1 /* SPDX-License-Identifier: GPL-2.0-only */
5 #include <console/console.h>
8 #include <security/vboot/misc.h>
9 #include <security/vboot/symbols.h>
10 #include <security/vboot/vboot_common.h>
12 static struct vb2_context
*vboot_ctx
;
14 static void *vboot_get_workbuf(void)
19 wb
= cbmem_find(CBMEM_ID_VBOOT_WORKBUF
);
21 if (!wb
&& !CONFIG(VBOOT_STARTS_IN_ROMSTAGE
) && preram_symbols_available())
29 struct vb2_context
*vboot_get_context(void)
34 /* Return if context has already been initialized/restored. */
38 wb
= vboot_get_workbuf();
40 /* Restore context from a previous stage. */
41 if (vboot_logic_executed()) {
42 rv
= vb2api_reinit(wb
, &vboot_ctx
);
43 if (rv
!= VB2_SUCCESS
)
44 die("%s: vb2api_reinit returned %#x\n", __func__
, rv
);
48 assert(verification_should_run());
50 /* Initialize vb2_shared_data and friends. */
51 rv
= vb2api_init(wb
, VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE
, &vboot_ctx
);
52 assert(rv
== VB2_SUCCESS
);
57 int vboot_locate_firmware(struct vb2_context
*ctx
, struct region_device
*fw
)
61 if (vboot_is_firmware_slot_a(ctx
))
66 int ret
= fmap_locate_area_as_rdev(name
, fw
);
71 * Truncate area to the size that was actually signed by vboot.
72 * It is only required for old verification mechanism calculating full body hash.
73 * New verification mechanism uses signature with zero data size, so truncation
76 if (!CONFIG(VBOOT_CBFS_INTEGRATION
))
77 return rdev_chain(fw
, fw
, 0, vb2api_get_firmware_size(ctx
));
82 static void vboot_setup_cbmem(int unused
)
85 const size_t cbmem_size
= VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE
;
86 void *wb_cbmem
= cbmem_add(CBMEM_ID_VBOOT_WORKBUF
, cbmem_size
);
89 * On platforms where VBOOT_STARTS_BEFORE_BOOTBLOCK, the verification
90 * occurs before the main processor starts running. The vboot data-
91 * structure is available in the _vboot2_work memory area as soon
92 * as the main processor is released.
94 * For platforms where VBOOT_STARTS_IN_BOOTBLOCK, vboot verification
95 * occurs before CBMEM is brought online, using pre-RAM. In order to
96 * make vboot data structures available downstream, copy vboot workbuf
97 * from SRAM/CAR into CBMEM.
99 * For platforms where VBOOT_STARTS_IN_ROMSTAGE, verification occurs
100 * after CBMEM is brought online. Directly initialize vboot data
101 * structures in CBMEM, which will also be available downstream.
103 if (!CONFIG(VBOOT_STARTS_IN_ROMSTAGE
))
104 rv
= vb2api_relocate(wb_cbmem
, _vboot2_work
, cbmem_size
,
107 rv
= vb2api_init(wb_cbmem
, cbmem_size
, &vboot_ctx
);
109 assert(rv
== VB2_SUCCESS
);
111 CBMEM_CREATION_HOOK(vboot_setup_cbmem
);