summaryrefslogtreecommitdiffstats
path: root/payloads
diff options
context:
space:
mode:
Diffstat (limited to 'payloads')
-rw-r--r--payloads/libpayload/include/lp_vboot.h10
-rw-r--r--payloads/libpayload/libc/Makefile.inc4
-rw-r--r--payloads/libpayload/libc/lp_vboot.c28
-rw-r--r--payloads/libpayload/libcbfs/cbfs.c7
-rw-r--r--payloads/libpayload/tests/libcbfs/cbfs-verification-test.c10
5 files changed, 58 insertions, 1 deletions
diff --git a/payloads/libpayload/include/lp_vboot.h b/payloads/libpayload/include/lp_vboot.h
new file mode 100644
index 000000000000..56ec46024e50
--- /dev/null
+++ b/payloads/libpayload/include/lp_vboot.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#ifndef _LP_VBOOT_H_
+#define _LP_VBOOT_H_
+
+#include <vb2_api.h>
+
+struct vb2_context *vboot_get_context(void);
+
+#endif /* _LP_VBOOT_H_ */
diff --git a/payloads/libpayload/libc/Makefile.inc b/payloads/libpayload/libc/Makefile.inc
index 96d1312f65e6..bc706ae5a7d8 100644
--- a/payloads/libpayload/libc/Makefile.inc
+++ b/payloads/libpayload/libc/Makefile.inc
@@ -40,6 +40,10 @@ libc-$(CONFIG_LP_LIBC) += coreboot.c
libc-$(CONFIG_LP_LIBC) += fmap.c
libc-$(CONFIG_LP_LIBC) += fpmath.c
+ifeq ($(CONFIG_LP_VBOOT_LIB),y)
+libc-$(CONFIG_LP_LIBC) += lp_vboot.c
+endif
+
ifeq ($(CONFIG_LP_LIBC),y)
libc-srcs += $(coreboottop)/src/commonlib/bsd/elog.c
endif
diff --git a/payloads/libpayload/libc/lp_vboot.c b/payloads/libpayload/libc/lp_vboot.c
new file mode 100644
index 000000000000..b7717c7e7894
--- /dev/null
+++ b/payloads/libpayload/libc/lp_vboot.c
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+
+#include <libpayload-config.h>
+#include <arch/virtual.h>
+#include <assert.h>
+#include <libpayload.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sysinfo.h>
+#include <vb2_api.h>
+#include <lp_vboot.h>
+
+struct vb2_context *vboot_get_context(void)
+{
+ static struct vb2_context *ctx;
+
+ if (ctx)
+ return ctx;
+
+ die_if(lib_sysinfo.vboot_workbuf == 0, "vboot workbuf pointer is not set\n");
+
+ /* Use the firmware verification workbuf from coreboot. */
+ vb2_error_t rv = vb2api_reinit(phys_to_virt(lib_sysinfo.vboot_workbuf), &ctx);
+
+ die_if(rv, "vboot workbuf could not be initialized, error: %#x\n", rv);
+
+ return ctx;
+}
diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c
index 3dc19d2e7df9..08e312a08d25 100644
--- a/payloads/libpayload/libcbfs/cbfs.c
+++ b/payloads/libpayload/libcbfs/cbfs.c
@@ -8,6 +8,7 @@
#include <commonlib/bsd/cbfs_private.h>
#include <commonlib/bsd/fmap_serialized.h>
#include <libpayload.h>
+#include <lp_vboot.h>
#include <lz4.h>
#include <lzma.h>
#include <string.h>
@@ -232,5 +233,9 @@ void *_cbfs_unverified_area_load(const char *area, const char *name, void *buf,
policy on using HW crypto. */
__weak bool cbfs_hwcrypto_allowed(void)
{
- return true;
+ /* Avoid compiling vboot calls to prevent linker errors. */
+ if (!CONFIG(LP_CBFS_VERIFICATION))
+ return true;
+
+ return vb2api_hwcrypto_allowed(vboot_get_context());
}
diff --git a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
index 25e402cca3ef..9c077279f18e 100644
--- a/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
+++ b/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c
@@ -42,6 +42,16 @@ vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size,
return VB2_ERROR_SHA_MISMATCH;
}
+bool vb2api_hwcrypto_allowed(struct vb2_context *ctx)
+{
+ return true;
+}
+
+struct vb2_context *vboot_get_context(void)
+{
+ return NULL;
+}
+
unsigned long ulzman(const unsigned char *src, unsigned long srcn, unsigned char *dst,
unsigned long dstn)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 21:21:33 +0000