smallsolar/u-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

passage: Add checks for pre-existing blobs

Browse Source 
Add checks / documentation for blobs which are already in the list. This
brings U-Boot up to the standard required by the standard-passage
documentation.

Cover-changes: 3
- Rebase to -master

Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Glass
2021-10-31 11:46:39 -06:00
parent c0b7ea993e
commit e5d59e202a
3 changed files with 378 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
board/sandbox/stdpass_check.c
View File

@@ -27,10 +27,78 @@ void check_struct_name(void)
/* __maybe_unused struct struct_name check; */
}
/* BLOBLISTT_CONTROL_DTB */
void check_control_dtb(void)
{
/*
* Defined by devicetree specification
* https://github.com/devicetree-org/devicetree-specification/releases/tag/v0.3
*/
};
/* BLOBLISTT_ACPI_GNVS */
#include <intel_gnvs.h>
void check_acpi_gnvs(void)
{
__maybe_unused struct acpi_global_nvs check;
}
/* BLOBLISTT_INTEL_VBT */
void check_intel_vbt(void)
{
/*
* Pre-existing Intel blob, defined by source code
*
* https://github.com/freedesktop/xorg-intel-gpu-tools/blob/master/tools/intel_vbt_defs.h
* https://github.com/freedesktop/xorg-intel-gpu-tools/blob/master/tools/intel_vbt_decode.c
*/
}
/* BLOBLISTT_TPM2_TCG_LOG */
#include <stdpass/tpm2_eventlog.h>
void check_tpm2_tcg_log(void)
{
/* Struct for each record */
__maybe_unused struct tpm2_eventlog_context check;
}
/* BLOBLISTT_TCPA_LOG */
#include <acpi/acpi_table.h>
void check_tcpa_log(void)
{
__maybe_unused struct acpi_tcpa check;
};
/* BLOBLISTT_ACPI_TABLES */
void check_acpi_tables(void)
{
/*
* Defined by UEFI Advanced Configuration and Power Interface (ACPI)
* Specification, Version 6.3, January 2019
* https://uefi.org/sites/default/files/resources/ACPI_6_3_final_Jan30.pdf
*/
}
/* BLOBLISTT_SMBIOS_TABLES */
void check_smbios_tables(void)
{
/*
* Defined by System Management BIOS (SMBIOS) Reference Specification
* v3.5.0
* https://www.dmtf.org/standards/smbios
*/
}
/* BLOBLISTT_VBOOT_CTX */
#include <stdpass/vboot_ctx.h>
void check_vboot_ctx(void)
{
__maybe_unused struct vb2_shared_data check;
}
/* BLOBLISTT_U_BOOT_SPL_HANDOFF */
#include <handoff.h>
void check_spl_handoff(void)
{
__maybe_unused struct spl_handoff check;
};

42
include/stdpass/tpm2_eventlog.h Normal file
View File

@@ -0,0 +1,42 @@
/* SPDX-License-Identifier: BSD-3-Clause */
/* taken from https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_tpm2_types.h */
#define TPM2_MAX_PCRS 32
/* Hash algorithm sizes */
#define TPM2_SHA_DIGEST_SIZE 20
#define TPM2_SHA1_DIGEST_SIZE 20
#define TPM2_SHA256_DIGEST_SIZE 32
#define TPM2_SHA384_DIGEST_SIZE 48
#define TPM2_SHA512_DIGEST_SIZE 64
#define TPM2_SM3_256_DIGEST_SIZE 32
/* taken from https://github.com/tpm2-software/tpm2-tools/blob/master/lib/tpm2_eventlog.h#L14 */
typedef bool (*digest2_callback)(void const *digest, size_t size, void *data);
typedef bool (*event2_callback)(void const *event_hdr, size_t size, void *data);
typedef bool (*event2data_callback)(void const *event, u32 type, void *data,
u32 eventlog_version);
typedef bool (*specid_callback)(void const *event, void *data);
typedef bool (*log_event_callback)(void const *event_hdr, size_t size,
void *data);
struct tpm2_eventlog_context {
void *data;
specid_callback specid_cb;
log_event_callback log_eventhdr_cb;
event2_callback event2hdr_cb;
digest2_callback digest2_cb;
event2data_callback event2_cb;
u32 sha1_used;
u32 sha256_used;
u32 sha384_used;
u32 sha512_used;
u32 sm3_256_used;
u8 sha1_pcrs[TPM2_MAX_PCRS][TPM2_SHA1_DIGEST_SIZE];
u8 sha256_pcrs[TPM2_MAX_PCRS][TPM2_SHA256_DIGEST_SIZE];
u8 sha384_pcrs[TPM2_MAX_PCRS][TPM2_SHA384_DIGEST_SIZE];
u8 sha512_pcrs[TPM2_MAX_PCRS][TPM2_SHA512_DIGEST_SIZE];
u8 sm3_256_pcrs[TPM2_MAX_PCRS][TPM2_SM3_256_DIGEST_SIZE];
u32 eventlog_version;
};

