<p>Philipp Deppenwiese <strong>merged</strong> this change.</p><p><a href="https://review.coreboot.org/27714">View Change</a></p><div style="white-space:pre-wrap">Approvals:
build bot (Jenkins): Verified
Aaron Durbin: Looks good to me, approved
Philipp Deppenwiese: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/vboot: Add selection for firmware slots used by VBOOT<br><br>Make the firmware slot configuration in VBOOT selectable. The following<br>three modes are available:<br> -RO only<br> -RO + RW_A<br> -RO + RW_A + RW_B<br><br>The mode "RO only" is the lowest mode with no safety during update.<br>You can select either RW_A or RW_AB via Kconfig which will add the<br>selected parttions to the final image.<br><br>Change-Id: I278fc060522b13048b00090b8e5261c14496f56e<br>Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org><br>Signed-off-by: Werner Zeh <werner.zeh@siemens.com><br>Reviewed-on: https://review.coreboot.org/27714<br>Tested-by: build bot (Jenkins) <no-reply@coreboot.org><br>Reviewed-by: Aaron Durbin <adurbin@chromium.org><br>Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com><br>---<br>M src/security/vboot/Kconfig<br>M src/security/vboot/Makefile.inc<br>M src/vendorcode/google/chromeos/Kconfig<br>3 files changed, 42 insertions(+), 1 deletion(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig</span><br><span>index 77483d1..a3e9b86 100644</span><br><span>--- a/src/security/vboot/Kconfig</span><br><span>+++ b/src/security/vboot/Kconfig</span><br><span>@@ -1,6 +1,7 @@</span><br><span> ## This file is part of the coreboot project.</span><br><span> ##</span><br><span> ## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.</span><br><span style="color: hsl(120, 100%, 40%);">+## Copyright (C) 2018 Siemens AG</span><br><span> ##</span><br><span> ## This program is free software; you can redistribute it and/or modify</span><br><span> ## it under the terms of the GNU General Public License as published by</span><br><span>@@ -25,6 +26,18 @@</span><br><span> </span><br><span> if VBOOT</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+config VBOOT_SLOTS_RW_A</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Firmware RO + RW_A"</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Have one update partition beside the RO partition.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+config VBOOT_SLOTS_RW_AB</span><br><span style="color: hsl(120, 100%, 40%);">+ bool "Firmware RO + RW_A + RW_B"</span><br><span style="color: hsl(120, 100%, 40%);">+ select VBOOT_SLOTS_RW_A</span><br><span style="color: hsl(120, 100%, 40%);">+ help</span><br><span style="color: hsl(120, 100%, 40%);">+ Have two update partitions beside the RO partition.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> config VBOOT_VBNV_CMOS</span><br><span> bool</span><br><span> default n</span><br><span>diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc</span><br><span>index f51db80..da5d5b1 100644</span><br><span>--- a/src/security/vboot/Makefile.inc</span><br><span>+++ b/src/security/vboot/Makefile.inc</span><br><span>@@ -2,6 +2,7 @@</span><br><span> ## This file is part of the coreboot project.</span><br><span> ##</span><br><span> ## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.</span><br><span style="color: hsl(120, 100%, 40%);">+## Copyright (C) 2018 Siemens AG</span><br><span> ##</span><br><span> ## This program is free software; you can redistribute it and/or modify</span><br><span> ## it under the terms of the GNU General Public License as published by</span><br><span>@@ -144,6 +145,17 @@</span><br><span> endif</span><br><span> endif # CONFIG_VBOOT_SEPARATE_VERSTAGE</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#RO-Partition is always there!</span><br><span style="color: hsl(120, 100%, 40%);">+VBOOT_PARTITIONS := COREBOOT</span><br><span style="color: hsl(120, 100%, 40%);">+# Check for RW_A partition</span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)</span><br><span style="color: hsl(120, 100%, 40%);">+VBOOT_PARTITIONS += FW_MAIN_A</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span style="color: hsl(120, 100%, 40%);">+# Check for RW_B partition</span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)</span><br><span style="color: hsl(120, 100%, 40%);">+VBOOT_PARTITIONS += FW_MAIN_B</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> # Define a list of files that need to be in RO only.