1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 3 #include <assert.h> 4 #include <metadata_hash.h> 5 #include <security/vboot/misc.h> 6 #include <symbols.h> 7 8 #if !CONFIG(COMPRESS_BOOTBLOCK) || ENV_DECOMPRESSOR 9 __attribute__((used, section(".metadata_hash_anchor"))) 10 static struct metadata_hash_anchor metadata_hash_anchor = { 11 /* This is the only place in all of coreboot where we actually need to use this. */ 12 .magic = DO_NOT_USE_METADATA_HASH_ANCHOR_MAGIC_DO_NOT_USE, 13 .cbfs_hash = { .algo = CONFIG_CBFS_HASH_ALGO } 14 }; 15 get_anchor(void)16static struct metadata_hash_anchor *get_anchor(void) 17 { 18 return &metadata_hash_anchor; 19 } 20 metadata_hash_export_anchor(void)21void *metadata_hash_export_anchor(void) 22 { 23 return get_anchor(); 24 } 25 #else 26 static struct metadata_hash_anchor *anchor_ptr = NULL; 27 get_anchor(void)28static struct metadata_hash_anchor *get_anchor(void) 29 { 30 assert(anchor_ptr != NULL); 31 return anchor_ptr; 32 } 33 metadata_hash_import_anchor(void * ptr)34void metadata_hash_import_anchor(void *ptr) 35 { 36 anchor_ptr = ptr; 37 } 38 #endif 39 metadata_hash_get(void)40struct vb2_hash *metadata_hash_get(void) 41 { 42 return &get_anchor()->cbfs_hash; 43 } 44 metadata_hash_verify_fmap(const void * fmap_buffer,size_t fmap_size)45vb2_error_t metadata_hash_verify_fmap(const void *fmap_buffer, size_t fmap_size) 46 { 47 struct vb2_hash hash = { .algo = get_anchor()->cbfs_hash.algo }; 48 memcpy(hash.raw, metadata_hash_anchor_fmap_hash(get_anchor()), 49 vb2_digest_size(hash.algo)); 50 return vb2_hash_verify(vboot_hwcrypto_allowed(), fmap_buffer, fmap_size, &hash); 51 } 52