1 /* Copyright 2013-2018 IBM Corp.
2 * Copyright 2018 Raptor Engineering, LLC
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13 * implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #include <skiboot.h>
19 #include <cpu.h>
20 #include <lock.h>
21 #include <opal.h>
22 #include <opal-msg.h>
23 #include <platform.h>
24 #include <device.h>
25 #include <libflash/libflash.h>
26 #include <libflash/libffs.h>
27 #include <libflash/blocklevel.h>
28 #include <libflash/ecc.h>
29 #include <libstb/secureboot.h>
30 #include <libstb/trustedboot.h>
31 #include <libxz/xz.h>
32 #include <elf.h>
33 #include <timebase.h>
34
35 struct flash {
36 struct list_node list;
37 bool busy;
38 bool no_erase;
39 struct blocklevel_device *bl;
40 uint64_t size;
41 uint32_t block_size;
42 int id;
43 };
44
45 static struct {
46 enum resource_id id;
47 uint32_t subid;
48 char name[PART_NAME_MAX+1];
49 } part_name_map[] = {
50 { RESOURCE_ID_KERNEL, RESOURCE_SUBID_NONE, "BOOTKERNEL" },
51 { RESOURCE_ID_INITRAMFS,RESOURCE_SUBID_NONE, "ROOTFS" },
52 { RESOURCE_ID_CAPP, RESOURCE_SUBID_SUPPORTED, "CAPP" },
53 { RESOURCE_ID_IMA_CATALOG, RESOURCE_SUBID_SUPPORTED, "IMA_CATALOG" },
54 { RESOURCE_ID_VERSION, RESOURCE_SUBID_NONE, "VERSION" },
55 { RESOURCE_ID_KERNEL_FW, RESOURCE_SUBID_NONE, "BOOTKERNFW" },
56 };
57
58 static LIST_HEAD(flashes);
59 static struct flash *system_flash;
60
61 /* Using a single lock as we only have one flash at present. */
62 static struct lock flash_lock;
63
64 /* nvram-on-flash support */
65 static struct flash *nvram_flash;
66 static u32 nvram_offset, nvram_size;
67
flash_reserve(void)68 bool flash_reserve(void)
69 {
70 bool rc = false;
71
72 if (!try_lock(&flash_lock))
73 return false;
74
75 if (!system_flash->busy) {
76 system_flash->busy = true;
77 rc = true;
78 }
79 unlock(&flash_lock);
80
81 return rc;
82 }
83
flash_release(void)84 void flash_release(void)
85 {
86 lock(&flash_lock);
87 system_flash->busy = false;
88 unlock(&flash_lock);
89 }
90
flash_nvram_info(uint32_t * total_size)91 static int flash_nvram_info(uint32_t *total_size)
92 {
93 int rc;
94
95 lock(&flash_lock);
96 if (!nvram_flash) {
97 rc = OPAL_HARDWARE;
98 } else if (nvram_flash->busy) {
99 rc = OPAL_BUSY;
100 } else {
101 *total_size = nvram_size;
102 rc = OPAL_SUCCESS;
103 }
104 unlock(&flash_lock);
105
106 return rc;
107 }
108
flash_nvram_start_read(void * dst,uint32_t src,uint32_t len)109 static int flash_nvram_start_read(void *dst, uint32_t src, uint32_t len)
110 {
111 int rc;
112
113 if (!try_lock(&flash_lock))
114 return OPAL_BUSY;
115
116 if (!nvram_flash) {
117 rc = OPAL_HARDWARE;
118 goto out;
119 }
120
121 if (nvram_flash->busy) {
122 rc = OPAL_BUSY;
123 goto out;
124 }
125
126 if ((src + len) > nvram_size) {
127 prerror("FLASH_NVRAM: read out of bound (0x%x,0x%x)\n",
128 src, len);
129 rc = OPAL_PARAMETER;
130 goto out;
131 }
132
133 nvram_flash->busy = true;
134 unlock(&flash_lock);
135
136 rc = blocklevel_read(nvram_flash->bl, nvram_offset + src, dst, len);
137
138 lock(&flash_lock);
139 nvram_flash->busy = false;
140 out:
141 unlock(&flash_lock);
142 if (!rc)
143 nvram_read_complete(true);
144 return rc;
145 }
146
flash_nvram_write(uint32_t dst,void * src,uint32_t len)147 static int flash_nvram_write(uint32_t dst, void *src, uint32_t len)
148 {
149 int rc;
150
151 if (!try_lock(&flash_lock))
152 return OPAL_BUSY;
153
154 if (nvram_flash->busy) {
155 rc = OPAL_BUSY;
156 goto out;
157 }
158
159 /* TODO: When we have async jobs for PRD, turn this into one */
160
161 if ((dst + len) > nvram_size) {
162 prerror("FLASH_NVRAM: write out of bound (0x%x,0x%x)\n",
163 dst, len);
164 rc = OPAL_PARAMETER;
165 goto out;
166 }
167
168 nvram_flash->busy = true;
169 unlock(&flash_lock);
170
171 rc = blocklevel_write(nvram_flash->bl, nvram_offset + dst, src, len);
172
173 lock(&flash_lock);
