1  /* SPDX-License-Identifier: BSD-3-Clause */
  2  
  3  #include <libpayload-config.h>
  4  #include <arch/virtual.h>
  5  #include <assert.h>
  6  #include <cbfs.h>
  7  #include <cbfs_glue.h>
  8  #include <commonlib/bsd/cbfs_private.h>
  9  #include <commonlib/bsd/fmap_serialized.h>
 10  #include <libpayload.h>
 11  #include <lp_vboot.h>
 12  #include <lz4.h>
 13  #include <lzma.h>
 14  #include <string.h>
 15  #include <sysinfo.h>
 16  
 17  
 18  static const struct cbfs_boot_device *cbfs_get_boot_device(bool force_ro)
 19  {
 20  	static struct cbfs_boot_device ro;
 21  	static struct cbfs_boot_device rw;
 22  
 23  	if (!force_ro) {
 24  		if (!rw.dev.size) {
 25  			rw.dev.offset = lib_sysinfo.cbfs_offset;
 26  			rw.dev.size = lib_sysinfo.cbfs_size;
 27  			rw.mcache = phys_to_virt(lib_sysinfo.cbfs_rw_mcache_offset);
 28  			rw.mcache_size = lib_sysinfo.cbfs_rw_mcache_size;
 29  		}
 30  		return &rw;
 31  	}
 32  
 33  	if (ro.dev.size)
 34  		return &ro;
 35  
 36  	if (fmap_locate_area("COREBOOT", &ro.dev.offset, &ro.dev.size))
 37  		return NULL;
 38  
 39  	ro.mcache = phys_to_virt(lib_sysinfo.cbfs_ro_mcache_offset);
 40  	ro.mcache_size = lib_sysinfo.cbfs_ro_mcache_size;
 41  
 42  	return &ro;
 43  }
 44  
 45  ssize_t _cbfs_boot_lookup(const char *name, bool force_ro, union cbfs_mdata *mdata)
 46  {
 47  	const struct cbfs_boot_device *cbd = cbfs_get_boot_device(force_ro);
 48  	if (!cbd)
 49  		return CB_ERR;
 50  
 51  	size_t data_offset;
 52  	enum cb_err err = CB_CBFS_CACHE_FULL;
 53  	if (cbd->mcache_size)
 54  		err = cbfs_mcache_lookup(cbd->mcache, cbd->mcache_size, name, mdata,
 55  					 &data_offset);
 56  
 57  	if (err == CB_CBFS_CACHE_FULL)
 58  		err = cbfs_lookup(&cbd->dev, name, mdata, &data_offset, NULL);
 59  
 60  	/* Fallback to RO if possible. */
 61  	if (CONFIG(LP_ENABLE_CBFS_FALLBACK) && !force_ro && err == CB_CBFS_NOT_FOUND) {
 62  		LOG("Fall back to RO region for '%s'\n", name);
 63  		return _cbfs_boot_lookup(name, true, mdata);
 64  	}
 65  
 66  	if (err) {
 67  		if (err == CB_CBFS_NOT_FOUND)
 68  			LOG("'%s' not found.\n", name);
 69  		else
 70  			ERROR("Error %d when looking up '%s'\n", err, name);
 71  		return err;
 72  	}
 73  
 74  	return cbd->dev.offset + data_offset;
 75  }
 76  
 77  void cbfs_unmap(void *mapping)
 78  {
 79  	free(mapping);
 80  }
 81  
 82  static bool cbfs_file_hash_mismatch(const void *buffer, size_t size,
 83  				    const union cbfs_mdata *mdata, bool skip_verification)
 84  {
 85  	if (!CONFIG(LP_CBFS_VERIFICATION) || skip_verification)
 86  		return false;
 87  
 88  	const struct vb2_hash *hash = cbfs_file_hash(mdata);
 89  	if (!hash) {
 90  		ERROR("'%s' does not have a file hash!\n", mdata->h.filename);
 91  		return true;
 92  	}
 93  	vb2_error_t rv = vb2_hash_verify(cbfs_hwcrypto_allowed(), buffer, size, hash);
 94  	if (rv != VB2_SUCCESS) {
 95  		ERROR("'%s' file hash mismatch!\n", mdata->h.filename);
 96  		if (CONFIG(LP_VBOOT_CBFS_INTEGRATION) && !vboot_recovery_mode_enabled())
 97  			vboot_fail_and_reboot(vboot_get_context(), VB2_RECOVERY_FW_BODY, rv);
 98  		return true;
 99  	}
100  
101  	return false;
102  }
103  
104  static size_t cbfs_load_and_decompress(size_t offset, size_t in_size, void *buffer,
105  				       size_t buffer_size, uint32_t compression,
106  				       const union cbfs_mdata *mdata, bool skip_verification)
107  {
108  	void *load = buffer;
109  	size_t out_size = 0;
110  
111  	DEBUG("Decompressing %zu bytes from '%s' to %p with algo %d\n", in_size,
112  	      mdata->h.filename, buffer, compression);
113  
114  	if (compression != CBFS_COMPRESS_NONE) {
115  		load = malloc(in_size);
116  		if (!load) {
117  			ERROR("'%s' buffer allocation failed\n", mdata->h.filename);
