From 7da7f1f0b0cc365cc7ceff492e57b9ba35f56e7e Mon Sep 17 00:00:00 2001 From: Rohit Ner Date: Wed, 18 May 2022 00:55:02 -0700 Subject: [PATCH 1/5] build(stm32mp1): platform changes for verifying gpt header crc This change makes the necessary additions to makefile of platforms using partition driver. Signed-off-by: Rohit Ner Change-Id: I66f6daaa0deac984b0aa5f2a182385410189ba8a --- plat/st/stm32mp1/platform.mk | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/plat/st/stm32mp1/platform.mk b/plat/st/stm32mp1/platform.mk index 9e679899f..127e3183b 100644 --- a/plat/st/stm32mp1/platform.mk +++ b/plat/st/stm32mp1/platform.mk @@ -320,12 +320,14 @@ BL2_SOURCES += drivers/io/io_dummy.c \ plat/st/stm32mp1/stm32mp1_security.c endif -ifeq (${PSA_FWU_SUPPORT},1) include lib/zlib/zlib.mk + +ifeq (${PSA_FWU_SUPPORT},1) include drivers/fwu/fwu.mk +endif + BL2_SOURCES += $(ZLIB_SOURCES) -endif BL2_SOURCES += drivers/io/io_block.c \ drivers/io/io_mtd.c \ From 4f53bd29f9720a6a947d2f961257558b6598d266 Mon Sep 17 00:00:00 2001 From: Rohit Ner Date: Wed, 11 May 2022 03:18:31 -0700 Subject: [PATCH 2/5] build(stratix10): platform changes for verifying gpt header crc This change makes the necessary additions to makefile of platforms using partition driver. Signed-off-by: Rohit Ner Change-Id: Ie26d9e5943453ce54ee8c72c6e44170577e3afc0 --- plat/intel/soc/stratix10/platform.mk | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plat/intel/soc/stratix10/platform.mk b/plat/intel/soc/stratix10/platform.mk index 8b39b6ff8..5c0b42146 100644 --- a/plat/intel/soc/stratix10/platform.mk +++ b/plat/intel/soc/stratix10/platform.mk @@ -55,6 +55,10 @@ BL2_SOURCES += \ plat/intel/soc/common/drivers/qspi/cadence_qspi.c \ plat/intel/soc/common/drivers/wdt/watchdog.c +include lib/zlib/zlib.mk +PLAT_INCLUDES += -Ilib/zlib +BL2_SOURCES += $(ZLIB_SOURCES) + BL31_SOURCES += \ drivers/arm/cci/cci.c \ lib/cpus/aarch64/aem_generic.S \ From 7a756a57179414b92498717d92217defd1d2ae11 Mon Sep 17 00:00:00 2001 From: Rohit Ner Date: Wed, 11 May 2022 03:15:40 -0700 Subject: [PATCH 3/5] build(agilex): platform changes for verifying gpt header crc This change makes the necessary additions to makefile of platforms using partition driver. Signed-off-by: Rohit Ner Change-Id: I1290972c7d2626262d4b6d68b99bb8f2c4b6744c --- plat/intel/soc/agilex/platform.mk | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plat/intel/soc/agilex/platform.mk b/plat/intel/soc/agilex/platform.mk index 6fe0be19d..ccb4e071f 100644 --- a/plat/intel/soc/agilex/platform.mk +++ b/plat/intel/soc/agilex/platform.mk @@ -56,6 +56,10 @@ BL2_SOURCES += \ plat/intel/soc/common/drivers/qspi/cadence_qspi.c \ plat/intel/soc/common/drivers/wdt/watchdog.c +include lib/zlib/zlib.mk +PLAT_INCLUDES += -Ilib/zlib +BL2_SOURCES += $(ZLIB_SOURCES) + BL31_SOURCES += \ drivers/arm/cci/cci.c \ lib/cpus/aarch64/aem_generic.S \ From e682c723cdbfffbca1204d9977b6846191c561c4 Mon Sep 17 00:00:00 2001 From: Rohit Ner Date: Wed, 11 May 2022 03:06:07 -0700 Subject: [PATCH 4/5] build(hikey): platform changes for verifying gpt header crc This change makes the necessary additions to makefile of platforms using partition driver. Signed-off-by: Rohit Ner Change-Id: I0d524760bf52e1d9b4a103f556231f20146bd78e --- plat/hisilicon/hikey/platform.mk | 6 +++++- plat/hisilicon/hikey960/platform.mk | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/plat/hisilicon/hikey/platform.mk b/plat/hisilicon/hikey/platform.mk index 18197cf4d..3e1771c66 100644 --- a/plat/hisilicon/hikey/platform.mk +++ b/plat/hisilicon/hikey/platform.