174 nvram_flash->busy = false;
175 out:
176 unlock(&flash_lock);
177 return rc;
178 }
179
flash_nvram_probe(struct flash * flash,struct ffs_handle * ffs)180 static int flash_nvram_probe(struct flash *flash, struct ffs_handle *ffs)
181 {
182 uint32_t start, size, part;
183 bool ecc;
184 int rc;
185
186 prlog(PR_INFO, "FLASH: probing for NVRAM\n");
187
188 rc = ffs_lookup_part(ffs, "NVRAM", &part);
189 if (rc) {
190 prlog(PR_WARNING, "FLASH: no NVRAM partition found\n");
191 return OPAL_HARDWARE;
192 }
193
194 rc = ffs_part_info(ffs, part, NULL,
195 &start, &size, NULL, &ecc);
196 if (rc) {
197 /**
198 * @fwts-label NVRAMNoPartition
199 * @fwts-advice OPAL could not find an NVRAM partition
200 * on the system flash. Check that the system flash
201 * has a valid partition table, and that the firmware
202 * build process has added a NVRAM partition.
203 */
204 prlog(PR_ERR, "FLASH: Can't parse ffs info for NVRAM\n");
205 return OPAL_HARDWARE;
206 }
207
208 nvram_flash = flash;
209 nvram_offset = start;
210 nvram_size = ecc ? ecc_buffer_size_minus_ecc(size) : size;
211
212 platform.nvram_info = flash_nvram_info;
213 platform.nvram_start_read = flash_nvram_start_read;
214 platform.nvram_write = flash_nvram_write;
215
216 return 0;
217 }
218
219 /* core flash support */
220
flash_add_dt_node(struct flash * flash,int id)221 static struct dt_node *flash_add_dt_node(struct flash *flash, int id)
222 {
223 int i;
224 int rc;
225 const char *name;
226 bool ecc;
227 struct ffs_handle *ffs;
228 int ffs_part_num, ffs_part_start, ffs_part_size;
229 struct dt_node *flash_node;
230 struct dt_node *partition_container_node;
231 struct dt_node *partition_node;
232
233 flash_node = dt_new_addr(opal_node, "flash", id);
234 dt_add_property_strings(flash_node, "compatible", "ibm,opal-flash");
235 dt_add_property_cells(flash_node, "ibm,opal-id", id);
236 dt_add_property_u64(flash_node, "reg", flash->size);
237 dt_add_property_cells(flash_node, "ibm,flash-block-size",
238 flash->block_size);
239 if (flash->no_erase)
240 dt_add_property(flash_node, "no-erase", NULL, 0);
241
242 /* we fix to 32-bits */
243 dt_add_property_cells(flash_node, "#address-cells", 1);
244 dt_add_property_cells(flash_node, "#size-cells", 1);
245
246 /* Add partition container node */
247 partition_container_node = dt_new(flash_node, "partitions");
248 dt_add_property_strings(partition_container_node, "compatible", "fixed-partitions");
249
250 /* we fix to 32-bits */
251 dt_add_property_cells(partition_container_node, "#address-cells", 1);
252 dt_add_property_cells(partition_container_node, "#size-cells", 1);
253
254 /* Add partitions */
255 for (i = 0, name = NULL; i < ARRAY_SIZE(part_name_map); i++) {
256 name = part_name_map[i].name;
257
258 rc = ffs_init(0, flash->size, flash->bl, &ffs, 1);
259 if (rc) {
260 prerror("FLASH: Can't open ffs handle\n");
261 continue;
262 }
263
264 rc = ffs_lookup_part(ffs, name, &ffs_part_num);
265 if (rc) {
266 /* This is not an error per-se, some partitions
267 * are purposefully absent, don't spam the logs
268 */
269 prlog(PR_DEBUG, "FLASH: No %s partition\n", name);
270 continue;
271 }
272 rc = ffs_part_info(ffs, ffs_part_num, NULL,
273 &ffs_part_start, NULL, &ffs_part_size, &ecc);
274 if (rc) {
275 prerror("FLASH: Failed to get %s partition info\n", name);
276 continue;
277 }
278
279 partition_node = dt_new_addr(partition_container_node, "partition", ffs_part_start);
280 dt_add_property_strings(partition_node, "label", name);
281 dt_add_property_cells(partition_node, "reg", ffs_part_start, ffs_part_size);
282 if (part_name_map[i].id != RESOURCE_ID_KERNEL_FW) {
283 /* Mark all partitions other than the full PNOR and the boot kernel
284 * firmware as read only. These two partitions are the only partitions
285 * that are properly erase block aligned at this time.