267
include/stdpass/vboot_ctx.h Normal file
View File

@@ -0,0 +1,267 @@
/* SPDX-License-Identifier: BSD-3-Clause */
/*
* Taken from https://chromium.googlesource.com/chromiumos/platform/vboot
*
* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
/*
* Size of non-volatile data used by vboot.
*
* If you only support non-volatile data format V1, then use VB2_NVDATA_SIZE.
* If you support V2, use VB2_NVDATA_SIZE_V2 and set context flag
* VB2_CONTEXT_NVDATA_V2.
*/
#define VB2_NVDATA_SIZE 16
#define VB2_NVDATA_SIZE_V2 64
/* Size of secure data spaces used by vboot */
#define VB2_SECDATA_FIRMWARE_SIZE 10
#define VB2_SECDATA_KERNEL_SIZE_V02 13
#define VB2_SECDATA_KERNEL_SIZE_V10 40
#define VB2_SECDATA_KERNEL_MIN_SIZE 13
#define VB2_SECDATA_KERNEL_MAX_SIZE 64
#define VB2_SECDATA_FWMP_MIN_SIZE 40
#define VB2_SECDATA_FWMP_MAX_SIZE 64
/* Helper for aligning fields in vb2_context. */
#define VB2_PAD_STRUCT3(size, align, count) \
u8 _pad##count[align - (((size - 1) % align) + 1)]
#define VB2_PAD_STRUCT2(size, align, count) VB2_PAD_STRUCT3(size, align, count)
#define VB2_PAD_STRUCT(size, align) VB2_PAD_STRUCT2(size, align, __COUNTER__)
/* MAX_SIZE should not be changed without bumping up DATA_VERSION_MAJOR. */
#define VB2_CONTEXT_MAX_SIZE 384
/*
* Context for firmware verification. Pass this to all vboot APIs.
*
* Context is stored as part of vb2_shared_data, initialized with vb2api_init().
* Subsequent retrieval of the context object should be done by calling
* vb2api_reinit(), e.g. if switching firmware applications.
*
* The context struct can be seen as the "publicly accessible" portion of
* vb2_shared_data, and thus does not require its own magic and version fields.
*/
struct vb2_context {
/**********************************************************************
* Fields caller must initialize before calling any API functions.
*/
/*
* Flags; see vb2_context_flags. Some flags may only be set by caller
* prior to calling vboot functions.
*/
u64 flags;
/*
* Non-volatile data. Caller must fill this from some non-volatile
* location before calling vb2api_fw_phase1. If the
* VB2_CONTEXT_NVDATA_CHANGED flag is set when a vb2api function
* returns, caller must save the data back to the non-volatile location
* and then clear the flag.
*/
u8 nvdata[VB2_NVDATA_SIZE_V2];
VB2_PAD_STRUCT(VB2_NVDATA_SIZE_V2, 8);
/*
* Secure data for firmware verification stage. Caller must fill this
* from some secure non-volatile location before calling
* vb2api_fw_phase1. If the VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED flag
* is set when a function returns, caller must save the data back to the
* secure non-volatile location and then clear the flag.
*/
u8 secdata_firmware[VB2_SECDATA_FIRMWARE_SIZE];
VB2_PAD_STRUCT(VB2_SECDATA_FIRMWARE_SIZE, 8);
/**********************************************************************
* Fields caller must initialize before calling vb2api_kernel_phase1().
*/
/*
* Secure data for kernel verification stage. Caller must fill this
* from some secure non-volatile location before calling
* vb2api_kernel_phase1. If the VB2_CONTEXT_SECDATA_KERNEL_CHANGED
* flag is set when a function returns, caller must save the data back
* to the secure non-volatile location and then clear the flag.
*/
u8 secdata_kernel[VB2_SECDATA_KERNEL_MAX_SIZE];
VB2_PAD_STRUCT(VB2_SECDATA_KERNEL_MAX_SIZE, 8);
/*
* Firmware management parameters (FWMP) secure data. Caller must fill
* this from some secure non-volatile location before calling
* vb2api_kernel_phase1. Since FWMP is a variable-size space, caller
* should initially fill in VB2_SECDATA_FWMP_MIN_SIZE bytes, and call
* vb2_secdata_fwmp_check() to see whether more should be read. If the
* VB2_CONTEXT_SECDATA_FWMP_CHANGED flag is set when a function
* returns, caller must save the data back to the secure non-volatile
* location and then clear the flag.
*/
u8 secdata_fwmp[VB2_SECDATA_FWMP_MAX_SIZE];
VB2_PAD_STRUCT(VB2_SECDATA_FWMP_MAX_SIZE, 8);
/*
* Context pointer for use by caller. Verified boot never looks at
* this. Put context here if you need it for APIs that verified boot