</span><br><span> # All other files will be installed into RO and RW regions</span><br><span> # Use $(sort) to cut down on extra spaces that would be translated to commas</span><br><span>@@ -161,7 +173,7 @@</span><br><span> cmos_layout.bin \</span><br><span> cmos.default \</span><br><span> $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \</span><br><span style="color: hsl(0, 100%, 40%);">- ,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B)))</span><br><span style="color: hsl(120, 100%, 40%);">+ ,$(1)),COREBOOT,$(VBOOT_PARTITIONS))))</span><br><span> </span><br><span> CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))</span><br><span> CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))</span><br><span>@@ -237,8 +249,12 @@</span><br><span> @printf " WRITE GBB\n"</span><br><span> $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region</span><br><span> $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region</span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)</span><br><span> $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)</span><br><span> $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span> </span><br><span> ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)</span><br><span> build_complete::</span><br><span>@@ -270,8 +286,19 @@</span><br><span> --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \</span><br><span> --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS)</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)</span><br><span> files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin</span><br><span> $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin</span><br><span> $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin</span><br><span style="color: hsl(120, 100%, 40%);">+ @printf " FLASHMAP Layout generated for RO, A and B partition.\n"</span><br><span style="color: hsl(120, 100%, 40%);">+else ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)</span><br><span style="color: hsl(120, 100%, 40%);">+files_added:: $(obj)/VBLOCK_A.bin</span><br><span style="color: hsl(120, 100%, 40%);">+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin</span><br><span style="color: hsl(120, 100%, 40%);">+ @printf " FLASHMAP Layout generated for RO and A partition.\n"</span><br><span style="color: hsl(120, 100%, 40%);">+else</span><br><span style="color: hsl(120, 100%, 40%);">+files_added::</span><br><span style="color: hsl(120, 100%, 40%);">+ @printf " FLASHMAP Layout generated for RO partition only.\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ @printf " Beware that there is no failure safety in case of update now!\n"</span><br><span style="color: hsl(120, 100%, 40%);">+endif</span><br><span> </span><br><span> endif # CONFIG_VBOOT</span><br><span>diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig</span><br><span>index 1dd726f..26ee31e 100644</span><br><span>--- a/src/vendorcode/google/chromeos/Kconfig</span><br><span>+++ b/src/vendorcode/google/chromeos/Kconfig</span><br><span>@@ -25,6 +25,7 @@</span><br><span> select COLLECT_TIMESTAMPS</span><br><span> select VBOOT</span><br><span> select VPD</span><br><span style="color: hsl(120, 100%, 40%);">+ select VBOOT_SLOTS_RW_AB</span><br><span> help</span><br><span> Enable ChromeOS specific features like the GPIO sub table in</span><br><span> the coreboot table. NOTE: Enabling this option on an unsupported</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/27714">change 27714</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/27714"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I278fc060522b13048b00090b8e5261c14496f56e </div>
<div style="display:none"> Gerrit-Change-Number: 27714 </div>
<div style="display:none"> Gerrit-PatchSet: 9 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org> </div>
<div style="display:none"> Gerrit-Reviewer: Julius Werner <jwerner@chromium.org> </div>
<div style="display:none"> Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org> </div>
<div style="display:none"> Gerrit-Reviewer: Paul Menzel <paulepanter@users.sourceforge.net> </div>
<div style="display:none"> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Werner Zeh <werner.zeh@siemens.com> </div>
<div style="display:none"> Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org> </div>
<div style="display:none"> Gerrit-CC: Patrick Rudolph <patrick.rudolph@9elements.com> </div>