Google Git
Sign in
cos / third_party / platform / vboot_reference / 91ae3a544c237655379173a8e818c1057576166b^! / .
commit91ae3a544c237655379173a8e818c1057576166b[log] [tgz]
authorJulius Werner <jwerner@chromium.org>Fri Jul 29 16:09:49 2022 -0700
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Aug 04 01:57:56 2022 +0000
tree023cb42d208d449bb3e18e48ecc0136f7e210b49
parentb671c3553d0e2a596db2dddbf8042441c11cc6ab [diff]
futility: gscvd: Allow verification ranges in SI_ALL section

Recent discussions have brought us to the conclusion that we probably
want to include the SI_DESC section on Intel mainboards in the GSCVD
verified areas, since it contains soft straps that may affect
pre-coreboot behavior. The problem is that while this section itself
generally doesn't change, it is part of the larger Intel-specific SI_ALL
section that also contains the ME code and data -- which _can_ be
overwritten, so we usually place it in the RW part of the flash. The
section is instead protected from unauthorized software access by
platform-specific mechanisms.

This patch modifies `futility gscvd` so that it will also accept
verification ranges in an SI_ALL region (if it exists), not just in
WP_RO.

BRANCH=none
BUG=none
TEST=Modified coreboot to add SI_DESC range, verified ranges on Joxer.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Iacff931f7cb34a41d3d878eee395b97ba2452c2d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3794950
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>

diff --git a/futility/cmd_gscvd.c b/futility/cmd_gscvd.c
index 57e79ef..458c754 100644
--- a/futility/cmd_gscvd.c
+++ b/futility/cmd_gscvd.c

@@ -188,9 +188,6 @@
 	    in_range(range->offset + range->size, ah))
 		return true;
 
-	ERROR("Range %#x..+%#x does not fit in %s\n", range->offset,
-	      range->size, ah->area_name);
-
 	return false;
 }
 
@@ -234,6 +231,7 @@
 {
 	size_t i;
 	FmapAreaHeader *wp_ro;
+	FmapAreaHeader *si_all;
 	int errorcount;
 
 	if (!fmap_find_by_name(file->data, file->len, NULL, "WP_RO", &wp_ro)) {
@@ -241,13 +239,24 @@
 		return 1;
 	}
 
+	/* Intel boards can have an SI_ALL region that's not in WP_RO but is
+	   protected by platform-specific mechanisms, and may still contain
+	   components that we want to protect from physical attack. */
+	if (!fmap_find_by_name(file->data, file->len, NULL, "SI_ALL", &si_all))
+		si_all = NULL;
+
 	errorcount = 0;
 	for (i = 0; i < ranges->range_count; i++) {
 		size_t j;
 
-		/* Must fit into WP_RO. */
-		if (!range_fits(ranges->ranges + i, wp_ro))
+		/* Must fit into WP_RO or SI_ALL. */
+		if (!range_fits(ranges->ranges + i, wp_ro) &&
+		    (!si_all || !range_fits(ranges->ranges + i, si_all))) {
+			ERROR("Range %#x..+%#x does not fit in WP_RO/SI_ALL\n",
+				ranges->ranges[i].offset,
+				ranges->ranges[i].size);
 			errorcount++;
+		}
 
 		/* Must not overlap with RO_GSCVD. */
 		if (range_overlaps(ranges->ranges + i,