src/lib/metadata_hash.c

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2
   3 #include <assert.h>
   4 #include <metadata_hash.h>
   5 #include <security/vboot/misc.h>
   6 #include <symbols.h>
   7
   8 #if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR
   9 __attribute__((used, section(".metadata_hash_anchor")))
  10 static struct metadata_hash_anchor metadata_hash_anchor = {
  11         /* This is the only place in all of coreboot where we actually need to use this. */
  12         .magic = DO_NOT_USE_METADATA_HASH_ANCHOR_MAGIC_DO_NOT_USE,
  13         .cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO }
  14 };
  15
  16 static struct metadata_hash_anchor *get_anchor(void)
  17 {
  18         return &metadata_hash_anchor;
  19 }
  20
  21 void *metadata_hash_export_anchor(void)
  22 {
  23         return get_anchor();
  24 }
  25 #else
  26 static struct metadata_hash_anchor *anchor_ptr = NULL;
  27
  28 static struct metadata_hash_anchor *get_anchor(void)
  29 {
  30         assert(anchor_ptr != NULL);
  31         return anchor_ptr;
  32 }
  33
  34 void metadata_hash_import_anchor(void *ptr)
  35 {
  36         anchor_ptr = ptr;
  37 }
  38 #endif
  39
  40 struct vb2_hash *metadata_hash_get(void)
  41 {
  42         return &get_anchor()->cbfs_hash;
  43 }
  44
  45 vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size)
  46 {
  47         struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo };
  48         memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()),
  49                vb2_digest_size(hash.algo));
  50         return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash);
  51 }