[coreboot-gerrit] Patch set updated for coreboot: google/chromeos/vboot2: honor boot region device size

Patrick Georgi (pgeorgi@google.com) gerrit at coreboot.org
Thu Feb 4 11:23:45 CET 2016 

Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/13586

-gerrit

commit 1d3fc77268f9c05c33ec3b5911c779c6cd38467b
Author: Aaron Durbin <adurbin at chromium.org>
Date:   Wed Jan 27 14:23:17 2016 -0600

    google/chromeos/vboot2: honor boot region device size
    
    Vboot keeps track of the size of the hashed region in each
    RW slot. While that size was being used to calculate the hash
    it wasn't being honored in restricting the access within the
    FMAP region for that RW slot. To alleviate that create a sub
    region that covers the hashed data for the region in which
    we boot from while performing CBFS accesses.
    
    BUG=chrome-os-partner:49764
    BUG=chromium:445938
    BRANCH=glados
    TEST=Built and booted chell with cbfstool and dev-util patches.
    
    Change-Id: I1a4f45573a6eb8d53a63bc4b2453592664c4f78b
    Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
    Original-Commit-Id: 4ac9e84af5b632e5735736d505bb2ca6dba4ce28
    Original-Change-Id: Idca946926f5cfd2c87c4a740ad2108010b6b6973
    Original-Signed-off-by: Aaron Durbin <adurbin at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/324093
    Original-Reviewed-by: Duncan Laurie <dlaurie at chromium.org>
---
 src/vendorcode/google/chromeos/vboot2/vboot_logic.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
index 0d08d6a..fec368c 100644
--- a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
+++ b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
@@ -202,6 +202,17 @@ static int hash_body(struct vb2_context *ctx, struct region_device *fw_main)
 	if (rv)
 		return rv;
 
+	/*
+	 * Honor vboot's RW slot size. The expected size is pulled out of
+	 * the preamble and obtained through vb2api_init_hash() above. By
+	 * creating sub region the RW slot portion of the boot media is
+	 * limited.
+	 */
+	if (rdev_chain(fw_main, fw_main, 0, expected_size)) {
+		printk(BIOS_ERR, "Unable to restrict CBFS size.\n");
+		return VB2_ERROR_UNKNOWN;
+	}
+
 	/* Extend over the body */
 	while (expected_size) {
 		uint64_t temp_ts;

More information about the coreboot-gerrit mailing list