118  			return 0;
119  		}
120  	}
121  
122  	if (boot_device_read(load, offset, in_size) != in_size) {
123  		ERROR("'%s' failed to read contents of file\n", mdata->h.filename);
124  		goto out;
125  	}
126  
127  	if (cbfs_file_hash_mismatch(load, in_size, mdata, skip_verification))
128  		goto out;
129  
130  	switch (compression) {
131  	case CBFS_COMPRESS_NONE:
132  		out_size = in_size;
133  		break;
134  	case CBFS_COMPRESS_LZ4:
135  		if (!CONFIG(LP_LZ4))
136  			goto out;
137  		out_size = ulz4fn(load, in_size, buffer, buffer_size);
138  		break;
139  	case CBFS_COMPRESS_LZMA:
140  		if (!CONFIG(LP_LZMA))
141  			goto out;
142  		out_size = ulzman(load, in_size, buffer, buffer_size);
143  		break;
144  	default:
145  		ERROR("'%s' decompression algo %d not supported\n", mdata->h.filename,
146  		      compression);
147  	}
148  out:
149  	if (load != buffer)
150  		free(load);
151  	return out_size;
152  }
153  
154  static void *do_load(union cbfs_mdata *mdata, ssize_t offset, void *buf, size_t *size_inout,
155  		     bool skip_verification)
156  {
157  	bool malloced = false;
158  	size_t buf_size = 0;
159  	size_t out_size;
160  	uint32_t compression = CBFS_COMPRESS_NONE;
161  	const struct cbfs_file_attr_compression *cattr =
162  		cbfs_find_attr(mdata, CBFS_FILE_ATTR_TAG_COMPRESSION, sizeof(*cattr));
163  	if (cattr) {
164  		compression = be32toh(cattr->compression);
165  		out_size = be32toh(cattr->decompressed_size);
166  	} else {
167  		out_size = be32toh(mdata->h.len);
168  	}
169  
170  	if (size_inout) {
171  		buf_size = *size_inout;
172  		*size_inout = out_size;
173  	}
174  
175  	if (buf) {
176  		if (!size_inout || buf_size < out_size) {
177  			ERROR("'%s' buffer too small\n", mdata->h.filename);
178  			return NULL;
179  		}
180  	} else {
181  		buf = malloc(out_size);
182  		if (!buf) {
183  			ERROR("'%s' allocation failure\n", mdata->h.filename);
184  			return NULL;
185  		}
186  		malloced = true;
187  	}
188  
189  	if (cbfs_load_and_decompress(offset, be32toh(mdata->h.len), buf, out_size, compression,
190  				     mdata, skip_verification)
191  	    != out_size) {
192  		if (malloced)
193  			free(buf);
194  		return NULL;
195  	}
196  
197  	return buf;
198  }
199  
200  void *_cbfs_load(const char *name, void *buf, size_t *size_inout, bool force_ro)
201  {
202  	ssize_t offset;
203  	union cbfs_mdata mdata;
204  
205  	DEBUG("%s(name='%s', buf=%p, force_ro=%s)\n", __func__, name, buf,
206  	      force_ro ? "true" : "false");
207  
208  	offset = _cbfs_boot_lookup(name, force_ro, &mdata);
209  	if (offset < 0)
210  		return NULL;
211  
212  	return do_load(&mdata, offset, buf, size_inout, false);
213  }
214  
215  void *_cbfs_unverified_area_load(const char *area, const char *name, void *buf,
216  				 size_t *size_inout)
217  {
218  	struct cbfs_dev dev;
219  	union cbfs_mdata mdata;
220  	size_t data_offset;
221  
222  	DEBUG("%s(area='%s', name='%s', buf=%p)\n", __func__, area, name, buf);
223  
224  	if (fmap_locate_area(area, &dev.offset, &dev.size) != CB_SUCCESS)
225  		return NULL;
226  
227  	if (cbfs_lookup(&dev, name, &mdata, &data_offset, NULL)) {
228  		ERROR("'%s' not found in '%s'\n", name, area);
229  		return NULL;
230  	}
231  
232  	return do_load(&mdata, dev.offset + data_offset, buf, size_inout, true);
233  }
234  
235  /* This should be overridden by payloads that want to enforce more explicit
236     policy on using HW crypto. */
237  __weak bool cbfs_hwcrypto_allowed(void)
238  {
239  	/* Avoid compiling vboot calls to prevent linker errors. */
240  	if (!CONFIG(LP_CBFS_VERIFICATION))
241  		return true;
242  
243  	return vb2api_hwcrypto_allowed(vboot_get_context());
244  }