/* SPDX-License-Identifier: GPL-2.0-only */

#ifndef _CBFS_GLUE_H_
#define _CBFS_GLUE_H_

#include <commonlib/region.h>
#include <console/console.h>
#include <security/vboot/misc.h>

/*
 * This flag prevents linking hashing functions into stages where they're not required. We don't
 * need them at all if verification is disabled. If verification is enabled without TOCTOU
 * safety, we only need to verify the metadata hash in the initial stage and can assume it stays
 * valid in later stages. If TOCTOU safety is required, we may need them in every stage to
 * reverify metadata that had to be reloaded from flash (e.g. because it didn't fit the mcache).
 * Moreover, if VBOOT_CBFS_INTEGRATION and verification are both enabled, then hashing functions
 * are required during verification stage.
 * Note that this only concerns metadata hashing -- file access functions may still link hashing
 * routines independently for file data hashing.
 */
#define CBFS_ENABLE_HASHING (CONFIG(CBFS_VERIFICATION) && \
			     (CONFIG(TOCTOU_SAFETY) || ENV_INITIAL_STAGE || \
			      (CONFIG(VBOOT_CBFS_INTEGRATION) && \
				(verification_should_run() || \
				 (verstage_should_load() && \
				  CONFIG(VBOOT_RETURN_FROM_VERSTAGE))))))
#define CBFS_HASH_HWCRYPTO vboot_hwcrypto_allowed()

#define ERROR(...) printk(BIOS_ERR, "CBFS ERROR: " __VA_ARGS__)
#define LOG(...) printk(BIOS_INFO, "CBFS: " __VA_ARGS__)
#define DEBUG(...) do { \
	if (CONFIG(DEBUG_CBFS)) \
		printk(BIOS_SPEW, "CBFS DEBUG: " __VA_ARGS__); \
} while (0)

typedef const struct region_device *cbfs_dev_t;

static inline ssize_t cbfs_dev_read(cbfs_dev_t dev, void *buffer, size_t offset, size_t size)
{
	return rdev_readat(dev, buffer, offset, size);
}

static inline size_t cbfs_dev_size(cbfs_dev_t dev)
{
	return region_device_sz(dev);
}

#endif	/* _CBFS_GLUE_H_ */