Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / 8a3a35962695d5da4e3dcde3db6026c631ca2a79^! / .
commit8a3a35962695d5da4e3dcde3db6026c631ca2a79[log] [tgz]
authorJulius Werner <jwerner@chromium.org>Mon Apr 20 15:37:47 2020 -0700
committerCommit Bot <commit-bot@chromium.org>Wed Apr 22 00:04:55 2020 +0000
treef65fe725623f2eae06733b8cd1fd0b8aca461c53
parentaf0bb8ae26f9d646c485202a1bba1b56747b9ec4 [diff]
2crypto: Force exported const arrays to .rodata

Unfortunately, there is no way to define really immutable data in the C
language. Making something 'const' is just a sign, not a cop, because in
theory any code can just cast the const away. Compilers instead use
sophisticated static analysis to determine what data is never written to
by the code and put that into the .rodata (instead of .data) section.
But for externally available global variables, they cannot do that
(because the analyzer doesn't cross compilation units).

Unfortunately some platforms in coreboot really care about everything
being in .rodata (because they're accessing it in-place on flash), and
some "benign" refactoring like making a const variable externally
available can break that. There is no easy fix for that. So in this
case, let's just go for the ugly fix of forcing the offending arrays
into the right section.

BRANCH=None
BUG=None
TEST=Built SIEMENS_MC_APL2 with CB:40503 and this patch.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ife508f98e3f8ed40a4488b5fe1967d00a62f347c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2157900
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>

diff --git a/firmware/2lib/2crypto.c b/firmware/2lib/2crypto.c
index 5906301..2b55386 100644
--- a/firmware/2lib/2crypto.c
+++ b/firmware/2lib/2crypto.c

@@ -11,8 +11,14 @@
 #include "2sha.h"
 #include "2sysincludes.h"
 
-/* These two need to be exported for host/lib/crypto.c */
+/*
+ * These two need to be exported for host/lib/crypto.c, but they also need to be
+ * in .rodata to make coreboot XIP stages happy. We know they are immutable but
+ * there is no C language way to guarantee that, so we have to manually force
+ * the compiler to place them in .rodata.
+ */
 
+__attribute__((section(".rodata.vb2_sig_names")))
 const char *vb2_sig_names[VB2_SIG_ALG_COUNT] = {
 	[VB2_SIG_NONE]		= "none",
 	[VB2_SIG_RSA1024]	= "RSA1024",
@@ -23,6 +29,7 @@
 	[VB2_SIG_RSA3072_EXP3]	= "RSA3072EXP3",
 };
 
+__attribute__((section(".rodata.vb2_hash_names")))
 const char *vb2_hash_names[VB2_HASH_ALG_COUNT] = {
 	[VB2_HASH_NONE]		= "none",
 #if VB2_SUPPORT_SHA1