* may call (vb2ex_...() functions).
*/
void *non_vboot_context;
};
/*
* Data shared between vboot API calls. Stored at the start of the work
* buffer.
*/
struct vb2_shared_data {
/* Magic number for struct (VB2_SHARED_DATA_MAGIC) */
u32 magic;
/* Version of this structure */
u16 struct_version_major;
u16 struct_version_minor;
/* Public fields are stored in the context object */
struct vb2_context ctx;
/* Padding for adding future vb2_context fields */
u8 padding[VB2_CONTEXT_MAX_SIZE - sizeof(struct vb2_context)];
/* Work buffer length in bytes. */
u32 workbuf_size;
/*
* Amount of work buffer used so far. Verified boot sub-calls use
* this to know where the unused work area starts.
*/
u32 workbuf_used;
/* Flags; see enum vb2_shared_data_flags */
u32 flags;
/*
* Reason we are in recovery mode this boot (enum vb2_nv_recovery), or
* 0 if we aren't.
*/
u32 recovery_reason;
/* Firmware slot used last boot (0=A, 1=B) */
u32 last_fw_slot;
/* Result of last boot (enum vb2_fw_result) */
u32 last_fw_result;
/* Firmware slot used this boot */
u32 fw_slot;
/*
* Version for this slot (top 16 bits = key, lower 16 bits = firmware).
*
* TODO: Make this a union to allow getting/setting those versions
* separately?
*/
u32 fw_version;
/* Version from secdata_firmware (must be <= fw_version to boot). */
u32 fw_version_secdata;
/*
* Status flags for this boot; see enum vb2_shared_data_status. Status
* is "what we've done"; flags above are "decisions we've made".
*/
u32 status;
/* Offset from start of this struct to GBB header */
u32 gbb_offset;
/**********************************************************************
* Data from kernel verification stage.
*
* TODO: shouldn't be part of the main struct, since that needlessly
* uses more memory during firmware verification.
*/
/*
* Version for the current kernel (top 16 bits = key, lower 16 bits =
* kernel preamble).
*
* TODO: Make this a union to allow getting/setting those versions
* separately?
*/
u32 kernel_version;
/* Version from secdata_kernel (must be <= kernel_version to boot) */
u32 kernel_version_secdata;
/**********************************************************************
* Temporary variables used during firmware verification. These don't
* really need to persist through to the OS, but there's nowhere else
* we can put them.
*/
/* Offset of preamble from start of vblock */
u32 vblock_preamble_offset;
/*
* Offset and size of packed data key in work buffer. Size is 0 if
* data key is not stored in the work buffer.
*/
u32 data_key_offset;
u32 data_key_size;
/*
* Offset and size of firmware preamble in work buffer. Size is 0 if
* preamble is not stored in the work buffer.
*/
u32 preamble_offset;
u32 preamble_size;
/*
* Offset and size of hash context in work buffer. Size is 0 if
* hash context is not stored in the work buffer.
*/
u32 hash_offset;
u32 hash_size;
/*
* Current tag we're hashing
*
* For new structs, this is the offset of the vb2_signature struct
* in the work buffer.
*
* TODO: rename to hash_sig_offset when vboot1 structs are deprecated.
*/
u32 hash_tag;
/* Amount of data we still expect to hash */
u32 hash_remaining_size;
/**********************************************************************
* Temporary variables used during kernel verification. These don't
* really need to persist through to the OS, but there's nowhere else
* we can put them.
*
* TODO: make a union with the firmware verification temp variables,
* or make both of them workbuf-allocated sub-structs, so that we can
* overlap them so kernel variables don't bloat firmware verification
* stage memory requirements.
*/
/*
* Formerly a pointer to vboot1 shared data header ("VBSD"). Caller
* may now export a copy of VBSD via vb2api_export_vbsd().
* TODO: Remove this field and bump struct_version_major.
*/
uintptr_t reserved0;
/*
* Offset and size of packed kernel key in work buffer. Size is 0 if
* subkey is not stored in the work buffer. Note that kernel key may
* be inside the firmware preamble.
*/
u32 kernel_key_offset;
u32 kernel_key_size;
} __packed;