coreboot-gerrit July 2016

coreboot-gerrit@coreboot.org

1 participants
1820 discussions

Patch set updated for coreboot: chromeos: Clean up elog handling
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15897 -gerrit commit fce0e2f8ae5bcdfb3ccd9ad8c669c337b9ac64a8 Author: Furquan Shaikh <furquan(a)google.com> Date: Mon Jul 25 17:00:07 2016 -0700 chromeos: Clean up elog handling 1. Currenty, boot reason is being added to elog only for some ARM32/ARM64 platforms. Change this so that boot reason is logged by default in elog for all devices which have CHROMEOS selected. 2. Add a new option to select ELOG_WATCHDOG_RESET for the devices that want to add details about watchdog reset in elog. This requires a special region WATCHDOG to be present in the memlayout. 3. Remove calls to elog add boot reason and watchdog reset from mainboards. BUG=chrome-os-partner:55639 Change-Id: I91ff5b158cfd2a0749e7fefc498d8659f7e6aa91 Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- src/mainboard/google/gru/mainboard.c | 3 --- src/mainboard/google/nyan/mainboard.c | 4 ---- src/mainboard/google/nyan_big/mainboard.c | 4 ---- src/mainboard/google/nyan_blaze/mainboard.c | 4 ---- src/mainboard/google/oak/mainboard.c | 4 ---- src/mainboard/google/rush_ryu/mainboard.c | 3 --- src/mainboard/google/veyron/mainboard.c | 4 ---- src/mainboard/google/veyron_brain/mainboard.c | 4 ---- src/mainboard/google/veyron_danger/mainboard.c | 4 ---- src/mainboard/google/veyron_emile/mainboard.c | 4 ---- src/mainboard/google/veyron_mickey/mainboard.c | 4 ---- src/mainboard/google/veyron_rialto/mainboard.c | 4 ---- src/mainboard/google/veyron_romy/mainboard.c | 4 ---- src/vendorcode/google/chromeos/Makefile.inc | 2 +- src/vendorcode/google/chromeos/chromeos.h | 6 ------ src/vendorcode/google/chromeos/elog.c | 30 ++++++++++++++++---------- src/vendorcode/google/chromeos/gnvs.c | 18 ---------------- src/vendorcode/google/chromeos/watchdog.c | 15 ++++++++++++- 18 files changed, 34 insertions(+), 87 deletions(-) diff --git a/src/mainboard/google/gru/mainboard.c b/src/mainboard/google/gru/mainboard.c index 5a6b82c..7ec377f 100644 --- a/src/mainboard/google/gru/mainboard.c +++ b/src/mainboard/google/gru/mainboard.c @@ -189,9 +189,6 @@ static void mainboard_init(device_t dev) register_reset_to_bl31(); register_poweroff_to_bl31(); setup_rtc(); - - elog_init(); - elog_add_boot_reason(); } static void enable_backlight_booster(void) diff --git a/src/mainboard/google/nyan/mainboard.c b/src/mainboard/google/nyan/mainboard.c index 48a0d1c..92bb3e3 100644 --- a/src/mainboard/google/nyan/mainboard.c +++ b/src/mainboard/google/nyan/mainboard.c @@ -242,10 +242,6 @@ static void mainboard_init(device_t dev) setup_kernel_info(); clock_init_arm_generic_timer(); setup_ec_spi(); -#if CONFIG_ELOG - elog_init(); - elog_add_boot_reason(); -#endif } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/nyan_big/mainboard.c b/src/mainboard/google/nyan_big/mainboard.c index a2fef3c..0c0fe5e 100644 --- a/src/mainboard/google/nyan_big/mainboard.c +++ b/src/mainboard/google/nyan_big/mainboard.c @@ -240,10 +240,6 @@ static void mainboard_init(device_t dev) setup_kernel_info(); clock_init_arm_generic_timer(); setup_ec_spi(); -#if CONFIG_ELOG - elog_init(); - elog_add_boot_reason(); -#endif } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/nyan_blaze/mainboard.c b/src/mainboard/google/nyan_blaze/mainboard.c index 7ceb123..c3b936c 100644 --- a/src/mainboard/google/nyan_blaze/mainboard.c +++ b/src/mainboard/google/nyan_blaze/mainboard.c @@ -240,10 +240,6 @@ static void mainboard_init(device_t dev) setup_kernel_info(); clock_init_arm_generic_timer(); setup_ec_spi(); -#if CONFIG_ELOG - elog_init(); - elog_add_boot_reason(); -#endif } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/oak/mainboard.c b/src/mainboard/google/oak/mainboard.c index e33d08c..ad5ecd4 100644 --- a/src/mainboard/google/oak/mainboard.c +++ b/src/mainboard/google/oak/mainboard.c @@ -267,10 +267,6 @@ static void mainboard_init(device_t dev) configure_usb_hub(); configure_ext_buck(); configure_touchscreen(); - - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/rush_ryu/mainboard.c b/src/mainboard/google/rush_ryu/mainboard.c index b53b0ff..64e01ec 100644 --- a/src/mainboard/google/rush_ryu/mainboard.c +++ b/src/mainboard/google/rush_ryu/mainboard.c @@ -269,9 +269,6 @@ static void mainboard_init(device_t dev) /* Temp hack for P1 board: Enable speaker amp (powerup, etc.) */ enable_ad4567_spkr_amp(); - elog_init(); - elog_add_boot_reason(); - fix_ec_sw_sync(); /* configure panel gpio pads */ diff --git a/src/mainboard/google/veyron/mainboard.c b/src/mainboard/google/veyron/mainboard.c index cbc82e9..a6bbf88 100644 --- a/src/mainboard/google/veyron/mainboard.c +++ b/src/mainboard/google/veyron/mainboard.c @@ -108,10 +108,6 @@ static void mainboard_init(device_t dev) configure_emmc(); configure_codec(); configure_vop(); - - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/veyron_brain/mainboard.c b/src/mainboard/google/veyron_brain/mainboard.c index 22faf64..cc07278 100644 --- a/src/mainboard/google/veyron_brain/mainboard.c +++ b/src/mainboard/google/veyron_brain/mainboard.c @@ -93,10 +93,6 @@ static void mainboard_init(device_t dev) configure_codec(); configure_vop(); configure_hdmi(); - - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/veyron_danger/mainboard.c b/src/mainboard/google/veyron_danger/mainboard.c index f923da9..39f0b2a 100644 --- a/src/mainboard/google/veyron_danger/mainboard.c +++ b/src/mainboard/google/veyron_danger/mainboard.c @@ -149,10 +149,6 @@ static void mainboard_init(device_t dev) configure_codec(); configure_vop(); configure_hdmi(); - - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/veyron_emile/mainboard.c b/src/mainboard/google/veyron_emile/mainboard.c index 5e9c1c1..b264df9 100644 --- a/src/mainboard/google/veyron_emile/mainboard.c +++ b/src/mainboard/google/veyron_emile/mainboard.c @@ -111,10 +111,6 @@ static void mainboard_init(device_t dev) configure_i2s(); configure_vop(); configure_hdmi(); - - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/veyron_mickey/mainboard.c b/src/mainboard/google/veyron_mickey/mainboard.c index 27e9f74..ef085b2 100644 --- a/src/mainboard/google/veyron_mickey/mainboard.c +++ b/src/mainboard/google/veyron_mickey/mainboard.c @@ -87,10 +87,6 @@ static void mainboard_init(device_t dev) configure_i2s(); configure_vop(); configure_hdmi(); - - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); } static void mainboard_enable(device_t dev) diff --git a/src/mainboard/google/veyron_rialto/mainboard.c b/src/mainboard/google/veyron_rialto/mainboard.c index b4f7685..b9b6a22 100644 --- a/src/mainboard/google/veyron_rialto/mainboard.c +++ b/src/mainboard/google/veyron_rialto/mainboard.c @@ -85,10 +85,6 @@ static void mainboard_init(device_t dev) configure_3g(); /* No video. */ - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); - /* If recovery mode is detected, reduce frequency and voltage to reduce * heat in case machine is left unattended. chrome-os-partner:41201. */ if (vboot_recovery_mode_enabled()) { diff --git a/src/mainboard/google/veyron_romy/mainboard.c b/src/mainboard/google/veyron_romy/mainboard.c index c023338..9f68a09 100644 --- a/src/mainboard/google/veyron_romy/mainboard.c +++ b/src/mainboard/google/veyron_romy/mainboard.c @@ -86,10 +86,6 @@ static void mainboard_init(device_t dev) configure_emmc(); configure_codec(); configure_vop(); - - elog_init(); - elog_add_watchdog_reset(); - elog_add_boot_reason(); } static void mainboard_enable(device_t dev) diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 253c30e..dffbcd5 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -24,7 +24,7 @@ ramstage-$(CONFIG_CHROMEOS_RAMOOPS) += ramoops.c romstage-y += vpd_decode.c ramstage-y += vpd_decode.c cros_vpd.c vpd_mac.c vpd_serialno.c vpd_calibration.c ramstage-$(CONFIG_HAVE_REGULATORY_DOMAIN) += wrdd.c -ifeq ($(CONFIG_ARCH_X86)$(CONFIG_ARCH_MIPS),) +ifeq ($(CONFIG_ARCH_MIPS),) bootblock-y += watchdog.c ramstage-y += watchdog.c endif diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h index 92c943c..0a93ccd 100644 --- a/src/vendorcode/google/chromeos/chromeos.h +++ b/src/vendorcode/google/chromeos/chromeos.h @@ -26,16 +26,10 @@ void save_chromeos_gpios(void); #if CONFIG_CHROMEOS -/* functions implemented in elog.c */ -void elog_add_boot_reason(void); - /* functions implemented in watchdog.c */ -void elog_add_watchdog_reset(void); void mark_watchdog_tombstone(void); void reboot_from_watchdog(void); #else -static inline void elog_add_boot_reason(void) { return; } -static inline void elog_add_watchdog_reset(void) { return; } static inline void mark_watchdog_tombstone(void) { return; } static inline void reboot_from_watchdog(void) { return; } #endif /* CONFIG_CHROMEOS */ diff --git a/src/vendorcode/google/chromeos/elog.c b/src/vendorcode/google/chromeos/elog.c index 206f9d9..061c177 100644 --- a/src/vendorcode/google/chromeos/elog.c +++ b/src/vendorcode/google/chromeos/elog.c @@ -13,6 +13,7 @@ * GNU General Public License for more details. */ +#include <bootstate.h> #include <cbmem.h> #include <console/console.h> #include <elog.h> @@ -21,19 +22,26 @@ #include <vboot/vboot_common.h> #include <vboot_struct.h> -void elog_add_boot_reason(void) +static void elog_add_boot_reason(void *unused) { - if (vboot_developer_mode_enabled()) { + int rec = vboot_recovery_mode_enabled(); + int dev = vboot_developer_mode_enabled(); + + if (!rec && !dev) + return; + + if (rec) { + u8 reason = vboot_check_recovery_request(); + elog_add_event_byte(ELOG_TYPE_CROS_RECOVERY_MODE, reason); + printk(BIOS_DEBUG, "%s: Logged recovery mode boot%s, " + "reason: 0x%02x\n", __func__, + dev ? " (Dev-switch on)" : "", reason); + } + + if (dev) { elog_add_event(ELOG_TYPE_CROS_DEVELOPER_MODE); printk(BIOS_DEBUG, "%s: Logged dev mode boot\n", __func__); - } else if (vboot_recovery_mode_enabled()) { - u8 reason = vboot_check_recovery_request(); - elog_add_event_byte(ELOG_TYPE_CROS_RECOVERY_MODE, - reason ? reason : ELOG_CROS_RECOVERY_MODE_BUTTON); - printk(BIOS_DEBUG, "%s: Logged recovery mode boot, " - "reason: 0x%02x\n", __func__, reason); - } else { - printk(BIOS_DEBUG, "%s: Normal mode boot, nothing " - "interesting to log\n", __func__); } } + +BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, elog_add_boot_reason, NULL); diff --git a/src/vendorcode/google/chromeos/gnvs.c b/src/vendorcode/google/chromeos/gnvs.c index 5e14849..1f13d1c 100644 --- a/src/vendorcode/google/chromeos/gnvs.c +++ b/src/vendorcode/google/chromeos/gnvs.c @@ -52,24 +52,6 @@ void chromeos_init_vboot(chromeos_acpi_t *chromeos) ARRAY_SIZE(chromeos->vdat)); #endif -#if CONFIG_ELOG - if (vboot_developer_mode_enabled() || - (vboot_wants_oprom() && !vboot_recovery_mode_enabled())) - elog_add_event(ELOG_TYPE_CROS_DEVELOPER_MODE); - if (vboot_recovery_mode_enabled()) { - int reason = get_recovery_mode_from_vbnv(); -#if CONFIG_VBOOT - if (vboot_handoff && !reason) { - VbSharedDataHeader *sd = (VbSharedDataHeader *) - vboot_handoff->shared_data; - reason = sd->recovery_reason; - } -#endif - elog_add_event_byte(ELOG_TYPE_CROS_RECOVERY_MODE, - reason ? reason : ELOG_CROS_RECOVERY_MODE_BUTTON); - } -#endif - chromeos_ram_oops_init(chromeos); } diff --git a/src/vendorcode/google/chromeos/watchdog.c b/src/vendorcode/google/chromeos/watchdog.c index a2b18b7..fdaa177 100644 --- a/src/vendorcode/google/chromeos/watchdog.c +++ b/src/vendorcode/google/chromeos/watchdog.c @@ -14,24 +14,37 @@ */ #include <arch/io.h> +#include <assert.h> +#include <bootstate.h> #include <console/console.h> #include <elog.h> #include <reset.h> +#include <symbols.h> #include "chromeos.h" #include "symbols.h" #define WATCHDOG_TOMBSTONE_MAGIC 0x9d2f41a7 -void elog_add_watchdog_reset(void) +DECLARE_OPTIONAL_REGION(watchdog_tombstone); + +static void elog_handle_watchdog_tombstone(void *unused) { + if (!_watchdog_tombstone_size) + return; + if (read32(_watchdog_tombstone) == WATCHDOG_TOMBSTONE_MAGIC) elog_add_event(ELOG_TYPE_ASYNC_HW_TIMER_EXPIRED); + write32(_watchdog_tombstone, 0); } +BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, + elog_handle_watchdog_tombstone, NULL); + void mark_watchdog_tombstone(void) { + assert(_watchdog_tombstone_size); write32(_watchdog_tombstone, WATCHDOG_TOMBSTONE_MAGIC); }

1 0

Patch set updated for coreboot: google/urara: Provide dummy implementations of rec/dev functions
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15896 -gerrit commit cf7449e3f3aa8925768b0bff40977e017b4a95ec Author: Furquan Shaikh <furquan(a)google.com> Date: Mon Jul 25 16:59:00 2016 -0700 google/urara: Provide dummy implementations of rec/dev functions This is required to enable elog support in ChromeOS by default. BUG=chrome-os-partner:55639 Change-Id: I9c97143d794de4bf220ddf67c0ca2eac2f7a326d Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- src/mainboard/google/urara/chromeos.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/mainboard/google/urara/chromeos.c b/src/mainboard/google/urara/chromeos.c index 0d5485f..4db06c6 100644 --- a/src/mainboard/google/urara/chromeos.c +++ b/src/mainboard/google/urara/chromeos.c @@ -28,3 +28,15 @@ void fill_lb_gpios(struct lb_gpios *gpios) { printk(BIOS_ERR, "%s unsupported, but called\n", __func__); } + +int get_developer_mode_switch(void) +{ + printk(BIOS_ERR, "%s unsupported, but called\n", __func__); + return 0; +} + +int get_recovery_mode_switch(void) +{ + printk(BIOS_ERR, "%s unsupported, but called\n", __func__); + return 0; +}

1 0

Patch set updated for coreboot: chromeos/gnvs: Clean up use of vboot handoff
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15903 -gerrit commit 343c8b097da9b7fe337fee5e9b31cffa02ae413b Author: Furquan Shaikh <furquan(a)google.com> Date: Tue Jul 26 10:13:56 2016 -0700 chromeos/gnvs: Clean up use of vboot handoff BUG=chrome-os-partner:55639 Change-Id: I40a28f921499ddf43d8b423f5192ac93b40254c1 Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- src/vendorcode/google/chromeos/gnvs.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/src/vendorcode/google/chromeos/gnvs.c b/src/vendorcode/google/chromeos/gnvs.c index 1f13d1c..8a5cc64 100644 --- a/src/vendorcode/google/chromeos/gnvs.c +++ b/src/vendorcode/google/chromeos/gnvs.c @@ -20,14 +20,12 @@ #include <cbmem.h> #include <console/console.h> #include <elog.h> - -#include "chromeos.h" -#include "gnvs.h" -#if CONFIG_VBOOT #include <vboot/vbnv.h> #include <vboot/vboot_common.h> #include <vboot_struct.h> -#endif + +#include "chromeos.h" +#include "gnvs.h" chromeos_acpi_t *vboot_data = NULL; static u32 me_hash_saved[8]; @@ -39,18 +37,11 @@ void chromeos_init_vboot(chromeos_acpi_t *chromeos) /* Copy saved ME hash into NVS */ memcpy(vboot_data->mehh, me_hash_saved, sizeof(vboot_data->mehh)); -#if CONFIG_VBOOT - /* Save the vdat from the vboot handoff structure. Downstream software - * consumes the data located in the ACPI table. Ensure it reflects - * the shared data from VbInit() and VbSelectFirmware(). */ struct vboot_handoff *vboot_handoff; - vboot_handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF); - - if (vboot_handoff != NULL) + if (vboot_get_handoff_info((void **)&vboot_handoff, NULL) == 0) memcpy(&chromeos->vdat[0], &vboot_handoff->shared_data[0], ARRAY_SIZE(chromeos->vdat)); -#endif chromeos_ram_oops_init(chromeos); }

1 0

Patch merged into coreboot/master: drivers/intel/fsp2_0: Update MRC cache with dead version in recovery
by gerrit＠coreboot.org 27 Jul '16

27 Jul '16

the following patch was just integrated into master: commit af8ef2a810f97b762d30de2b6f30d6ffefa0ae0e Author: Furquan Shaikh <furquan(a)google.com> Date: Sun Jul 24 08:48:34 2016 -0700 drivers/intel/fsp2_0: Update MRC cache with dead version in recovery If the system is in recovery, store the newly generated MRC data using a dummy version which is not legit. This ensures that on next normal boot, new MRC data will be generated and stored. BUG=chrome-os-partner:55699 Change-Id: Ib13e8c978dc1b4fc8817fab16d0e606f210f2586 Signed-off-by: Furquan Shaikh <furquan(a)google.com> Reviewed-on: https://review.coreboot.org/15828 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin(a)chromium.org> See https://review.coreboot.org/15828 for details. -gerrit

1 0

Patch merged into coreboot/master: soc/intel/common: Store MRC data in next available slot in the cache
by gerrit＠coreboot.org 27 Jul '16

27 Jul '16

the following patch was just integrated into master: commit c31973760f7dd3db2b149cb512b0a9dbb9ef45cc Author: Furquan Shaikh <furquan(a)google.com> Date: Wed Jul 27 08:04:54 2016 -0700 soc/intel/common: Store MRC data in next available slot in the cache Currently, coreboot performs an erase of the entire MRC cache region on flash if there is a version mismatch for the MRC data. Instead of doing that, store the new MRC data in the next available slot, if there is enough space available in the cache region. BUG=chrome-os-partner:55699 Change-Id: Ib24a94f0a47c79941ed9f60095360ae3aad5540b Signed-off-by: Furquan Shaikh <furquan(a)google.com> Reviewed-on: https://review.coreboot.org/15915 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter(a)users.sourceforge.net> Reviewed-by: Aaron Durbin <adurbin(a)chromium.org> See https://review.coreboot.org/15915 for details. -gerrit

1 0

Patch set updated for coreboot: soc/intel/skylake: Use init_vbnv_cmos from vboot vbnv
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15925 -gerrit commit 22cc9ca2f7d0b633174f738cb44f0ee5d01f45f9 Author: Furquan Shaikh <furquan(a)google.com> Date: Wed Jul 27 14:32:42 2016 -0700 soc/intel/skylake: Use init_vbnv_cmos from vboot vbnv BUG=chrome-os-partner:55639 Change-Id: I7a536bc1cab51e7c942b2e0e48dfe18d8de08a6e Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- src/soc/intel/skylake/pmc.c | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/src/soc/intel/skylake/pmc.c b/src/soc/intel/skylake/pmc.c index a8ec7b6..fd04287 100644 --- a/src/soc/intel/skylake/pmc.c +++ b/src/soc/intel/skylake/pmc.c @@ -106,24 +106,6 @@ static void pch_set_acpi_mode(void) } } -#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) -/* - * Preserve Vboot NV data when clearing CMOS as it will - * have been re-initialized already by Vboot firmware init. - */ -static void pch_cmos_init_preserve(int reset) -{ - uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE]; - if (reset) - read_vbnv(vbnv); - - cmos_init(reset); - - if (reset) - save_vbnv(vbnv); -} -#endif - static void pch_rtc_init(void) { u8 reg8; @@ -141,11 +123,10 @@ static void pch_rtc_init(void) /* Ensure the date is set including century byte. */ cmos_check_update_date(); -#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) - pch_cmos_init_preserve(rtc_failed); -#else - cmos_init(rtc_failed); -#endif + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS)) + init_vbnv_cmos(rtc_failed); + else + cmos_init(rtc_failed); } static void pmc_gpe_init(config_t *config)

1 0

Patch set updated for coreboot: soc/intel/broadwell: Use init_vbnv_cmos from vboot vbnv
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15924 -gerrit commit d9be209d9175d3365d4d5412e69a4fbb01b6559b Author: Furquan Shaikh <furquan(a)google.com> Date: Wed Jul 27 14:31:16 2016 -0700 soc/intel/broadwell: Use init_vbnv_cmos from vboot vbnv BUG=chrome-os-partner:55639 Change-Id: Ie38cdbec513e2bb66e276399c8b4490cbe34a747 Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- src/soc/intel/broadwell/lpc.c | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/src/soc/intel/broadwell/lpc.c b/src/soc/intel/broadwell/lpc.c index 20fa345..7ec9b46 100644 --- a/src/soc/intel/broadwell/lpc.c +++ b/src/soc/intel/broadwell/lpc.c @@ -172,25 +172,6 @@ static void pch_power_options(device_t dev) enable_alt_smi(config->alt_gp_smi_en); } -#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) -/* - * Preserve Vboot NV data when clearing CMOS as it will - * have been re-initialized already by Vboot firmware init. - */ -static void pch_cmos_init_preserve(int reset) -{ - uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE]; - - if (reset) - read_vbnv(vbnv); - - cmos_init(reset); - - if (reset) - save_vbnv(vbnv); -} -#endif - static void pch_rtc_init(struct device *dev) { u8 reg8; @@ -204,11 +185,10 @@ static void pch_rtc_init(struct device *dev) printk(BIOS_DEBUG, "rtc_failed = 0x%x\n", rtc_failed); } -#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) - pch_cmos_init_preserve(rtc_failed); -#else - cmos_init(rtc_failed); -#endif + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS)) + init_vbnv_cmos(rtc_failed); + else + cmos_init(rtc_failed); } static const struct reg_script pch_misc_init_script[] = {

1 0

New patch to review for coreboot: soc/intel/skylake: Use init_vbnv_cmos from vboot vbnv
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15925 -gerrit commit e2a7901f27499651f1a7e3cf47b5d17135f9e907 Author: Furquan Shaikh <furquan(a)google.com> Date: Wed Jul 27 14:32:42 2016 -0700 soc/intel/skylake: Use init_vbnv_cmos from vboot vbnv BUG=chrome-os-partner:55639 Change-Id: I7a536bc1cab51e7c942b2e0e48dfe18d8de08a6e Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- src/soc/intel/skylake/pmc.c | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/src/soc/intel/skylake/pmc.c b/src/soc/intel/skylake/pmc.c index a8ec7b6..fd04287 100644 --- a/src/soc/intel/skylake/pmc.c +++ b/src/soc/intel/skylake/pmc.c @@ -106,24 +106,6 @@ static void pch_set_acpi_mode(void) } } -#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) -/* - * Preserve Vboot NV data when clearing CMOS as it will - * have been re-initialized already by Vboot firmware init. - */ -static void pch_cmos_init_preserve(int reset) -{ - uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE]; - if (reset) - read_vbnv(vbnv); - - cmos_init(reset); - - if (reset) - save_vbnv(vbnv); -} -#endif - static void pch_rtc_init(void) { u8 reg8; @@ -141,11 +123,10 @@ static void pch_rtc_init(void) /* Ensure the date is set including century byte. */ cmos_check_update_date(); -#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) - pch_cmos_init_preserve(rtc_failed); -#else - cmos_init(rtc_failed); -#endif + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS)) + init_vbnv_cmos(rtc_failed); + else + cmos_init(rtc_failed); } static void pmc_gpe_init(config_t *config)

1 0

New patch to review for coreboot: intel/soc/broadwell: Use init_vbnv_cmos from vboot vbnv
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15924 -gerrit commit d4650a863ff02becd60a4dbd26c4081798263b96 Author: Furquan Shaikh <furquan(a)google.com> Date: Wed Jul 27 14:31:16 2016 -0700 intel/soc/broadwell: Use init_vbnv_cmos from vboot vbnv BUG=chrome-os-partner:55639 Change-Id: Ie38cdbec513e2bb66e276399c8b4490cbe34a747 Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- src/soc/intel/broadwell/lpc.c | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/src/soc/intel/broadwell/lpc.c b/src/soc/intel/broadwell/lpc.c index 20fa345..7ec9b46 100644 --- a/src/soc/intel/broadwell/lpc.c +++ b/src/soc/intel/broadwell/lpc.c @@ -172,25 +172,6 @@ static void pch_power_options(device_t dev) enable_alt_smi(config->alt_gp_smi_en); } -#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) -/* - * Preserve Vboot NV data when clearing CMOS as it will - * have been re-initialized already by Vboot firmware init. - */ -static void pch_cmos_init_preserve(int reset) -{ - uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE]; - - if (reset) - read_vbnv(vbnv); - - cmos_init(reset); - - if (reset) - save_vbnv(vbnv); -} -#endif - static void pch_rtc_init(struct device *dev) { u8 reg8; @@ -204,11 +185,10 @@ static void pch_rtc_init(struct device *dev) printk(BIOS_DEBUG, "rtc_failed = 0x%x\n", rtc_failed); } -#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) - pch_cmos_init_preserve(rtc_failed); -#else - cmos_init(rtc_failed); -#endif + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS)) + init_vbnv_cmos(rtc_failed); + else + cmos_init(rtc_failed); } static const struct reg_script pch_misc_init_script[] = {

1 0

Patch set updated for coreboot: vboot: Separate vboot from chromeos
by Furquan Shaikh 27 Jul '16