286 */
287 dt_add_property(partition_node, "read-only", NULL, 0);
288 }
289 }
290
291 partition_node = dt_new_addr(partition_container_node, "partition", 0);
292 dt_add_property_strings(partition_node, "label", "PNOR");
293 dt_add_property_cells(partition_node, "reg", 0, flash->size);
294
295 return flash_node;
296 }
297
setup_system_flash(struct flash * flash,struct dt_node * node,const char * name,struct ffs_handle * ffs)298 static void setup_system_flash(struct flash *flash, struct dt_node *node,
299 const char *name, struct ffs_handle *ffs)
300 {
301 char *path;
302
303 if (!ffs)
304 return;
305
306 if (system_flash) {
307 /**
308 * @fwts-label SystemFlashMultiple
309 * @fwts-advice OPAL Found multiple system flash.
310 * Since we've already found a system flash we are
311 * going to use that one but this ordering is not
312 * guaranteed so may change in future.
313 */
314 prlog(PR_WARNING, "FLASH: Attempted to register multiple system "
315 "flash: %s\n", name);
316 return;
317 }
318
319 prlog(PR_NOTICE, "FLASH: Found system flash: %s id:%i\n",
320 name, flash->id);
321
322 system_flash = flash;
323 path = dt_get_path(node);
324 dt_add_property_string(dt_chosen, "ibm,system-flash", path);
325 free(path);
326
327 prlog(PR_INFO, "FLASH: registered system flash device %s\n", name);
328
329 flash_nvram_probe(flash, ffs);
330 }
331
num_flashes(void)332 static int num_flashes(void)
333 {
334 struct flash *flash;
335 int i = 0;
336
337 list_for_each(&flashes, flash, list)
338 i++;
339
340 return i;
341 }
342
flash_register(struct blocklevel_device * bl)343 int flash_register(struct blocklevel_device *bl)
344 {
345 uint64_t size;
346 uint32_t block_size;
347 struct ffs_handle *ffs;
348 struct dt_node *node;
349 struct flash *flash;
350 const char *name;
351 int rc;
352
353 rc = blocklevel_get_info(bl, &name, &size, &block_size);
354 if (rc)
355 return rc;
356
357 if (!name)
358 name = "(unnamed)";
359
360 prlog(PR_INFO, "FLASH: registering flash device %s "
361 "(size 0x%llx, blocksize 0x%x)\n",
362 name, size, block_size);
363
364 flash = malloc(sizeof(struct flash));
365 if (!flash) {
366 prlog(PR_ERR, "FLASH: Error allocating flash structure\n");
367 return OPAL_RESOURCE;
368 }
369
370 flash->busy = false;
371 flash->bl = bl;
372 flash->no_erase = !(bl->flags & WRITE_NEED_ERASE);
373 flash->size = size;
374 flash->block_size = block_size;
375 flash->id = num_flashes();
376
377 rc = ffs_init(0, flash->size, bl, &ffs, 1);
378 if (rc) {
379 /**
380 * @fwts-label NoFFS
381 * @fwts-advice System flash isn't formatted as expected.
382 * This could mean several OPAL utilities do not function
383 * as expected. e.g. gard, pflash.
