src/ec/google/chromeec/vboot_storage.c

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2
   3 #include <assert.h>
   4 #include <console/console.h>
   5 #include <ec/google/chromeec/ec.h>
   6 #include <security/vboot/vboot_common.h>
   7
   8 #define VBOOT_HASH_VSLOT 0
   9 #define VBOOT_HASH_VSLOT_MASK (1 << (VBOOT_HASH_VSLOT))
  10
  11 int vboot_save_hash(void *digest, size_t digest_size)
  12 {
  13         const int slot = VBOOT_HASH_VSLOT;
  14         uint32_t lock_status;
  15         int num_slots;
  16
  17         /* Ensure the digests being saved does not exceed the EC's slot size. */
  18         assert(digest_size > 0 && digest_size <= EC_VSTORE_SLOT_SIZE);
  19
  20         if (google_chromeec_vstore_write(slot, digest, digest_size))
  21                 return -1;
  22
  23         /* Assert the slot is locked on successful write. */
  24         num_slots = google_chromeec_vstore_info(&lock_status);
  25
  26         /* Normalize to be 0 based. If num_slots returned 0 then it'll be -1. */
  27         num_slots--;
  28
  29         if (num_slots < slot) {
  30                 printk(BIOS_ERR, "Not enough vstore slots for vboot hash: %d\n",
  31                         num_slots + 1);
  32                 return -1;
  33         }
  34
  35         if ((lock_status & VBOOT_HASH_VSLOT_MASK) == 0) {
  36                 printk(BIOS_ERR, "Vstore slot not locked after write.\n");
  37                 return -1;
  38         }
  39
  40         return 0;
  41 }
  42
  43 int vboot_retrieve_hash(void *digest, size_t digest_size)
  44 {
  45         /* Ensure the digests being saved match the EC's slot size. */
  46         assert(digest_size == EC_VSTORE_SLOT_SIZE);
  47
  48         return google_chromeec_vstore_read(VBOOT_HASH_VSLOT, digest);
  49 }