27 Jul '16

Furquan Shaikh (furquan(a)google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/15867 -gerrit commit 9ece194d21a0538c68b63a5dcd5354c8bf27f630 Author: Furquan Shaikh <furquan(a)google.com> Date: Mon Jul 25 11:48:03 2016 -0700 vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan(a)google.com> --- Makefile.inc | 1 + src/Kconfig | 1 + src/device/pci_device.c | 2 +- src/ec/google/chromeec/Makefile.inc | 8 +- src/lib/bootmode.c | 2 +- src/lib/cbfs.c | 2 +- src/lib/coreboot_table.c | 10 +- src/mainboard/google/auron/Kconfig | 4 +- src/mainboard/google/auron_paine/Kconfig | 6 +- src/mainboard/google/bolt/Kconfig | 4 +- src/mainboard/google/butterfly/Kconfig | 2 +- src/mainboard/google/cosmos/Kconfig | 2 +- src/mainboard/google/cyan/Kconfig | 4 +- src/mainboard/google/daisy/Kconfig | 2 +- src/mainboard/google/falco/Kconfig | 4 +- src/mainboard/google/foster/Kconfig | 2 +- src/mainboard/google/gru/Kconfig | 2 +- src/mainboard/google/guado/Kconfig | 4 +- src/mainboard/google/jecht/Kconfig | 4 +- src/mainboard/google/link/Kconfig | 2 +- src/mainboard/google/nyan/Kconfig | 2 +- src/mainboard/google/nyan/romstage.c | 2 +- src/mainboard/google/nyan_big/Kconfig | 2 +- src/mainboard/google/nyan_big/romstage.c | 2 +- src/mainboard/google/nyan_blaze/Kconfig | 2 +- src/mainboard/google/nyan_blaze/romstage.c | 6 +- src/mainboard/google/oak/Kconfig | 2 +- src/mainboard/google/panther/Kconfig | 2 +- src/mainboard/google/parrot/Kconfig | 2 +- src/mainboard/google/peach_pit/Kconfig | 2 +- src/mainboard/google/peppy/Kconfig | 6 +- src/mainboard/google/purin/Kconfig | 2 +- src/mainboard/google/rambi/Kconfig | 4 +- src/mainboard/google/rikku/Kconfig | 4 +- src/mainboard/google/rush/Kconfig | 2 +- src/mainboard/google/rush_ryu/Kconfig | 2 +- src/mainboard/google/rush_ryu/mainboard.c | 4 +- src/mainboard/google/samus/Kconfig | 6 +- src/mainboard/google/slippy/Kconfig | 4 +- src/mainboard/google/smaug/Kconfig | 2 +- src/mainboard/google/stout/Kconfig | 2 +- src/mainboard/google/tidus/Kconfig | 4 +- src/mainboard/google/veyron/Kconfig | 2 +- src/mainboard/google/veyron_brain/Kconfig | 2 +- src/mainboard/google/veyron_danger/Kconfig | 2 +- src/mainboard/google/veyron_emile/Kconfig | 2 +- src/mainboard/google/veyron_mickey/Kconfig | 2 +- src/mainboard/google/veyron_rialto/Kconfig | 2 +- src/mainboard/google/veyron_romy/Kconfig | 2 +- src/mainboard/intel/baskingridge/Kconfig | 2 +- src/mainboard/intel/emeraldlake2/Kconfig | 2 +- src/mainboard/intel/strago/Kconfig | 4 +- src/mainboard/intel/wtm2/Kconfig | 2 +- src/mainboard/samsung/lumpy/Kconfig | 2 +- src/mainboard/samsung/stumpy/Kconfig | 2 +- src/soc/intel/apollolake/Kconfig | 4 +- src/soc/intel/apollolake/lpc.c | 4 +- src/soc/intel/apollolake/pmutil.c | 2 +- src/soc/intel/broadwell/igd.c | 2 +- src/soc/intel/broadwell/lpc.c | 13 +- src/soc/intel/skylake/Kconfig | 4 +- src/soc/intel/skylake/igd.c | 3 +- src/soc/intel/skylake/pmc.c | 12 +- src/soc/intel/skylake/romstage/power_state.c | 2 +- src/soc/marvell/bg4cd/Kconfig | 2 +- src/soc/marvell/bg4cd/Makefile.inc | 4 +- src/soc/qualcomm/ipq40xx/Kconfig | 4 +- src/soc/qualcomm/ipq806x/Kconfig | 2 +- src/vboot/Kconfig | 143 +++++++ src/vboot/Makefile.inc | 143 +++++++ src/vboot/common.c | 182 +++++++++ src/vboot/misc.h | 40 ++ src/vboot/recovery.c | 152 +++++++ src/vboot/secdata_mock.c | 38 ++ src/vboot/secdata_tpm.c | 436 +++++++++++++++++++++ src/vboot/symbols.h | 28 ++ src/vboot/vbnv.c | 142 +++++++ src/vboot/vbnv.h | 42 ++ src/vboot/vbnv_cmos.c | 79 ++++ src/vboot/vbnv_ec.c | 30 ++ src/vboot/vbnv_flash.c | 228 +++++++++++ src/vboot/vbnv_layout.h | 47 +++ src/vboot/vboot_common.c | 110 ++++++ src/vboot/vboot_common.h | 104 +++++ src/vboot/vboot_handoff.c | 180 +++++++++ src/vboot/vboot_loader.c | 159 ++++++++ src/vboot/vboot_logic.c | 415 ++++++++++++++++++++ src/vboot/verstage.c | 44 +++ src/vendorcode/google/Kconfig | 1 - src/vendorcode/google/chromeos/Kconfig | 61 +-- src/vendorcode/google/chromeos/Makefile.inc | 27 -- src/vendorcode/google/chromeos/acpi/chromeos.asl | 6 +- src/vendorcode/google/chromeos/chromeos.h | 5 +- src/vendorcode/google/chromeos/elog.c | 7 +- src/vendorcode/google/chromeos/gnvs.c | 9 +- src/vendorcode/google/chromeos/symbols.h | 9 - src/vendorcode/google/chromeos/vbnv.c | 143 ------- src/vendorcode/google/chromeos/vbnv.h | 42 -- src/vendorcode/google/chromeos/vbnv_cmos.c | 79 ---- src/vendorcode/google/chromeos/vbnv_ec.c | 29 -- src/vendorcode/google/chromeos/vbnv_flash.c | 227 ----------- src/vendorcode/google/chromeos/vbnv_layout.h | 47 --- src/vendorcode/google/chromeos/vboot2/Kconfig | 89 ----- src/vendorcode/google/chromeos/vboot2/Makefile.inc | 118 ------ .../google/chromeos/vboot2/antirollback.c | 436 --------------------- src/vendorcode/google/chromeos/vboot2/common.c | 183 --------- src/vendorcode/google/chromeos/vboot2/misc.h | 40 -- src/vendorcode/google/chromeos/vboot2/recovery.c | 154 -------- .../google/chromeos/vboot2/secdata_mock.c | 38 -- .../google/chromeos/vboot2/vboot_handoff.c | 179 --------- .../google/chromeos/vboot2/vboot_loader.c | 159 -------- .../google/chromeos/vboot2/vboot_logic.c | 415 -------------------- src/vendorcode/google/chromeos/vboot2/verstage.c | 44 --- src/vendorcode/google/chromeos/vboot_common.c | 112 ------ src/vendorcode/google/chromeos/vboot_common.h | 106 ----- 115 files changed, 2868 insertions(+), 2859 deletions(-) diff --git a/Makefile.inc b/Makefile.inc index a33dc7b..0ac4219 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -82,6 +82,7 @@ subdirs-y += util/cbfstool util/sconfig util/nvramtool util/broadcom subdirs-y += util/futility util/marvell subdirs-y += $(wildcard src/arch/*) subdirs-y += src/mainboard/$(MAINBOARDDIR) +subdirs-$(CONFIG_VBOOT) += src/vboot subdirs-y += payloads payloads/external subdirs-y += site-local diff --git a/src/Kconfig b/src/Kconfig index 1cc0bfa..1694805 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -453,6 +453,7 @@ source "src/ec/*/*/Kconfig" source "src/drivers/intel/fsp1_0/Kconfig" source "src/southbridge/intel/common/firmware/Kconfig" +source "src/vboot/Kconfig" source "src/vendorcode/*/Kconfig" source "src/arch/*/Kconfig" diff --git a/src/device/pci_device.c b/src/device/pci_device.c index 5cd0053..73558db 100644 --- a/src/device/pci_device.c +++ b/src/device/pci_device.c @@ -48,7 +48,7 @@ #include <device/hypertransport.h> #include <pc80/i8259.h> #include <kconfig.h> -#include <vendorcode/google/chromeos/chromeos.h> +#include <vboot/vbnv.h> u8 pci_moving_config8(struct device *dev, unsigned int reg) { diff --git a/src/ec/google/chromeec/Makefile.inc b/src/ec/google/chromeec/Makefile.inc index 58f8b6b..a66442a 100644 --- a/src/ec/google/chromeec/Makefile.inc +++ b/src/ec/google/chromeec/Makefile.inc @@ -22,10 +22,10 @@ verstage-$(CONFIG_EC_GOOGLE_CHROMEEC_LPC) += ec_lpc.c verstage-$(CONFIG_EC_GOOGLE_CHROMEEC_MEC) += ec_mec.c verstage-$(CONFIG_EC_GOOGLE_CHROMEEC_SPI) += ec_spi.c -ramstage-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c -smm-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c -romstage-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c -verstage-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c +ramstage-$(CONFIG_VBOOT) += vboot_storage.c +smm-$(CONFIG_VBOOT) += vboot_storage.c +romstage-$(CONFIG_VBOOT) += vboot_storage.c +verstage-$(CONFIG_VBOOT) += vboot_storage.c # These are Chrome EC firmware images that a payload (such as depthcharge) can # use to update the EC. ecrw is the main embedded controller's firmware, diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c index c6c29ac..824edfb 100644 --- a/src/lib/bootmode.c +++ b/src/lib/bootmode.c @@ -22,7 +22,7 @@ int developer_mode_enabled(void) { if (get_developer_mode_switch()) return 1; -#if CONFIG_VBOOT_VERIFY_FIRMWARE +#if CONFIG_VBOOT if (vboot_handoff_check_developer_flag()) return 1; #endif diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c index b8575f3..7a0f187 100644 --- a/src/lib/cbfs.c +++ b/src/lib/cbfs.c @@ -269,7 +269,7 @@ const struct cbfs_locator __attribute__((weak)) cbfs_master_header_locator = { extern const struct cbfs_locator vboot_locator; static const struct cbfs_locator *locators[] = { -#if CONFIG_VBOOT_VERIFY_FIRMWARE +#if CONFIG_VBOOT &vboot_locator, #endif &cbfs_master_header_locator, diff --git a/src/lib/coreboot_table.c b/src/lib/coreboot_table.c index 3af2be6..44ae733 100644 --- a/src/lib/coreboot_table.c +++ b/src/lib/coreboot_table.c @@ -32,6 +32,7 @@ #include <cbmem.h> #include <bootmem.h> #include <spi_flash.h> +#include <vboot/vbnv_layout.h> #if CONFIG_USE_OPTION_TABLE #include <option_table.h> #endif @@ -41,7 +42,6 @@ #endif #include <vendorcode/google/chromeos/chromeos.h> #include <vendorcode/google/chromeos/gnvs.h> -#include <vendorcode/google/chromeos/vbnv_layout.h> #endif #if CONFIG_ARCH_X86 #include <cpu/x86/mtrr.h> @@ -221,12 +221,12 @@ static void lb_vbnv(struct lb_header *header) vbnv = (struct lb_range *)lb_new_record(header); vbnv->tag = LB_TAG_VBNV; vbnv->size = sizeof(*vbnv); - vbnv->range_start = CONFIG_VBNV_OFFSET + 14; - vbnv->range_size = VBNV_BLOCK_SIZE; + vbnv->range_start = CONFIG_VBOOT_VBNV_OFFSET + 14; + vbnv->range_size = VBOOT_VBNV_BLOCK_SIZE; #endif } -#if CONFIG_VBOOT_VERIFY_FIRMWARE +#if CONFIG_VBOOT static void lb_vboot_handoff(struct lb_header *header) { void *addr; @@ -244,7 +244,7 @@ static void lb_vboot_handoff(struct lb_header *header) } #else static inline void lb_vboot_handoff(struct lb_header *header) {} -#endif /* CONFIG_VBOOT_VERIFY_FIRMWARE */ +#endif /* CONFIG_VBOOT */ #endif /* CONFIG_CHROMEOS */ static void lb_board_id(struct lb_header *header) diff --git a/src/mainboard/google/auron/Kconfig b/src/mainboard/google/auron/Kconfig index e897d11..f1b1719 100644 --- a/src/mainboard/google/auron/Kconfig +++ b/src/mainboard/google/auron/Kconfig @@ -15,10 +15,10 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS - select LID_SWITCH select CHROMEOS_RAMOOPS_DYNAMIC select EC_SOFTWARE_SYNC + select LID_SWITCH + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/auron_paine/Kconfig b/src/mainboard/google/auron_paine/Kconfig index 0b945ee..533c3da 100644 --- a/src/mainboard/google/auron_paine/Kconfig +++ b/src/mainboard/google/auron_paine/Kconfig @@ -15,10 +15,10 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS - select LID_SWITCH - select CHROMEOS_RAMOOPS_DYNAMIC select EC_SOFTWARE_SYNC + select CHROMEOS_RAMOOPS_DYNAMIC + select LID_SWITCH + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config VBOOT_RAMSTAGE_INDEX diff --git a/src/mainboard/google/bolt/Kconfig b/src/mainboard/google/bolt/Kconfig index 3f34c9d..c977cee 100644 --- a/src/mainboard/google/bolt/Kconfig +++ b/src/mainboard/google/bolt/Kconfig @@ -18,9 +18,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS - select LID_SWITCH select EC_SOFTWARE_SYNC + select LID_SWITCH + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/butterfly/Kconfig b/src/mainboard/google/butterfly/Kconfig index 4240076..09d2157 100644 --- a/src/mainboard/google/butterfly/Kconfig +++ b/src/mainboard/google/butterfly/Kconfig @@ -18,7 +18,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SERIRQ_CONTINUOUS_MODE # Workaround for EC/KBC IRQ1. config CHROMEOS - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/mainboard/google/cosmos/Kconfig b/src/mainboard/google/cosmos/Kconfig index 7588125..19d5955 100644 --- a/src/mainboard/google/cosmos/Kconfig +++ b/src/mainboard/google/cosmos/Kconfig @@ -27,7 +27,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_SPANSION config CHROMEOS - select CHROMEOS_VBNV_FLASH + select VBOOT_VBNV_FLASH config MAINBOARD_DIR string diff --git a/src/mainboard/google/cyan/Kconfig b/src/mainboard/google/cyan/Kconfig index a863c55..782a460 100644 --- a/src/mainboard/google/cyan/Kconfig +++ b/src/mainboard/google/cyan/Kconfig @@ -16,10 +16,10 @@ config BOARD_SPECIFIC_OPTIONS select PCIEXP_L1_SUB_STATE config CHROMEOS - select LID_SWITCH - select CHROMEOS_VBNV_CMOS select EC_SOFTWARE_SYNC + select LID_SWITCH select VBOOT_DYNAMIC_WORK_BUFFER + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config DISPLAY_SPD_DATA diff --git a/src/mainboard/google/daisy/Kconfig b/src/mainboard/google/daisy/Kconfig index d02a852..9f6a615 100644 --- a/src/mainboard/google/daisy/Kconfig +++ b/src/mainboard/google/daisy/Kconfig @@ -28,7 +28,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_DO_NATIVE_VGA_INIT config CHROMEOS - select CHROMEOS_VBNV_EC + select VBOOT_VBNV_EC config MAINBOARD_DIR string diff --git a/src/mainboard/google/falco/Kconfig b/src/mainboard/google/falco/Kconfig index 5afecaa..d0b911a 100644 --- a/src/mainboard/google/falco/Kconfig +++ b/src/mainboard/google/falco/Kconfig @@ -21,9 +21,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS - select LID_SWITCH select EC_SOFTWARE_SYNC + select LID_SWITCH + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/foster/Kconfig b/src/mainboard/google/foster/Kconfig index fa7353d..dfe79a5 100644 --- a/src/mainboard/google/foster/Kconfig +++ b/src/mainboard/google/foster/Kconfig @@ -27,7 +27,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND config CHROMEOS - select CHROMEOS_VBNV_FLASH + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/gru/Kconfig b/src/mainboard/google/gru/Kconfig index 0b061af..1b657d9 100644 --- a/src/mainboard/google/gru/Kconfig +++ b/src/mainboard/google/gru/Kconfig @@ -39,9 +39,9 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH_WINBOND config CHROMEOS - select CHROMEOS_VBNV_FLASH select EC_SOFTWARE_SYNC select SPI_TPM + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/guado/Kconfig b/src/mainboard/google/guado/Kconfig index 4ca573e..09a75b7 100644 --- a/src/mainboard/google/guado/Kconfig +++ b/src/mainboard/google/guado/Kconfig @@ -14,10 +14,10 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_LPC_TPM config CHROMEOS - select CHROMEOS_VBNV_CMOS select CHROMEOS_RAMOOPS_DYNAMIC - select VIRTUAL_DEV_SWITCH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_CMOS + select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR string diff --git a/src/mainboard/google/jecht/Kconfig b/src/mainboard/google/jecht/Kconfig index 471e8fd..0c3d3db 100644 --- a/src/mainboard/google/jecht/Kconfig +++ b/src/mainboard/google/jecht/Kconfig @@ -15,9 +15,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS - select PHYSICAL_REC_SWITCH select CHROMEOS_RAMOOPS_DYNAMIC + select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/link/Kconfig b/src/mainboard/google/link/Kconfig index 8fe3a87..d1e1140 100644 --- a/src/mainboard/google/link/Kconfig +++ b/src/mainboard/google/link/Kconfig @@ -17,8 +17,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_NATIVE_VGA_INIT config CHROMEOS - select CHROMEOS_VBNV_CMOS select LID_SWITCH + select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/mainboard/google/nyan/Kconfig b/src/mainboard/google/nyan/Kconfig index 21f42da..2c39a1a 100644 --- a/src/mainboard/google/nyan/Kconfig +++ b/src/mainboard/google/nyan/Kconfig @@ -32,8 +32,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B config CHROMEOS - select CHROMEOS_VBNV_EC select EC_SOFTWARE_SYNC + select VBOOT_VBNV_EC select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/nyan/romstage.c b/src/mainboard/google/nyan/romstage.c index 2388f95..4ec0164 100644 --- a/src/mainboard/google/nyan/romstage.c +++ b/src/mainboard/google/nyan/romstage.c @@ -83,7 +83,7 @@ static void __attribute__((noinline)) romstage(void) cbmem_initialize_empty(); /* This was already called from verstage in vboot context. */ - if (!IS_ENABLED(CONFIG_VBOOT_VERIFY_FIRMWARE)) + if (!IS_ENABLED(CONFIG_VBOOT)) early_mainboard_init(); run_ramstage(); diff --git a/src/mainboard/google/nyan_big/Kconfig b/src/mainboard/google/nyan_big/Kconfig index 7af9657..c9b8aed 100644 --- a/src/mainboard/google/nyan_big/Kconfig +++ b/src/mainboard/google/nyan_big/Kconfig @@ -34,7 +34,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy config CHROMEOS select EC_SOFTWARE_SYNC - select CHROMEOS_VBNV_EC + select VBOOT_VBNV_EC select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/nyan_big/romstage.c b/src/mainboard/google/nyan_big/romstage.c index 2388f95..4ec0164 100644 --- a/src/mainboard/google/nyan_big/romstage.c +++ b/src/mainboard/google/nyan_big/romstage.c @@ -83,7 +83,7 @@ static void __attribute__((noinline)) romstage(void) cbmem_initialize_empty(); /* This was already called from verstage in vboot context. */ - if (!IS_ENABLED(CONFIG_VBOOT_VERIFY_FIRMWARE)) + if (!IS_ENABLED(CONFIG_VBOOT)) early_mainboard_init(); run_ramstage(); diff --git a/src/mainboard/google/nyan_blaze/Kconfig b/src/mainboard/google/nyan_blaze/Kconfig index 9fa99d8..3541da1 100644 --- a/src/mainboard/google/nyan_blaze/Kconfig +++ b/src/mainboard/google/nyan_blaze/Kconfig @@ -35,7 +35,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy config CHROMEOS select EC_SOFTWARE_SYNC - select CHROMEOS_VBNV_EC + select VBOOT_VBNV_EC select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/nyan_blaze/romstage.c b/src/mainboard/google/nyan_blaze/romstage.c index e91fa33..e3d7116 100644 --- a/src/mainboard/google/nyan_blaze/romstage.c +++ b/src/mainboard/google/nyan_blaze/romstage.c @@ -53,7 +53,7 @@ static void __attribute__((noinline)) romstage(void) u32 dram_end_mb = sdram_max_addressable_mb(); u32 dram_size_mb = dram_end_mb - dram_start_mb; -#if !CONFIG_VBOOT_VERIFY_FIRMWARE +#if !CONFIG_VBOOT configure_l2_cache(); mmu_init(); /* Device memory below DRAM is uncached. */ @@ -87,7 +87,7 @@ static void __attribute__((noinline)) romstage(void) cbmem_initialize_empty(); /* This was already called from verstage in vboot context. */ - if (!IS_ENABLED(CONFIG_VBOOT_VERIFY_FIRMWARE)) + if (!IS_ENABLED(CONFIG_VBOOT)) early_mainboard_init(); run_ramstage(); @@ -96,7 +96,7 @@ static void __attribute__((noinline)) romstage(void) /* Stub to force arm_init_caches to the top, before any stack/memory accesses */ void main(void) { -#if !CONFIG_VBOOT_VERIFY_FIRMWARE +#if !CONFIG_VBOOT asm volatile ("bl arm_init_caches" ::: "r0","r1","r2","r3","r4","r5","ip"); #endif diff --git a/src/mainboard/google/oak/Kconfig b/src/mainboard/google/oak/Kconfig index 5ab6f2d..975cdab 100644 --- a/src/mainboard/google/oak/Kconfig +++ b/src/mainboard/google/oak/Kconfig @@ -34,10 +34,10 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH config CHROMEOS - select CHROMEOS_VBNV_FLASH select EC_SOFTWARE_SYNC select VBOOT_EC_SLOW_UPDATE select VBOOT_OPROM_MATTERS + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/panther/Kconfig b/src/mainboard/google/panther/Kconfig index b70b6cb..0aa8927 100644 --- a/src/mainboard/google/panther/Kconfig +++ b/src/mainboard/google/panther/Kconfig @@ -19,7 +19,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy config CHROMEOS select PHYSICAL_REC_SWITCH - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/parrot/Kconfig b/src/mainboard/google/parrot/Kconfig index fa94ab6..974c58f 100644 --- a/src/mainboard/google/parrot/Kconfig +++ b/src/mainboard/google/parrot/Kconfig @@ -16,7 +16,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS # Workaround for EC/KBC IRQ1. select SERIRQ_CONTINUOUS_MODE diff --git a/src/mainboard/google/peach_pit/Kconfig b/src/mainboard/google/peach_pit/Kconfig index 69ac1ae..125333c 100644 --- a/src/mainboard/google/peach_pit/Kconfig +++ b/src/mainboard/google/peach_pit/Kconfig @@ -26,7 +26,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select DRIVER_PARADE_PS8625 config CHROMEOS - select CHROMEOS_VBNV_EC + select VBOOT_VBNV_EC config MAINBOARD_DIR string diff --git a/src/mainboard/google/peppy/Kconfig b/src/mainboard/google/peppy/Kconfig index 47e715e..8829371 100644 --- a/src/mainboard/google/peppy/Kconfig +++ b/src/mainboard/google/peppy/Kconfig @@ -22,10 +22,10 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select MAINBOARD_DO_NATIVE_VGA_INIT - select CHROMEOS_VBNV_CMOS - select LID_SWITCH select EC_SOFTWARE_SYNC + select LID_SWITCH + select MAINBOARD_DO_NATIVE_VGA_INIT + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/purin/Kconfig b/src/mainboard/google/purin/Kconfig index aca20e3..d415211 100644 --- a/src/mainboard/google/purin/Kconfig +++ b/src/mainboard/google/purin/Kconfig @@ -29,7 +29,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_ATOMIC_SEQUENCING config CHROMEOS - select CHROMEOS_VBNV_FLASH + select VBOOT_VBNV_FLASH config MAINBOARD_DIR string diff --git a/src/mainboard/google/rambi/Kconfig b/src/mainboard/google/rambi/Kconfig index 3539f0e..48af3b3 100644 --- a/src/mainboard/google/rambi/Kconfig +++ b/src/mainboard/google/rambi/Kconfig @@ -13,9 +13,9 @@ config BOARD_SPECIFIC_OPTIONS select MAINBOARD_HAS_LPC_TPM config CHROMEOS - select CHROMEOS_VBNV_CMOS - select LID_SWITCH select EC_SOFTWARE_SYNC + select LID_SWITCH + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/rikku/Kconfig b/src/mainboard/google/rikku/Kconfig index 83a99bd..a421e77 100644 --- a/src/mainboard/google/rikku/Kconfig +++ b/src/mainboard/google/rikku/Kconfig @@ -14,10 +14,10 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_LPC_TPM config CHROMEOS - select CHROMEOS_VBNV_CMOS select CHROMEOS_RAMOOPS_DYNAMIC - select VIRTUAL_DEV_SWITCH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_CMOS + select VIRTUAL_DEV_SWITCH config VBOOT_RAMSTAGE_INDEX hex diff --git a/src/mainboard/google/rush/Kconfig b/src/mainboard/google/rush/Kconfig index cb00ba7..09d9ebf 100644 --- a/src/mainboard/google/rush/Kconfig +++ b/src/mainboard/google/rush/Kconfig @@ -29,8 +29,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select BOARD_ROMSIZE_KB_4096 config CHROMEOS - select CHROMEOS_VBNV_EC select EC_SOFTWARE_SYNC + select VBOOT_VBNV_EC select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/rush_ryu/Kconfig b/src/mainboard/google/rush_ryu/Kconfig index efcb2d9..7b559a9 100644 --- a/src/mainboard/google/rush_ryu/Kconfig +++ b/src/mainboard/google/rush_ryu/Kconfig @@ -30,8 +30,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select BOARD_ROMSIZE_KB_8192 config CHROMEOS - select CHROMEOS_VBNV_EC select EC_SOFTWARE_SYNC + select VBOOT_VBNV_EC select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/rush_ryu/mainboard.c b/src/mainboard/google/rush_ryu/mainboard.c index 85034b3..b53b0ff 100644 --- a/src/mainboard/google/rush_ryu/mainboard.c +++ b/src/mainboard/google/rush_ryu/mainboard.c @@ -35,8 +35,8 @@ #include <vendorcode/google/chromeos/cros_vpd.h> #if IS_ENABLED(CONFIG_CHROMEOS) #include <vboot_struct.h> -#include <vendorcode/google/chromeos/vboot2/misc.h> -#include <vendorcode/google/chromeos/vboot_common.h> +#include <vboot/misc.h> +#include <vboot/vboot_common.h> #endif #include "gpio.h" diff --git a/src/mainboard/google/samus/Kconfig b/src/mainboard/google/samus/Kconfig index 329fa1f..0275189 100644 --- a/src/mainboard/google/samus/Kconfig +++ b/src/mainboard/google/samus/Kconfig @@ -16,12 +16,12 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS - select LID_SWITCH + select CHROMEOS_RAMOOPS_DYNAMIC select EC_SOFTWARE_SYNC + select LID_SWITCH select VBOOT_EC_SLOW_UPDATE select VBOOT_OPROM_MATTERS - select CHROMEOS_RAMOOPS_DYNAMIC + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/slippy/Kconfig b/src/mainboard/google/slippy/Kconfig index 8d078c4..60216b0 100644 --- a/src/mainboard/google/slippy/Kconfig +++ b/src/mainboard/google/slippy/Kconfig @@ -20,9 +20,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS - select LID_SWITCH select EC_SOFTWARE_SYNC + select LID_SWITCH + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/smaug/Kconfig b/src/mainboard/google/smaug/Kconfig index a2d47a4..03e8bd4 100644 --- a/src/mainboard/google/smaug/Kconfig +++ b/src/mainboard/google/smaug/Kconfig @@ -33,8 +33,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select RAM_CODE_SUPPORT config CHROMEOS - select CHROMEOS_VBNV_FLASH select EC_SOFTWARE_SYNC + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/stout/Kconfig b/src/mainboard/google/stout/Kconfig index 3a2250d..571cbce 100644 --- a/src/mainboard/google/stout/Kconfig +++ b/src/mainboard/google/stout/Kconfig @@ -18,7 +18,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SANDYBRIDGE_IVYBRIDGE_LVDS config CHROMEOS - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/mainboard/google/tidus/Kconfig b/src/mainboard/google/tidus/Kconfig index 196bd76..fd841a9 100644 --- a/src/mainboard/google/tidus/Kconfig +++ b/src/mainboard/google/tidus/Kconfig @@ -14,10 +14,10 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_LPC_TPM config CHROMEOS - select CHROMEOS_VBNV_CMOS select CHROMEOS_RAMOOPS_DYNAMIC - select VIRTUAL_DEV_SWITCH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_CMOS + select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR string diff --git a/src/mainboard/google/veyron/Kconfig b/src/mainboard/google/veyron/Kconfig index 27b3fee..c21cd3f 100644 --- a/src/mainboard/google/veyron/Kconfig +++ b/src/mainboard/google/veyron/Kconfig @@ -36,8 +36,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND config CHROMEOS - select CHROMEOS_VBNV_EC select EC_SOFTWARE_SYNC + select VBOOT_VBNV_EC select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/veyron_brain/Kconfig b/src/mainboard/google/veyron_brain/Kconfig index e16d9d5..41a7456 100644 --- a/src/mainboard/google/veyron_brain/Kconfig +++ b/src/mainboard/google/veyron_brain/Kconfig @@ -31,8 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND config CHROMEOS - select CHROMEOS_VBNV_FLASH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/veyron_danger/Kconfig b/src/mainboard/google/veyron_danger/Kconfig index 2544205..cb1dc71 100644 --- a/src/mainboard/google/veyron_danger/Kconfig +++ b/src/mainboard/google/veyron_danger/Kconfig @@ -33,8 +33,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_CHROMEOS config CHROMEOS - select CHROMEOS_VBNV_FLASH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_FLASH config MAINBOARD_DIR string diff --git a/src/mainboard/google/veyron_emile/Kconfig b/src/mainboard/google/veyron_emile/Kconfig index 895953c..059dd1f 100644 --- a/src/mainboard/google/veyron_emile/Kconfig +++ b/src/mainboard/google/veyron_emile/Kconfig @@ -31,8 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_NATIVE_VGA_INIT config CHROMEOS - select CHROMEOS_VBNV_FLASH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/veyron_mickey/Kconfig b/src/mainboard/google/veyron_mickey/Kconfig index 3bf59f2..6f489ff 100644 --- a/src/mainboard/google/veyron_mickey/Kconfig +++ b/src/mainboard/google/veyron_mickey/Kconfig @@ -31,8 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND config CHROMEOS - select CHROMEOS_VBNV_FLASH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/veyron_rialto/Kconfig b/src/mainboard/google/veyron_rialto/Kconfig index 7b15310..9321812 100644 --- a/src/mainboard/google/veyron_rialto/Kconfig +++ b/src/mainboard/google/veyron_rialto/Kconfig @@ -31,8 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND config CHROMEOS - select CHROMEOS_VBNV_FLASH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/google/veyron_romy/Kconfig b/src/mainboard/google/veyron_romy/Kconfig index ec15026..c151727 100644 --- a/src/mainboard/google/veyron_romy/Kconfig +++ b/src/mainboard/google/veyron_romy/Kconfig @@ -31,8 +31,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND config CHROMEOS - select CHROMEOS_VBNV_FLASH select PHYSICAL_REC_SWITCH + select VBOOT_VBNV_FLASH select VIRTUAL_DEV_SWITCH config MAINBOARD_DIR diff --git a/src/mainboard/intel/baskingridge/Kconfig b/src/mainboard/intel/baskingridge/Kconfig index 47aca1a..df5d312 100644 --- a/src/mainboard/intel/baskingridge/Kconfig +++ b/src/mainboard/intel/baskingridge/Kconfig @@ -15,7 +15,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/mainboard/intel/emeraldlake2/Kconfig b/src/mainboard/intel/emeraldlake2/Kconfig index dd9a7c7..9ee41e8 100644 --- a/src/mainboard/intel/emeraldlake2/Kconfig +++ b/src/mainboard/intel/emeraldlake2/Kconfig @@ -14,7 +14,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy #select MAINBOARD_HAS_CHROMEOS config CHROMEOS - #select CHROMEOS_VBNV_CMOS + #select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/mainboard/intel/strago/Kconfig b/src/mainboard/intel/strago/Kconfig index 3faa1bf..42118f9 100644 --- a/src/mainboard/intel/strago/Kconfig +++ b/src/mainboard/intel/strago/Kconfig @@ -16,10 +16,10 @@ config BOARD_SPECIFIC_OPTIONS select PCIEXP_L1_SUB_STATE config CHROMEOS - select LID_SWITCH - select CHROMEOS_VBNV_CMOS select EC_SOFTWARE_SYNC + select LID_SWITCH select VBOOT_DYNAMIC_WORK_BUFFER + select VBOOT_VBNV_CMOS select VIRTUAL_DEV_SWITCH config DYNAMIC_VNN_SUPPORT diff --git a/src/mainboard/intel/wtm2/Kconfig b/src/mainboard/intel/wtm2/Kconfig index e739efa..f57cb23 100644 --- a/src/mainboard/intel/wtm2/Kconfig +++ b/src/mainboard/intel/wtm2/Kconfig @@ -15,7 +15,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/mainboard/samsung/lumpy/Kconfig b/src/mainboard/samsung/lumpy/Kconfig index adeb9fb..7cb00e5 100644 --- a/src/mainboard/samsung/lumpy/Kconfig +++ b/src/mainboard/samsung/lumpy/Kconfig @@ -21,7 +21,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 config CHROMEOS - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/mainboard/samsung/stumpy/Kconfig b/src/mainboard/samsung/stumpy/Kconfig index 699e58e..3777f69 100644 --- a/src/mainboard/samsung/stumpy/Kconfig +++ b/src/mainboard/samsung/stumpy/Kconfig @@ -19,7 +19,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy config CHROMEOS select PHYSICAL_REC_SWITCH - select CHROMEOS_VBNV_CMOS + select VBOOT_VBNV_CMOS config MAINBOARD_DIR string diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig index 3f14880..0745679 100644 --- a/src/soc/intel/apollolake/Kconfig +++ b/src/soc/intel/apollolake/Kconfig @@ -59,13 +59,13 @@ config CPU_SPECIFIC_OPTIONS config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select CHROMEOS_VBNV_CMOS - select CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH select EC_SOFTWARE_SYNC if EC_GOOGLE_CHROMEEC select SEPARATE_VERSTAGE select VBOOT_OPROM_MATTERS select VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT select VBOOT_STARTS_IN_BOOTBLOCK + select VBOOT_VBNV_CMOS + select VBOOT_VBNV_CMOS_BACKUP_TO_FLASH select VIRTUAL_DEV_SWITCH config TPM_ON_FAST_SPI diff --git a/src/soc/intel/apollolake/lpc.c b/src/soc/intel/apollolake/lpc.c index cc4de88..5455ded 100644 --- a/src/soc/intel/apollolake/lpc.c +++ b/src/soc/intel/apollolake/lpc.c @@ -25,7 +25,7 @@ #include <soc/lpc.h> #include <soc/pci_ids.h> #include <soc/pm.h> -#include <vendorcode/google/chromeos/chromeos.h> +#include <vboot/vbnv.h> #include "chip.h" @@ -60,7 +60,7 @@ static void rtc_init(void) rtc_fail = !!