384 */
385 prlog(PR_WARNING, "FLASH: No ffs info; "
386 "using raw device only\n");
387 ffs = NULL;
388 }
389
390 node = flash_add_dt_node(flash, flash->id);
391
392 setup_system_flash(flash, node, name, ffs);
393
394 if (ffs)
395 ffs_close(ffs);
396
397 lock(&flash_lock);
398 list_add(&flashes, &flash->list);
399 unlock(&flash_lock);
400
401 return OPAL_SUCCESS;
402 }
403
404 enum flash_op {
405 FLASH_OP_READ,
406 FLASH_OP_WRITE,
407 FLASH_OP_ERASE,
408 };
409
opal_flash_op(enum flash_op op,uint64_t id,uint64_t offset,uint64_t buf,uint64_t size,uint64_t token)410 static int64_t opal_flash_op(enum flash_op op, uint64_t id, uint64_t offset,
411 uint64_t buf, uint64_t size, uint64_t token)
412 {
413 struct flash *flash = NULL;
414 int rc;
415
416 if (!try_lock(&flash_lock))
417 return OPAL_BUSY;
418
419 list_for_each(&flashes, flash, list)
420 if (flash->id == id)
421 break;
422
423 if (flash->id != id) {
424 /* Couldn't find the flash */
425 rc = OPAL_PARAMETER;
426 goto err;
427 }
428
429 if (flash->busy) {
430 rc = OPAL_BUSY;
431 goto err;
432 }
433
434 if (size >= flash->size || offset >= flash->size
435 || offset + size > flash->size) {
436 rc = OPAL_PARAMETER;
437 goto err;
438 }
439
440 /*
441 * These ops intentionally have no smarts (ecc correction or erase
442 * before write) to them.
443 * Skiboot is simply exposing the PNOR flash to the host.
444 * The host is expected to understand that this is a raw flash
445 * device and treat it as such.
446 */
447 switch (op) {
448 case FLASH_OP_READ:
449 rc = blocklevel_raw_read(flash->bl, offset, (void *)buf, size);
450 break;
451 case FLASH_OP_WRITE:
452 rc = blocklevel_raw_write(flash->bl, offset, (void *)buf, size);
453 break;
454 case FLASH_OP_ERASE:
455 rc = blocklevel_erase(flash->bl, offset, size);
456 break;
457 default:
458 assert(0);
459 }
460
461 if (rc) {
462 rc = OPAL_HARDWARE;
463 goto err;
464 }
465
466 unlock(&flash_lock);
467
468 opal_queue_msg(OPAL_MSG_ASYNC_COMP, NULL, NULL, token, rc);
469 return OPAL_ASYNC_COMPLETION;
470
471 err:
472 unlock(&flash_lock);
473 return rc;
474 }
475
opal_flash_read(uint64_t id,uint64_t offset,uint64_t buf,uint64_t size,uint64_t token)476 static int64_t opal_flash_read(uint64_t id, uint64_t offset, uint64_t buf,
477 uint64_t size, uint64_t token)
478 {
479 if (!opal_addr_valid((void *)buf))
480 return OPAL_PARAMETER;
481
482 return opal_flash_op(FLASH_OP_READ, id, offset, buf, size, token);
483 }
484
opal_flash_write(uint64_t id,uint64_t offset,uint64_t buf,uint64_t size,uint64_t token)485 static int64_t opal_flash_write(uint64_t id, uint64_t offset, uint64_t buf,
486 uint64_t size, uint64_t token)
487 {
488 if (!opal_addr_valid((void *)buf))
489 return OPAL_PARAMETER;
490
491 return opal_flash_op(FLASH_OP_WRITE, id, offset, buf, size, token);
492 }
493
opal_flash_erase(uint64_t id,uint64_t offset,uint64_t size,uint64_t token)494 static int64_t opal_flash_erase(uint64_t id, uint64_t offset, uint64_t size,
495 uint64_t token)
496 {
497 return opal_flash_op(FLASH_OP_ERASE, id, offset, 0L, size, token);
498 }
499
500 opal_call(OPAL_FLASH_READ, opal_flash_read, 5);
501 opal_call(OPAL_FLASH_WRITE, opal_flash_write, 5);
502 opal_call(OPAL_FLASH_ERASE, opal_flash_erase, 4);
503
504 /* flash resource API */
flash_map_resource_name(enum resource_id id)505 const char *flash_map_resource_name(enum resource_id id)
506 {
507 int i;
508
509 for (i = 0; i < ARRAY_SIZE(part_name_map); i++) {
510 if (part_name_map[i].id == id)
511 return part_name_map[i].name;
512 }
513 return NULL;
514 }
515
sizeof_elf_from_hdr(void * buf)516 static size_t sizeof_elf_from_hdr(void *buf)
517 {
518 struct elf_hdr *elf = (struct elf_hdr*) buf;
519 size_t sz = 0;
520
521 BUILD_ASSERT(SECURE_BOOT_HEADERS_SIZE > sizeof(struct elf_hdr));
522 BUILD_ASSERT(SECURE_BOOT_HEADERS_SIZE > sizeof(struct elf64_hdr));
523 BUILD_ASSERT(SECURE_BOOT_HEADERS_SIZE > sizeof(struct elf32_hdr));
524
525 if (elf->ei_ident == ELF_IDENT) {
526 if (elf->ei_class == ELF_CLASS_64) {
527 struct elf64_hdr *elf64 = (struct elf64_hdr*) buf;
528 sz = le64_to_cpu(elf64->e_shoff) +
529 ((uint32_t)le16_to_cpu(elf64->e_shentsize) *
530 (uint32_t)le16_to_cpu(elf64->e_shnum));
531 } else if (elf->ei_class == ELF_CLASS_32) {
532 struct elf32_hdr *elf32 = (struct elf32_hdr*) buf;
533 sz = le32_to_cpu(elf32->e_shoff) +
534 (le16_to_cpu(elf32->e_shentsize) *
535 le16_to_cpu(elf32->e_shnum));
536 }
537 }
538
539 return sz;
540 }
541
542 /*
543 * load a resource from FLASH
544 * buf and len shouldn't account for ECC even if partition is ECCed.
