Attention is currently required from: Hsuan Ting Chen. Hello Hsuan Ting Chen,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/57048
to review the following change.
Change subject: [wip]vboot_logic: Set VB2_CONTEXT_EC_TRUSTED in verstage_main ......................................................................
[wip]vboot_logic: Set VB2_CONTEXT_EC_TRUSTED in verstage_main
We will introduce a new ctx field stores the current bootmode in crrev/c/2944250 (ctx->bootmode), which will be leveraged in both vboot flow and elog_add_boot_reason in coreboot.
In current steps of deciding bootmode, a function vb2ex_ec_trusted is required. This function checks gpio EC_IN_RW pin and will return 'trusted' only if EC is not in RW. Therefore, we need to implement similar utilities in coreboot.
We will deprecate vb2ex_ec_trusted and use the flag, VB2_CONTEXT_EC_TRUSTED, in vboot, vb2api_fw_phase1 and set that flag in coreboot, verstage_main.
Also add a help function get_ec_in_rw which needed to be implemented per mainboard.
WIP: Only support volteer, trogdor now.
BUG=b:177196147, b:181931817 BRANCH=none TEST=TBD
Signed-off-by: Hsuan Ting Chen roccochen@chromium.org Change-Id: I479c8f80e45cc524ba87db4293d19b29bdfa2192 --- M src/include/bootmode.h M src/mainboard/google/trogdor/chromeos.c M src/mainboard/google/volteer/chromeos.c M src/security/vboot/bootmode.c M src/security/vboot/vboot_logic.c 5 files changed, 22 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/48/57048/1
diff --git a/src/include/bootmode.h b/src/include/bootmode.h index aadecba..6cfd751 100644 --- a/src/include/bootmode.h +++ b/src/include/bootmode.h @@ -11,6 +11,7 @@ int clear_recovery_mode_switch(void); int get_wipeout_mode_switch(void); int get_lid_switch(void); +int get_ec_in_rw(void);
/* Return 1 if display initialization is required. 0 if not. */ int display_init_required(void); diff --git a/src/mainboard/google/trogdor/chromeos.c b/src/mainboard/google/trogdor/chromeos.c index c218388..8f86073 100644 --- a/src/mainboard/google/trogdor/chromeos.c +++ b/src/mainboard/google/trogdor/chromeos.c @@ -48,3 +48,9 @@ { return gpio_irq_status(GPIO_H1_AP_INT); } + +int get_ec_in_rw(void) +{ + /* Read GPIO_EC_IN_RW. */ + return gpio_get(GPIO_EC_IN_RW); +} diff --git a/src/mainboard/google/volteer/chromeos.c b/src/mainboard/google/volteer/chromeos.c index abd50c5..baa5913 100644 --- a/src/mainboard/google/volteer/chromeos.c +++ b/src/mainboard/google/volteer/chromeos.c @@ -32,3 +32,9 @@ gpios = variant_cros_gpios(&num); chromeos_acpi_gpio_generate(gpios, num); } + +int get_ec_in_rw(void) +{ + /* Read GPIO_EC_IN_RW. */ + return gpio_get(GPIO_EC_IN_RW); +} diff --git a/src/security/vboot/bootmode.c b/src/security/vboot/bootmode.c index 6c05109..0c18674 100644 --- a/src/security/vboot/bootmode.c +++ b/src/security/vboot/bootmode.c @@ -57,6 +57,11 @@ return 0; }
+int __weak get_ec_in_rw(void) +{ + return 1; +} + #if CONFIG(VBOOT_NO_BOARD_SUPPORT) /** * TODO: Create flash protection interface which implements get_write_protect_state. diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 5ea4916..03701fc 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -321,6 +321,10 @@ if (!CONFIG(VBOOT_MUST_REQUEST_DISPLAY) || CONFIG(VBOOT_ALWAYS_ENABLE_DISPLAY)) ctx->flags |= VB2_CONTEXT_DISPLAY_INIT;
+ /* EC is trusted if EC is not in RW */ + if (!get_ec_in_rw()) + ctx->flags |= VB2_CONTEXT_EC_TRUSTED; + /* Do early init (set up secdata and NVRAM, load GBB) */ printk(BIOS_INFO, "Phase 1\n"); rv = vb2api_fw_phase1(ctx);