(ps->gen_pmcon1 & RPS); /* Ensure the date is set including century byte. */ cmos_check_update_date(); - if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS)) + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS)) init_vbnv_cmos(rtc_fail); else cmos_init(rtc_fail); diff --git a/src/soc/intel/apollolake/pmutil.c b/src/soc/intel/apollolake/pmutil.c index e23feb2..61aa637 100644 --- a/src/soc/intel/apollolake/pmutil.c +++ b/src/soc/intel/apollolake/pmutil.c @@ -27,7 +27,7 @@ #include <soc/pm.h> #include <device/device.h> #include <device/pci.h> -#include <vendorcode/google/chromeos/vboot_common.h> +#include <vboot/vboot_common.h> static uintptr_t read_pmc_mmio_bar(void) { diff --git a/src/soc/intel/broadwell/igd.c b/src/soc/intel/broadwell/igd.c index 599a95c..d25ddcc 100644 --- a/src/soc/intel/broadwell/igd.c +++ b/src/soc/intel/broadwell/igd.c @@ -30,7 +30,7 @@ #include <soc/ramstage.h> #include <soc/systemagent.h> #include <soc/intel/broadwell/chip.h> -#include <vendorcode/google/chromeos/chromeos.h> +#include <vboot/vbnv.h> #define GT_RETRY 1000 #define GT_CDCLK_337 0 diff --git a/src/soc/intel/broadwell/lpc.c b/src/soc/intel/broadwell/lpc.c index 7e57b23..20fa345 100644 --- a/src/soc/intel/broadwell/lpc.c +++ b/src/soc/intel/broadwell/lpc.c @@ -44,11 +44,8 @@ #include <arch/acpi.h> #include <arch/acpigen.h> #include <cpu/cpu.h> - -#if IS_ENABLED(CONFIG_CHROMEOS) -#include <vendorcode/google/chromeos/chromeos.h> -#include <vendorcode/google/chromeos/vbnv_layout.h> -#endif +#include <vboot/vbnv.h> +#include <vboot/vbnv_layout.h> static void pch_enable_ioapic(struct device *dev) { @@ -175,14 +172,14 @@ static void pch_power_options(device_t dev) enable_alt_smi(config->alt_gp_smi_en); } -#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS) +#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) /* * Preserve Vboot NV data when clearing CMOS as it will * have been re-initialized already by Vboot firmware init. */ static void pch_cmos_init_preserve(int reset) { - uint8_t vbnv[VBNV_BLOCK_SIZE]; + uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE]; if (reset) read_vbnv(vbnv); @@ -207,7 +204,7 @@ static void pch_rtc_init(struct device *dev) printk(BIOS_DEBUG, "rtc_failed = 0x%x\n", rtc_failed); } -#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS) +#if IS_ENABLED(CONFIG_CHROMEOS) && IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) pch_cmos_init_preserve(rtc_failed); #else cmos_init(rtc_failed); diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index 4c055ea..b86d002 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -53,12 +53,12 @@ config CPU_SPECIFIC_OPTIONS config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select CHROMEOS_VBNV_CMOS - select CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH select EC_SOFTWARE_SYNC if EC_GOOGLE_CHROMEEC select VBOOT_EC_SLOW_UPDATE select VBOOT_OPROM_MATTERS select VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT + select VBOOT_VBNV_CMOS + select VBOOT_VBNV_CMOS_BACKUP_TO_FLASH select VIRTUAL_DEV_SWITCH config BOOTBLOCK_CPU_INIT diff --git a/src/soc/intel/skylake/igd.c b/src/soc/intel/skylake/igd.c index 4bb597c..209d22c 100644 --- a/src/soc/intel/skylake/igd.c +++ b/src/soc/intel/skylake/igd.c @@ -16,6 +16,7 @@ #include <arch/acpi.h> #include <arch/io.h> +#include <bootmode.h> #include <chip.h> #include <console/console.h> #include <delay.h> @@ -31,7 +32,7 @@ #include <soc/systemagent.h> #include <stdlib.h> #include <string.h> -#include <vendorcode/google/chromeos/chromeos.h> +#include <vboot/vbnv.h> u32 map_oprom_vendev(u32 vendev) { diff --git a/src/soc/intel/skylake/pmc.c b/src/soc/intel/skylake/pmc.c index 6b7a17b..a8ec7b6 100644 --- a/src/soc/intel/skylake/pmc.c +++ b/src/soc/intel/skylake/pmc.c @@ -35,10 +35,8 @@ #include <cpu/x86/smm.h> #include <soc/pcr.h> #include <soc/ramstage.h> -#if IS_ENABLED(CONFIG_CHROMEOS) -#include <vendorcode/google/chromeos/chromeos.h> -#include <vendorcode/google/chromeos/vbnv_layout.h> -#endif +#include <vboot/vbnv.h> +#include <vboot/vbnv_layout.h> static const struct reg_script pch_pmc_misc_init_script[] = { /* SLP_S4=4s, SLP_S3=50ms, disable SLP_X stretching after SUS loss. */ @@ -108,14 +106,14 @@ static void pch_set_acpi_mode(void) } } -#if IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS) +#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) /* * Preserve Vboot NV data when clearing CMOS as it will * have been re-initialized already by Vboot firmware init. */ static void pch_cmos_init_preserve(int reset) { - uint8_t vbnv[VBNV_BLOCK_SIZE]; + uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE]; if (reset) read_vbnv(vbnv); @@ -143,7 +141,7 @@ static void pch_rtc_init(void) /* Ensure the date is set including century byte. */ cmos_check_update_date(); -#if IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS) +#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS) pch_cmos_init_preserve(rtc_failed); #else cmos_init(rtc_failed); diff --git a/src/soc/intel/skylake/romstage/power_state.c b/src/soc/intel/skylake/romstage/power_state.c index 209beeb..cf75ccb 100644 --- a/src/soc/intel/skylake/romstage/power_state.c +++ b/src/soc/intel/skylake/romstage/power_state.c @@ -30,7 +30,7 @@ #include <soc/pci_devs.h> #include <soc/pm.h> #include <soc/romstage.h> -#include <vendorcode/google/chromeos/vboot_common.h> +#include <vboot/vboot_common.h> static struct chipset_power_state power_state CAR_GLOBAL; diff --git a/src/soc/marvell/bg4cd/Kconfig b/src/soc/marvell/bg4cd/Kconfig index 2e5b15c..cdd8597 100644 --- a/src/soc/marvell/bg4cd/Kconfig +++ b/src/soc/marvell/bg4cd/Kconfig @@ -17,7 +17,7 @@ config SOC_MARVELL_BG4CD bool default n select ARCH_BOOTBLOCK_ARMV7_M - select BOOTBLOCK_CUSTOM if VBOOT_VERIFY_FIRMWARE + select BOOTBLOCK_CUSTOM if VBOOT select ARCH_RAMSTAGE_ARMV7 select ARCH_ROMSTAGE_ARMV7 select ARCH_VERSTAGE_ARMV7_M diff --git a/src/soc/marvell/bg4cd/Makefile.inc b/src/soc/marvell/bg4cd/Makefile.inc index 717cb3b..86aa764 100644 --- a/src/soc/marvell/bg4cd/Makefile.inc +++ b/src/soc/marvell/bg4cd/Makefile.inc @@ -15,8 +15,8 @@ ifeq ($(CONFIG_SOC_MARVELL_BG4CD),y) -bootblock-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += bootblock_asm.S -bootblock-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += bootblock.c +bootblock-$(CONFIG_VBOOT) += bootblock_asm.S +bootblock-$(CONFIG_VBOOT) += bootblock.c bootblock-y += cbmem.c bootblock-y += i2c.c diff --git a/src/soc/qualcomm/ipq40xx/Kconfig b/src/soc/qualcomm/ipq40xx/Kconfig index 605cea2..f738622 100644 --- a/src/soc/qualcomm/ipq40xx/Kconfig +++ b/src/soc/qualcomm/ipq40xx/Kconfig @@ -14,9 +14,9 @@ config SOC_QC_IPQ40XX if SOC_QC_IPQ40XX config CHROMEOS - select CHROMEOS_VBNV_FLASH - select SEPARATE_VERSTAGE select RETURN_FROM_VERSTAGE + select SEPARATE_VERSTAGE + select VBOOT_VBNV_FLASH config IPQ_QFN_PART bool diff --git a/src/soc/qualcomm/ipq806x/Kconfig b/src/soc/qualcomm/ipq806x/Kconfig index aeb59ff..7ba5df5 100644 --- a/src/soc/qualcomm/ipq806x/Kconfig +++ b/src/soc/qualcomm/ipq806x/Kconfig @@ -13,7 +13,7 @@ config SOC_QC_IPQ806X if SOC_QC_IPQ806X config CHROMEOS - select CHROMEOS_VBNV_FLASH + select VBOOT_VBNV_FLASH select SEPARATE_VERSTAGE select RETURN_FROM_VERSTAGE diff --git a/src/vboot/Kconfig b/src/vboot/Kconfig new file mode 100644 index 0000000..6f9e3b9 --- /dev/null +++ b/src/vboot/Kconfig @@ -0,0 +1,143 @@ +## This file is part of the coreboot project. +## +## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +config VBOOT_VBNV_OFFSET + hex + default 0x26 + depends on PC80_SYSTEM + help + CMOS offset for VbNv data. This value must match cmos.layout + in the mainboard directory, minus 14 bytes for the RTC. + +config VBOOT_VBNV_CMOS + bool "Vboot non-volatile storage in CMOS." + default n + help + VBNV is stored in CMOS + +config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH + bool "Back up Vboot non-volatile storage from CMOS to flash." + default n + depends on VBOOT_VBNV_CMOS + help + Vboot non-volatile storage data will be backed up from CMOS to flash + and restored from flash if the CMOS is invalid due to power loss. + +config VBOOT_VBNV_EC + bool "Vboot non-volatile storage in EC." + default n + help + VBNV is stored in EC + +config VBOOT_VBNV_FLASH + def_bool n + help + VBNV is stored in flash storage + +config VBOOT_STARTS_IN_BOOTBLOCK + bool "Vboot starts verifying in bootblock" + default n + depends on VBOOT + help + Firmware verification happens during or at the end of bootblock. + +config VBOOT_STARTS_IN_ROMSTAGE + bool "Vboot starts verifying in romstage" + default n + depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK + help + Firmware verification happens during or at the end of romstage. + +config VBOOT_MOCK_SECDATA + bool "Mock secdata for firmware verification" + default n + depends on VBOOT + help + Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware + verification to avoid access to a secdata storage (typically TPM). + All operations for a secdata storage will be successful. This option + can be used during development when a TPM is not present or broken. + THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES. + +config VBOOT_DISABLE_DEV_ON_RECOVERY + bool "Disable dev mode on recovery requests" + default n + depends on VBOOT + help + When this option is enabled, the Chrome OS device leaves the + developer mode as soon as recovery request is detected. This is + handy on embedded devices with limited input capabilities. + +config SEPARATE_VERSTAGE + bool "Vboot verification is built into a separate stage" + default n + depends on VBOOT + +config RETURN_FROM_VERSTAGE + bool "The separate verification stage returns to its caller" + default n + depends on SEPARATE_VERSTAGE + help + If this is set, the verstage returns back to the calling stage instead + of exiting to the succeeding stage so that the verstage space can be + reused by the succeeding stage. This is useful if a ram space is too + small to fit both the verstage and the succeeding stage. + +config CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL + bool "The chipset provides the main() entry point for verstage" + default n + depends on SEPARATE_VERSTAGE + help + The chipset code provides their own main() entry point. + +config VBOOT_DYNAMIC_WORK_BUFFER + bool "Vboot's work buffer is dynamically allocated." + default y if ARCH_ROMSTAGE_X86_32 && !SEPARATE_VERSTAGE + default n + depends on VBOOT + help + This option is used when there isn't enough pre-main memory + ram to allocate the vboot work buffer. That means vboot verification + is after memory init and requires main memory to back the work + buffer. + +config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT + bool + default n + depends on VBOOT + help + This option ensures that the recovery request is not lost because of + reboots caused after vboot verification is run. e.g. reboots caused by + FSP components on Intel platforms. + +config VBOOT_OPROM_MATTERS + bool "Video option ROM matters (= can skip display init)" + default n + depends on VBOOT + help + Set this option to indicate to vboot that this platform will skip its + display initialization on a normal (non-recovery, non-developer) boot. + Vboot calls this "oprom matters" because on x86 devices this + traditionally meant that the video option ROM will not be loaded, but + it works functionally the same for other platforms that can skip their + native display initialization code instead. + +config VBOOT + bool "Verify firmware with vboot." + default n + depends on HAVE_HARD_RESET + help + Enabling VBOOT will use vboot to verify the components of the firmware + (stages, payload, etc). + diff --git a/src/vboot/Makefile.inc b/src/vboot/Makefile.inc new file mode 100644 index 0000000..d4f4f85 --- /dev/null +++ b/src/vboot/Makefile.inc @@ -0,0 +1,143 @@ +## +## This file is part of the coreboot project. +## +## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +libverstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__ +verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__ + +bootblock-y += vbnv.c +verstage-y += vbnv.c +romstage-y += vbnv.c +ramstage-y += vbnv.c + +bootblock-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c +verstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c +romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c +ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c + +bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c +verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c +romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c +ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c + +bootblock-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c +verstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c +romstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c +ramstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c + +bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c +verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c +romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c +ramstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c + +bootblock-y += vboot_loader.c +romstage-y += vboot_loader.c +ramstage-y += vboot_loader.c +verstage-y += vboot_loader.c +postcar-y += vboot_loader.c + +bootblock-y += vboot_common.c +verstage-y += vboot_common.c +romstage-y += vboot_common.c +ramstage-y += vboot_common.c +postcar-y += vboot_common.c + +bootblock-y += recovery.c +romstage-y += recovery.c +ramstage-y += recovery.c +verstage-y += recovery.c +postcar-y += recovery.c + +bootblock-y += common.c +libverstage-y += vboot_logic.c +verstage-y += common.c +verstage-y += verstage.c +ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y) +libverstage-y += secdata_mock.c +else +libverstage-y += secdata_tpm.c +endif +romstage-y += vboot_handoff.c common.c + +ramstage-y += common.c +postcar-y += common.c + +ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-verstage-y)) +else +ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) +VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-bootblock-y)) +else +VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-romstage-y)) +endif +endif # CONFIG_SEPARATE_VERSTAGE + +VB2_LIB = $(obj)/external/vboot_reference/vboot_fw20.a +VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%, $(filter-out -I$(obj), $(filter-out -include $(src)/include/kconfig.h, $(CPPFLAGS_libverstage)))) +VBOOT_CFLAGS += $(CFLAGS_libverstage) +VBOOT_CFLAGS += $(libverstage-c-ccopts) +VBOOT_CFLAGS += -I$(abspath $(obj)) -include $(top)/src/include/kconfig.h -Wno-missing-prototypes +VBOOT_CFLAGS += -DVBOOT_DEBUG + +$(VB2_LIB): $(obj)/config.h + @printf " MAKE $(subst $(obj)/,,$(@))\n" + $(Q)FIRMWARE_ARCH=$(VB_FIRMWARE_ARCH) \ + CC="$(CC_verstage)" \ + CFLAGS="$(VBOOT_CFLAGS)" VBOOT2="y" \ + $(MAKE) -C $(VB_SOURCE) \ + BUILD=$(abspath $(dir $(VB2_LIB))) \ + V=$(V) \ + fwlib20 + +libverstage-srcs += $(VB2_LIB) + +ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +cbfs-files-$(CONFIG_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage +$(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf +$(CONFIG_CBFS_PREFIX)/verstage-type := stage +$(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG) + +ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y) +$(CONFIG_CBFS_PREFIX)/verstage-options := -a 64 -S ".car.data" + +# If CAR does not support execution of code, verstage on x86 is expected to be +# xip. +ifneq ($(CONFIG_NO_XIP_EARLY_STAGES),y) +$(CONFIG_CBFS_PREFIX)/verstage-options += --xip +endif + +endif + +else +ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) +bootblock-srcs += $(objgenerated)/libverstage.a +else +romstage-srcs += $(objgenerated)/libverstage.a +endif +endif # CONFIG_SEPARATE_VERSTAGE + +# Define a list of files that need to be in RO only. +# All other files will be installed into RO and RW regions +# Use $(sort) to cut down on extra spaces that would be translated to commas +regions-for-file = $(subst $(spc),$(comma),$(sort \ + $(if $(filter \ + $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \ + %/romstage) \ + mts \ + %/verstage \ + locales \ + locale_%.bin \ + font.bin \ + vbgfx.bin \ + ,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B))) diff --git a/src/vboot/common.c b/src/vboot/common.c new file mode 100644 index 0000000..3fa9657 --- /dev/null +++ b/src/vboot/common.c @@ -0,0 +1,182 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <assert.h> +#include <cbfs.h> +#include <cbmem.h> +#include <console/console.h> +#include <reset.h> +#include <string.h> +#include <vb2_api.h> +#include <vboot/misc.h> +#include <vboot/symbols.h> +#include <vboot/vboot_common.h> + +struct selected_region { + uint32_t offset; + uint32_t size; +}; + +/* + * this is placed at the start of the vboot work buffer. selected_region is used + * for the verstage to return the location of the selected slot. buffer is used + * by the vboot2 core. Keep the struct cpu architecture agnostic as it crosses + * stage boundaries. + */ +struct vb2_working_data { + struct selected_region selected_region; + /* offset of the buffer from the start of this struct */ + uint32_t buffer_offset; + uint32_t buffer_size; +}; + +static const size_t vb_work_buf_size = 16 * KiB; + +static struct vb2_working_data * const vboot_get_working_data(void) +{ + if (IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER)) + /* cbmem_add() does a cbmem_find() first. */ + return cbmem_add(CBMEM_ID_VBOOT_WORKBUF, vb_work_buf_size); + else + return (struct vb2_working_data *)_vboot2_work; +} + +static size_t vb2_working_data_size(void) +{ + if (IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER)) + return vb_work_buf_size; + else + return _vboot2_work_size; +} + +static struct selected_region *vb2_selected_region(void) +{ + struct selected_region *sel_reg = NULL; + + /* Ramstage and postcar always uses cbmem as a source of truth. */ + if (ENV_RAMSTAGE || ENV_POSTCAR) + sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG); + else if (ENV_ROMSTAGE) { + /* Try cbmem first. Fall back on working data if not found. */ + sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG); + + if (sel_reg == NULL) { + struct vb2_working_data *wd = vboot_get_working_data(); + sel_reg = &wd->selected_region; + } + } else { + /* Stages such as bootblock and verstage use working data. */ + struct vb2_working_data *wd = vboot_get_working_data(); + sel_reg = &wd->selected_region; + } + + return sel_reg; +} + +void vb2_init_work_context(struct vb2_context *ctx) +{ + struct vb2_working_data *wd; + size_t work_size; + + /* First initialize the working data region. */ + work_size = vb2_working_data_size(); + wd = vboot_get_working_data(); + memset(wd, 0, work_size); + + /* + * vboot prefers 16-byte alignment. This takes away 16 bytes + * from the VBOOT2_WORK region, but the vboot devs said that's okay. + */ + wd->buffer_offset = ALIGN_UP(sizeof(*wd), 16); + wd->buffer_size = work_size - wd->buffer_offset; + + /* Initialize the vb2_context. */ + memset(ctx, 0, sizeof(*ctx)); + ctx->workbuf = (void *)vb2_get_shared_data(); + ctx->workbuf_size = wd->buffer_size; + +} + +struct vb2_shared_data *vb2_get_shared_data(void) +{ + struct vb2_working_data *wd = vboot_get_working_data(); + return (void *)((uintptr_t)wd + wd->buffer_offset); +} + +int vb2_get_selected_region(struct region *region) +{ + const struct selected_region *reg = vb2_selected_region(); + + if (reg == NULL) + return -1; + + if (reg->offset == 0 && reg->size == 0) + return -1; + + region->offset = reg->offset; + region->size = reg->size; + + return 0; +} + +void vb2_set_selected_region(const struct region *region) +{ + struct selected_region *reg = vb2_selected_region(); + + assert(reg != NULL); + + reg->offset = region_offset(region); + reg->size = region_sz(region); +} + +int vb2_is_slot_selected(void) +{ + const struct selected_region *reg = vb2_selected_region(); + + assert(reg != NULL); + + return reg->size > 0; +} + +void vb2_store_selected_region(void) +{ + const struct vb2_working_data *wd; + struct selected_region *sel_reg; + + /* Always use the working data in this path since it's the object + * which has the result.. */ + wd = vboot_get_working_data(); + + sel_reg = cbmem_add(CBMEM_ID_VBOOT_SEL_REG, sizeof(*sel_reg)); + + assert(sel_reg != NULL); + + sel_reg->offset = wd->selected_region.offset; + sel_reg->size = wd->selected_region.size; +} + +/* + * For platforms that employ VBOOT_DYNAMIC_WORK_BUFFER, the vboot + * verification doesn't happen until after cbmem is brought online. + * Therefore, the selected region contents would not be initialized + * so don't automatically add results when cbmem comes online. + */ +#if !IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER) +static void vb2_store_selected_region_cbmem(int unused) +{ + vb2_store_selected_region(); +} +ROMSTAGE_CBMEM_INIT_HOOK(vb2_store_selected_region_cbmem) +#endif diff --git a/src/vboot/misc.h b/src/vboot/misc.h new file mode 100644 index 0000000..dc94720 --- /dev/null +++ b/src/vboot/misc.h @@ -0,0 +1,40 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __VBOOT_MISC_H__ +#define __VBOOT_MISC_H__ + +#include <vboot/vboot_common.h> + +struct vb2_context; +struct vb2_shared_data; + +void vboot_fill_handoff(void); + +void vb2_init_work_context(struct vb2_context *ctx); +struct vb2_shared_data *vb2_get_shared_data(void); + +/* Returns 0 on success. < 0 on failure. */ +int vb2_get_selected_region(struct region *region); +void vb2_set_selected_region(const struct region *region); +int vb2_is_slot_selected(void); +int vb2_logic_executed(void); + +/* Store the selected region in cbmem for later use. */ +void vb2_store_selected_region(void); + +void vb2_save_recovery_reason_vbnv(void); + +#endif /* __VBOOT_MISC_H__ */ diff --git a/src/vboot/recovery.c b/src/vboot/recovery.c new file mode 100644 index 0000000..6e6eb0e --- /dev/null +++ b/src/vboot/recovery.c @@ -0,0 +1,152 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2016 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <assert.h> +#include <bootmode.h> +#include <bootstate.h> +#include <rules.h> +#include <string.h> +#include <vb2_api.h> +#include <vboot/misc.h> +#include <vboot/vbnv.h> +#include <vboot/vboot_common.h> + +static int vb2_get_recovery_reason_shared_data(void) +{ + /* Shared data does not exist for Ramstage and Post-CAR stage. */ + if (ENV_RAMSTAGE || ENV_POSTCAR) + return 0; + + struct vb2_shared_data *sd = vb2_get_shared_data(); + assert(sd); + return sd->recovery_reason; +} + +void vb2_save_recovery_reason_vbnv(void) +{ + if (!IS_ENABLED(CONFIG_VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT)) + return; + + int reason = vb2_get_recovery_reason_shared_data(); + if (!reason) + return; + + set_recovery_mode_into_vbnv(reason); +} + +static void vb2_clear_recovery_reason_vbnv(void *unused) +{ + if (!IS_ENABLED(CONFIG_VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT)) + return; + + set_recovery_mode_into_vbnv(0); +} + +/* + * Recovery reason stored in VBNV needs to be cleared before the state of VBNV + * is backed-up anywhere or jumping to the payload (whichever occurs + * first). Currently, vbnv_cmos.c backs up VBNV on POST_DEVICE. Thus, we need to + * make sure that the stored recovery reason is cleared off before that + * happens. + * IMPORTANT: Any reboot occurring after BS_DEV_INIT state will cause loss of + * recovery reason on reboot. Until now, we have seen reboots occuring on x86 + * only in FSP stages which run before BS_DEV_INIT. + */ +BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, + vb2_clear_recovery_reason_vbnv, NULL); + +/* + * Returns 0 for the stages where we know that cbmem does not come online. + * Even if this function returns 1 for romstage, depending upon the point in + * bootup, cbmem might not actually be online. + */ +static int cbmem_possibly_online(void) +{ + if (ENV_BOOTBLOCK) + return 0; + + if (ENV_VERSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) + return 0; + + return 1; +} + +/* + * Returns 1 if vboot is being used and currently in a stage which might have + * already executed vboot verification. + */ +static int vboot_possibly_executed(void) +{ + if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) { + if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + return 0; + return 1; + } + + if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) { + if (ENV_BOOTBLOCK) + return 0; + return 1; + } + + return 0; +} + +/* + * vb2_check_recovery_request looks up different components to identify if there + * is a recovery request and returns appropriate reason code: + * 1. Checks if recovery mode is initiated by EC. If yes, returns + * VB2_RECOVERY_RO_MANUAL. + * 2. Checks if recovery request is present in VBNV and returns the code read + * from it. + * 3. Checks recovery request in handoff for stages post-cbmem. + * 4. For non-CBMEM stages, check if vboot verification is done and look-up + * selected region to identify if vboot_refence library has requested recovery + * path. If yes, return the reason code from shared data. + * 5. If nothing applies, return 0 