xref: /aosp_15_r20/external/coreboot/src/soc/amd/phoenix/psp_verstage/chipset.c (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c)

/* SPDX-License-Identifier: GPL-2.0-only */

#include "2api.h"
#include <arch/hlt.h>
#include <bl_uapp/bl_errorcodes_public.h>
#include <bl_uapp/bl_syscall_public.h>
#include <boot_device.h>
#include <cbfs.h>
#include <console/console.h>
#include <psp_verstage.h>
#include <security/vboot/misc.h>
#include <security/vboot/vbnv.h>

#define PSP_FW_HASH_FILE_NAME(slot, id) "apu/amdfw_" slot "_hash" id
/*
 * We can't pass pointer to hash table in the SPI.
 * The AMD PSP team specifically required that whole hash table
 * should be copied into memory before passing them to the PSP
 * to reduce window of TOCTOU.
 */
#define MAX_NUM_HASH_ENTRIES 64
static struct psp_fw_hash_table hash_table;
static struct psp_fw_entry_hash_256 hash_256[MAX_NUM_HASH_ENTRIES];
static struct psp_fw_entry_hash_384 hash_384[MAX_NUM_HASH_ENTRIES];

static struct psp_fw_hash_table_v2 hash_table_v2;
static struct psp_fw_entry_hash_256_v2 hash_256_v2[MAX_NUM_HASH_ENTRIES];
static struct psp_fw_entry_hash_384_v2 hash_384_v2[MAX_NUM_HASH_ENTRIES];

static void update_one_psp_fw_hash_table_v1(enum verstage_cmd_id cmd, uint8_t *spi_ptr)
{
	uint32_t len;

	memcpy(&hash_table, spi_ptr, offsetof(struct psp_fw_hash_table, fw_hash_256));

	if (hash_table.no_of_entries_256 > MAX_NUM_HASH_ENTRIES ||
			hash_table.no_of_entries_384 > MAX_NUM_HASH_ENTRIES) {
		printk(BIOS_ERR, "Too many entries in AMD Firmware hash table"
				 " (SHA256:%d, SHA384:%d)\n", hash_table.no_of_entries_256,
				 hash_table.no_of_entries_384);
		return;
	}

	if (hash_table.no_of_entries_256 == 0 && hash_table.no_of_entries_384 == 0) {
		printk(BIOS_ERR, "No entries in AMD Firmware hash table"
				 " (SHA256:%d, SHA384:%d)\n", hash_table.no_of_entries_256,
				 hash_table.no_of_entries_384);
		return;
	}

	spi_ptr += offsetof(struct psp_fw_hash_table, fw_hash_256);

	hash_table.fw_hash_256 = hash_256;
	hash_table.fw_hash_384 = hash_384;
	len = sizeof(struct psp_fw_entry_hash_256) * hash_table.no_of_entries_256;
	memcpy(hash_256, spi_ptr, len);

	spi_ptr += len;
	len = sizeof(struct psp_fw_entry_hash_384) * hash_table.no_of_entries_384;
	memcpy(hash_384, spi_ptr, len);

	svc_set_fw_hash_table(cmd, &hash_table);
}

static void update_one_psp_fw_hash_table_v2(enum verstage_cmd_id cmd, uint8_t *spi_ptr)
{
	uint32_t len;

	memcpy(&hash_table_v2, spi_ptr, offsetof(struct psp_fw_hash_table_v2, fw_hash_256));

	if (hash_table_v2.no_of_entries_256 > MAX_NUM_HASH_ENTRIES ||
			hash_table_v2.no_of_entries_384 > MAX_NUM_HASH_ENTRIES) {
		printk(BIOS_ERR, "Too many entries in AMD Firmware hash table"
				 " (SHA256:%d, SHA384:%d)\n", hash_table_v2.no_of_entries_256,
				 hash_table_v2.no_of_entries_384);
		return;
	}

	if (hash_table_v2.no_of_entries_256 == 0 && hash_table_v2.no_of_entries_384 == 0) {
		printk(BIOS_ERR, "No entries in AMD Firmware hash table"
				 " (SHA256:%d, SHA384:%d)\n", hash_table_v2.no_of_entries_256,
				 hash_table_v2.no_of_entries_384);
		return;
	}

	spi_ptr += offsetof(struct psp_fw_hash_table_v2, fw_hash_256);

	hash_table_v2.fw_hash_256 = hash_256_v2;
	hash_table_v2.fw_hash_384 = hash_384_v2;
	len = sizeof(struct psp_fw_entry_hash_256_v2) * hash_table_v2.no_of_entries_256;
	memcpy(hash_256_v2, spi_ptr, len);

	spi_ptr += len;
	len = sizeof(struct psp_fw_entry_hash_384_v2) * hash_table_v2.no_of_entries_384;
	memcpy(hash_384_v2, spi_ptr, len);