545 *
546 * The API here is a bit strange.
547 * If resource has a STB container, buf will contain it
548 * If loading subpartition with STB container, buff will *NOT* contain it
549 * For trusted boot, the whole partition containing the subpart is measured.
550 *
551 * Additionally, the logic to work out how much to read from flash is insane.
552 */
flash_load_resource(enum resource_id id,uint32_t subid,void * buf,size_t * len)553 static int flash_load_resource(enum resource_id id, uint32_t subid,
554 void *buf, size_t *len)
555 {
556 int i;
557 int rc = OPAL_RESOURCE;
558 struct ffs_handle *ffs;
559 struct flash *flash;
560 const char *name;
561 bool status = false;
562 bool ecc;
563 bool part_signed = false;
564 void *bufp = buf;
565 size_t bufsz = *len;
566 int ffs_part_num, ffs_part_start, ffs_part_size;
567 int content_size = 0;
568 int offset = 0;
569
570 lock(&flash_lock);
571
572 if (!system_flash) {
573 /**
574 * @fwts-label SystemFlashNotFound
575 * @fwts-advice No system flash was found. Check for missing
576 * calls flash_register(...).
577 */
578 prlog(PR_WARNING, "FLASH: Can't load resource id:%i. "
579 "No system flash found\n", id);
580 goto out_unlock;
581 }
582
583 flash = system_flash;
584
585 if (flash->busy)
586 goto out_unlock;
587
588 for (i = 0, name = NULL; i < ARRAY_SIZE(part_name_map); i++) {
589 if (part_name_map[i].id == id) {
590 name = part_name_map[i].name;
591 break;
592 }
593 }
594 if (!name) {
595 prerror("FLASH: Couldn't find partition for id %d\n", id);
596 goto out_unlock;
597 }
598 /*
599 * If partition doesn't have a subindex but the caller specifies one,
600 * we fail. eg. kernel partition doesn't have a subindex
601 */
602 if ((part_name_map[i].subid == RESOURCE_SUBID_NONE) &&
603 (subid != RESOURCE_SUBID_NONE)) {
604 prerror("PLAT: Partition %s doesn't have subindex\n", name);
605 goto out_unlock;
606 }
607
608 rc = ffs_init(0, flash->size, flash->bl, &ffs, 1);
609 if (rc) {
610 prerror("FLASH: Can't open ffs handle: %d\n", rc);
611 goto out_unlock;
612 }
613
614 rc = ffs_lookup_part(ffs, name, &ffs_part_num);
615 if (rc) {
616 /* This is not an error per-se, some partitions
617 * are purposefully absent, don't spam the logs
618 */
619 prlog(PR_DEBUG, "FLASH: No %s partition\n", name);
620 goto out_free_ffs;
621 }
622 rc = ffs_part_info(ffs, ffs_part_num, NULL,
623 &ffs_part_start, NULL, &ffs_part_size, &ecc);
624 if (rc) {
625 prerror("FLASH: Failed to get %s partition info\n", name);
626 goto out_free_ffs;
627 }
628 prlog(PR_DEBUG,"FLASH: %s partition %s ECC\n",
629 name, ecc ? "has" : "doesn't have");
630
631 if (ffs_part_size < SECURE_BOOT_HEADERS_SIZE) {
632 prerror("FLASH: secboot headers bigger than "
633 "partition size 0x%x\n", ffs_part_size);
634 goto out_free_ffs;
635 }
636
637 rc = blocklevel_read(flash->bl, ffs_part_start, bufp,
638 SECURE_BOOT_HEADERS_SIZE);
639 if (rc) {
640 prerror("FLASH: failed to read the first 0x%x from "
641 "%s partition, rc %d\n", SECURE_BOOT_HEADERS_SIZE,
642 name, rc);
643 goto out_free_ffs;
644 }
645
646 part_signed = stb_is_container(bufp, SECURE_BOOT_HEADERS_SIZE);
647
648 prlog(PR_DEBUG, "FLASH: %s partition %s signed\n", name,
649 part_signed ? "is" : "isn't");
650
651 /*
652 * part_start/size are raw pointers into the partition.