indicating no recovery request. + */ +int vboot_check_recovery_request(void) +{ + int reason = 0; + + /* EC-initiated recovery. */ + if (get_recovery_mode_switch()) + return VB2_RECOVERY_RO_MANUAL; + + /* Recovery request in VBNV. */ + if ((reason = get_recovery_mode_from_vbnv()) != 0) + return reason; + + /* + * Check recovery flag in vboot_handoff for stages post CBMEM coming + * online. Since for some stages there is no way to know if cbmem has + * already come online, try looking up handoff anyways. If it fails, + * flow will fallback to looking up shared data. + */ + if (cbmem_possibly_online() && + ((reason = vboot_handoff_get_recovery_reason()) != 0)) + return reason; + + /* + * For stages where CBMEM might not be online, identify if vboot + * verification is already complete and no slot was selected + * i.e. recovery path was requested. + */ + if (vboot_possibly_executed() && vb2_logic_executed() && + !vb2_is_slot_selected()) + return vb2_get_recovery_reason_shared_data(); + + return 0; +} diff --git a/src/vboot/secdata_mock.c b/src/vboot/secdata_mock.c new file mode 100644 index 0000000..03616c1 --- /dev/null +++ b/src/vboot/secdata_mock.c @@ -0,0 +1,38 @@ +/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Functions for querying, manipulating and locking rollback indices + * stored in the TPM NVRAM. + */ + +#include <antirollback.h> +#include <stdlib.h> +#include <vb2_api.h> + +uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr, + enum vb2_pcr_digest which_digest) +{ + return TPM_SUCCESS; +} + +uint32_t tpm_clear_and_reenable(void) +{ + return TPM_SUCCESS; +} + +uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) +{ + vb2api_secdata_create(ctx); + return TPM_SUCCESS; +} + +uint32_t antirollback_write_space_firmware(struct vb2_context *ctx) +{ + return TPM_SUCCESS; +} + +uint32_t antirollback_lock_space_firmware() +{ + return TPM_SUCCESS; +} diff --git a/src/vboot/secdata_tpm.c b/src/vboot/secdata_tpm.c new file mode 100644 index 0000000..a51e5d6 --- /dev/null +++ b/src/vboot/secdata_tpm.c @@ -0,0 +1,436 @@ +/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Functions for querying, manipulating and locking rollback indices + * stored in the TPM NVRAM. + */ + +#include <antirollback.h> +#include <stdlib.h> +#include <string.h> +#include <tpm_lite/tlcl.h> +#include <vb2_api.h> +#include <console/console.h> + +#ifndef offsetof +#define offsetof(A,B) __builtin_offsetof(A,B) +#endif + +#ifdef FOR_TEST +#include <stdio.h> +#define VBDEBUG(format, args...) printf(format, ## args) +#else +#include <console/console.h> +#define VBDEBUG(format, args...) \ + printk(BIOS_INFO, "%s():%d: " format, __func__, __LINE__, ## args) +#endif + +#define RETURN_ON_FAILURE(tpm_cmd) do { \ + uint32_t result_; \ + if ((result_ = (tpm_cmd)) != TPM_SUCCESS) { \ + VBDEBUG("Antirollback: %08x returned by " #tpm_cmd \ + "\n", (int)result_); \ + return result_; \ + } \ + } while (0) + + +static uint32_t safe_write(uint32_t index, const void *data, uint32_t length); + +uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr, + enum vb2_pcr_digest which_digest) +{ + uint8_t buffer[VB2_PCR_DIGEST_RECOMMENDED_SIZE]; + uint32_t size = sizeof(buffer); + int rv; + + rv = vb2api_get_pcr_digest(ctx, which_digest, buffer, &size); + if (rv != VB2_SUCCESS) + return rv; + if (size < TPM_PCR_DIGEST) + return VB2_ERROR_UNKNOWN; + + return tlcl_extend(pcr, buffer, NULL); +} + +static uint32_t read_space_firmware(struct vb2_context *ctx) +{ + int attempts = 3; + + while (attempts--) { + RETURN_ON_FAILURE(tlcl_read(FIRMWARE_NV_INDEX, ctx->secdata, + VB2_SECDATA_SIZE)); + + if (vb2api_secdata_check(ctx) == VB2_SUCCESS) + return TPM_SUCCESS; + + VBDEBUG("TPM: %s() - bad CRC\n", __func__); + } + + VBDEBUG("TPM: %s() - too many bad CRCs, giving up\n", __func__); + return TPM_E_CORRUPTED_STATE; +} + +static uint32_t write_secdata(uint32_t index, + const uint8_t *secdata, + uint32_t len) +{ + uint8_t sd[32]; + uint32_t rv; + int attempts = 3; + + if (len > sizeof(sd)) { + VBDEBUG("TPM: %s() - data is too large\n", __func__); + return TPM_E_WRITE_FAILURE; + } + + while (attempts--) { + rv = safe_write(index, secdata, len); + /* Can't write, not gonna try again */ + if (rv != TPM_SUCCESS) + return rv; + + /* Read it back to be sure it got the right values. */ + rv = tlcl_read(index, sd, len); + if (rv == TPM_SUCCESS && memcmp(secdata, sd, len) == 0) + return rv; + + VBDEBUG("TPM: %s() failed. trying again\n", __func__); + /* Try writing it again. Maybe it was garbled on the way out. */ + } + + VBDEBUG("TPM: %s() - too many failures, giving up\n", __func__); + + return TPM_E_CORRUPTED_STATE; +} + +/* + * This is derived from rollback_index.h of vboot_reference. see struct + * RollbackSpaceKernel for details. + */ +static const uint8_t secdata_kernel[] = { + 0x02, + 0x4C, 0x57, 0x52, 0x47, + 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + 0xE8, +}; + +#if IS_ENABLED(CONFIG_TPM2) + +/* Nothing special in the TPM2 path yet. */ +static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) +{ + return tlcl_write(index, data, length); +} + +static uint32_t set_firmware_space(const void *firmware_blob) +{ + RETURN_ON_FAILURE(tlcl_define_space(FIRMWARE_NV_INDEX, + VB2_SECDATA_SIZE)); + RETURN_ON_FAILURE(safe_write(FIRMWARE_NV_INDEX, firmware_blob, + VB2_SECDATA_SIZE)); + return TPM_SUCCESS; +} + +static uint32_t set_kernel_space(const void *kernel_blob) +{ + RETURN_ON_FAILURE(tlcl_define_space(KERNEL_NV_INDEX, + sizeof(secdata_kernel))); + RETURN_ON_FAILURE(safe_write(KERNEL_NV_INDEX, kernel_blob, + sizeof(secdata_kernel))); + return TPM_SUCCESS; +} + +static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) +{ + RETURN_ON_FAILURE(tlcl_force_clear()); + RETURN_ON_FAILURE(set_firmware_space(ctx->secdata)); + RETURN_ON_FAILURE(set_kernel_space(secdata_kernel)); + return TPM_SUCCESS; +} + +uint32_t tpm_clear_and_reenable(void) +{ + VBDEBUG("TPM: Clear and re-enable\n"); + return TPM_SUCCESS; +} + +uint32_t antirollback_lock_space_firmware(void) +{ + return tlcl_lock_nv_write(FIRMWARE_NV_INDEX); +} + +#else + +uint32_t tpm_clear_and_reenable(void) +{ + VBDEBUG("TPM: Clear and re-enable\n"); + RETURN_ON_FAILURE(tlcl_force_clear()); + RETURN_ON_FAILURE(tlcl_set_enable()); + RETURN_ON_FAILURE(tlcl_set_deactivated(0)); + + return TPM_SUCCESS; +} + +/** + * Like tlcl_write(), but checks for write errors due to hitting the 64-write + * limit and clears the TPM when that happens. This can only happen when the + * TPM is unowned, so it is OK to clear it (and we really have no choice). + * This is not expected to happen frequently, but it could happen. + */ + +static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) +{ + uint32_t result = tlcl_write(index, data, length); + if (result == TPM_E_MAXNVWRITES) { + RETURN_ON_FAILURE(tpm_clear_and_reenable()); + return tlcl_write(index, data, length); + } else { + return result; + } +} + +/** + * Similarly to safe_write(), this ensures we don't fail a DefineSpace because + * we hit the TPM write limit. This is even less likely to happen than with + * writes because we only define spaces once at initialization, but we'd + * rather be paranoid about this. + */ +static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size) +{ + uint32_t result = tlcl_define_space(index, perm, size); + if (result == TPM_E_MAXNVWRITES) { + RETURN_ON_FAILURE(tpm_clear_and_reenable()); + return tlcl_define_space(index, perm, size); + } else { + return result; + } +} + +static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) +{ + TPM_PERMANENT_FLAGS pflags; + uint32_t result; + + result = tlcl_get_permanent_flags(&pflags); + if (result != TPM_SUCCESS) + return result; + + /* + * TPM may come from the factory without physical presence finalized. + * Fix if necessary. + */ + VBDEBUG("TPM: physicalPresenceLifetimeLock=%d\n", + pflags.physicalPresenceLifetimeLock); + if (!pflags.physicalPresenceLifetimeLock) { + VBDEBUG("TPM: Finalizing physical presence\n"); + RETURN_ON_FAILURE(tlcl_finalize_physical_presence()); + } + + /* + * The TPM will not enforce the NV authorization restrictions until the + * execution of a TPM_NV_DefineSpace with the handle of + * TPM_NV_INDEX_LOCK. Here we create that space if it doesn't already + * exist. */ + VBDEBUG("TPM: nvLocked=%d\n", pflags.nvLocked); + if (!pflags.nvLocked) { + VBDEBUG("TPM: Enabling NV locking\n"); + RETURN_ON_FAILURE(tlcl_set_nv_locked()); + } + + /* Clear TPM owner, in case the TPM is already owned for some reason. */ + VBDEBUG("TPM: Clearing owner\n"); + RETURN_ON_FAILURE(tpm_clear_and_reenable()); + + /* Define the backup space. No need to initialize it, though. */ + RETURN_ON_FAILURE(safe_define_space(BACKUP_NV_INDEX, + TPM_NV_PER_PPWRITE, + VB2_NVDATA_SIZE)); + + /* Define and initialize the kernel space */ + RETURN_ON_FAILURE(safe_define_space(KERNEL_NV_INDEX, + TPM_NV_PER_PPWRITE, + sizeof(secdata_kernel))); + RETURN_ON_FAILURE(write_secdata(KERNEL_NV_INDEX, + secdata_kernel, + sizeof(secdata_kernel))); + + /* Defines and sets vb2 secdata space */ + vb2api_secdata_create(ctx); + RETURN_ON_FAILURE(safe_define_space(FIRMWARE_NV_INDEX, + TPM_NV_PER_GLOBALLOCK | + TPM_NV_PER_PPWRITE, + VB2_SECDATA_SIZE)); + RETURN_ON_FAILURE(write_secdata(FIRMWARE_NV_INDEX, + ctx->secdata, + VB2_SECDATA_SIZE)); + return TPM_SUCCESS; +} + +uint32_t antirollback_lock_space_firmware(void) +{ + return tlcl_set_global_lock(); +} +#endif + +uint32_t factory_initialize_tpm(struct vb2_context *ctx) +{ + uint32_t result; + + /* Defines and sets vb2 secdata space */ + vb2api_secdata_create(ctx); + + VBDEBUG("TPM: factory initialization\n"); + + /* + * Do a full test. This only happens the first time the device is + * turned on in the factory, so performance is not an issue. This is + * almost certainly not necessary, but it gives us more confidence + * about some code paths below that are difficult to + * test---specifically the ones that set lifetime flags, and are only + * executed once per physical TPM. + */ + result = tlcl_self_test_full(); + if (result != TPM_SUCCESS) + return result; + + result = _factory_initialize_tpm(ctx); + if (result != TPM_SUCCESS) + return result; + + VBDEBUG("TPM: factory initialization successful\n"); + + return TPM_SUCCESS; +} + +/* + * SetupTPM starts the TPM and establishes the root of trust for the + * anti-rollback mechanism. SetupTPM can fail for three reasons. 1 A bug. 2 a + * TPM hardware failure. 3 An unexpected TPM state due to some attack. In + * general we cannot easily distinguish the kind of failure, so our strategy is + * to reboot in recovery mode in all cases. The recovery mode calls SetupTPM + * again, which executes (almost) the same sequence of operations. There is a + * good chance that, if recovery mode was entered because of a TPM failure, the + * failure will repeat itself. (In general this is impossible to guarantee + * because we have no way of creating the exact TPM initial state at the + * previous boot.) In recovery mode, we ignore the failure and continue, thus + * giving the recovery kernel a chance to fix things (that's why we don't set + * bGlobalLock). The choice is between a knowingly insecure device and a + * bricked device. + * + * As a side note, observe that we go through considerable hoops to avoid using + * the STCLEAR permissions for the index spaces. We do this to avoid writing + * to the TPM flashram at every reboot or wake-up, because of concerns about + * the durability of the NVRAM. + */ +uint32_t setup_tpm(struct vb2_context *ctx) +{ + uint8_t disable; + uint8_t deactivated; + uint32_t result; + + RETURN_ON_FAILURE(tlcl_lib_init()); + + /* Handle special init for S3 resume path */ + if (ctx->flags & VB2_CONTEXT_S3_RESUME) { + result = tlcl_resume(); + if (result == TPM_E_INVALID_POSTINIT) + printk(BIOS_DEBUG, "TPM: Already initialized.\n"); + return TPM_SUCCESS; + } + +#ifdef TEGRA_SOFT_REBOOT_WORKAROUND + result = tlcl_startup(); + if (result == TPM_E_INVALID_POSTINIT) { + /* + * Some prototype hardware doesn't reset the TPM on a CPU + * reset. We do a hard reset to get around this. + */ + VBDEBUG("TPM: soft reset detected\n", result); + ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; + return TPM_E_MUST_REBOOT; + } else if (result != TPM_SUCCESS) { + VBDEBUG("TPM: tlcl_startup returned %08x\n", result); + return result; + } +#else + RETURN_ON_FAILURE(tlcl_startup()); +#endif + + /* + * Some TPMs start the self test automatically at power on. In that case + * we don't need to call ContinueSelfTest. On some (other) TPMs, + * continue_self_test may block. In that case, we definitely don't want + * to call it here. For TPMs in the intersection of these two sets, we + * are screwed. (In other words: TPMs that require manually starting the + * self-test AND block will have poor performance until we split + * tlcl_send_receive() into send() and receive(), and have a state + * machine to control setup.) + * + * This comment is likely to become obsolete in the near future, so + * don't trust it. It may have not been updated. + */ +#ifdef TPM_MANUAL_SELFTEST +#ifdef TPM_BLOCKING_CONTINUESELFTEST +#warning "lousy TPM!" +#endif + RETURN_ON_FAILURE(tlcl_continue_self_test()); +#endif + result = tlcl_assert_physical_presence(); + if (result != TPM_SUCCESS) { + /* + * It is possible that the TPM was delivered with the physical + * presence command disabled. This tries enabling it, then + * tries asserting PP again. + */ + RETURN_ON_FAILURE(tlcl_physical_presence_cmd_enable()); + RETURN_ON_FAILURE(tlcl_assert_physical_presence()); + } + + /* Check that the TPM is enabled and activated. */ + RETURN_ON_FAILURE(tlcl_get_flags(&disable, &deactivated, NULL)); + if (disable || deactivated) { + VBDEBUG("TPM: disabled (%d) or deactivated (%d). Fixing...\n", + disable, deactivated); + RETURN_ON_FAILURE(tlcl_set_enable()); + RETURN_ON_FAILURE(tlcl_set_deactivated(0)); + VBDEBUG("TPM: Must reboot to re-enable\n"); + ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; + return TPM_E_MUST_REBOOT; + } + + VBDEBUG("TPM: SetupTPM() succeeded\n"); + return TPM_SUCCESS; +} + +uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) +{ + uint32_t rv; + + rv = setup_tpm(ctx); + if (rv) + return rv; + + /* Read the firmware space. */ + rv = read_space_firmware(ctx); + if (rv == TPM_E_BADINDEX) { + /* + * This seems the first time we've run. Initialize the TPM. + */ + VBDEBUG("TPM: Not initialized yet.\n"); + RETURN_ON_FAILURE(factory_initialize_tpm(ctx)); + } else if (rv != TPM_SUCCESS) { + VBDEBUG("TPM: Firmware space in a bad state; giving up.\n"); + //RETURN_ON_FAILURE(factory_initialize_tpm(ctx)); + return TPM_E_CORRUPTED_STATE; + } + + return TPM_SUCCESS; +} + +uint32_t antirollback_write_space_firmware(struct vb2_context *ctx) +{ + return write_secdata(FIRMWARE_NV_INDEX, ctx->secdata, VB2_SECDATA_SIZE); +} diff --git a/src/vboot/symbols.h b/src/vboot/symbols.h new file mode 100644 index 0000000..fb3d654 --- /dev/null +++ b/src/vboot/symbols.h @@ -0,0 +1,28 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2016 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __VBOOT_SYMBOLS_H__ +#define __VBOOT_SYMBOLS_H__ + +extern u8 _vboot2_work[]; +extern u8 _evboot2_work[]; +#define _vboot2_work_size (_evboot2_work - _vboot2_work) + +/* Careful: _e<stage> and _<stage>_size only defined for the current stage! */ +extern u8 _verstage[]; +extern u8 _everstage[]; +#define _verstage_size (_everstage - _verstage) + +#endif /* __VBOOT_SYMBOLS_H__ */ diff --git a/src/vboot/vbnv.c b/src/vboot/vbnv.c new file mode 100644 index 0000000..ce64928 --- /dev/null +++ b/src/vboot/vbnv.c @@ -0,0 +1,142 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2016 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <arch/early_variables.h> +#include <string.h> +#include <types.h> +#include <vboot/vbnv.h> +#include <vboot/vbnv_layout.h> + +static int vbnv_initialized CAR_GLOBAL; +static uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE] CAR_GLOBAL; + +/* Wrappers for accessing the variables marked as CAR_GLOBAL. */ +static inline int is_vbnv_initialized(void) +{ + return car_get_var(vbnv_initialized); +} + +static inline uint8_t *vbnv_data_addr(int index) +{ + uint8_t *vbnv_arr = car_get_var_ptr(vbnv); + + return &vbnv_arr[index]; +} + +static inline uint8_t vbnv_data(int index) +{ + return *vbnv_data_addr(index); +} + +/* Return CRC-8 of the data, using x^8 + x^2 + x + 1 polynomial. */ +static uint8_t crc8_vbnv(const uint8_t *data, int len) +{ + unsigned crc = 0; + int i, j; + + for (j = len; j; j--, data++) { + crc ^= (*data << 8); + for (i = 8; i; i--) { + if (crc & 0x8000) + crc ^= (0x1070 << 3); + crc <<= 1; + } + } + + return (uint8_t) (crc >> 8); +} + +static void reset_vbnv(uint8_t *vbnv_copy) +{ + memset(vbnv_copy, 0, VBOOT_VBNV_BLOCK_SIZE); +} + +/* Read VBNV data into cache. */ +static void vbnv_setup(void) +{ + if (!is_vbnv_initialized()) { + read_vbnv(vbnv_data_addr(0)); + car_set_var(vbnv_initialized, 1); + } +} + +/* Verify VBNV header and checksum. */ +int verify_vbnv(uint8_t *vbnv_copy) +{ + return (HEADER_SIGNATURE == (vbnv_copy[HEADER_OFFSET] & HEADER_MASK)) && + (crc8_vbnv(vbnv_copy, CRC_OFFSET) == vbnv_copy[CRC_OFFSET]); +} + +/* + * Read VBNV data from configured storage backend. + * If VBNV verification fails, reset the vbnv copy. + */ +void read_vbnv(uint8_t *vbnv_copy) +{ + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS)) + read_vbnv_cmos(vbnv_copy); + else if (IS_ENABLED(CONFIG_VBOOT_VBNV_EC)) + read_vbnv_ec(vbnv_copy); + else if (IS_ENABLED(CONFIG_VBOOT_VBNV_FLASH)) + read_vbnv_flash(vbnv_copy); + + /* Check data for consistency */ + if (!verify_vbnv(vbnv_copy)) + reset_vbnv(vbnv_copy); +} + +/* + * Write VBNV data to configured storage backend. + * This assumes that the caller has updated the CRC already. + */ +void save_vbnv(const uint8_t *vbnv_copy) +{ + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS)) + save_vbnv_cmos(vbnv_copy); + else if (IS_ENABLED(CONFIG_VBOOT_VBNV_EC)) + save_vbnv_ec(vbnv_copy); + else if (IS_ENABLED(CONFIG_VBOOT_VBNV_FLASH)) + save_vbnv_flash(vbnv_copy); + + /* Clear initialized flag to force cached data to be updated */ + car_set_var(vbnv_initialized, 0); +} + +/* Save a recovery reason into VBNV. */ +void set_recovery_mode_into_vbnv(int recovery_reason) +{ + uint8_t vbnv_copy[VBOOT_VBNV_BLOCK_SIZE]; + + read_vbnv(vbnv_copy); + + vbnv_copy[RECOVERY_OFFSET] = recovery_reason; + vbnv_copy[CRC_OFFSET] = crc8_vbnv(vbnv_copy, CRC_OFFSET); + + save_vbnv(vbnv_copy); +} + +/* Read the recovery reason from VBNV. */ +int get_recovery_mode_from_vbnv(void) +{ + vbnv_setup(); + return vbnv_data(RECOVERY_OFFSET); +} + +/* Read the BOOT_OPROM_NEEDED flag from VBNV. */ +int vboot_wants_oprom(void) +{ + vbnv_setup(); + return (vbnv_data(BOOT_OFFSET) & BOOT_OPROM_NEEDED) ? 1 : 0; +} diff --git a/src/vboot/vbnv.h b/src/vboot/vbnv.h new file mode 100644 index 0000000..78ca8f6 --- /dev/null +++ b/src/vboot/vbnv.h @@ -0,0 +1,42 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2016 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __VBOOT_VBNV_H__ +#define __VBOOT_VBNV_H__ + +#include <types.h> + +/* Generic functions */ +void read_vbnv(uint8_t *vbnv_copy); +void save_vbnv(const uint8_t *vbnv_copy); +int verify_vbnv(uint8_t *vbnv_copy); +int get_recovery_mode_from_vbnv(void); +void set_recovery_mode_into_vbnv(int recovery_reason); +int vboot_wants_oprom(void); + +/* CMOS backend */ +void read_vbnv_cmos(uint8_t *vbnv_copy); +void save_vbnv_cmos(const uint8_t *vbnv_copy); +void init_vbnv_cmos(int rtc_fail); + +/* Flash backend */ +void read_vbnv_flash(uint8_t *vbnv_copy); +void save_vbnv_flash(const uint8_t *vbnv_copy); + +/* EC backend */ +void read_vbnv_ec(uint8_t *vbnv_copy); +void save_vbnv_ec(const uint8_t *vbnv_copy); + +#endif /* __VBOOT_VBNV_H__ */ diff --git a/src/vboot/vbnv_cmos.c b/src/vboot/vbnv_cmos.c new file mode 100644 index 0000000..5eda8e6 --- /dev/null +++ b/src/vboot/vbnv_cmos.c @@ -0,0 +1,79 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <bootstate.h> +#include <console/console.h> +#include <types.h> +#include <pc80/mc146818rtc.h> +#include <vboot/vbnv.h> +#include <vboot/vbnv_layout.h> + +void read_vbnv_cmos(uint8_t *vbnv_copy) +{ + int i; + + for (i = 0; i < VBOOT_VBNV_BLOCK_SIZE; i++) + vbnv_copy[i] = cmos_read(CONFIG_VBOOT_VBNV_OFFSET + 14 + i); + + if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH)) { + if (verify_vbnv(vbnv_copy)) + return; + + printk(BIOS_INFO, "VBNV: CMOS invalid, restoring from flash\n"); + read_vbnv_flash(vbnv_copy); + + if (verify_vbnv(vbnv_copy)) { + save_vbnv_cmos(vbnv_copy); + printk(BIOS_INFO, "VBNV: Flash backup restored\n"); + } else { + printk(BIOS_INFO, "VBNV: Restore from flash failed\n"); + } + } +} + +void save_vbnv_cmos(const uint8_t *vbnv_copy) +{ + int i; + + for (i = 0; i < VBOOT_VBNV_BLOCK_SIZE; i++) + cmos_write(vbnv_copy[i], CONFIG_VBOOT_VBNV_OFFSET + 14 + i); +} + +void init_vbnv_cmos(int rtc_fail) +{ + uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE]; + + if (rtc_fail) + read_vbnv_cmos(vbnv); + + cmos_init(rtc_fail); + + if (rtc_fail) + save_vbnv_cmos(vbnv); +} + +#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) +static void back_up_vbnv_cmos(void *unused) +{ + uint8_t vbnv_cmos[VBOOT_VBNV_BLOCK_SIZE]; + + /* Read current VBNV from CMOS. */ + read_vbnv_cmos(vbnv_cmos); + + /* Save to flash, will only be saved if different. */ + save_vbnv_flash(vbnv_cmos); +} +BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_EXIT, back_up_vbnv_cmos, NULL); +#endif diff --git a/src/vboot/vbnv_ec.c b/src/vboot/vbnv_ec.c new file mode 100644 index 0000000..99e2b82 --- /dev/null +++ b/src/vboot/vbnv_ec.c @@ -0,0 +1,30 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <types.h> +#include <ec/google/chromeec/ec.h> +#include <vboot/vbnv.h> +#include <vboot/vbnv_layout.h> + +void read_vbnv_ec(uint8_t *vbnv_copy) +{ + google_chromeec_vbnv_context(1, vbnv_copy, VBOOT_VBNV_BLOCK_SIZE); +} + +void save_vbnv_ec(const uint8_t *vbnv_copy) +{ + google_chromeec_vbnv_context(0, (uint8_t *)vbnv_copy, + VBOOT_VBNV_BLOCK_SIZE); +} diff --git a/src/vboot/vbnv_flash.c b/src/vboot/vbnv_flash.c new file mode 100644 index 0000000..8b60be2 --- /dev/null +++ b/src/vboot/vbnv_flash.c @@ -0,0 +1,228 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <arch/early_variables.h> +#include <assert.h> +#include <commonlib/region.h> +#include <console/console.h> +#include <spi_flash.h> +#include <string.h> +#include <vb2_api.h> +#include <vboot_nvstorage.h> +#include <vboot/vboot_common.h> +#include <vboot/vbnv.h> +#include <vboot/vbnv_layout.h> + +#define BLOB_SIZE VB2_NVDATA_SIZE + +struct vbnv_flash_ctx { + /* VBNV flash is initialized */ + int initialized; + + /* Offset of the current nvdata in SPI flash */ + int blob_offset; + + /* Offset of the topmost nvdata blob in SPI flash */ + int top_offset; + + /* SPI flash handler used when saving data */ + struct spi_flash *flash; + + /* FMAP descriptor of the NVRAM area */ + struct region_device region; + + /* Cache of the current nvdata */ + uint8_t cache[BLOB_SIZE]; +}; +static struct vbnv_flash_ctx vbnv_flash CAR_GLOBAL; + +/* + * This code assumes that flash is erased to 1-bits, and write operations can + * only change 1-bits to 0-bits. So if the new contents only change 1-bits to + * 0-bits, we can reuse the current blob. + */ +static inline uint8_t erase_value(void) +{ + return 0xff; +} + +static inline int can_overwrite(uint8_t current, uint8_t new) +{ + return (current & new) == new; +} + +static int init_vbnv(void) +{ + struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); + uint8_t buf[BLOB_SIZE]; + uint8_t empty_blob[BLOB_SIZE]; + int offset; + int i; + + if (vboot_named_region_device("RW_NVRAM", &ctx->region) || + region_device_sz(&ctx->region) < BLOB_SIZE) { + printk(BIOS_ERR, "%s: failed to locate NVRAM\n", __func__); + return 1; + } + + /* Prepare an empty blob to compare against. */ + for (i = 0; i < BLOB_SIZE; i++) + empty_blob[i] = erase_value(); + + offset = 0; + ctx->top_offset = region_device_sz(&ctx->region) - BLOB_SIZE; + + /* + * after the loop, offset is supposed to point the blob right before + * the first empty blob, the last blob in the nvram if there is no + * empty blob, or the base of the region if the nvram has never been + * used. + */ + for (i = 0; i <= ctx->top_offset; i += BLOB_SIZE) { + if (rdev_readat(&ctx->region, buf, i, BLOB_SIZE) < 0) { + printk(BIOS_ERR, "failed to read nvdata\n"); + return 1; + } + if (!memcmp(buf, empty_blob, BLOB_SIZE)) + break; + offset = i; + } + + /* reread the nvdata and write it to the cache */ + if (rdev_readat(&ctx->region, ctx->cache, offset, BLOB_SIZE) < 0) { + printk(BIOS_ERR, "failed to read nvdata\n"); + return 1; + } + + ctx->blob_offset = offset; + ctx->initialized = 1; + + return 0; +} + +static void vbnv_is_erasable(void) +{ + /* + * We check whether the region is aligned or not in advance to ensure + * we can erase the region when it's all used up. + * + * The region offset & size are determined by fmap.dts yet the check can + * be confidently done only by the spi flash driver. We use the same + * check as the one used by spi_flash_cmd_erase, which happens to be + * common to all the spi flash parts we support. + * + * TODO: Check by calling can_erase implemented by each spi flash driver + */ + struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); + + assert(!(region_device_offset(&ctx->region) % ctx->flash->sector_size)); + assert(!