfstool/fit.c +++ b/util/cbfstool/fit.c @@ -434,6 +434,43 @@ fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); }
+/* + * There can be zero or one FIT_TYPE_BOOT_POLICY entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_boot_policy_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t boot_policy_addr, + uint32_t boot_policy_size) +{ + entry->address = boot_policy_addr; + entry->type_checksum_valid = FIT_TYPE_BOOT_POLICY; + entry->size_reserved = boot_policy_size; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + +/* + * There can be zero or one FIT_TYPE_KEY_MANIFEST entries + * + * The caller has to provide valid arguments as those aren't verified. + */ +static void update_fit_key_manifest_entry(struct fit_table *fit, + struct fit_entry *entry, + uint64_t key_manifest_addr, + uint32_t key_manifest_size) +{ + entry->address = key_manifest_addr; + + entry->type_checksum_valid = FIT_TYPE_KEY_MANIFEST; + entry->size_reserved = key_manifest_size; + entry->version = FIT_TXT_VERSION; + entry->checksum = 0; + fit_entry_add_size(&fit->header, sizeof(struct fit_entry)); +} + /* Special case for ucode CBFS file, as it might contain more than one ucode */ int fit_add_microcode_file(struct fit_table *fit, struct cbfs_image *image, @@ -626,10 +663,10 @@ case FIT_TYPE_BIOS_STARTUP: case FIT_TYPE_BIOS_POLICY: case FIT_TYPE_TXT_POLICY: - return 1; - case FIT_TYPE_TPM_POLICY: case FIT_TYPE_KEY_MANIFEST: case FIT_TYPE_BOOT_POLICY: + return 1; + case FIT_TYPE_TPM_POLICY: default: return 0; } @@ -684,6 +721,12 @@ case FIT_TYPE_TXT_POLICY: update_fit_txt_policy_entry(fit, entry, offset); break; + case FIT_TYPE_KEY_MANIFEST: + update_fit_key_manifest_entry(fit, entry, offset, len); + break; + case FIT_TYPE_BOOT_POLICY: + update_fit_boot_policy_entry(fit, entry, offset, len); + break; default: return 1; }
-
Angel Pons (Code Review) -
Arthur Heymans (Code Review)
-
Hung-Te Lin (Code Review)