[coreboot-gerrit] Change in coreboot[master]: vboot: Add support for reading GBB flags

Furquan Shaikh (Code Review) gerrit at coreboot.org
Thu Mar 29 23:51:49 CEST 2018 

Furquan Shaikh has uploaded this change for review. ( https://review.coreboot.org/25459


Change subject: vboot: Add support for reading GBB flags
......................................................................

vboot: Add support for reading GBB flags

This change adds basic support for reading flags from GBB header
located in "GBB" section on SPI flash.

Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e
Signed-off-by: Furquan Shaikh <furquan at google.com>
---
M src/security/vboot/Makefile.inc
A src/security/vboot/gbb.c
A src/security/vboot/gbb.h
3 files changed, 117 insertions(+), 0 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/25459/1

diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index 53462d9..6f18a35 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -23,6 +23,8 @@
 
 verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__
 
+ramstage-y += gbb.c
+
 bootblock-y += vbnv.c
 verstage-y += vbnv.c
 romstage-y += vbnv.c
diff --git a/src/security/vboot/gbb.c b/src/security/vboot/gbb.c
new file mode 100644
index 0000000..f217c79
--- /dev/null
+++ b/src/security/vboot/gbb.c
@@ -0,0 +1,77 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2018 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <commonlib/region.h>
+#include <console/console.h>
+#include <fmap.h>
+#include <security/vboot/gbb.h>
+#include <string.h>
+
+#define GBB_FMAP_REGION_NAME	"GBB"
+
+static GoogleBinaryBlockHeader *gbb_header;
+
+/*
+ * Read "GBB" region from SPI flash to obtain GBB header and validate
+ * signature.
+ *
+ * Return value:
+ * Success = 0
+ * Error = 1
+ */
+static int gbb_init(void)
+{
+	static bool init_done = false;
+	static struct region_device gbb_rdev;
+	size_t gbb_region_sz;
+
+	if (init_done != false)
+		return 0;
+
+	if (fmap_locate_area_as_rdev(GBB_FMAP_REGION_NAME, &gbb_rdev))
+		return 1;
+
+	gbb_header = rdev_mmap_full(&gbb_rdev);
+	gbb_region_sz = region_device_sz(&gbb_rdev);
+
+	if (gbb_region_sz < sizeof(GoogleBinaryBlockHeader)) {
+		printk(BIOS_ERR, "%s: GBB header too small!\n", __func__);
+		return 1;
+	}
+
+	if (memcmp(gbb_header->signature, GBB_SIGNATURE, GBB_SIGNATURE_SIZE)) {
+		printk(BIOS_ERR, "%s: Signature check failed!\n", __func__);
+		return 1;
+	}
+
+	init_done = true;
+	return 0;
+}
+
+uint32_t gbb_get_flags(void)
+{
+	if (gbb_init()) {
+		printk(BIOS_ERR,
+		       "%s: Failure to initialize GBB. Returning flags as 0!\n",
+		       __func__);
+		return 0;
+	}
+	return gbb_header->flags;
+}
+
+bool gbb_is_flag_set(uint32_t flag)
+{
+	return !!(gbb_header->flags & flag);
+}
diff --git a/src/security/vboot/gbb.h b/src/security/vboot/gbb.h
new file mode 100644
index 0000000..b7f0634
--- /dev/null
+++ b/src/security/vboot/gbb.h
@@ -0,0 +1,38 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2018 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#ifndef __SECURITY_VBOOT_GBB_H__
+#define __SECURITY_VBOOT_GBB_H__
+
+#include <stdint.h>
+#include <gbb_header.h>
+
+/*
+ * Read flags field from GBB header.
+ * Return value:
+ * Success: 32-bit unsigned integer representing flags field from GBB header.
+ * Error  : 0
+ */
+uint32_t gbb_get_flags(void);
+
+/*
+ * Check if given flag is set in the flags field in GBB header.
+ * Return value:
+ * true: Flag is set.
+ * false: Flag is not set or failure to read GBB flags.
+ */
+bool gbb_is_flag_set(uint32_t flag);
+
+#endif /* __SECURITY_VBOOT_GBB_H__ */

-- 
To view, visit https://review.coreboot.org/25459
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e
Gerrit-Change-Number: 25459
Gerrit-PatchSet: 1
Gerrit-Owner: Furquan Shaikh <furquan at google.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180329/9879bbd2/attachment-0001.html>

More information about the coreboot-gerrit mailing list