653 * ie. they will account for ECC if included.
654 */
655
656 if (part_signed) {
657 bufp += SECURE_BOOT_HEADERS_SIZE;
658 bufsz -= SECURE_BOOT_HEADERS_SIZE;
659 content_size = stb_sw_payload_size(buf, SECURE_BOOT_HEADERS_SIZE);
660 *len = content_size + SECURE_BOOT_HEADERS_SIZE;
661
662 if (content_size > bufsz) {
663 prerror("FLASH: content size > buffer size\n");
664 rc = OPAL_PARAMETER;
665 goto out_free_ffs;
666 }
667
668 ffs_part_start += SECURE_BOOT_HEADERS_SIZE;
669
670 rc = blocklevel_read(flash->bl, ffs_part_start, bufp,
671 content_size);
672 if (rc) {
673 prerror("FLASH: failed to read content size %d"
674 " %s partition, rc %d\n",
675 content_size, name, rc);
676 goto out_free_ffs;
677 }
678
679 if (subid == RESOURCE_SUBID_NONE)
680 goto done_reading;
681
682 rc = flash_subpart_info(bufp, content_size, ffs_part_size,
683 NULL, subid, &offset, &content_size);
684 if (rc) {
685 prerror("FLASH: Failed to parse subpart info for %s\n",
686 name);
687 goto out_free_ffs;
688 }
689 bufp += offset;
690 goto done_reading;
691 } else /* stb_signed */ {
692 /*
693 * Back to the old way of doing things, no STB header.
694 */
695 if (subid == RESOURCE_SUBID_NONE) {
696 if (id == RESOURCE_ID_KERNEL ||
697 id == RESOURCE_ID_INITRAMFS) {
698 /*
699 * Because actualSize is a lie, we compute the
700 * size of the BOOTKERNEL based on what the ELF
701 * headers say. Otherwise we end up reading more
702 * than we should
703 */
704 content_size = sizeof_elf_from_hdr(buf);
705 if (!content_size) {
706 prerror("FLASH: Invalid ELF header part"
707 " %s\n", name);
708 rc = OPAL_RESOURCE;
709 goto out_free_ffs;
710 }
711 } else {
712 content_size = ffs_part_size;
713 }
714 if (content_size > bufsz) {
715 prerror("FLASH: %s content size %d > "
716 " buffer size %lu\n", name,
717 content_size, bufsz);
718 rc = OPAL_PARAMETER;
719 goto out_free_ffs;
720 }
721 prlog(PR_DEBUG, "FLASH: computed %s size %u\n",
722 name, content_size);
723 rc = blocklevel_read(flash->bl, ffs_part_start,
724 buf, content_size);
725 if (rc) {
726 prerror("FLASH: failed to read content size %d"
727 " %s partition, rc %d\n",
728 content_size, name, rc);
729 goto out_free_ffs;
730 }
731 *len = content_size;
732 goto done_reading;
733 }
734 BUILD_ASSERT(FLASH_SUBPART_HEADER_SIZE <= SECURE_BOOT_HEADERS_SIZE);
735 rc = flash_subpart_info(bufp, SECURE_BOOT_HEADERS_SIZE,
736 ffs_part_size, &ffs_part_size, subid,
737 &offset, &content_size);
738 if (rc) {
739 prerror("FLASH: FAILED reading subpart info. rc=%d\n",
740 rc);
741 goto out_free_ffs;
742 }
743
744 *len = ffs_part_size;
745 prlog(PR_DEBUG, "FLASH: Computed %s partition size: %u "
746 "(subpart %u size %u offset %u)\n", name, ffs_part_size,
747 subid, content_size, offset);
748 /*
749 * For a sub partition, we read the whole (computed)
750 * partition, and then measure that.
751 * Afterwards, we memmove() things back into place for
752 * the caller.