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -95,6 +95,10 @@ ifeq (${SPD},opteed) BL2_SOURCES += lib/optee/optee_utils.c endif +include lib/zlib/zlib.mk +PLAT_INCLUDES += -Ilib/zlib +BL2_SOURCES += $(ZLIB_SOURCES) + HIKEY_GIC_SOURCES := drivers/arm/gic/common/gic_common.c \ drivers/arm/gic/v2/gicv2_main.c \ drivers/arm/gic/v2/gicv2_helpers.c \ diff --git a/plat/hisilicon/hikey960/platform.mk b/plat/hisilicon/hikey960/platform.mk index fc2c209f8..608fe0937 100644 --- a/plat/hisilicon/hikey960/platform.mk +++ b/plat/hisilicon/hikey960/platform.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -94,6 +94,10 @@ ifeq (${SPD},opteed) BL2_SOURCES += lib/optee/optee_utils.c endif +include lib/zlib/zlib.mk +PLAT_INCLUDES += -Ilib/zlib +BL2_SOURCES += $(ZLIB_SOURCES) + BL31_SOURCES += drivers/arm/cci/cci.c \ drivers/arm/pl061/pl061_gpio.c \ drivers/gpio/gpio.c \ From a283d19f82ddb635d9d9fa061e7fd956167ebe60 Mon Sep 17 00:00:00 2001 From: Rohit Ner Date: Fri, 6 May 2022 07:58:21 +0000 Subject: [PATCH 5/5] feat(partition): verify crc while loading gpt header This change makes use of 32-bit crc for calculating gpt header crc and compares it with the given value. Signed-off-by: Rohit Ner Change-Id: I49bca7aab2c3884881c4b7d90d31786a895290e6 --- drivers/partition/partition.c | 23 +++++++++++++++++++++-- include/drivers/partition/partition.h | 4 +++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/drivers/partition/partition.c b/drivers/partition/partition.c index 7706f88af..c84816f41 100644 --- a/drivers/partition/partition.c +++ b/drivers/partition/partition.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -10,6 +10,7 @@ #include #include +#include #include #include #include @@ -76,7 +77,7 @@ static int load_mbr_header(uintptr_t image_handle, mbr_entry_t *mbr_entry) } /* - * Load GPT header and check the GPT signature. + * Load GPT header and check the GPT signature and header CRC. * If partition numbers could be found, check & update it. */ static int load_gpt_header(uintptr_t image_handle) @@ -84,6 +85,7 @@ static int load_gpt_header(uintptr_t image_handle) gpt_header_t header; size_t bytes_read; int result; + uint32_t header_crc, calc_crc; result = io_seek(image_handle, IO_SEEK_SET, GPT_HEADER_OFFSET); if (result != 0) { @@ -99,6 +101,23 @@ static int load_gpt_header(uintptr_t image_handle) return -EINVAL; } + /* + * UEFI Spec 2.8 March 2019 Page 119: HeaderCRC32 value is + * computed by setting this field to 0, and computing the + * 32-bit CRC for HeaderSize bytes. + */ + header_crc = header.header_crc; + header.header_crc = 0U; + + calc_crc = tf_crc32(0U, (uint8_t *)&header, DEFAULT_GPT_HEADER_SIZE); + if (header_crc != calc_crc) { + ERROR("Invalid GPT Header CRC: Expected 0x%x but got 0x%x.\n", + header_crc, calc_crc); + return -EINVAL; + } + + header.header_crc = header_crc; + /* partition numbers can't exceed PLAT_PARTITION_MAX_ENTRIES */ list.entry_count = header.list_num; if (list.entry_count > PLAT_PARTITION_MAX_ENTRIES) { diff --git a/include/drivers/partition/partition.h b/include/drivers/partition/partition.h index b292ec7b2..11e5acf72 100644 --- a/include/drivers/partition/partition.h +++ b/include/drivers/partition/partition.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -29,6 +29,8 @@ CASSERT((PLAT_PARTITION_BLOCK_SIZE == 512) || #define LEGACY_PARTITION_BLOCK_SIZE 512 +#define DEFAULT_GPT_HEADER_SIZE 92 + typedef struct partition_entry { uint64_t start; uint64_t length;