(region_device_sz(&ctx->region) % ctx->flash->sector_size)); +} + +static int vbnv_flash_probe(void) +{ + struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); + + if (!ctx->flash) { + ctx->flash = spi_flash_probe(CONFIG_BOOT_MEDIA_SPI_BUS, 0); + if (!ctx->flash) { + printk(BIOS_ERR, "failed to probe spi flash\n"); + return 1; + } + /* + * Called here instead of init_vbnv to reduce impact on boot + * speed. + */ + vbnv_is_erasable(); + } + + /* + * Handle the case where spi_flash_probe returns a CAR_GLOBAL + * in early execution on x86 but then later is moved to RAM. + */ + ctx->flash = car_get_var_ptr(ctx->flash); + + return 0; +} + +static int erase_nvram(void) +{ + struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); + + if (vbnv_flash_probe()) + return 1; + + if (ctx->flash->erase(ctx->flash, region_device_offset(&ctx->region), + region_device_sz(&ctx->region))) { + printk(BIOS_ERR, "failed to erase nvram\n"); + return 1; + } + + printk(BIOS_INFO, "nvram is cleared\n"); + return 0; +} + +void read_vbnv_flash(uint8_t *vbnv_copy) +{ + struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); + + if (!ctx->initialized) + if (init_vbnv()) + return; /* error */ + + memcpy(vbnv_copy, ctx->cache, BLOB_SIZE); +} + +void save_vbnv_flash(const uint8_t *vbnv_copy) +{ + struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); + int new_offset; + int i; + + if (!ctx->initialized) + if (init_vbnv()) + return; /* error */ + + /* Bail out if there have been no changes. */ + if (!memcmp(vbnv_copy, ctx->cache, BLOB_SIZE)) + return; + + new_offset = ctx->blob_offset; + + /* See if we can overwrite the current blob with the new one */ + for (i = 0; i < BLOB_SIZE; i++) { + if (!can_overwrite(ctx->cache[i], vbnv_copy[i])) { + /* unable to overwrite. need to use the next blob */ + new_offset += BLOB_SIZE; + if (new_offset > ctx->top_offset) { + if (erase_nvram()) + return; /* error */ + new_offset = 0; + } + break; + } + } + + if (!vbnv_flash_probe() && + !ctx->flash->write(ctx->flash, + region_device_offset(&ctx->region) + new_offset, + BLOB_SIZE, vbnv_copy)) { + /* write was successful. safely move pointer forward */ + ctx->blob_offset = new_offset; + memcpy(ctx->cache, vbnv_copy, BLOB_SIZE); + } else { + printk(BIOS_ERR, "failed to save nvdata\n"); + } +} diff --git a/src/vboot/vbnv_layout.h b/src/vboot/vbnv_layout.h new file mode 100644 index 0000000..59acd0c --- /dev/null +++ b/src/vboot/vbnv_layout.h @@ -0,0 +1,47 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2015 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __VBOOT_VBNV_LAYOUT_H__ +#define __VBOOT_VBNV_LAYOUT_H__ + +#define VBOOT_VBNV_BLOCK_SIZE 16 /* Size of NV storage block in bytes */ + +/* Constants for NV storage. We use this rather than structs and + * bitfields so the data format is consistent across platforms and + * compilers. + */ +#define HEADER_OFFSET 0 +#define HEADER_MASK 0xC0 +#define HEADER_SIGNATURE 0x40 +#define HEADER_FIRMWARE_SETTINGS_RESET 0x20 +#define HEADER_KERNEL_SETTINGS_RESET 0x10 + +#define BOOT_OFFSET 1 +#define BOOT_DEBUG_RESET_MODE 0x80 +#define BOOT_DISABLE_DEV_REQUEST 0x40 +#define BOOT_OPROM_NEEDED 0x20 +#define BOOT_TRY_B_COUNT_MASK 0x0F + +#define RECOVERY_OFFSET 2 +#define LOCALIZATION_OFFSET 3 + +#define DEV_FLAGS_OFFSET 4 +#define DEV_BOOT_USB_MASK 0x01 +#define DEV_BOOT_SIGNED_ONLY_MASK 0x02 + +#define KERNEL_FIELD_OFFSET 11 +#define CRC_OFFSET 15 + +#endif /* __VBOOT_VBNV_LAYOUT_H__ */ diff --git a/src/vboot/vboot_common.c b/src/vboot/vboot_common.c new file mode 100644 index 0000000..319e0de --- /dev/null +++ b/src/vboot/vboot_common.c @@ -0,0 +1,110 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <boot/coreboot_tables.h> +#include <boot_device.h> +#include <cbmem.h> +#include <console/cbmem_console.h> +#include <console/console.h> +#include <fmap.h> +#include <reset.h> +#include <rules.h> +#include <stddef.h> +#include <string.h> +#include <vboot/vboot_common.h> + +int vboot_named_region_device(const char *name, struct region_device *rdev) +{ + return fmap_locate_area_as_rdev(name, rdev); +} + +/* ========================== VBOOT HANDOFF APIs =========================== */ +int vboot_get_handoff_info(void **addr, uint32_t *size) +{ + /* + * vboot_handoff is present only after cbmem comes online. If we are in + * pre-ram stage, then bail out early. + */ + if (ENV_BOOTBLOCK || + (ENV_VERSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))) + return -1; + + struct vboot_handoff *vboot_handoff; + vboot_handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF); + + if (vboot_handoff == NULL) + return -1; + + *addr = vboot_handoff; + + if (size) + *size = sizeof(*vboot_handoff); + return 0; +} + +static int vboot_get_handoff_flag(uint32_t flag) +{ + struct vboot_handoff *vbho; + + /* + * If vboot_handoff cannot be found, return default value of flag as 0. + */ + if (vboot_get_handoff_info((void **)&vbho, NULL)) + return 0; + + return !!(vbho->init_params.out_flags & flag); +} + +int vboot_handoff_skip_display_init(void) +{ + return !vboot_get_handoff_flag(VB_INIT_OUT_ENABLE_DISPLAY); +} + +int vboot_handoff_check_developer_flag(void) +{ + return vboot_get_handoff_flag(VB_INIT_OUT_ENABLE_DEVELOPER); +} + +int vboot_handoff_check_recovery_flag(void) +{ + return vboot_get_handoff_flag(VB_INIT_OUT_ENABLE_RECOVERY); +} + +int vboot_handoff_get_recovery_reason(void) +{ + struct vboot_handoff *vbho; + VbSharedDataHeader *sd; + + if (vboot_get_handoff_info((void **)&vbho, NULL)) + return 0; + + sd = (VbSharedDataHeader *)vbho->shared_data; + + return sd->recovery_reason; +} + +/* ============================ VBOOT REBOOT ============================== */ +void __attribute__((weak)) vboot_platform_prepare_reboot(void) +{ +} + +void vboot_reboot(void) +{ + if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART)) + cbmem_dump_console(); + vboot_platform_prepare_reboot(); + hard_reset(); + die("failed to reboot"); +} diff --git a/src/vboot/vboot_common.h b/src/vboot/vboot_common.h new file mode 100644 index 0000000..684a66b --- /dev/null +++ b/src/vboot/vboot_common.h @@ -0,0 +1,104 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2014 Google, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ +#ifndef __VBOOT_VBOOT_COMMON_H__ +#define __VBOOT_VBOOT_COMMON_H__ + +#include <commonlib/region.h> +#include <stdint.h> +#include <vboot_api.h> +#include <vboot_struct.h> + +/* Locate vboot area by name. Returns 0 on success and -1 on error. */ +int vboot_named_region_device(const char *name, struct region_device *rdev); + +/* + * Function to check if there is a request to enter recovery mode. Returns + * reason code if request to enter recovery mode is present, otherwise 0. + */ +int vboot_check_recovery_request(void); + +/* ========================== VBOOT HANDOFF APIs =========================== */ +/* + * The vboot_handoff structure contains the data to be consumed by downstream + * firmware after firmware selection has been completed. Namely it provides + * vboot shared data as well as the flags from VbInit. + */ +struct vboot_handoff { + VbInitParams init_params; + uint32_t selected_firmware; + char shared_data[VB_SHARED_DATA_MIN_SIZE]; +} __attribute__((packed)); + +/* + * vboot_get_handoff_info returns pointer to the vboot_handoff structure if + * available. vboot_handoff is available only after CBMEM comes online. If size + * is not NULL, size of the vboot_handoff structure is returned in it. + * Returns 0 on success and -1 on error. + */ +int vboot_get_handoff_info(void **addr, uint32_t *size); + +/* + * The following functions read vboot_handoff structure to obtain requested + * information. If vboot handoff is not available, 0 is returned by default. + * If vboot handoff is available: + * Returns 1 for flag if true + * Returns 0 for flag if false + * Returns value read for other fields + */ +int vboot_handoff_skip_display_init(void); +int vboot_handoff_check_recovery_flag(void); +int vboot_handoff_check_developer_flag(void); +int vboot_handoff_get_recovery_reason(void); + +/* ============================ VBOOT REBOOT ============================== */ +/* + * vboot_reboot handles the reboot requests made by vboot_reference library. It + * allows the platform to run any preparation steps before the reboot and then + * does a hard reset. + */ +void vboot_reboot(void); + +/* Allow the platform to do any clean up work when vboot requests a reboot. */ +void vboot_platform_prepare_reboot(void); + +/* ============================ VBOOT RESUME ============================== */ +/* + * Save the provided hash digest to a secure location to check against in + * the resume path. Returns 0 on success, < 0 on error. + */ +int vboot_save_hash(void *digest, size_t digest_size); + +/* + * Retrieve the previously saved hash digest. Returns 0 on success, + * < 0 on error. + */ +int vboot_retrieve_hash(void *digest, size_t digest_size); + +/* + * Determine if the platform is resuming from suspend. Returns 0 when + * not resuming, > 0 if resuming, and < 0 on error. + */ +int vboot_platform_is_resuming(void); + +/* ============================= VERSTAGE ================================== */ +/* + * Main logic for verified boot. verstage() is the stage entry point + * while the verstage_main() is just the core logic. + */ +void verstage_main(void); +void verstage(void); +void verstage_mainboard_init(void); + +#endif /* __VBOOT_VBOOT_COMMON_H__ */ diff --git a/src/vboot/vboot_handoff.c b/src/vboot/vboot_handoff.c new file mode 100644 index 0000000..b0bd04c --- /dev/null +++ b/src/vboot/vboot_handoff.c @@ -0,0 +1,180 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2013 Google, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <arch/stages.h> +#include <assert.h> +#include <bootmode.h> +#include <stdint.h> +#include <stddef.h> +#include <string.h> +#include <cbfs.h> +#include <cbmem.h> +#include <console/console.h> +#include <console/vtxprintf.h> +#include <fmap.h> +#include <stdlib.h> +#include <timestamp.h> +#define NEED_VB20_INTERNALS /* TODO: remove me! */ +#include <vb2_api.h> +#include <vboot_struct.h> +#include <vboot/vbnv.h> +#include <vboot/misc.h> + +/** + * Sets vboot_handoff based on the information in vb2_shared_data + */ +static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff, + struct vb2_shared_data *vb2_sd) +{ + VbSharedDataHeader *vb_sd = + (VbSharedDataHeader *)vboot_handoff->shared_data; + uint32_t *oflags = &vboot_handoff->init_params.out_flags; + + vb_sd->flags |= VBSD_BOOT_FIRMWARE_VBOOT2; + + vboot_handoff->selected_firmware = vb2_sd->fw_slot; + + vb_sd->firmware_index = vb2_sd->fw_slot; + + vb_sd->magic = VB_SHARED_DATA_MAGIC; + vb_sd->struct_version = VB_SHARED_DATA_VERSION; + vb_sd->struct_size = sizeof(VbSharedDataHeader); + vb_sd->data_size = VB_SHARED_DATA_MIN_SIZE; + vb_sd->data_used = sizeof(VbSharedDataHeader); + vb_sd->fw_version_tpm = vb2_sd->fw_version_secdata; + + if (get_write_protect_state()) + vb_sd->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED; + if (get_sw_write_protect_state()) + vb_sd->flags |= VBSD_BOOT_FIRMWARE_SW_WP_ENABLED; + + if (vb2_sd->recovery_reason) { + vb_sd->firmware_index = 0xFF; + if (vb2_sd->flags & VB2_SD_FLAG_MANUAL_RECOVERY) + vb_sd->flags |= VBSD_BOOT_REC_SWITCH_ON; + *oflags |= VB_INIT_OUT_ENABLE_RECOVERY; + *oflags |= VB_INIT_OUT_CLEAR_RAM; + *oflags |= VB_INIT_OUT_ENABLE_DISPLAY; + *oflags |= VB_INIT_OUT_ENABLE_USB_STORAGE; + } + if (vb2_sd->flags & VB2_SD_DEV_MODE_ENABLED) { + *oflags |= VB_INIT_OUT_ENABLE_DEVELOPER; + *oflags |= VB_INIT_OUT_CLEAR_RAM; + *oflags |= VB_INIT_OUT_ENABLE_DISPLAY; + *oflags |= VB_INIT_OUT_ENABLE_USB_STORAGE; + vb_sd->flags |= VBSD_BOOT_DEV_SWITCH_ON; + vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON; + } + /* TODO: Set these in depthcharge */ + if (IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH)) + vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH; + if (IS_ENABLED(CONFIG_EC_SOFTWARE_SYNC)) + vb_sd->flags |= VBSD_EC_SOFTWARE_SYNC; + if (!IS_ENABLED(CONFIG_PHYSICAL_REC_SWITCH)) + vb_sd->flags |= VBSD_BOOT_REC_SWITCH_VIRTUAL; + if (IS_ENABLED(CONFIG_VBOOT_EC_SLOW_UPDATE)) + vb_sd->flags |= VBSD_EC_SLOW_UPDATE; + if (IS_ENABLED(CONFIG_VBOOT_OPROM_MATTERS)) { + vb_sd->flags |= VBSD_OPROM_MATTERS; + /* + * Inform vboot if the display was enabled by dev/rec + * mode or was requested by vboot kernel phase. + */ + if ((*oflags & VB_INIT_OUT_ENABLE_DISPLAY) || + vboot_wants_oprom()) { + vb_sd->flags |= VBSD_OPROM_LOADED; + *oflags |= VB_INIT_OUT_ENABLE_DISPLAY; + } + } + + /* In vboot1, VBSD_FWB_TRIED is + * set only if B is booted as explicitly requested. Therefore, if B is + * booted because A was found bad, the flag should not be set. It's + * better not to touch it if we can only ambiguously control it. */ + /* if (vb2_sd->fw_slot) + vb_sd->flags |= VBSD_FWB_TRIED; */ + + /* copy kernel subkey if it's found */ + if (vb2_sd->workbuf_preamble_size) { + struct vb2_fw_preamble *fp; + uintptr_t dst, src; + printk(BIOS_INFO, "Copying FW preamble\n"); + fp = (struct vb2_fw_preamble *)((uintptr_t)vb2_sd + + vb2_sd->workbuf_preamble_offset); + src = (uintptr_t)&fp->kernel_subkey + + fp->kernel_subkey.key_offset; + dst = (uintptr_t)vb_sd + sizeof(VbSharedDataHeader); + assert(dst + fp->kernel_subkey.key_size <= + (uintptr_t)vboot_handoff + sizeof(*vboot_handoff)); + memcpy((void *)dst, (void *)src, + fp->kernel_subkey.key_size); + vb_sd->data_used += fp->kernel_subkey.key_size; + vb_sd->kernel_subkey.key_offset = + dst - (uintptr_t)&vb_sd->kernel_subkey; + vb_sd->kernel_subkey.key_size = fp->kernel_subkey.key_size; + vb_sd->kernel_subkey.algorithm = fp->kernel_subkey.algorithm; + vb_sd->kernel_subkey.key_version = + fp->kernel_subkey.key_version; + } + + vb_sd->recovery_reason = vb2_sd->recovery_reason; +} + +void vboot_fill_handoff(void) +{ + struct vboot_handoff *vh; + struct vb2_shared_data *sd; + + sd = vb2_get_shared_data(); + sd->workbuf_hash_offset = 0; + sd->workbuf_hash_size = 0; + + printk(BIOS_INFO, "creating vboot_handoff structure\n"); + vh = cbmem_add(CBMEM_ID_VBOOT_HANDOFF, sizeof(*vh)); + if (vh == NULL) + /* we don't need to failover gracefully here because this + * shouldn't happen with the image that has passed QA. */ + die("failed to allocate vboot_handoff structure\n"); + + memset(vh, 0, sizeof(*vh)); + + /* needed until we finish transtion to vboot2 for kernel verification */ + fill_vboot_handoff(vh, sd); + + /* + * The recovery mode switch is cleared (typically backed by EC) here + * to allow multiple queries to get_recovery_mode_switch() and have + * them return consistent results during the verified boot path as well + * as dram initialization. x86 systems ignore the saved dram settings + * in the recovery path in order to start from a clean slate. Therefore + * clear the state here since this function is called when memory + * is known to be up. + */ + clear_recovery_mode_switch(); +} + +/* + * For platforms that employ VBOOT_DYNAMIC_WORK_BUFFER, the vboot + * verification doesn't happen until after cbmem is brought online. + * Therefore, the vboot results would not be initialized so don't + * automatically add results when cbmem comes online. + */ +#if !IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER) +static void vb2_fill_handoff_cbmem(int unused) +{ + vboot_fill_handoff(); +} +ROMSTAGE_CBMEM_INIT_HOOK(vb2_fill_handoff_cbmem) +#endif diff --git a/src/vboot/vboot_loader.c b/src/vboot/vboot_loader.c new file mode 100644 index 0000000..7395fd7 --- /dev/null +++ b/src/vboot/vboot_loader.c @@ -0,0 +1,159 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2015 Google, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <arch/early_variables.h> +#include <cbfs.h> +#include <cbmem.h> +#include <console/console.h> +#include <rmodule.h> +#include <rules.h> +#include <string.h> +#include <vboot/misc.h> +#include <vboot/symbols.h> +#include <vboot/vboot_common.h> + +/* The stage loading code is compiled and entered from multiple stages. The + * helper functions below attempt to provide more clarity on when certain + * code should be called. */ + +static int verification_should_run(void) +{ + if (ENV_VERSTAGE && IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + return 1; + + if (!IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) { + if (ENV_ROMSTAGE && + IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) + return 1; + if (ENV_BOOTBLOCK && + IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) + return 1; + } + + return 0; +} + +static int verstage_should_load(void) +{ + if (!IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + return 0; + + if (ENV_ROMSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) + return 1; + + if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) + return 1; + + return 0; +} + +static int vboot_executed CAR_GLOBAL; + +int vb2_logic_executed(void) +{ + /* If this stage is supposed to run the vboot logic ensure it has been + * executed. */ + if (verification_should_run() && car_get_var(vboot_executed)) + return 1; + + /* If this stage is supposed to load verstage and verstage is returning + * back to the calling stage check that it has been executed. */ + if (verstage_should_load() && IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) + if (car_get_var(vboot_executed)) + return 1; + + /* Handle all other stages post vboot execution. */ + if (!ENV_BOOTBLOCK) { + if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) + return 1; + if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE) && + !ENV_ROMSTAGE) + return 1; + } + + return 0; +} + +static void vboot_prepare(void) +{ + if (verification_should_run()) { + verstage_main(); + car_set_var(vboot_executed, 1); + vb2_save_recovery_reason_vbnv(); + } else if (verstage_should_load()) { + struct cbfsf file; + struct prog verstage = + PROG_INIT(PROG_VERSTAGE, + CONFIG_CBFS_PREFIX "/verstage"); + + printk(BIOS_DEBUG, "VBOOT: Loading verstage.\n"); + + /* load verstage from RO */ + if (cbfs_boot_locate(&file, prog_name(&verstage), NULL)) + die("failed to load verstage"); + + cbfs_file_data(prog_rdev(&verstage), &file); + + if (cbfs_prog_stage_load(&verstage)) + die("failed to load verstage"); + + /* verify and select a slot */ + prog_run(&verstage); + + /* This is not actually possible to hit this condition at + * runtime, but this provides a hint to the compiler for dead + * code elimination below. */ + if (!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) + return; + + car_set_var(vboot_executed, 1); + } + + /* + * Fill in vboot cbmem objects before moving to ramstage so all + * downstream users have access to vboot results. This path only + * applies to platforms employing VBOOT_DYNAMIC_WORK_BUFFER because + * cbmem comes online prior to vboot verification taking place. For + * other platforms the vboot cbmem objects are initialized when + * cbmem comes online. + */ + if (ENV_ROMSTAGE && IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER)) { + vb2_store_selected_region(); + vboot_fill_handoff(); + } +} + +static int vboot_locate(struct cbfs_props *props) +{ + struct region selected_region; + + /* Don't honor vboot results until the vboot logic has run. */ + if (!vb2_logic_executed()) + return -1; + + if (vb2_get_selected_region(&selected_region)) + return -1; + + props->offset = region_offset(&selected_region); + props->size = region_sz(&selected_region); + + return 0; +} + +const struct cbfs_locator vboot_locator = { + .name = "VBOOT", + .prepare = vboot_prepare, + .locate = vboot_locate, +}; diff --git a/src/vboot/vboot_logic.c b/src/vboot/vboot_logic.c new file mode 100644 index 0000000..bc6ab48 --- /dev/null +++ b/src/vboot/vboot_logic.c @@ -0,0 +1,415 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2014 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <antirollback.h> +#include <arch/exception.h> +#include <assert.h> +#include <bootmode.h> +#include <console/console.h> +#include <console/vtxprintf.h> +#include <delay.h> +#include <string.h> +#include <timestamp.h> +#include <vb2_api.h> +#include <vboot/misc.h> +#include <vboot/vbnv.h> + +/* The max hash size to expect is for SHA512. */ +#define VBOOT_MAX_HASH_SIZE VB2_SHA512_DIGEST_SIZE + +#define TODO_BLOCK_SIZE 1024 + +static int is_slot_a(struct vb2_context *ctx) +{ + return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B); +} + +/* exports */ + +void vb2ex_printf(const char *func, const char *fmt, ...) +{ + va_list args; + + printk(BIOS_INFO, "VB2:%s() ", func); + va_start(args, fmt); + do_printk_va_list(BIOS_INFO, fmt, args); + va_end(args); + + return; +} + +int vb2ex_tpm_clear_owner(struct vb2_context *ctx) +{ + uint32_t rv; + printk(BIOS_INFO, "Clearing TPM owner\n"); + rv = tpm_clear_and_reenable(); + if (rv) + return VB2_ERROR_EX_TPM_CLEAR_OWNER; + return VB2_SUCCESS; +} + +int vb2ex_read_resource(struct vb2_context *ctx, + enum vb2_resource_index index, + uint32_t offset, + void *buf, + uint32_t size) +{ + struct region_device rdev; + const char *name; + + switch (index) { + case VB2_RES_GBB: + name = "GBB"; + break; + case VB2_RES_FW_VBLOCK: + if (is_slot_a(ctx)) + name = "VBLOCK_A"; + else + name = "VBLOCK_B"; + break; + default: + return VB2_ERROR_EX_READ_RESOURCE_INDEX; + } + + if (vboot_named_region_device(name, &rdev)) + return VB2_ERROR_EX_READ_RESOURCE_SIZE; + + if (rdev_readat(&rdev, buf, offset, size) != size) + return VB2_ERROR_EX_READ_RESOURCE_SIZE; + + return VB2_SUCCESS; +} + +/* No-op stubs that can be overridden by SoCs with hardware crypto support. */ +__attribute__((weak)) +int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, + uint32_t data_size) +{ + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; +} + +__attribute__((weak)) +int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) +{ + BUG(); /* Should never get called if init() returned an error. */ + return VB2_ERROR_UNKNOWN; +} + +__attribute__((weak)) +int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size) +{ + BUG(); /* Should never get called if init() returned an error. */ + return VB2_ERROR_UNKNOWN; +} + +static int handle_digest_result(void *slot_hash, size_t slot_hash_sz) +{ + int is_resume; + + /* + * Nothing to do since resuming on the platform doesn't require + * vboot verification again. + */ + if (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT)) + return 0; + + /* + * Assume that if vboot doesn't start in bootblock verified + * RW memory init code is not employed. i.e. memory init code + * lives in RO CBFS. + */ + if (!IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) + return 0; + + is_resume = vboot_platform_is_resuming(); + + if (is_resume > 0) { + uint8_t saved_hash[VBOOT_MAX_HASH_SIZE]; + const size_t saved_hash_sz = sizeof(saved_hash); + + assert(slot_hash_sz == saved_hash_sz); + + printk(BIOS_DEBUG, "Platform is resuming.\n"); + + if (vboot_retrieve_hash(saved_hash, saved_hash_sz)) { + printk(BIOS_ERR, "Couldn't retrieve saved hash.\n"); + return -1; + } + + if (memcmp(saved_hash, slot_hash, slot_hash_sz)) { + printk(BIOS_ERR, "Hash mismatch on resume.\n"); + return -1; + } + } else if (is_resume < 0) + printk(BIOS_ERR, "Unable to determine if platform resuming.\n"); + + printk(BIOS_DEBUG, "Saving vboot hash.\n"); + + /* Always save the hash for the current boot. */ + if (vboot_save_hash(slot_hash, slot_hash_sz)) { + printk(BIOS_ERR, "Error saving vboot hash.\n"); + /* Though this is an error don't report it up since it could + * lead to a reboot loop. The consequence of this is that + * we will most likely fail resuming because of EC issues or + * the hash digest not matching. */ + return 0; + } + + return 0; +} + +static int hash_body(struct vb2_context *ctx, struct region_device *fw_main) +{ + uint64_t load_ts; + uint32_t expected_size; + uint8_t block[TODO_BLOCK_SIZE]; + uint8_t hash_digest[VBOOT_MAX_HASH_SIZE]; + const size_t hash_digest_sz = sizeof(hash_digest); + size_t block_size = sizeof(block); + size_t offset; + int rv; + + /* Clear the full digest so that any hash digests less than the + * max have trailing zeros. */ + memset(hash_digest, 0, hash_digest_sz); + + /* + * Since loading the firmware and calculating its hash is intertwined, + * we use this little trick to measure them separately and pretend it + * was first loaded and then hashed in one piece with the timestamps. + * (This split won't make sense with memory-mapped media like on x86.) + */ + load_ts = timestamp_get(); + timestamp_add(TS_START_HASH_BODY, load_ts); + + expected_size = region_device_sz(fw_main); + offset = 0; + + /* Start the body hash */ + rv = vb2api_init_hash(ctx, VB2_HASH_TAG_FW_BODY, &expected_size); + if (rv) + return rv; + + /* + * Honor vboot's RW slot size. The expected size is pulled out of + * the preamble and obtained through vb2api_init_hash() above. By + * creating sub region the RW slot portion of the boot media is + * limited. + */ + if (rdev_chain(fw_main, fw_main, 0, expected_size)) { + printk(BIOS_ERR, "Unable to restrict CBFS size.\n"); + return VB2_ERROR_UNKNOWN; + } + + /* Extend over the body */ + while (expected_size) { + uint64_t temp_ts; + if (block_size > expected_size) + block_size = expected_size; + + temp_ts = timestamp_get(); + if (rdev_readat(fw_main, block, offset, block_size) < 0) + return VB2_ERROR_UNKNOWN; + load_ts += timestamp_get() - temp_ts; + + rv = vb2api_extend_hash(ctx, block, block_size); + if (rv) + return rv; + + expected_size -= block_size; + offset += block_size; + } + + timestamp_add(TS_DONE_LOADING, load_ts); + timestamp_add_now(TS_DONE_HASHING); + + /* Check the result (with RSA signature verification) */ + rv = vb2api_check_hash_get_digest(ctx, hash_digest, hash_digest_sz); + if (rv) + return rv; + + timestamp_add_now(TS_END_HASH_BODY); + + if (handle_digest_result(hash_digest, hash_digest_sz)) + return VB2_ERROR_UNKNOWN; + + return VB2_SUCCESS; +} + +static int locate_firmware(struct vb2_context *ctx, + struct region_device *fw_main) +{ + const char *name; + + if (is_slot_a(ctx)) + name = "FW_MAIN_A"; + else + name = "FW_MAIN_B"; + + return vboot_named_region_device(name, fw_main); +} + +/** + * Save non-volatile and/or secure data if needed. + */ +static void save_if_needed(struct vb2_context *ctx) +{ + if (ctx->flags & VB2_CONTEXT_NVDATA_CHANGED) { + printk(BIOS_INFO, "Saving nvdata\n"); + save_vbnv(ctx->nvdata); + ctx->flags &= ~VB2_CONTEXT_NVDATA_CHANGED; + } + if (ctx->flags & VB2_CONTEXT_SECDATA_CHANGED) { + printk(BIOS_INFO, "Saving secdata\n"); + antirollback_write_space_firmware(ctx); + ctx->flags &= ~VB2_CONTEXT_SECDATA_CHANGED; + } +} + +static uint32_t extend_pcrs(struct vb2_context *ctx) +{ + return tpm_extend_pcr(ctx, 0, BOOT_MODE_PCR) || + tpm_extend_pcr(ctx, 1, HWID_DIGEST_PCR); +} + +/** + * Verify and select the firmware in the RW image + * + * TODO: Avoid loading a stage twice (once in hash_body & again in load_stage). + * when per-stage verification is ready. + */ +void verstage_main(void) +{ + struct vb2_context ctx; + struct region_device fw_main; + int rv; + + timestamp_add_now(TS_START_VBOOT); + + /* Set up context and work buffer */ + vb2_init_work_context(&ctx); + + /* Read nvdata from a non-volatile storage. */ + read_vbnv(ctx.nvdata); + + /* Set S3 resume flag if vboot should behave differently when selecting + * which slot to boot. This is only relevant to vboot if the platform + * does verification of memory init and thus must ensure it resumes with + * the same slot that it booted from. */ + if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && + IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) && + vboot_platform_is_resuming()) + ctx.flags |= VB2_CONTEXT_S3_RESUME; + + /* Read secdata from TPM. Initialize TPM if secdata not found. We don't + * check the return value here because vb2api_fw_phase1 will catch + * invalid secdata and tell us what to do (=reboot). */ + timestamp_add_now(TS_START_TPMINIT); + antirollback_read_space_firmware(&ctx); + timestamp_add_now(TS_END_TPMINIT); + + if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) && + get_developer_mode_switch()) + ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; + + if (get_recovery_mode_switch()) { + ctx.flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE; + if (IS_ENABLED(CONFIG_VBOOT_DISABLE_DEV_ON_RECOVERY)) + ctx.flags |= VB2_DISABLE_DEVELOPER_MODE; + } + + if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) + ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE; + + if (IS_ENABLED(CONFIG_LID_SWITCH) && !get_lid_switch()) + ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT; + + /* Do early init (set up secdata and NVRAM, load GBB) */ + printk(BIOS_INFO, "Phase 1\n"); + rv = vb2api_fw_phase1(&ctx); + + if (rv) { + /* + * If vb2api_fw_phase1 fails, check for return value. + * If it is set to VB2_ERROR_API_PHASE1_RECOVERY, then continue + * into recovery mode. + * For any other error code, save context if needed and reboot. + */ + if (rv == VB2_ERROR_API_PHASE1_RECOVERY) { + printk(BIOS_INFO, "Recovery requested (%x)\n", rv); + save_if_needed(&ctx); + extend_pcrs(&ctx); /* ignore failures */ + timestamp_add_now(TS_END_VBOOT); + return; + } + + printk(BIOS_INFO, "Reboot reqested (%x)\n", rv); + save_if_needed(&ctx); + vboot_reboot(); + } + + /* Determine which firmware slot to boot (based on NVRAM) */ + printk(BIOS_INFO, "Phase 2\n"); + rv = vb2api_fw_phase2(&ctx); + if (rv) { + printk(BIOS_INFO, "Reboot requested (%x)\n", rv); + save_if_needed(&ctx); + vboot_reboot(); + } + + /* Try that slot (verify its keyblock and preamble) */ + printk(BIOS_INFO, "Phase 3\n"); + timestamp_add_now(TS_START_VERIFY_SLOT); + rv = vb2api_fw_phase3(&ctx); + timestamp_add_now(TS_END_VERIFY_SLOT); + if (rv) { + printk(BIOS_INFO, "Reboot requested (%x)\n", rv); + save_if_needed(&ctx); + vboot_reboot(); + } + + printk(BIOS_INFO, "Phase 4\n"); + rv = locate_firmware(&ctx, &fw_main); + if (rv) + die("Failed to read FMAP to locate firmware"); + + rv = hash_body(&ctx, &fw_main); + save_if_needed(&ctx); + if (rv) { + printk(BIOS_INFO, "Reboot requested (%x)\n", rv); + vboot_reboot(); + } + + rv = extend_pcrs(&ctx); + if (rv) { + printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv); + vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); + save_if_needed(&ctx); + vboot_reboot(); + } + + /* Lock TPM */ + rv = antirollback_lock_space_firmware(); + if (rv) { + printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv); + vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0); + save_if_needed(&ctx); + vboot_reboot(); + } + + printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B'); + vb2_set_selected_region(region_device_region(&fw_main)); + timestamp_add_now(TS_END_VBOOT); +} diff --git a/src/vboot/verstage.c b/src/vboot/verstage.c new file mode 100644 index 0000000..0ec9ca6 --- /dev/null +++ b/src/vboot/verstage.c @@ -0,0 +1,44 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2015 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <arch/exception.h> +#include <arch/hlt.h> +#include <console/console.h> +#include <program_loading.h> +#include <vboot/vboot_common.h> + +void __attribute__((weak)) verstage_mainboard_init(void) +{ + /* Default empty implementation. */ +} + +void verstage(void) +{ + console_init(); + exception_init(); + verstage_mainboard_init(); + + if (IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) { + verstage_main(); + } else { + run_romstage(); + hlt(); + } +} + +#if !IS_ENABLED(CONFIG_CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL) +/* This is for boards that rely on main() for an entry point of a stage. */ +void main(void) __attribute__((alias ("verstage"))); +#endif diff --git a/src/vendorcode/google/Kconfig b/src/vendorcode/google/Kconfig index 74c573a..f275e6c 100644 --- a/src/vendorcode/google/Kconfig +++ b/src/vendorcode/google/Kconfig @@ -13,4 +13,3 @@ ## source src/vendorcode/google/chromeos/Kconfig - diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index f97a4e1..944a706 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -28,7 +28,7 @@ config CHROMEOS select BOOTMODE_STRAPS select ELOG if SPI_FLASH select COLLECT_TIMESTAMPS - select VBOOT_VERIFY_FIRMWARE + select VBOOT select MULTIPLE_CBFS_INSTANCES help Enable ChromeOS specific features like the GPIO sub table in @@ -37,39 +37,6 @@ config CHROMEOS if CHROMEOS -config VBNV_OFFSET - hex - default 0x26 - depends on PC80_SYSTEM - help - CMOS offset for VbNv data. This value must match cmos.layout - in the mainboard directory, minus 14 bytes for the RTC. - -config CHROMEOS_VBNV_CMOS - bool "Vboot non-volatile storage in CMOS." - default n - help - VBNV is stored in CMOS - -config CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH - bool "Back up Vboot non-volatile storage from CMOS to flash." - default n - depends on CHROMEOS_VBNV_CMOS - help - Vboot non-volatile storage data will be backed up from CMOS to flash - and restored from flash if the CMOS is invalid due to power loss. - -config CHROMEOS_VBNV_EC - bool "Vboot non-volatile storage in EC." - default n - help - VBNV is stored in EC - -config CHROMEOS_VBNV_FLASH - def_bool n - help - VBNV is stored in flash storage - config CHROMEOS_RAMOOPS bool "Reserve space for Chrome OS ramoops" default y @@ -97,7 +64,7 @@ config CHROMEOS_RAMOOPS_RAM_SIZE config EC_SOFTWARE_SYNC bool "Enable EC software sync" default n - depends on VBOOT_VERIFY_FIRMWARE + depends on VBOOT help EC software sync is a mechanism where the AP helps the EC verify its firmware similar to how vboot verifies the main system firmware. This @@ -111,33 +78,13 @@ config VBOOT_EC_SLOW_UPDATE Whether the EC (or PD) is slow to update and needs to display a screen that informs the user the update is happening. -config VBOOT_OPROM_MATTERS - bool "Video option ROM matters (= can skip display init)" - default n - depends on VBOOT_VERIFY_FIRMWARE - help - Set this option to indicate to vboot that this platform will skip its - display initialization on a normal (non-recovery, non-developer) boot. - Vboot calls this "oprom matters" because on x86 devices this - traditionally meant that the video option ROM will not be loaded, but - it works functionally the same for other platforms that can skip their - native display initialization code instead. - config VIRTUAL_DEV_SWITCH bool "Virtual developer switch support" default n - depends on VBOOT_VERIFY_FIRMWARE + depends on VBOOT help Whether this platform has a virtual developer switch. -config VBOOT_VERIFY_FIRMWARE - bool "Verify firmware with vboot." - default n - depends on HAVE_HARD_RESET - help - Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the components - of the firmware (stages, payload, etc). - config NO_TPM_RESUME bool default n @@ -172,8 +119,6 @@ config HAVE_REGULATORY_DOMAIN help This option is needed to add ACPI regulatory domain methods -source src/vendorcode/google/chromeos/vboot2/Kconfig - menu "GBB configuration" config GBB_HWID diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 18ce13e..253c30e 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -18,31 +18,6 @@ verstage-y += chromeos.c romstage-y += chromeos.c ramstage-y += chromeos.c -bootblock-y += vbnv.c -verstage-y += vbnv.c -romstage-y += vbnv.c -ramstage-y += vbnv.c - -bootblock-$(CONFIG_CHROMEOS_VBNV_CMOS) += vbnv_cmos.c -verstage-$(CONFIG_CHROMEOS_VBNV_CMOS) += vbnv_cmos.c -romstage-$(CONFIG_CHROMEOS_VBNV_CMOS) += vbnv_cmos.c -ramstage-$(CONFIG_CHROMEOS_VBNV_CMOS) += vbnv_cmos.c - -bootblock-$(CONFIG_CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c -verstage-$(CONFIG_CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c -romstage-$(CONFIG_CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c -ramstage-$(CONFIG_CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c - -bootblock-$(CONFIG_CHROMEOS_VBNV_EC) += vbnv_ec.c -verstage-$(CONFIG_CHROMEOS_VBNV_EC) += vbnv_ec.c -romstage-$(CONFIG_CHROMEOS_VBNV_EC) += vbnv_ec.c -ramstage-$(CONFIG_CHROMEOS_VBNV_EC) += vbnv_ec.c - -bootblock-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c -verstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c -romstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c -ramstage-$(CONFIG_CHROMEOS_VBNV_FLASH) += vbnv_flash.c - ramstage-$(CONFIG_ELOG) += elog.c ramstage-$(CONFIG_HAVE_ACPI_TABLES) += gnvs.c ramstage-$(CONFIG_CHROMEOS_RAMOOPS) += ramoops.c @@ -60,8 +35,6 @@ else CFLAGS_common += -DMOCK_TPM=0 endif -subdirs-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot2 - CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK)) diff --git a/src/vendorcode/google/chromeos/acpi/chromeos.asl b/src/vendorcode/google/chromeos/acpi/chromeos.asl index 66ebbc1..7d62f4a 100644 --- a/src/vendorcode/google/chromeos/acpi/chromeos.asl +++ b/src/vendorcode/google/chromeos/acpi/chromeos.asl @@ -13,7 +13,7 @@ * GNU General Public License for more details. */ -#include <vendorcode/google/chromeos/vbnv_layout.h> +#include <vboot/vbnv_layout.h> Device (CRHW) { @@ -71,8 +71,8 @@ Device (CRHW) Name(VNBV, Package() { // See src/vendorcode/google/chromeos/Kconfig // for the definition of these: - CONFIG_VBNV_OFFSET, - VBNV_BLOCK_SIZE + CONFIG_VBOOT_VBNV_OFFSET, + VBOOT_VBNV_BLOCK_SIZE }) Return(VNBV) } diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h index ad9ef2f..92c943c 100644 --- a/src/vendorcode/google/chromeos/chromeos.h +++ b/src/vendorcode/google/chromeos/chromeos.h @@ -20,9 +20,8 @@ #include <stdint.h> #include <bootmode.h> #include <rules.h> -#include "vbnv.h" -#include "vboot_common.h" -#include "vboot2/misc.h" +#include <vboot/misc.h> +#include <vboot/vboot_common.h> void save_chromeos_gpios(void); diff --git a/src/vendorcode/google/chromeos/elog.c b/src/vendorcode/google/chromeos/elog.c index 710d6f6..0d835b8 100644 --- a/src/vendorcode/google/chromeos/elog.c +++ b/src/vendorcode/google/chromeos/elog.c @@ -17,8 +17,9 @@ #include <console/console.h> #include <elog.h> #include <vendorcode/google/chromeos/chromeos.h> -#if CONFIG_VBOOT_VERIFY_FIRMWARE -#include "vboot_common.h" +#if CONFIG_VBOOT +#include <vboot/vbnv.h> +#include <vboot/vboot_common.h> #include <vboot_struct.h> #endif @@ -29,7 +30,7 @@ void elog_add_boot_reason(void) printk(BIOS_DEBUG, "%s: Logged dev mode boot\n", __func__); } else if (recovery_mode_enabled()) { u8 reason = 0; -#if CONFIG_VBOOT_VERIFY_FIRMWARE +#if CONFIG_VBOOT struct vboot_handoff *vbho = cbmem_find(CBMEM_ID_VBOOT_HANDOFF); reason = get_recovery_mode_from_vbnv(); diff --git a/src/vendorcode/google/chromeos/gnvs.c b/src/vendorcode/google/chromeos/gnvs.c index 48668e8..f5ccd65 100644 --- a/src/vendorcode/google/chromeos/gnvs.c +++ b/src/vendorcode/google/chromeos/gnvs.c @@ -23,8 +23,9 @@ #include "chromeos.h" #include "gnvs.h" -#if CONFIG_VBOOT_VERIFY_FIRMWARE -#include "vboot_common.h" +#if CONFIG_VBOOT +#include <vboot/vbnv.h> +#include <vboot/vboot_common.h> #include <vboot_struct.h> #endif @@ -38,7 +39,7 @@ void chromeos_init_vboot(chromeos_acpi_t *chromeos) /* Copy saved ME hash into NVS */ memcpy(vboot_data->mehh, me_hash_saved, sizeof(vboot_data->mehh)); -#if CONFIG_VBOOT_VERIFY_FIRMWARE +#if CONFIG_VBOOT /* Save the vdat from the vboot handoff structure. Downstream software * consumes the data located in the ACPI table. Ensure it reflects * the shared data from VbInit() and VbSelectFirmware(). */ @@ -57,7 +58,7 @@ void chromeos_init_vboot(chromeos_acpi_t *chromeos) elog_add_event(ELOG_TYPE_CROS_DEVELOPER_MODE); if (recovery_mode_enabled()) { int reason = get_recovery_mode_from_vbnv(); -#if CONFIG_VBOOT_VERIFY_FIRMWARE +#if CONFIG_VBOOT if (vboot_handoff && !reason) { VbSharedDataHeader *sd = (VbSharedDataHeader *) vboot_handoff->shared_data; diff --git a/src/vendorcode/google/chromeos/symbols.h b/src/vendorcode/google/chromeos/symbols.h index 78b28e2..d8e1ead 100644 --- a/src/vendorcode/google/chromeos/symbols.h +++ b/src/vendorcode/google/chromeos/symbols.h @@ -16,15 +16,6 @@ #ifndef __CHROMEOS_SYMBOLS_H #define __CHROMEOS_SYMBOLS_H -extern u8 _vboot2_work[]; -extern u8 _evboot2_work[]; -#define _vboot2_work_size (_evboot2_work - _vboot2_work) - -/* Careful: _e<stage> and _<stage>_size only defined for the current stage! */ -extern u8 _verstage[]; -extern u8 _everstage[]; -#define _verstage_size (_everstage - _verstage) - extern u8 _watchdog_tombstone[]; extern u8 _ewatchdog_tombstone[]; #define _watchdog_tombstone_size (_ewatchdog_tombstone - _watchdog_tombstone) diff --git a/src/vendorcode/google/chromeos/vbnv.c b/src/vendorcode/google/chromeos/vbnv.c deleted file mode 100644 index 9fd97a0..0000000 --- a/src/vendorcode/google/chromeos/vbnv.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2016 Google Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <arch/early_variables.h> -#include <string.h> -#include <types.h> -#include "chromeos.h" -#include "vbnv.h" -#include "vbnv_layout.h" - -static int vbnv_initialized CAR_GLOBAL; -static uint8_t vbnv[VBNV_BLOCK_SIZE] CAR_GLOBAL; - -/* Wrappers for accessing the variables marked as CAR_GLOBAL. */ -static inline int is_vbnv_initialized(void) -{ - return car_get_var(vbnv_initialized); -} - -static inline uint8_t *vbnv_data_addr(int index) -{ - uint8_t *vbnv_arr = car_get_var_ptr(vbnv); - - return &vbnv_arr[index]; -} - -static inline uint8_t vbnv_data(int index) -{ - return *vbnv_data_addr(index); -} - -/* Return CRC-8 of the data, using x^8 + x^2 + x + 1 polynomial. */ -static uint8_t crc8_vbnv(const uint8_t *data, int len) -{ - unsigned crc = 0; - int i, j; - - for (j = len; j; j--, data++) { - crc ^= (*data << 8); - for (i = 8; i; i--) { - if (crc & 0x8000) - crc ^= (0x1070 << 3); - crc <<= 1; - } - } - - return (uint8_t) (crc >> 8); -} - -static void reset_vbnv(uint8_t *vbnv_copy) -{ - memset(vbnv_copy, 0, VBNV_BLOCK_SIZE); -} - -/* Read VBNV data into cache. */ -static void vbnv_setup(void) -{ - if (!is_vbnv_initialized()) { - read_vbnv(vbnv_data_addr(0)); - car_set_var(vbnv_initialized, 1); - } -} - -/* Verify VBNV header and checksum. */ -int verify_vbnv(uint8_t *vbnv_copy) -{ - return (HEADER_SIGNATURE == (vbnv_copy[HEADER_OFFSET] & HEADER_MASK)) && - (crc8_vbnv(vbnv_copy, CRC_OFFSET) == vbnv_copy[CRC_OFFSET]); -} - -/* - * Read VBNV data from configured storage backend. - * If VBNV verification fails, reset the vbnv copy. - */ -void read_vbnv(uint8_t *vbnv_copy) -{ - if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS)) - read_vbnv_cmos(vbnv_copy); - else if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_EC)) - read_vbnv_ec(vbnv_copy); - else if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_FLASH)) - read_vbnv_flash(vbnv_copy); - - /* Check data for consistency */ - if (!verify_vbnv(vbnv_copy)) - reset_vbnv(vbnv_copy); -} - -/* - * Write VBNV data to configured storage backend. - * This assumes that the caller has updated the CRC already. - */ -void save_vbnv(const uint8_t *vbnv_copy) -{ - if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS)) - save_vbnv_cmos(vbnv_copy); - else if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_EC)) - save_vbnv_ec(vbnv_copy); - else if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_FLASH)) - save_vbnv_flash(vbnv_copy); - - /* Clear initialized flag to force cached data to be updated */ - car_set_var(vbnv_initialized, 0); -} - -/* Save a recovery reason into VBNV. */ -void set_recovery_mode_into_vbnv(int recovery_reason) -{ - uint8_t vbnv_copy[VBNV_BLOCK_SIZE]; - - read_vbnv(vbnv_copy); - - vbnv_copy[RECOVERY_OFFSET] = recovery_reason; - vbnv_copy[CRC_OFFSET] = crc8_vbnv(vbnv_copy, CRC_OFFSET); - - save_vbnv(vbnv_copy); -} - -/* Read the recovery reason from VBNV. */ -int get_recovery_mode_from_vbnv(void) -{ - vbnv_setup(); - return vbnv_data(RECOVERY_OFFSET); -} - -/* Read the BOOT_OPROM_NEEDED flag from VBNV. */ -int vboot_wants_oprom(void) -{ - vbnv_setup(); - return (vbnv_data(BOOT_OFFSET) & BOOT_OPROM_NEEDED) ? 1 : 0; -} diff --git a/src/vendorcode/google/chromeos/vbnv.h b/src/vendorcode/google/chromeos/vbnv.h deleted file mode 100644 index 5d21cc8..0000000 --- a/src/vendorcode/google/chromeos/vbnv.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2016 Google Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#ifndef __CHROMEOS_VBNV_H__ -#define __CHROMEOS_VBNV_H__ - -#include <types.h> - -/* Generic functions */ -void read_vbnv(uint8_t *vbnv_copy); -void save_vbnv(const uint8_t *vbnv_copy); -int verify_vbnv(uint8_t *vbnv_copy); -int get_recovery_mode_from_vbnv(void); -void set_recovery_mode_into_vbnv(int recovery_reason); -int vboot_wants_oprom(void); - -/* CMOS backend */ -void read_vbnv_cmos(uint8_t *vbnv_copy); -void save_vbnv_cmos(const uint8_t *vbnv_copy); -void init_vbnv_cmos(int rtc_fail); - -/* Flash backend */ -void read_vbnv_flash(uint8_t *vbnv_copy); -void save_vbnv_flash(const uint8_t *vbnv_copy); - -/* EC backend */ -void read_vbnv_ec(uint8_t *vbnv_copy); -void save_vbnv_ec(const uint8_t *vbnv_copy); - -#endif diff --git a/src/vendorcode/google/chromeos/vbnv_cmos.c b/src/vendorcode/google/chromeos/vbnv_cmos.c deleted file mode 100644 index da0d300..0000000 --- a/src/vendorcode/google/chromeos/vbnv_cmos.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <bootstate.h> -#include <console/console.h> -#include <types.h> -#include <pc80/mc146818rtc.h> -#include "vbnv.h" -#include "vbnv_layout.h" - -void read_vbnv_cmos(uint8_t *vbnv_copy) -{ - int i; - - for (i = 0; i < VBNV_BLOCK_SIZE; i++) - vbnv_copy[i] = cmos_read(CONFIG_VBNV_OFFSET + 14 + i); - - if (IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH)) { - if (verify_vbnv(vbnv_copy)) - return; - - printk(BIOS_INFO, "VBNV: CMOS invalid, restoring from flash\n"); - read_vbnv_flash(vbnv_copy); - - if (verify_vbnv(vbnv_copy)) { - save_vbnv_cmos(vbnv_copy); - printk(BIOS_INFO, "VBNV: Flash backup restored\n"); - } else { - printk(BIOS_INFO, "VBNV: Restore from flash failed\n"); - } - } -} - -void save_vbnv_cmos(const uint8_t *vbnv_copy) -{ - int i; - - for (i = 0; i < VBNV_BLOCK_SIZE; i++) - cmos_write(vbnv_copy[i], CONFIG_VBNV_OFFSET + 14 + i); -} - -void init_vbnv_cmos(int rtc_fail) -{ - uint8_t vbnv[VBNV_BLOCK_SIZE]; - - if (rtc_fail) - read_vbnv_cmos(vbnv); - - cmos_init(rtc_fail); - - if (rtc_fail) - save_vbnv_cmos(vbnv); -} - -#if IS_ENABLED(CONFIG_CHROMEOS_VBNV_CMOS_BACKUP_TO_FLASH) -static void back_up_vbnv_cmos(void *unused) -{ - uint8_t vbnv_cmos[VBNV_BLOCK_SIZE]; - - /* Read current VBNV from CMOS. */ - read_vbnv_cmos(vbnv_cmos); - - /* Save to flash, will only be saved if different. */ - save_vbnv_flash(vbnv_cmos); -} -BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_EXIT, back_up_vbnv_cmos, NULL); -#endif diff --git a/src/vendorcode/google/chromeos/vbnv_ec.c b/src/vendorcode/google/chromeos/vbnv_ec.c deleted file mode 100644 index 0b7b7b5..0000000 --- a/src/vendorcode/google/chromeos/vbnv_ec.c +++ /dev/null @@ -1,29 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <types.h> -#include <ec/google/chromeec/ec.h> -#include "vbnv.h" -#include "vbnv_layout.h" - -void read_vbnv_ec(uint8_t *vbnv_copy) -{ - google_chromeec_vbnv_context(1, vbnv_copy, VBNV_BLOCK_SIZE); -} - -void save_vbnv_ec(const uint8_t *vbnv_copy) -{ - google_chromeec_vbnv_context(0, (uint8_t *)vbnv_copy, VBNV_BLOCK_SIZE); -} diff --git a/src/vendorcode/google/chromeos/vbnv_flash.c b/src/vendorcode/google/chromeos/vbnv_flash.c deleted file mode 100644 index 88f39b0..0000000 --- a/src/vendorcode/google/chromeos/vbnv_flash.c +++ /dev/null @@ -1,227 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <arch/early_variables.h> -#include <assert.h> -#include <console/console.h> -#include <spi_flash.h> -#include <string.h> -#include <vb2_api.h> -#include <vboot_nvstorage.h> -#include "chromeos.h" -#include "vbnv.h" -#include "vbnv_layout.h" - -#define BLOB_SIZE VB2_NVDATA_SIZE - -struct vbnv_flash_ctx { - /* VBNV flash is initialized */ - int initialized; - - /* Offset of the current nvdata in SPI flash */ - int blob_offset; - - /* Offset of the topmost nvdata blob in SPI flash */ - int top_offset; - - /* SPI flash handler used when saving data */ - struct spi_flash *flash; - - /* FMAP descriptor of the NVRAM area */ - struct region_device region; - - /* Cache of the current nvdata */ - uint8_t cache[BLOB_SIZE]; -}; -static struct vbnv_flash_ctx vbnv_flash CAR_GLOBAL; - -/* - * This code assumes that flash is erased to 1-bits, and write operations can - * only change 1-bits to 0-bits. So if the new contents only change 1-bits to - * 0-bits, we can reuse the current blob. - */ -static inline uint8_t erase_value(void) -{ - return 0xff; -} - -static inline int can_overwrite(uint8_t current, uint8_t new) -{ - return (current & new) == new; -} - -static int init_vbnv(void) -{ - struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); - uint8_t buf[BLOB_SIZE]; - uint8_t empty_blob[BLOB_SIZE]; - int offset; - int i; - - if (vboot_named_region_device("RW_NVRAM", &ctx->region) || - region_device_sz(&ctx->region) < BLOB_SIZE) { - printk(BIOS_ERR, "%s: failed to locate NVRAM\n", __func__); - return 1; - } - - /* Prepare an empty blob to compare against. */ - for (i = 0; i < BLOB_SIZE; i++) - empty_blob[i] = erase_value(); - - offset = 0; - ctx->top_offset = region_device_sz(&ctx->region) - BLOB_SIZE; - - /* - * after the loop, offset is supposed to point the blob right before - * the first empty blob, the last blob in the nvram if there is no - * empty blob, or the base of the region if the nvram has never been - * used. - */ - for (i = 0; i <= ctx->top_offset; i += BLOB_SIZE) { - if (rdev_readat(&ctx->region, buf, i, BLOB_SIZE) < 0) { - printk(BIOS_ERR, "failed to read nvdata\n"); - return 1; - } - if (!memcmp(buf, empty_blob, BLOB_SIZE)) - break; - offset = i; - } - - /* reread the nvdata and write it to the cache */ - if (rdev_readat(&ctx->region, ctx->cache, offset, BLOB_SIZE) < 0) { - printk(BIOS_ERR, "failed to read nvdata\n"); - return 1; - } - - ctx->blob_offset = offset; - ctx->initialized = 1; - - return 0; -} - -static void vbnv_is_erasable(void) -{ - /* - * We check whether the region is aligned or not in advance to ensure - * we can erase the region when it's all used up. - * - * The region offset & size are determined by fmap.dts yet the check can - * be confidently done only by the spi flash driver. We use the same - * check as the one used by spi_flash_cmd_erase, which happens to be - * common to all the spi flash parts we support. - * - * TODO: Check by calling can_erase implemented by each spi flash driver - */ - struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); - - assert(!(region_device_offset(&ctx->region) % ctx->flash->sector_size)); - assert(!(region_device_sz(&ctx->region) % ctx->flash->sector_size)); -} - -static int vbnv_flash_probe(void) -{ - struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); - - if (!ctx->flash) { - ctx->flash = spi_flash_probe(CONFIG_BOOT_MEDIA_SPI_BUS, 0); - if (!ctx->flash) { - printk(BIOS_ERR, "failed to probe spi flash\n"); - return 1; - } - /* - * Called here instead of init_vbnv to reduce impact on boot - * speed. - */ - vbnv_is_erasable(); - } - - /* - * Handle the case where spi_flash_probe returns a CAR_GLOBAL - * in early execution on x86 but then later is moved to RAM. - */ - ctx->flash = car_get_var_ptr(ctx->flash); - - return 0; -} - -static int erase_nvram(void) -{ - struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); - - if (vbnv_flash_probe()) - return 1; - - if (ctx->flash->erase(ctx->flash, region_device_offset(&ctx->region), - region_device_sz(&ctx->region))) { - printk(BIOS_ERR, "failed to erase nvram\n"); - return 1; - } - - printk(BIOS_INFO, "nvram is cleared\n"); - return 0; -} - -void read_vbnv_flash(uint8_t *vbnv_copy) -{ - struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); - - if (!ctx->initialized) - if (init_vbnv()) - return; /* error */ - - memcpy(vbnv_copy, ctx->cache, BLOB_SIZE); -} - -void save_vbnv_flash(const uint8_t *vbnv_copy) -{ - struct vbnv_flash_ctx *ctx = car_get_var_ptr(&vbnv_flash); - int new_offset; - int i; - - if (!ctx->initialized) - if (init_vbnv()) - return; /* error */ - - /* Bail out if there have been no changes. */ - if (!memcmp(vbnv_copy, ctx->cache, BLOB_SIZE)) - return; - - new_offset = ctx->blob_offset; - - /* See if we can overwrite the current blob with the new one */ - for (i = 0; i < BLOB_SIZE; i++) { - if (!can_overwrite(ctx->cache[i], vbnv_copy[i])) { - /* unable to overwrite. need to use the next blob */ - new_offset += BLOB_SIZE; - if (new_offset > ctx->top_offset) { - if (erase_nvram()) - return; /* error */ - new_offset = 0; - } - break; - } - } - - if (!vbnv_flash_probe() && - !ctx->flash->write(ctx->flash, - region_device_offset(&ctx->region) + new_offset, - BLOB_SIZE, vbnv_copy)) { - /* write was successful. safely move pointer forward */ - ctx->blob_offset = new_offset; - memcpy(ctx->cache, vbnv_copy, BLOB_SIZE); - } else { - printk(BIOS_ERR, "failed to save nvdata\n"); - } -} diff --git a/src/vendorcode/google/chromeos/vbnv_layout.h b/src/vendorcode/google/chromeos/vbnv_layout.h deleted file mode 100644 index d7e7845..0000000 --- a/src/vendorcode/google/chromeos/vbnv_layout.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2015 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#ifndef VBNV_LAYOUT_H -#define VBNV_LAYOUT_H - -#define VBNV_BLOCK_SIZE 16 /* Size of NV storage block in bytes */ - -/* Constants for NV storage. We use this rather than structs and - * bitfields so the data format is consistent across platforms and - * compilers. - */ -#define HEADER_OFFSET 0 -#define HEADER_MASK 0xC0 -#define HEADER_SIGNATURE 0x40 -#define HEADER_FIRMWARE_SETTINGS_RESET 0x20 -#define HEADER_KERNEL_SETTINGS_RESET 0x10 - -#define BOOT_OFFSET 1 -#define BOOT_DEBUG_RESET_MODE 0x80 -#define BOOT_DISABLE_DEV_REQUEST 0x40 -#define BOOT_OPROM_NEEDED 0x20 -#define BOOT_TRY_B_COUNT_MASK 0x0F - -#define RECOVERY_OFFSET 2 -#define LOCALIZATION_OFFSET 3 - -#define DEV_FLAGS_OFFSET 4 -#define DEV_BOOT_USB_MASK 0x01 -#define DEV_BOOT_SIGNED_ONLY_MASK 0x02 - -#define KERNEL_FIELD_OFFSET 11 -#define CRC_OFFSET 15 - -#endif /* VBNV_LAYOUT_H */ diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig deleted file mode 100644 index 5aaf932..0000000 --- a/src/vendorcode/google/chromeos/vboot2/Kconfig +++ /dev/null @@ -1,89 +0,0 @@ -## This file is part of the coreboot project. -## -## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. -## -## This program is free software; you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation; version 2 of the License. -## -## This program is distributed in the hope that it will be useful, -## but WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -## GNU General Public License for more details. -## - -config VBOOT_STARTS_IN_BOOTBLOCK - bool "Vboot starts verifying in bootblock" - default n - depends on VBOOT_VERIFY_FIRMWARE - help - Firmware verification happens during or at the end of bootblock. - -config VBOOT_STARTS_IN_ROMSTAGE - bool "Vboot starts verifying in romstage" - default n - depends on VBOOT_VERIFY_FIRMWARE && !VBOOT_STARTS_IN_BOOTBLOCK - help - Firmware verification happens during or at the end of romstage. - -config VBOOT2_MOCK_SECDATA - bool "Mock secdata for firmware verification" - default n - depends on VBOOT_VERIFY_FIRMWARE - help - Enabling VBOOT2_MOCK_SECDATA will mock secdata for the firmware - verification to avoid access to a secdata storage (typically TPM). - All operations for a secdata storage will be successful. This option - can be used during development when a TPM is not present or broken. - THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES. - -config VBOOT_DISABLE_DEV_ON_RECOVERY - bool "Disable dev mode on recovery requests" - default n - depends on VBOOT_VERIFY_FIRMWARE - help - When this option is enabled, the Chrome OS device leaves the - developer mode as soon as recovery request is detected. This is - handy on embedded devices with limited input capabilities. - -config SEPARATE_VERSTAGE - bool "Vboot verification is built into a separate stage" - default n - depends on VBOOT_VERIFY_FIRMWARE - -config RETURN_FROM_VERSTAGE - bool "The separate verification stage returns to its caller" - default n - depends on SEPARATE_VERSTAGE - help - If this is set, the verstage returns back to the calling stage instead - of exiting to the succeeding stage so that the verstage space can be - reused by the succeeding stage. This is useful if a ram space is too - small to fit both the verstage and the succeeding stage. - -config CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL - bool "The chipset provides the main() entry point for verstage" - default n - depends on SEPARATE_VERSTAGE - help - The chipset code provides their own main() entry point. - -config VBOOT_DYNAMIC_WORK_BUFFER - bool "Vboot's work buffer is dynamically allocated." - default y if ARCH_ROMSTAGE_X86_32 && !SEPARATE_VERSTAGE - default n - depends on VBOOT_VERIFY_FIRMWARE - help - This option is used when there isn't enough pre-main memory - ram to allocate the vboot work buffer. That means vboot verification - is after memory init and requires main memory to back the work - buffer. - -config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT - bool - default n - depends on VBOOT_VERIFY_FIRMWARE - help - This option ensures that the recovery request is not lost because of - reboots caused after vboot verification is run. e.g. reboots caused by - FSP components on Intel platforms. diff --git a/src/vendorcode/google/chromeos/vboot2/Makefile.inc b/src/vendorcode/google/chromeos/vboot2/Makefile.inc deleted file mode 100644 index 31889e2..0000000 --- a/src/vendorcode/google/chromeos/vboot2/Makefile.inc +++ /dev/null @@ -1,118 +0,0 @@ -## -## This file is part of the coreboot project. -## -## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. -## -## This program is free software; you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation; version 2 of the License. -## -## This program is distributed in the hope that it will be useful, -## but WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -## GNU General Public License for more details. -## - -libverstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__ -verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__ - -bootblock-y += vboot_loader.c -romstage-y += vboot_loader.c -ramstage-y += vboot_loader.c -verstage-y += vboot_loader.c -postcar-y += vboot_loader.c - -bootblock-y += ../vboot_common.c -verstage-y += ../vboot_common.c -romstage-y += ../vboot_common.c -ramstage-y += ../vboot_common.c -postcar-y += ../vboot_common.c - -bootblock-y += recovery.c -romstage-y += recovery.c -ramstage-y += recovery.c -verstage-y += recovery.c -postcar-y += recovery.c - -bootblock-y += common.c -libverstage-y += vboot_logic.c -verstage-y += common.c -verstage-y += verstage.c -ifeq (${CONFIG_VBOOT2_MOCK_SECDATA},y) -libverstage-y += secdata_mock.c -else -libverstage-y += antirollback.c -endif -romstage-y += vboot_handoff.c common.c - -ramstage-y += common.c -postcar-y += common.c - -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) -VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-verstage-y)) -else -ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) -VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-bootblock-y)) -else -VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-romstage-y)) -endif -endif # CONFIG_SEPARATE_VERSTAGE - -VB2_LIB = $(obj)/external/vboot_reference/vboot_fw20.a -VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%, $(filter-out -I$(obj), $(filter-out -include $(src)/include/kconfig.h, $(CPPFLAGS_libverstage)))) -VBOOT_CFLAGS += $(CFLAGS_libverstage) -VBOOT_CFLAGS += $(libverstage-c-ccopts) -VBOOT_CFLAGS += -I$(abspath $(obj)) -include $(top)/src/include/kconfig.h -Wno-missing-prototypes -VBOOT_CFLAGS += -DVBOOT_DEBUG - -$(VB2_LIB): $(obj)/config.h - @printf " MAKE $(subst $(obj)/,,$(@))\n" - $(Q)FIRMWARE_ARCH=$(VB_FIRMWARE_ARCH) \ - CC="$(CC_verstage)" \ - CFLAGS="$(VBOOT_CFLAGS)" VBOOT2="y" \ - $(MAKE) -C $(VB_SOURCE) \ - BUILD=$(abspath $(dir $(VB2_LIB))) \ - V=$(V) \ - fwlib20 - -libverstage-srcs += $(VB2_LIB) - -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) -cbfs-files-$(CONFIG_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage -$(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf -$(CONFIG_CBFS_PREFIX)/verstage-type := stage -$(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG) - -ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y) -$(CONFIG_CBFS_PREFIX)/verstage-options := -a 64 -S ".car.data" - -# If CAR does not support execution of code, verstage on x86 is expected to be -# xip. -ifneq ($(CONFIG_NO_XIP_EARLY_STAGES),y) -$(CONFIG_CBFS_PREFIX)/verstage-options += --xip -endif - -endif - -else -ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) -bootblock-srcs += $(objgenerated)/libverstage.a -else -romstage-srcs += $(objgenerated)/libverstage.a -endif -endif # CONFIG_SEPARATE_VERSTAGE - -# Define a list of files that need to be in RO only. -# All other files will be installed into RO and RW regions -# Use $(sort) to cut down on extra spaces that would be translated to commas -regions-for-file = $(subst $(spc),$(comma),$(sort \ - $(if $(filter \ - $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \ - %/romstage) \ - mts \ - %/verstage \ - locales \ - locale_%.bin \ - font.bin \ - vbgfx.bin \ - ,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B))) diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c deleted file mode 100644 index a51e5d6..0000000 --- a/src/vendorcode/google/chromeos/vboot2/antirollback.c +++ /dev/null @@ -1,436 +0,0 @@ -/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Functions for querying, manipulating and locking rollback indices - * stored in the TPM NVRAM. - */ - -#include <antirollback.h> -#include <stdlib.h> -#include <string.h> -#include <tpm_lite/tlcl.h> -#include <vb2_api.h> -#include <console/console.h> - -#ifndef offsetof -#define offsetof(A,B) __builtin_offsetof(A,B) -#endif - -#ifdef FOR_TEST -#include <stdio.h> -#define VBDEBUG(format, args...) printf(format, ## args) -#else -#include <console/console.h> -#define VBDEBUG(format, args...) \ - printk(BIOS_INFO, "%s():%d: " format, __func__, __LINE__, ## args) -#endif - -#define RETURN_ON_FAILURE(tpm_cmd) do { \ - uint32_t result_; \ - if ((result_ = (tpm_cmd)) != TPM_SUCCESS) { \ - VBDEBUG("Antirollback: %08x returned by " #tpm_cmd \ - "\n", (int)result_); \ - return result_; \ - } \ - } while (0) - - -static uint32_t safe_write(uint32_t index, const void *data, uint32_t length); - -uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr, - enum vb2_pcr_digest which_digest) -{ - uint8_t buffer[VB2_PCR_DIGEST_RECOMMENDED_SIZE]; - uint32_t size = sizeof(buffer); - int rv; - - rv = vb2api_get_pcr_digest(ctx, which_digest, buffer, &size); - if (rv != VB2_SUCCESS) - return rv; - if (size < TPM_PCR_DIGEST) - return VB2_ERROR_UNKNOWN; - - return tlcl_extend(pcr, buffer, NULL); -} - -static uint32_t read_space_firmware(struct vb2_context *ctx) -{ - int attempts = 3; - - while (attempts--) { - RETURN_ON_FAILURE(tlcl_read(FIRMWARE_NV_INDEX, ctx->secdata, - VB2_SECDATA_SIZE)); - - if (vb2api_secdata_check(ctx) == VB2_SUCCESS) - return TPM_SUCCESS; - - VBDEBUG("TPM: %s() - bad CRC\n", __func__); - } - - VBDEBUG("TPM: %s() - too many bad CRCs, giving up\n", __func__); - return TPM_E_CORRUPTED_STATE; -} - -static uint32_t write_secdata(uint32_t index, - const uint8_t *secdata, - uint32_t len) -{ - uint8_t sd[32]; - uint32_t rv; - int attempts = 3; - - if (len > sizeof(sd)) { - VBDEBUG("TPM: %s() - data is too large\n", __func__); - return TPM_E_WRITE_FAILURE; - } - - while (attempts--) { - rv = safe_write(index, secdata, len); - /* Can't write, not gonna try again */ - if (rv != TPM_SUCCESS) - return rv; - - /* Read it back to be sure it got the right values. */ - rv = tlcl_read(index, sd, len); - if (rv == TPM_SUCCESS && memcmp(secdata, sd, len) == 0) - return rv; - - VBDEBUG("TPM: %s() failed. trying again\n", __func__); - /* Try writing it again. Maybe it was garbled on the way out. */ - } - - VBDEBUG("TPM: %s() - too many failures, giving up\n", __func__); - - return TPM_E_CORRUPTED_STATE; -} - -/* - * This is derived from rollback_index.h of vboot_reference. see struct - * RollbackSpaceKernel for details. - */ -static const uint8_t secdata_kernel[] = { - 0x02, - 0x4C, 0x57, 0x52, 0x47, - 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, - 0xE8, -}; - -#if IS_ENABLED(CONFIG_TPM2) - -/* Nothing special in the TPM2 path yet. */ -static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) -{ - return tlcl_write(index, data, length); -} - -static uint32_t set_firmware_space(const void *firmware_blob) -{ - RETURN_ON_FAILURE(tlcl_define_space(FIRMWARE_NV_INDEX, - VB2_SECDATA_SIZE)); - RETURN_ON_FAILURE(safe_write(FIRMWARE_NV_INDEX, firmware_blob, - VB2_SECDATA_SIZE)); - return TPM_SUCCESS; -} - -static uint32_t set_kernel_space(const void *kernel_blob) -{ - RETURN_ON_FAILURE(tlcl_define_space(KERNEL_NV_INDEX, - sizeof(secdata_kernel))); - RETURN_ON_FAILURE(safe_write(KERNEL_NV_INDEX, kernel_blob, - sizeof(secdata_kernel))); - return TPM_SUCCESS; -} - -static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) -{ - RETURN_ON_FAILURE(tlcl_force_clear()); - RETURN_ON_FAILURE(set_firmware_space(ctx->secdata)); - RETURN_ON_FAILURE(set_kernel_space(secdata_kernel)); - return TPM_SUCCESS; -} - -uint32_t tpm_clear_and_reenable(void) -{ - VBDEBUG("TPM: Clear and re-enable\n"); - return TPM_SUCCESS; -} - -uint32_t antirollback_lock_space_firmware(void) -{ - return tlcl_lock_nv_write(FIRMWARE_NV_INDEX); -} - -#else - -uint32_t tpm_clear_and_reenable(void) -{ - VBDEBUG("TPM: Clear and re-enable\n"); - RETURN_ON_FAILURE(tlcl_force_clear()); - RETURN_ON_FAILURE(tlcl_set_enable()); - RETURN_ON_FAILURE(tlcl_set_deactivated(0)); - - return TPM_SUCCESS; -} - -/** - * Like tlcl_write(), but checks for write errors due to hitting the 64-write - * limit and clears the TPM when that happens. This can only happen when the - * TPM is unowned, so it is OK to clear it (and we really have no choice). - * This is not expected to happen frequently, but it could happen. - */ - -static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) -{ - uint32_t result = tlcl_write(index, data, length); - if (result == TPM_E_MAXNVWRITES) { - RETURN_ON_FAILURE(tpm_clear_and_reenable()); - return tlcl_write(index, data, length); - } else { - return result; - } -} - -/** - * Similarly to safe_write(), this ensures we don't fail a DefineSpace because - * we hit the TPM write limit. This is even less likely to happen than with - * writes because we only define spaces once at initialization, but we'd - * rather be paranoid about this. - */ -static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size) -{ - uint32_t result = tlcl_define_space(index, perm, size); - if (result == TPM_E_MAXNVWRITES) { - RETURN_ON_FAILURE(tpm_clear_and_reenable()); - return tlcl_define_space(index, perm, size); - } else { - return result; - } -} - -static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) -{ - TPM_PERMANENT_FLAGS pflags; - uint32_t result; - - result = tlcl_get_permanent_flags(&pflags); - if (result != TPM_SUCCESS) - return result; - - /* - * TPM may come from the factory without physical presence finalized. - * Fix if necessary. - */ - VBDEBUG("TPM: physicalPresenceLifetimeLock=%d\n", - pflags.physicalPresenceLifetimeLock); - if (!pflags.physicalPresenceLifetimeLock) { - VBDEBUG("TPM: Finalizing physical presence\n"); - RETURN_ON_FAILURE(tlcl_finalize_physical_presence()); - } - - /* - * The TPM will not enforce the NV authorization restrictions until the - * execution of a TPM_NV_DefineSpace with the handle of - * TPM_NV_INDEX_LOCK. Here we create that space if it doesn't already - * exist. */ - VBDEBUG("TPM: nvLocked=%d\n", pflags.nvLocked); - if (!pflags.nvLocked) { - VBDEBUG("TPM: Enabling NV locking\n"); - RETURN_ON_FAILURE(tlcl_set_nv_locked()); - } - - /* Clear TPM owner, in case the TPM is already owned for some reason. */ - VBDEBUG("TPM: Clearing owner\n"); - RETURN_ON_FAILURE(tpm_clear_and_reenable()); - - /* Define the backup space. No need to initialize it, though. */ - RETURN_ON_FAILURE(safe_define_space(BACKUP_NV_INDEX, - TPM_NV_PER_PPWRITE, - VB2_NVDATA_SIZE)); - - /* Define and initialize the kernel space */ - RETURN_ON_FAILURE(safe_define_space(KERNEL_NV_INDEX, - TPM_NV_PER_PPWRITE, - sizeof(secdata_kernel))); - RETURN_ON_FAILURE(write_secdata(KERNEL_NV_INDEX, - secdata_kernel, - sizeof(secdata_kernel))); - - /* Defines and sets vb2 secdata space */ - vb2api_secdata_create(ctx); - RETURN_ON_FAILURE(safe_define_space(FIRMWARE_NV_INDEX, - TPM_NV_PER_GLOBALLOCK | - TPM_NV_PER_PPWRITE, - VB2_SECDATA_SIZE)); - RETURN_ON_FAILURE(write_secdata(FIRMWARE_NV_INDEX, - ctx->secdata, - VB2_SECDATA_SIZE)); - return TPM_SUCCESS; -} - -uint32_t antirollback_lock_space_firmware(void) -{ - return tlcl_set_global_lock(); -} -#endif - -uint32_t factory_initialize_tpm(struct vb2_context *ctx) -{ - uint32_t result; - - /* Defines and sets vb2 secdata space */ - vb2api_secdata_create(ctx); - - VBDEBUG("TPM: factory initialization\n"); - - /* - * Do a full test. This only happens the first time the device is - * turned on in the factory, so performance is not an issue. This is - * almost certainly not necessary, but it gives us more confidence - * about some code paths below that are difficult to - * test---specifically the ones that set lifetime flags, and are only - * executed once per physical TPM. - */ - result = tlcl_self_test_full(); - if (result != TPM_SUCCESS) - return result; - - result = _factory_initialize_tpm(ctx); - if (result != TPM_SUCCESS) - return result; - - VBDEBUG("TPM: factory initialization successful\n"); - - return TPM_SUCCESS; -} - -/* - * SetupTPM starts the TPM and establishes the root of trust for the - * anti-rollback mechanism. SetupTPM can fail for three reasons. 1 A bug. 2 a - * TPM hardware failure. 3 An unexpected TPM state due to some attack. In - * general we cannot easily distinguish the kind of failure, so our strategy is - * to reboot in recovery mode in all cases. The recovery mode calls SetupTPM - * again, which executes (almost) the same sequence of operations. There is a - * good chance that, if recovery mode was entered because of a TPM failure, the - * failure will repeat itself. (In general this is impossible to guarantee - * because we have no way of creating the exact TPM initial state at the - * previous boot.) In recovery mode, we ignore the failure and continue, thus - * giving the recovery kernel a chance to fix things (that's why we don't set - * bGlobalLock). The choice is between a knowingly insecure device and a - * bricked device. - * - * As a side note, observe that we go through considerable hoops to avoid using - * the STCLEAR permissions for the index spaces. We do this to avoid writing - * to the TPM flashram at every reboot or wake-up, because of concerns about - * the durability of the NVRAM. - */ -uint32_t setup_tpm(struct vb2_context *ctx) -{ - uint8_t disable; - uint8_t deactivated; - uint32_t result; - - RETURN_ON_FAILURE(tlcl_lib_init()); - - /* Handle special init for S3 resume path */ - if (ctx->flags & VB2_CONTEXT_S3_RESUME) { - result = tlcl_resume(); - if (result == TPM_E_INVALID_POSTINIT) - printk(BIOS_DEBUG, "TPM: Already initialized.\n"); - return TPM_SUCCESS; - } - -#ifdef TEGRA_SOFT_REBOOT_WORKAROUND - result = tlcl_startup(); - if (result == TPM_E_INVALID_POSTINIT) { - /* - * Some prototype hardware doesn't reset the TPM on a CPU - * reset. We do a hard reset to get around this. - */ - VBDEBUG("TPM: soft reset detected\n", result); - ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; - return TPM_E_MUST_REBOOT; - } else if (result != TPM_SUCCESS) { - VBDEBUG("TPM: tlcl_startup returned %08x\n", result); - return result; - } -#else - RETURN_ON_FAILURE(tlcl_startup()); -#endif - - /* - * Some TPMs start the self test automatically at power on. In that case - * we don't need to call ContinueSelfTest. On some (other) TPMs, - * continue_self_test may block. In that case, we definitely don't want - * to call it here. For TPMs in the intersection of these two sets, we - * are screwed. (In other words: TPMs that require manually starting the - * self-test AND block will have poor performance until we split - * tlcl_send_receive() into send() and receive(), and have a state - * machine to control setup.) - * - * This comment is likely to become obsolete in the near future, so - * don't trust it. It may have not been updated. - */ -#ifdef TPM_MANUAL_SELFTEST -#ifdef TPM_BLOCKING_CONTINUESELFTEST -#warning "lousy TPM!" -#endif - RETURN_ON_FAILURE(tlcl_continue_self_test()); -#endif - result = tlcl_assert_physical_presence(); - if (result != TPM_SUCCESS) { - /* - * It is possible that the TPM was delivered with the physical - * presence command disabled. This tries enabling it, then - * tries asserting PP again. - */ - RETURN_ON_FAILURE(tlcl_physical_presence_cmd_enable()); - RETURN_ON_FAILURE(tlcl_assert_physical_presence()); - } - - /* Check that the TPM is enabled and activated. */ - RETURN_ON_FAILURE(tlcl_get_flags(&disable, &deactivated, NULL)); - if (disable || deactivated) { - VBDEBUG("TPM: disabled (%d) or deactivated (%d). Fixing...\n", - disable, deactivated); - RETURN_ON_FAILURE(tlcl_set_enable()); - RETURN_ON_FAILURE(tlcl_set_deactivated(0)); - VBDEBUG("TPM: Must reboot to re-enable\n"); - ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; - return TPM_E_MUST_REBOOT; - } - - VBDEBUG("TPM: SetupTPM() succeeded\n"); - return TPM_SUCCESS; -} - -uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) -{ - uint32_t rv; - - rv = setup_tpm(ctx); - if (rv) - return rv; - - /* Read the firmware space. */ - rv = read_space_firmware(ctx); - if (rv == TPM_E_BADINDEX) { - /* - * This seems the first time we've run. Initialize the TPM. - */ - VBDEBUG("TPM: Not initialized yet.\n"); - RETURN_ON_FAILURE(factory_initialize_tpm(ctx)); - } else if (rv != TPM_SUCCESS) { - VBDEBUG("TPM: Firmware space in a bad state; giving up.\n"); - //RETURN_ON_FAILURE(factory_initialize_tpm(ctx)); - return TPM_E_CORRUPTED_STATE; - } - - return TPM_SUCCESS; -} - -uint32_t antirollback_write_space_firmware(struct vb2_context *ctx) -{ - return write_secdata(FIRMWARE_NV_INDEX, ctx->secdata, VB2_SECDATA_SIZE); -} diff --git a/src/vendorcode/google/chromeos/vboot2/common.c b/src/vendorcode/google/chromeos/vboot2/common.c deleted file mode 100644 index 58ea95d..0000000 --- a/src/vendorcode/google/chromeos/vboot2/common.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <assert.h> -#include <cbfs.h> -#include <cbmem.h> -#include <console/console.h> -#include <reset.h> -#include <string.h> -#include <vb2_api.h> -#include "../chromeos.h" -#include "../symbols.h" -#include "../vboot_common.h" -#include "misc.h" - -struct selected_region { - uint32_t offset; - uint32_t size; -}; - -/* - * this is placed at the start of the vboot work buffer. selected_region is used - * for the verstage to return the location of the selected slot. buffer is used - * by the vboot2 core. Keep the struct cpu architecture agnostic as it crosses - * stage boundaries. - */ -struct vb2_working_data { - struct selected_region selected_region; - /* offset of the buffer from the start of this struct */ - uint32_t buffer_offset; - uint32_t buffer_size; -}; - -static const size_t vb_work_buf_size = 16 * KiB; - -static struct vb2_working_data * const vboot_get_working_data(void) -{ - if (IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER)) - /* cbmem_add() does a cbmem_find() first. */ - return cbmem_add(CBMEM_ID_VBOOT_WORKBUF, vb_work_buf_size); - else - return (struct vb2_working_data *)_vboot2_work; -} - -static size_t vb2_working_data_size(void) -{ - if (IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER)) - return vb_work_buf_size; - else - return _vboot2_work_size; -} - -static struct selected_region *vb2_selected_region(void) -{ - struct selected_region *sel_reg = NULL; - - /* Ramstage and postcar always uses cbmem as a source of truth. */ - if (ENV_RAMSTAGE || ENV_POSTCAR) - sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG); - else if (ENV_ROMSTAGE) { - /* Try cbmem first. Fall back on working data if not found. */ - sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG); - - if (sel_reg == NULL) { - struct vb2_working_data *wd = vboot_get_working_data(); - sel_reg = &wd->selected_region; - } - } else { - /* Stages such as bootblock and verstage use working data. */ - struct vb2_working_data *wd = vboot_get_working_data(); - sel_reg = &wd->selected_region; - } - - return sel_reg; -} - -void vb2_init_work_context(struct vb2_context *ctx) -{ - struct vb2_working_data *wd; - size_t work_size; - - /* First initialize the working data region. */ - work_size = vb2_working_data_size(); - wd = vboot_get_working_data(); - memset(wd, 0, work_size); - - /* - * vboot prefers 16-byte alignment. This takes away 16 bytes - * from the VBOOT2_WORK region, but the vboot devs said that's okay. - */ - wd->buffer_offset = ALIGN_UP(sizeof(*wd), 16); - wd->buffer_size = work_size - wd->buffer_offset; - - /* Initialize the vb2_context. */ - memset(ctx, 0, sizeof(*ctx)); - ctx->workbuf = (void *)vb2_get_shared_data(); - ctx->workbuf_size = wd->buffer_size; - -} - -struct vb2_shared_data *vb2_get_shared_data(void) -{ - struct vb2_working_data *wd = vboot_get_working_data(); - return (void *)((uintptr_t)wd + wd->buffer_offset); -} - -int vb2_get_selected_region(struct region *region) -{ - const struct selected_region *reg = vb2_selected_region(); - - if (reg == NULL) - return -1; - - if (reg->offset == 0 && reg->size == 0) - return -1; - - region->offset = reg->offset; - region->size = reg->size; - - return 0; -} - -void vb2_set_selected_region(const struct region *region) -{ - struct selected_region *reg = vb2_selected_region(); - - assert(reg != NULL); - - reg->offset = region_offset(region); - reg->size = region_sz(region); -} - -int vb2_is_slot_selected(void) -{ - const struct selected_region *reg = vb2_selected_region(); - - assert(reg != NULL); - - return reg->size > 0; -} - -void vb2_store_selected_region(void) -{ - const struct vb2_working_data *wd; - struct selected_region *sel_reg; - - /* Always use the working data in this path since it's the object - * which has the result.. */ - wd = vboot_get_working_data(); - - sel_reg = cbmem_add(CBMEM_ID_VBOOT_SEL_REG, sizeof(*sel_reg)); - - assert(sel_reg != NULL); - - sel_reg->offset = wd->selected_region.offset; - sel_reg->size = wd->selected_region.size; -} - -/* - * For platforms that employ VBOOT_DYNAMIC_WORK_BUFFER, the vboot - * verification doesn't happen until after cbmem is brought online. - * Therefore, the selected region contents would not be initialized - * so don't automatically add results when cbmem comes online. - */ -#if !IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER) -static void vb2_store_selected_region_cbmem(int unused) -{ - vb2_store_selected_region(); -} -ROMSTAGE_CBMEM_INIT_HOOK(vb2_store_selected_region_cbmem) -#endif diff --git a/src/vendorcode/google/chromeos/vboot2/misc.h b/src/vendorcode/google/chromeos/vboot2/misc.h deleted file mode 100644 index 9b771a2..0000000 --- a/src/vendorcode/google/chromeos/vboot2/misc.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#ifndef __CHROMEOS_VBOOT2_MISC_H__ -#define __CHROMEOS_VBOOT2_MISC_H__ - -#include "../vboot_common.h" - -struct vb2_context; -struct vb2_shared_data; - -void vboot_fill_handoff(void); - -void vb2_init_work_context(struct vb2_context *ctx); -struct vb2_shared_data *vb2_get_shared_data(void); - -/* Returns 0 on success. < 0 on failure. */ -int vb2_get_selected_region(struct region *region); -void vb2_set_selected_region(const struct region *region); -int vb2_is_slot_selected(void); -int vb2_logic_executed(void); - -/* Store the selected region in cbmem for later use. */ -void vb2_store_selected_region(void); - -void vb2_save_recovery_reason_vbnv(void); - -#endif /* __CHROMEOS_VBOOT2_MISC_H__ */ diff --git a/src/vendorcode/google/chromeos/vboot2/recovery.c b/src/vendorcode/google/chromeos/vboot2/recovery.c deleted file mode 100644 index 94a8cc3..0000000 --- a/src/vendorcode/google/chromeos/vboot2/recovery.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright 2016 Google Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <assert.h> -#include <bootstate.h> -#include <rules.h> -#include <string.h> -#include <vb2_api.h> - -#include "misc.h" -#include "../vboot_common.h" - -static int vb2_get_recovery_reason_shared_data(void) -{ - /* Shared data does not exist for Ramstage and Post-CAR stage. */ - if (ENV_RAMSTAGE || ENV_POSTCAR) - return 0; - - struct vb2_shared_data *sd = vb2_get_shared_data(); - assert(sd); - return sd->recovery_reason; -} - -void vb2_save_recovery_reason_vbnv(void) -{ - if (!IS_ENABLED(CONFIG_VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT)) - return; - - int reason = vb2_get_recovery_reason_shared_data(); - if (!reason) - return; - - set_recovery_mode_into_vbnv(reason); -} - -static void vb2_clear_recovery_reason_vbnv(void *unused) -{ - if (!IS_ENABLED(CONFIG_VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT)) - return; - - set_recovery_mode_into_vbnv(0); -} - -/* - * Recovery reason stored in VBNV needs to be cleared before the state of VBNV - * is backed-up anywhere or jumping to the payload (whichever occurs - * first). Currently, vbnv_cmos.c backs up VBNV on POST_DEVICE. Thus, we need to - * make sure that the stored recovery reason is cleared off before that - * happens. - * IMPORTANT: Any reboot occurring after BS_DEV_INIT state will cause loss of - * recovery reason on reboot. Until now, we have seen reboots occuring on x86 - * only in FSP stages which run before BS_DEV_INIT. - */ -BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, - vb2_clear_recovery_reason_vbnv, NULL); - -/* - * Returns 0 for the stages where we know that cbmem does not come online. - * Even if this function returns 1 for romstage, depending upon the point in - * bootup, cbmem might not actually be online. - */ -static int cbmem_possibly_online(void) -{ - if (ENV_BOOTBLOCK) - return 0; - - if (ENV_VERSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) - return 0; - - return 1; -} - -/* - * Returns 1 if vboot is being used and currently in a stage which might have - * already executed vboot verification. - */ -static int vboot_possibly_executed(void) -{ - if (!IS_ENABLED(CONFIG_VBOOT_VERIFY_FIRMWARE)) - return 0; - - if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) { - if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) - return 0; - return 1; - } - - if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) { - if (ENV_BOOTBLOCK) - return 0; - return 1; - } - - return 0; -} - -/* - * vb2_check_recovery_request looks up different components to identify if there - * is a recovery request and returns appropriate reason code: - * 1. Checks if recovery mode is initiated by EC. If yes, returns - * VB2_RECOVERY_RO_MANUAL. - * 2. Checks if recovery request is present in VBNV and returns the code read - * from it. - * 3. Checks recovery request in handoff for stages post-cbmem. - * 4. For non-CBMEM stages, check if vboot verification is done and look-up - * selected region to identify if vboot_refence library has requested recovery - * path. If yes, return the reason code from shared data. - * 5. If nothing applies, return 0 indicating no recovery request. - */ -int vboot_check_recovery_request(void) -{ - int reason = 0; - - /* EC-initiated recovery. */ - if (get_recovery_mode_switch()) - return VB2_RECOVERY_RO_MANUAL; - - /* Recovery request in VBNV. */ - if ((reason = get_recovery_mode_from_vbnv()) != 0) - return reason; - - /* - * Check recovery flag in vboot_handoff for stages post CBMEM coming - * online. Since for some stages there is no way to know if cbmem has - * already come online, try looking up handoff anyways. If it fails, - * flow will fallback to looking up shared data. - */ - if (cbmem_possibly_online() && - ((reason = vboot_handoff_get_recovery_reason()) != 0)) - return reason; - - /* - * For stages where CBMEM might not be online, identify if vboot - * verification is already complete and no slot was selected - * i.e. recovery path was requested. - */ - if (vboot_possibly_executed() && vb2_logic_executed() && - !vb2_is_slot_selected()) - return vb2_get_recovery_reason_shared_data(); - - return 0; -} diff --git a/src/vendorcode/google/chromeos/vboot2/secdata_mock.c b/src/vendorcode/google/chromeos/vboot2/secdata_mock.c deleted file mode 100644 index 03616c1..0000000 --- a/src/vendorcode/google/chromeos/vboot2/secdata_mock.c +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Functions for querying, manipulating and locking rollback indices - * stored in the TPM NVRAM. - */ - -#include <antirollback.h> -#include <stdlib.h> -#include <vb2_api.h> - -uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr, - enum vb2_pcr_digest which_digest) -{ - return TPM_SUCCESS; -} - -uint32_t tpm_clear_and_reenable(void) -{ - return TPM_SUCCESS; -} - -uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) -{ - vb2api_secdata_create(ctx); - return TPM_SUCCESS; -} - -uint32_t antirollback_write_space_firmware(struct vb2_context *ctx) -{ - return TPM_SUCCESS; -} - -uint32_t antirollback_lock_space_firmware() -{ - return TPM_SUCCESS; -} diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_handoff.c b/src/vendorcode/google/chromeos/vboot2/vboot_handoff.c deleted file mode 100644 index 0e2cb84..0000000 --- a/src/vendorcode/google/chromeos/vboot2/vboot_handoff.