753 */
754 rc = blocklevel_read(flash->bl, ffs_part_start,
755 buf, ffs_part_size);
756
757 bufp += offset;
758 }
759
760 done_reading:
761 /*
762 * Verify and measure the retrieved PNOR partition as part of the
763 * secure boot and trusted boot requirements
764 */
765 secureboot_verify(id, buf, *len);
766 trustedboot_measure(id, buf, *len);
767
768 /* Find subpartition */
769 if (subid != RESOURCE_SUBID_NONE) {
770 memmove(buf, bufp, content_size);
771 *len = content_size;
772 }
773
774 status = true;
775
776 out_free_ffs:
777 ffs_close(ffs);
778 out_unlock:
779 unlock(&flash_lock);
780 return status ? OPAL_SUCCESS : rc;
781 }
782
783
784 struct flash_load_resource_item {
785 enum resource_id id;
786 uint32_t subid;
787 int result;
788 void *buf;
789 size_t *len;
790 struct list_node link;
791 };
792
793 static LIST_HEAD(flash_load_resource_queue);
794 static LIST_HEAD(flash_loaded_resources);
795 static struct lock flash_load_resource_lock = LOCK_UNLOCKED;
796 static struct cpu_job *flash_load_job = NULL;
797
flash_resource_loaded(enum resource_id id,uint32_t subid)798 int flash_resource_loaded(enum resource_id id, uint32_t subid)
799 {
800 struct flash_load_resource_item *resource = NULL;
801 struct flash_load_resource_item *r;
802 int rc = OPAL_BUSY;
803
804 lock(&flash_load_resource_lock);
805 list_for_each(&flash_loaded_resources, r, link) {
806 if (r->id == id && r->subid == subid) {
807 resource = r;
808 break;
809 }
810 }
811
812 if (resource) {
813 rc = resource->result;
814 list_del(&resource->link);
815 free(resource);
816 }
817
818 if (list_empty(&flash_load_resource_queue) && flash_load_job) {
819 cpu_wait_job(flash_load_job, true);
820 flash_load_job = NULL;
821 }
822
823 unlock(&flash_load_resource_lock);
824
825 return rc;
826 }
827
828 /*
829 * Retry for 10 minutes in 5 second intervals: allow 5 minutes for a BMC reboot
830 * (need the BMC if we're using HIOMAP flash access), then 2x for some margin.
831 */
832 #define FLASH_LOAD_WAIT_MS 5000
833 #define FLASH_LOAD_RETRIES (2 * 5 * (60 / (FLASH_LOAD_WAIT_MS / 1000)))
834
flash_load_resources(void * data __unused)835 static void flash_load_resources(void *data __unused)
836 {
837 struct flash_load_resource_item *r;
838 int retries = FLASH_LOAD_RETRIES;
839 int result = OPAL_RESOURCE;
840
841 lock(&flash_load_resource_lock);
842 do {
843 if (list_empty(&flash_load_resource_queue)) {
844 break;
845 }
846 r = list_top(&flash_load_resource_queue,
847 struct flash_load_resource_item, link);
848 if (r->result != OPAL_EMPTY)
849 prerror("flash_load_resources() list_top unexpected "
850 " result %d\n", r->result);
851 r->result = OPAL_BUSY;
852 unlock(&flash_load_resource_lock);
853
854 while (retries) {
855 result = flash_load_resource(r->id, r->subid, r->buf,
856 r->len);
857 if (result == OPAL_SUCCESS) {
858 retries = FLASH_LOAD_RETRIES;
859 break;
860 }
861
862 if (result != FLASH_ERR_AGAIN &&
863 result != FLASH_ERR_DEVICE_GONE)
864 break;
865
866 time_wait_ms(FLASH_LOAD_WAIT_MS);
867
868 retries--;
869
870 prlog(PR_WARNING,
871 "FLASH: Retrying load of %d:%d, %d attempts remain\n",
872 r->id, r->subid, retries);
873 }
874
875 lock(&flash_load_resource_lock);
876 r = list_pop(&flash_load_resource_queue,
877 struct flash_load_resource_item, link);
878 /* Will reuse the result from when we hit retries == 0 */
879 r->result = result;
880 list_add_tail(&flash_loaded_resources, &r->link);
881 } while(true);
882 unlock(&flash_load_resource_lock);
883 }
884
start_flash_load_resource_job(void)885 static void start_flash_load_resource_job(void)
886 {
887 if (flash_load_job)
888 cpu_wait_job(flash_load_job, true);
889
890 flash_load_job = cpu_queue_job(NULL, "flash_load_resources",
891 flash_load_resources, NULL);
892
893 cpu_process_local_jobs();
894 }
895
flash_start_preload_resource(enum resource_id id,uint32_t subid,void * buf,size_t * len)896 int flash_start_preload_resource(enum resource_id id, uint32_t subid,
897 void *buf, size_t *len)
898 {
899 struct flash_load_resource_item *r;
900 bool start_thread = false;
901
902 r = malloc(sizeof(struct flash_load_resource_item));
903
904 assert(r != NULL);
905 r->id = id;
906 r->subid = subid;
907 r->buf = buf;
908 r->len = len;
909 r->result = OPAL_EMPTY;
910
911 prlog(PR_DEBUG, "FLASH: Queueing preload of %x/%x\n",
912 r->id, r->subid);
913
914 lock(&flash_load_resource_lock);
915 if (list_empty(&flash_load_resource_queue)) {
916 start_thread = true;
917 }
918 list_add_tail(&flash_load_resource_queue, &r->link);
919 unlock(&flash_load_resource_lock);
920
921 if (start_thread)
922 start_flash_load_resource_job();
923
924 return OPAL_SUCCESS;
925 }
926
927 /*
928 * The `libxz` decompression routines are blocking; the new decompression
929 * routines, wrapper around `libxz` functions, provide support for asynchronous
930 * decompression. There are two routines, which start the decompression, and one
931 * which waits for the decompression to complete.