	svc_set_fw_hash_table(cmd, &hash_table_v2);
}

static void update_one_psp_fw_hash_table(enum verstage_cmd_id cmd, const char *fname)
{
	void *hash_file = cbfs_map(fname, NULL);
	uint16_t version;

	if (!hash_file) {
		printk(BIOS_ERR, "AMD Firmware hash table %s not found\n", fname);
		/*
		 * If we don't supply hash table, the PSP will refuse to boot.
		 * So returning here is safe to do.
		 */
		return;
	}

	memcpy(&version, hash_file, sizeof(version));
	assert(version <= 2);
	switch (version) {
	case 1:
		update_one_psp_fw_hash_table_v1(cmd, hash_file);
		break;
	case 2:
		update_one_psp_fw_hash_table_v2(cmd, hash_file);
		break;
	default:
		printk(BIOS_ERR, "%s: Unexpected version %d\n", __func__, version);
	}
	cbfs_unmap(hash_file);
	rdev_munmap(boot_device_ro(), hash_file);
}

void update_psp_fw_hash_tables(void)
{
	struct vb2_context *ctx = vboot_get_context();

	if (vboot_is_firmware_slot_a(ctx)) {
		update_one_psp_fw_hash_table(CMD_SET_FW_HASH_TABLE_STAGE1,
					     PSP_FW_HASH_FILE_NAME("a", ""));
		update_one_psp_fw_hash_table(CMD_SET_FW_HASH_TABLE_STAGE2,
					     PSP_FW_HASH_FILE_NAME("a", "1"));
		update_one_psp_fw_hash_table(CMD_SET_FW_HASH_TABLE_TOS,
					     PSP_FW_HASH_FILE_NAME("a", "2"));
	} else {
		update_one_psp_fw_hash_table(CMD_SET_FW_HASH_TABLE_STAGE1,
					     PSP_FW_HASH_FILE_NAME("b", ""));
		update_one_psp_fw_hash_table(CMD_SET_FW_HASH_TABLE_STAGE2,
					     PSP_FW_HASH_FILE_NAME("b", "1"));
		update_one_psp_fw_hash_table(CMD_SET_FW_HASH_TABLE_TOS,
					     PSP_FW_HASH_FILE_NAME("b", "2"));
	}
}

uint32_t update_psp_bios_dir(uint32_t *psp_dir_offset, uint32_t *bios_dir_offset)
{
	return svc_update_psp_bios_dir(psp_dir_offset, bios_dir_offset);
}

uint32_t save_uapp_data(void *address, uint32_t size)
{
	return svc_save_uapp_data(address, size);
}

uint32_t get_bios_dir_addr(struct embedded_firmware *ef_table)
{
	return 0;
}

int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
			struct sha_generic_data *sha_op)
{
	if (hash_alg == VB2_HASH_SHA256) {
		sha_op->SHAType = SHA_TYPE_256;
		sha_op->DigestLen = 32;
	} else if (hash_alg == VB2_HASH_SHA384) {
		sha_op->SHAType = SHA_TYPE_384;
		sha_op->DigestLen = 48;
	} else {
		return -1;
	}
	return 0;
}

void platform_report_mode(int developer_mode_enabled)
{
	printk(BIOS_INFO, "Reporting %s mode\n",
	       developer_mode_enabled ? "Developer" : "Normal");
	if (developer_mode_enabled)
		svc_set_platform_boot_mode(CHROME_BOOK_BOOT_MODE_DEVELOPER);
	else
		svc_set_platform_boot_mode(CHROME_BOOK_BOOT_MODE_NORMAL);
}

void report_prev_boot_status_to_vboot(void)
{
	uint32_t boot_status = 0;
	int ret;
	struct vb2_context *ctx = vboot_get_context();

	/* Already in recovery mode. No need to report previous boot status. */
	if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
		return;

	ret = svc_get_prev_boot_status(&boot_status);
	if (ret != BL_OK || boot_status) {
		printk(BIOS_ERR, "PSPFW failure in previous boot: %d:%#8x\n", ret, boot_status);
		vbnv_init();
		vb2api_previous_boot_fail(ctx, VB2_RECOVERY_FW_VENDOR_BLOB,
					  boot_status ? (int)boot_status : ret);
	}
}

void report_hsp_secure_state(void)
{
	uint32_t hsp_secure_state;
	int ret;

	ret = svc_get_hsp_secure_state(&hsp_secure_state);
	if (ret != BL_OK) {
		printk(BIOS_ERR, "Error reading HSP Secure state: %d\n", ret);
		hlt();
	}

	printk(BIOS_INFO, "HSP Secure state: %#8x\n", hsp_secure_state);
}