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2013 Google, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <arch/stages.h> -#include <assert.h> -#include <stdint.h> -#include <stddef.h> -#include <string.h> -#include <cbfs.h> -#include <cbmem.h> -#include <console/console.h> -#include <console/vtxprintf.h> -#include <fmap.h> -#include <stdlib.h> -#include <timestamp.h> -#define NEED_VB20_INTERNALS /* TODO: remove me! */ -#include <vb2_api.h> -#include <vboot_struct.h> -#include "../chromeos.h" -#include "misc.h" - -/** - * Sets vboot_handoff based on the information in vb2_shared_data - */ -static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff, - struct vb2_shared_data *vb2_sd) -{ - VbSharedDataHeader *vb_sd = - (VbSharedDataHeader *)vboot_handoff->shared_data; - uint32_t *oflags = &vboot_handoff->init_params.out_flags; - - vb_sd->flags |= VBSD_BOOT_FIRMWARE_VBOOT2; - - vboot_handoff->selected_firmware = vb2_sd->fw_slot; - - vb_sd->firmware_index = vb2_sd->fw_slot; - - vb_sd->magic = VB_SHARED_DATA_MAGIC; - vb_sd->struct_version = VB_SHARED_DATA_VERSION; - vb_sd->struct_size = sizeof(VbSharedDataHeader); - vb_sd->data_size = VB_SHARED_DATA_MIN_SIZE; - vb_sd->data_used = sizeof(VbSharedDataHeader); - vb_sd->fw_version_tpm = vb2_sd->fw_version_secdata; - - if (get_write_protect_state()) - vb_sd->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED; - if (get_sw_write_protect_state()) - vb_sd->flags |= VBSD_BOOT_FIRMWARE_SW_WP_ENABLED; - - if (vb2_sd->recovery_reason) { - vb_sd->firmware_index = 0xFF; - if (vb2_sd->flags & VB2_SD_FLAG_MANUAL_RECOVERY) - vb_sd->flags |= VBSD_BOOT_REC_SWITCH_ON; - *oflags |= VB_INIT_OUT_ENABLE_RECOVERY; - *oflags |= VB_INIT_OUT_CLEAR_RAM; - *oflags |= VB_INIT_OUT_ENABLE_DISPLAY; - *oflags |= VB_INIT_OUT_ENABLE_USB_STORAGE; - } - if (vb2_sd->flags & VB2_SD_DEV_MODE_ENABLED) { - *oflags |= VB_INIT_OUT_ENABLE_DEVELOPER; - *oflags |= VB_INIT_OUT_CLEAR_RAM; - *oflags |= VB_INIT_OUT_ENABLE_DISPLAY; - *oflags |= VB_INIT_OUT_ENABLE_USB_STORAGE; - vb_sd->flags |= VBSD_BOOT_DEV_SWITCH_ON; - vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON; - } - /* TODO: Set these in depthcharge */ - if (IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH)) - vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH; - if (IS_ENABLED(CONFIG_EC_SOFTWARE_SYNC)) - vb_sd->flags |= VBSD_EC_SOFTWARE_SYNC; - if (!IS_ENABLED(CONFIG_PHYSICAL_REC_SWITCH)) - vb_sd->flags |= VBSD_BOOT_REC_SWITCH_VIRTUAL; - if (IS_ENABLED(CONFIG_VBOOT_EC_SLOW_UPDATE)) - vb_sd->flags |= VBSD_EC_SLOW_UPDATE; - if (IS_ENABLED(CONFIG_VBOOT_OPROM_MATTERS)) { - vb_sd->flags |= VBSD_OPROM_MATTERS; - /* - * Inform vboot if the display was enabled by dev/rec - * mode or was requested by vboot kernel phase. - */ - if (*oflags & VB_INIT_OUT_ENABLE_DISPLAY || - vboot_wants_oprom()) { - vb_sd->flags |= VBSD_OPROM_LOADED; - *oflags |= VB_INIT_OUT_ENABLE_DISPLAY; - } - } - - /* In vboot1, VBSD_FWB_TRIED is - * set only if B is booted as explicitly requested. Therefore, if B is - * booted because A was found bad, the flag should not be set. It's - * better not to touch it if we can only ambiguously control it. */ - /* if (vb2_sd->fw_slot) - vb_sd->flags |= VBSD_FWB_TRIED; */ - - /* copy kernel subkey if it's found */ - if (vb2_sd->workbuf_preamble_size) { - struct vb2_fw_preamble *fp; - uintptr_t dst, src; - printk(BIOS_INFO, "Copying FW preamble\n"); - fp = (struct vb2_fw_preamble *)((uintptr_t)vb2_sd + - vb2_sd->workbuf_preamble_offset); - src = (uintptr_t)&fp->kernel_subkey + - fp->kernel_subkey.key_offset; - dst = (uintptr_t)vb_sd + sizeof(VbSharedDataHeader); - assert(dst + fp->kernel_subkey.key_size <= - (uintptr_t)vboot_handoff + sizeof(*vboot_handoff)); - memcpy((void *)dst, (void *)src, - fp->kernel_subkey.key_size); - vb_sd->data_used += fp->kernel_subkey.key_size; - vb_sd->kernel_subkey.key_offset = - dst - (uintptr_t)&vb_sd->kernel_subkey; - vb_sd->kernel_subkey.key_size = fp->kernel_subkey.key_size; - vb_sd->kernel_subkey.algorithm = fp->kernel_subkey.algorithm; - vb_sd->kernel_subkey.key_version = - fp->kernel_subkey.key_version; - } - - vb_sd->recovery_reason = vb2_sd->recovery_reason; -} - -void vboot_fill_handoff(void) -{ - struct vboot_handoff *vh; - struct vb2_shared_data *sd; - - sd = vb2_get_shared_data(); - sd->workbuf_hash_offset = 0; - sd->workbuf_hash_size = 0; - - printk(BIOS_INFO, "creating vboot_handoff structure\n"); - vh = cbmem_add(CBMEM_ID_VBOOT_HANDOFF, sizeof(*vh)); - if (vh == NULL) - /* we don't need to failover gracefully here because this - * shouldn't happen with the image that has passed QA. */ - die("failed to allocate vboot_handoff structure\n"); - - memset(vh, 0, sizeof(*vh)); - - /* needed until we finish transtion to vboot2 for kernel verification */ - fill_vboot_handoff(vh, sd); - - /* - * The recovery mode switch is cleared (typically backed by EC) here - * to allow multiple queries to get_recovery_mode_switch() and have - * them return consistent results during the verified boot path as well - * as dram initialization. x86 systems ignore the saved dram settings - * in the recovery path in order to start from a clean slate. Therefore - * clear the state here since this function is called when memory - * is known to be up. - */ - clear_recovery_mode_switch(); -} - -/* - * For platforms that employ VBOOT_DYNAMIC_WORK_BUFFER, the vboot - * verification doesn't happen until after cbmem is brought online. - * Therefore, the vboot results would not be initialized so don't - * automatically add results when cbmem comes online. - */ -#if !IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER) -static void vb2_fill_handoff_cbmem(int unused) -{ - vboot_fill_handoff(); -} -ROMSTAGE_CBMEM_INIT_HOOK(vb2_fill_handoff_cbmem) -#endif diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_loader.c b/src/vendorcode/google/chromeos/vboot2/vboot_loader.c deleted file mode 100644 index b76d20b..0000000 --- a/src/vendorcode/google/chromeos/vboot2/vboot_loader.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright 2015 Google, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <arch/early_variables.h> -#include <cbfs.h> -#include <cbmem.h> -#include <console/console.h> -#include <rmodule.h> -#include <rules.h> -#include <string.h> -#include "misc.h" -#include "../vboot_common.h" -#include "../symbols.h" - -/* The stage loading code is compiled and entered from multiple stages. The - * helper functions below attempt to provide more clarity on when certain - * code should be called. */ - -static int verification_should_run(void) -{ - if (ENV_VERSTAGE && IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) - return 1; - - if (!IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) { - if (ENV_ROMSTAGE && - IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) - return 1; - if (ENV_BOOTBLOCK && - IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) - return 1; - } - - return 0; -} - -static int verstage_should_load(void) -{ - if (!IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) - return 0; - - if (ENV_ROMSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) - return 1; - - if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) - return 1; - - return 0; -} - -static int vboot_executed CAR_GLOBAL; - -int vb2_logic_executed(void) -{ - /* If this stage is supposed to run the vboot logic ensure it has been - * executed. */ - if (verification_should_run() && car_get_var(vboot_executed)) - return 1; - - /* If this stage is supposed to load verstage and verstage is returning - * back to the calling stage check that it has been executed. */ - if (verstage_should_load() && IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) - if (car_get_var(vboot_executed)) - return 1; - - /* Handle all other stages post vboot execution. */ - if (!ENV_BOOTBLOCK) { - if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) - return 1; - if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE) && - !ENV_ROMSTAGE) - return 1; - } - - return 0; -} - -static void vboot_prepare(void) -{ - if (verification_should_run()) { - verstage_main(); - car_set_var(vboot_executed, 1); - vb2_save_recovery_reason_vbnv(); - } else if (verstage_should_load()) { - struct cbfsf file; - struct prog verstage = - PROG_INIT(PROG_VERSTAGE, - CONFIG_CBFS_PREFIX "/verstage"); - - printk(BIOS_DEBUG, "VBOOT: Loading verstage.\n"); - - /* load verstage from RO */ - if (cbfs_boot_locate(&file, prog_name(&verstage), NULL)) - die("failed to load verstage"); - - cbfs_file_data(prog_rdev(&verstage), &file); - - if (cbfs_prog_stage_load(&verstage)) - die("failed to load verstage"); - - /* verify and select a slot */ - prog_run(&verstage); - - /* This is not actually possible to hit this condition at - * runtime, but this provides a hint to the compiler for dead - * code elimination below. */ - if (!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) - return; - - car_set_var(vboot_executed, 1); - } - - /* - * Fill in vboot cbmem objects before moving to ramstage so all - * downstream users have access to vboot results. This path only - * applies to platforms employing VBOOT_DYNAMIC_WORK_BUFFER because - * cbmem comes online prior to vboot verification taking place. For - * other platforms the vboot cbmem objects are initialized when - * cbmem comes online. - */ - if (ENV_ROMSTAGE && IS_ENABLED(CONFIG_VBOOT_DYNAMIC_WORK_BUFFER)) { - vb2_store_selected_region(); - vboot_fill_handoff(); - } -} - -static int vboot_locate(struct cbfs_props *props) -{ - struct region selected_region; - - /* Don't honor vboot results until the vboot logic has run. */ - if (!vb2_logic_executed()) - return -1; - - if (vb2_get_selected_region(&selected_region)) - return -1; - - props->offset = region_offset(&selected_region); - props->size = region_sz(&selected_region); - - return 0; -} - -const struct cbfs_locator vboot_locator = { - .name = "VBOOT", - .prepare = vboot_prepare, - .locate = vboot_locate, -}; diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c deleted file mode 100644 index 4c799c9..0000000 --- a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright 2014 Google Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <antirollback.h> -#include <arch/exception.h> -#include <assert.h> -#include <console/console.h> -#include <console/vtxprintf.h> -#include <delay.h> -#include <string.h> -#include <timestamp.h> -#include <vb2_api.h> - -#include "../chromeos.h" -#include "misc.h" - -/* The max hash size to expect is for SHA512. */ -#define VBOOT_MAX_HASH_SIZE VB2_SHA512_DIGEST_SIZE - -#define TODO_BLOCK_SIZE 1024 - -static int is_slot_a(struct vb2_context *ctx) -{ - return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B); -} - -/* exports */ - -void vb2ex_printf(const char *func, const char *fmt, ...) -{ - va_list args; - - printk(BIOS_INFO, "VB2:%s() ", func); - va_start(args, fmt); - do_printk_va_list(BIOS_INFO, fmt, args); - va_end(args); - - return; -} - -int vb2ex_tpm_clear_owner(struct vb2_context *ctx) -{ - uint32_t rv; - printk(BIOS_INFO, "Clearing TPM owner\n"); - rv = tpm_clear_and_reenable(); - if (rv) - return VB2_ERROR_EX_TPM_CLEAR_OWNER; - return VB2_SUCCESS; -} - -int vb2ex_read_resource(struct vb2_context *ctx, - enum vb2_resource_index index, - uint32_t offset, - void *buf, - uint32_t size) -{ - struct region_device rdev; - const char *name; - - switch (index) { - case VB2_RES_GBB: - name = "GBB"; - break; - case VB2_RES_FW_VBLOCK: - if (is_slot_a(ctx)) - name = "VBLOCK_A"; - else - name = "VBLOCK_B"; - break; - default: - return VB2_ERROR_EX_READ_RESOURCE_INDEX; - } - - if (vboot_named_region_device(name, &rdev)) - return VB2_ERROR_EX_READ_RESOURCE_SIZE; - - if (rdev_readat(&rdev, buf, offset, size) != size) - return VB2_ERROR_EX_READ_RESOURCE_SIZE; - - return VB2_SUCCESS; -} - -/* No-op stubs that can be overridden by SoCs with hardware crypto support. */ -__attribute__((weak)) -int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, - uint32_t data_size) -{ - return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; -} - -__attribute__((weak)) -int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size) -{ - BUG(); /* Should never get called if init() returned an error. */ - return VB2_ERROR_UNKNOWN; -} - -__attribute__((weak)) -int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size) -{ - BUG(); /* Should never get called if init() returned an error. */ - return VB2_ERROR_UNKNOWN; -} - -static int handle_digest_result(void *slot_hash, size_t slot_hash_sz) -{ - int is_resume; - - /* - * Nothing to do since resuming on the platform doesn't require - * vboot verification again. - */ - if (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT)) - return 0; - - /* - * Assume that if vboot doesn't start in bootblock verified - * RW memory init code is not employed. i.e. memory init code - * lives in RO CBFS. - */ - if (!IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) - return 0; - - is_resume = vboot_platform_is_resuming(); - - if (is_resume > 0) { - uint8_t saved_hash[VBOOT_MAX_HASH_SIZE]; - const size_t saved_hash_sz = sizeof(saved_hash); - - assert(slot_hash_sz == saved_hash_sz); - - printk(BIOS_DEBUG, "Platform is resuming.\n"); - - if (vboot_retrieve_hash(saved_hash, saved_hash_sz)) { - printk(BIOS_ERR, "Couldn't retrieve saved hash.\n"); - return -1; - } - - if (memcmp(saved_hash, slot_hash, slot_hash_sz)) { - printk(BIOS_ERR, "Hash mismatch on resume.\n"); - return -1; - } - } else if (is_resume < 0) - printk(BIOS_ERR, "Unable to determine if platform resuming.\n"); - - printk(BIOS_DEBUG, "Saving vboot hash.\n"); - - /* Always save the hash for the current boot. */ - if (vboot_save_hash(slot_hash, slot_hash_sz)) { - printk(BIOS_ERR, "Error saving vboot hash.\n"); - /* Though this is an error don't report it up since it could - * lead to a reboot loop. The consequence of this is that - * we will most likely fail resuming because of EC issues or - * the hash digest not matching. */ - return 0; - } - - return 0; -} - -static int hash_body(struct vb2_context *ctx, struct region_device *fw_main) -{ - uint64_t load_ts; - uint32_t expected_size; - uint8_t block[TODO_BLOCK_SIZE]; - uint8_t hash_digest[VBOOT_MAX_HASH_SIZE]; - const size_t hash_digest_sz = sizeof(hash_digest); - size_t block_size = sizeof(block); - size_t offset; - int rv; - - /* Clear the full digest so that any hash digests less than the - * max have trailing zeros. */ - memset(hash_digest, 0, hash_digest_sz); - - /* - * Since loading the firmware and calculating its hash is intertwined, - * we use this little trick to measure them separately and pretend it - * was first loaded and then hashed in one piece with the timestamps. - * (This split won't make sense with memory-mapped media like on x86.) - */ - load_ts = timestamp_get(); - timestamp_add(TS_START_HASH_BODY, load_ts); - - expected_size = region_device_sz(fw_main); - offset = 0; - - /* Start the body hash */ - rv = vb2api_init_hash(ctx, VB2_HASH_TAG_FW_BODY, &expected_size); - if (rv) - return rv; - - /* - * Honor vboot's RW slot size. The expected size is pulled out of - * the preamble and obtained through vb2api_init_hash() above. By - * creating sub region the RW slot portion of the boot media is - * limited. - */ - if (rdev_chain(fw_main, fw_main, 0, expected_size)) { - printk(BIOS_ERR, "Unable to restrict CBFS size.\n"); - return VB2_ERROR_UNKNOWN; - } - - /* Extend over the body */ - while (expected_size) { - uint64_t temp_ts; - if (block_size > expected_size) - block_size = expected_size; - - temp_ts = timestamp_get(); - if (rdev_readat(fw_main, block, offset, block_size) < 0) - return VB2_ERROR_UNKNOWN; - load_ts += timestamp_get() - temp_ts; - - rv = vb2api_extend_hash(ctx, block, block_size); - if (rv) - return rv; - - expected_size -= block_size; - offset += block_size; - } - - timestamp_add(TS_DONE_LOADING, load_ts); - timestamp_add_now(TS_DONE_HASHING); - - /* Check the result (with RSA signature verification) */ - rv = vb2api_check_hash_get_digest(ctx, hash_digest, hash_digest_sz); - if (rv) - return rv; - - timestamp_add_now(TS_END_HASH_BODY); - - if (handle_digest_result(hash_digest, hash_digest_sz)) - return VB2_ERROR_UNKNOWN; - - return VB2_SUCCESS; -} - -static int locate_firmware(struct vb2_context *ctx, - struct region_device *fw_main) -{ - const char *name; - - if (is_slot_a(ctx)) - name = "FW_MAIN_A"; - else - name = "FW_MAIN_B"; - - return vboot_named_region_device(name, fw_main); -} - -/** - * Save non-volatile and/or secure data if needed. - */ -static void save_if_needed(struct vb2_context *ctx) -{ - if (ctx->flags & VB2_CONTEXT_NVDATA_CHANGED) { - printk(BIOS_INFO, "Saving nvdata\n"); - save_vbnv(ctx->nvdata); - ctx->flags &= ~VB2_CONTEXT_NVDATA_CHANGED; - } - if (ctx->flags & VB2_CONTEXT_SECDATA_CHANGED) { - printk(BIOS_INFO, "Saving secdata\n"); - antirollback_write_space_firmware(ctx); - ctx->flags &= ~VB2_CONTEXT_SECDATA_CHANGED; - } -} - -static uint32_t extend_pcrs(struct vb2_context *ctx) -{ - return tpm_extend_pcr(ctx, 0, BOOT_MODE_PCR) || - tpm_extend_pcr(ctx, 1, HWID_DIGEST_PCR); -} - -/** - * Verify and select the firmware in the RW image - * - * TODO: Avoid loading a stage twice (once in hash_body & again in load_stage). - * when per-stage verification is ready. - */ -void verstage_main(void) -{ - struct vb2_context ctx; - struct region_device fw_main; - int rv; - - timestamp_add_now(TS_START_VBOOT); - - /* Set up context and work buffer */ - vb2_init_work_context(&ctx); - - /* Read nvdata from a non-volatile storage. */ - read_vbnv(ctx.nvdata); - - /* Set S3 resume flag if vboot should behave differently when selecting - * which slot to boot. This is only relevant to vboot if the platform - * does verification of memory init and thus must ensure it resumes with - * the same slot that it booted from. */ - if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && - IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) && - vboot_platform_is_resuming()) - ctx.flags |= VB2_CONTEXT_S3_RESUME; - - /* Read secdata from TPM. Initialize TPM if secdata not found. We don't - * check the return value here because vb2api_fw_phase1 will catch - * invalid secdata and tell us what to do (=reboot). */ - timestamp_add_now(TS_START_TPMINIT); - antirollback_read_space_firmware(&ctx); - timestamp_add_now(TS_END_TPMINIT); - - if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) && - get_developer_mode_switch()) - ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; - - if (get_recovery_mode_switch()) { - ctx.flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE; - if (IS_ENABLED(CONFIG_VBOOT_DISABLE_DEV_ON_RECOVERY)) - ctx.flags |= VB2_DISABLE_DEVELOPER_MODE; - } - - if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) - ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE; - - if (IS_ENABLED(CONFIG_LID_SWITCH) && !get_lid_switch()) - ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT; - - /* Do early init (set up secdata and NVRAM, load GBB) */ - printk(BIOS_INFO, "Phase 1\n"); - rv = vb2api_fw_phase1(&ctx); - - if (rv) { - /* - * If vb2api_fw_phase1 fails, check for return value. - * If it is set to VB2_ERROR_API_PHASE1_RECOVERY, then continue - * into recovery mode. - * For any other error code, save context if needed and reboot. - */ - if (rv == VB2_ERROR_API_PHASE1_RECOVERY) { - printk(BIOS_INFO, "Recovery requested (%x)\n", rv); - save_if_needed(&ctx); - extend_pcrs(&ctx); /* ignore failures */ - timestamp_add_now(TS_END_VBOOT); - return; - } - - printk(BIOS_INFO, "Reboot reqested (%x)\n", rv); - save_if_needed(&ctx); - vboot_reboot(); - } - - /* Determine which firmware slot to boot (based on NVRAM) */ - printk(BIOS_INFO, "Phase 2\n"); - rv = vb2api_fw_phase2(&ctx); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - save_if_needed(&ctx); - vboot_reboot(); - } - - /* Try that slot (verify its keyblock and preamble) */ - printk(BIOS_INFO, "Phase 3\n"); - timestamp_add_now(TS_START_VERIFY_SLOT); - rv = vb2api_fw_phase3(&ctx); - timestamp_add_now(TS_END_VERIFY_SLOT); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - save_if_needed(&ctx); - vboot_reboot(); - } - - printk(BIOS_INFO, "Phase 4\n"); - rv = locate_firmware(&ctx, &fw_main); - if (rv) - die("Failed to read FMAP to locate firmware"); - - rv = hash_body(&ctx, &fw_main); - save_if_needed(&ctx); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_reboot(); - } - - rv = extend_pcrs(&ctx); - if (rv) { - printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv); - vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); - save_if_needed(&ctx); - vboot_reboot(); - } - - /* Lock TPM */ - rv = antirollback_lock_space_firmware(); - if (rv) { - printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv); - vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0); - save_if_needed(&ctx); - vboot_reboot(); - } - - printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B'); - vb2_set_selected_region(region_device_region(&fw_main)); - timestamp_add_now(TS_END_VBOOT); -} diff --git a/src/vendorcode/google/chromeos/vboot2/verstage.c b/src/vendorcode/google/chromeos/vboot2/verstage.c deleted file mode 100644 index 99bc28d..0000000 --- a/src/vendorcode/google/chromeos/vboot2/verstage.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright 2015 Google Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <arch/exception.h> -#include <arch/hlt.h> -#include <console/console.h> -#include <program_loading.h> -#include "../vboot_common.h" - -void __attribute__((weak)) verstage_mainboard_init(void) -{ - /* Default empty implementation. */ -} - -void verstage(void) -{ - console_init(); - exception_init(); - verstage_mainboard_init(); - - if (IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) { - verstage_main(); - } else { - run_romstage(); - hlt(); - } -} - -#if !IS_ENABLED(CONFIG_CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL) -/* This is for boards that rely on main() for an entry point of a stage. */ -void main(void) __attribute__((alias ("verstage"))); -#endif diff --git a/src/vendorcode/google/chromeos/vboot_common.c b/src/vendorcode/google/chromeos/vboot_common.c deleted file mode 100644 index 66800ed..0000000 --- a/src/vendorcode/google/chromeos/vboot_common.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <boot/coreboot_tables.h> -#include <boot_device.h> -#include <cbmem.h> -#include <console/cbmem_console.h> -#include <console/console.h> -#include <fmap.h> -#include <reset.h> -#include <rules.h> -#include <stddef.h> -#include <string.h> - -#include "chromeos.h" -#include "vboot_common.h" - -int vboot_named_region_device(const char *name, struct region_device *rdev) -{ - return fmap_locate_area_as_rdev(name, rdev); -} - -/* ========================== VBOOT HANDOFF APIs =========================== */ -int vboot_get_handoff_info(void **addr, uint32_t *size) -{ - /* - * vboot_handoff is present only after cbmem comes online. If we are in - * pre-ram stage, then bail out early. - */ - if (ENV_BOOTBLOCK || - (ENV_VERSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))) - return -1; - - struct vboot_handoff *vboot_handoff; - vboot_handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF); - - if (vboot_handoff == NULL) - return -1; - - *addr = vboot_handoff; - - if (size) - *size = sizeof(*vboot_handoff); - return 0; -} - -static int vboot_get_handoff_flag(uint32_t flag) -{ - struct vboot_handoff *vbho; - - /* - * If vboot_handoff cannot be found, return default value of flag as 0. - */ - if (vboot_get_handoff_info((void **)&vbho, NULL)) - return 0; - - return !!(vbho->init_params.out_flags & flag); -} - -int vboot_handoff_skip_display_init(void) -{ - return !vboot_get_handoff_flag(VB_INIT_OUT_ENABLE_DISPLAY); -} - -int vboot_handoff_check_developer_flag(void) -{ - return vboot_get_handoff_flag(VB_INIT_OUT_ENABLE_DEVELOPER); -} - -int vboot_handoff_check_recovery_flag(void) -{ - return vboot_get_handoff_flag(VB_INIT_OUT_ENABLE_RECOVERY); -} - -int vboot_handoff_get_recovery_reason(void) -{ - struct vboot_handoff *vbho; - VbSharedDataHeader *sd; - - if (vboot_get_handoff_info((void **)&vbho, NULL)) - return 0; - - sd = (VbSharedDataHeader *)vbho->shared_data; - - return sd->recovery_reason; -} - -/* ============================ VBOOT REBOOT ============================== */ -void __attribute__((weak)) vboot_platform_prepare_reboot(void) -{ -} - -void vboot_reboot(void) -{ - if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART)) - cbmem_dump_console(); - vboot_platform_prepare_reboot(); - hard_reset(); - die("failed to reboot"); -} diff --git a/src/vendorcode/google/chromeos/vboot_common.h b/src/vendorcode/google/chromeos/vboot_common.h deleted file mode 100644 index 266ce4f..0000000 --- a/src/vendorcode/google/chromeos/vboot_common.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2014 Google, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ -#ifndef VBOOT_COMMON_H -#define VBOOT_COMMON_H - -#include <commonlib/region.h> -#include <stdint.h> -#include <vboot_api.h> -#include <vboot_struct.h> - -#include "chromeos.h" - -/* Locate vboot area by name. Returns 0 on success and -1 on error. */ -int vboot_named_region_device(const char *name, struct region_device *rdev); - -/* - * Function to check if there is a request to enter recovery mode. Returns - * reason code if request to enter recovery mode is present, otherwise 0. - */ -int vboot_check_recovery_request(void); - -/* ========================== VBOOT HANDOFF APIs =========================== */ -/* - * The vboot_handoff structure contains the data to be consumed by downstream - * firmware after firmware selection has been completed. Namely it provides - * vboot shared data as well as the flags from VbInit. - */ -struct vboot_handoff { - VbInitParams init_params; - uint32_t selected_firmware; - char shared_data[VB_SHARED_DATA_MIN_SIZE]; -} __attribute__((packed)); - -/* - * vboot_get_handoff_info returns pointer to the vboot_handoff structure if - * available. vboot_handoff is available only after CBMEM comes online. If size - * is not NULL, size of the vboot_handoff structure is returned in it. - * Returns 0 on success and -1 on error. - */ -int vboot_get_handoff_info(void **addr, uint32_t *size); - -/* - * The following functions read vboot_handoff structure to obtain requested - * information. If vboot handoff is not available, 0 is returned by default. - * If vboot handoff is available: - * Returns 1 for flag if true - * Returns 0 for flag if false - * Returns value read for other fields - */ -int vboot_handoff_skip_display_init(void); -int vboot_handoff_check_recovery_flag(void); -int vboot_handoff_check_developer_flag(void); -int vboot_handoff_get_recovery_reason(void); - -/* ============================ VBOOT REBOOT ============================== */ -/* - * vboot_reboot handles the reboot requests made by vboot_reference library. It - * allows the platform to run any preparation steps before the reboot and then - * does a hard reset. - */ -void vboot_reboot(void); - -/* Allow the platform to do any clean up work when vboot requests a reboot. */ -void vboot_platform_prepare_reboot(void); - -/* ============================ VBOOT RESUME ============================== */ -/* - * Save the provided hash digest to a secure location to check against in - * the resume path. Returns 0 on success, < 0 on error. - */ -int vboot_save_hash(void *digest, size_t digest_size); - -/* - * Retrieve the previously saved hash digest. Returns 0 on success, - * < 0 on error. - */ -int vboot_retrieve_hash(void *digest, size_t digest_size); - -/* - * Determine if the platform is resuming from suspend. Returns 0 when - * not resuming, > 0 if resuming, and < 0 on error. - */ -int vboot_platform_is_resuming(void); - -/* ============================= VERSTAGE ================================== */ -/* - * Main logic for verified boot. verstage() is the stage entry point - * while the verstage_main() is just the core logic. - */ -void verstage_main(void); -void verstage(void); -void verstage_mainboard_init(void); - -#endif /* VBOOT_COMMON_H */

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit July 2016