932 *
933 * The decompressed image will be present in the `dst` parameter of
934 * `xz_decompress` structure.
935 *
936 * When the decompression is successful, the xz_decompress->status will be
937 * `OPAL_SUCCESS` else OPAL_PARAMETER, see definition of xz_decompress structure
938 * for details.
939 */
xz_decompress(void * data)940 static void xz_decompress(void *data)
941 {
942 struct xz_decompress *xz = (struct xz_decompress *)data;
943 struct xz_dec *s;
944 struct xz_buf b;
945
946 /* Initialize the xz library first */
947 xz_crc32_init();
948 s = xz_dec_init(XZ_SINGLE, 0);
949 if (s == NULL) {
950 prerror("initialization error for xz\n");
951 xz->status = OPAL_NO_MEM;
952 return;
953 }
954
955 xz->xz_error = XZ_DATA_ERROR;
956 xz->status = OPAL_PARTIAL;
957
958 b.in = xz->src;
959 b.in_pos = 0;
960 b.in_size = xz->src_size;
961 b.out = xz->dst;
962 b.out_pos = 0;
963 b.out_size = xz->dst_size;
964
965 /* Start decompressing */
966 xz->xz_error = xz_dec_run(s, &b);
967 if (xz->xz_error != XZ_STREAM_END) {
968 prerror("failed to decompress subpartition\n");
969 xz->status = OPAL_PARAMETER;
970 } else
971 xz->status = OPAL_SUCCESS;
972
973 xz_dec_end(s);
974 }
975
976 /*
977 * xz_start_decompress: start the decompression job and return.
978 *
979 * struct xz_decompress *xz, should be populated by the caller with
980 * - the starting address of the compressed binary
981 * - the address where the decompressed image should be placed
982 * - the sizes of the source and the destination
983 *
984 * xz->src: Source address (The compressed binary)
985 * xz->src_size: Source size
986 * xz->dst: Destination address (The memory area where the `src` will be
987 * decompressed)
988 * xz->dst_size: Destination size
989 *
990 * The `status` value will be OPAL_PARTIAL till the job completes (successfully
991 * or not)
992 */
xz_start_decompress(struct xz_decompress * xz)993 void xz_start_decompress(struct xz_decompress *xz)
994 {
995 struct cpu_job *job;
996
997 if (!xz)
998 return;
999
1000 if (!xz->dst || !xz->dst_size || !xz->src || !xz->src_size) {
1001 xz->status = OPAL_PARAMETER;
1002 return;
1003 }
1004
1005 job = cpu_queue_job(NULL, "xz_decompress", xz_decompress,
1006 (void *) xz);
1007 if (!job) {
1008 xz->status = OPAL_NO_MEM;
1009 return;
1010 }
1011
1012 xz->job = job;
1013 }
1014
1015 /*
1016 * This function waits for the decompression job to complete. The `ret`
1017 * structure member in `xz_decompress` will have the status code.
1018 *
1019 * status == OPAL_SUCCESS on success, else the corresponding error code.
1020 */
wait_xz_decompress(struct xz_decompress * xz)1021 void wait_xz_decompress(struct xz_decompress *xz)
1022 {
1023 if (!xz)
1024 return;
1025
1026 cpu_wait_job(xz->job, true);
1027 }
1028