Lee Leahy (leroy.p.leahy@intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/18041
-gerrit
commit 7185ed2243d165a3f5bf31172bdb8d0f3dc483f3 Author: Lee Leahy leroy.p.leahy@intel.com Date: Wed Jan 4 08:34:01 2017 -0800
mainboard/intel/galileo: Add vboot support
Add the necessary files and changes to support vboot.
TEST=Build and run on Galileo Gen2
Change-Id: I96170412e7bbc2b9c747ff5e2c845f29220353ed Signed-off-by: Lee Leahy leroy.p.leahy@intel.com --- src/mainboard/intel/galileo/Kconfig | 27 +++++++++++++ src/mainboard/intel/galileo/Makefile.inc | 5 +++ src/mainboard/intel/galileo/vboot.c | 69 ++++++++++++++++++++++++++++++++ src/mainboard/intel/galileo/vboot.fmd | 39 ++++++++++++++++++ 4 files changed, 140 insertions(+)
diff --git a/src/mainboard/intel/galileo/Kconfig b/src/mainboard/intel/galileo/Kconfig index e941448..b705ab7 100644 --- a/src/mainboard/intel/galileo/Kconfig +++ b/src/mainboard/intel/galileo/Kconfig @@ -18,6 +18,7 @@ if BOARD_INTEL_GALILEO config BOARD_SPECIFIC_OPTIONS def_bool y select BOARD_ROMSIZE_KB_8192 + select COLLECT_TIMESTAMPS # select CREATE_BOARD_CHECKLIST select ENABLE_BUILTIN_HSUART1 select HAVE_ACPI_TABLES @@ -147,4 +148,30 @@ config FSP_DEBUG_ALL FSP_CALLS_AND_STATUS, FSP_HEADER, POSTCAR_CONSOLE and VERIFY_HOBS or FSP 1.1 DISPLAY_FSP_ENTRY_POINTS
+config VBOOT_WITH_CRYPTO_SHIELD + bool "Verified boot using the Crypto Shield board" + default n + select SEPARATE_VERSTAGE + select VBOOT + select VBOOT_MOCK_SECDATA + select VBOOT_STARTS_IN_BOOTBLOCK + help + Perform a verified boot using the TPM on the Crypto Shield board. + +config DRIVER_TPM_I2C_ADDR + hex "Address of the I2C TPM chip" + depends on VBOOT_WITH_CRYPTO_SHIELD + default 0x29 + help + I2C address of the TPM chip on the Crypto Shield board. + +config FMDFILE + string "fmap description file in fmd format" + depends on VBOOT + default "src/mainboard/$(CONFIG_MAINBOARD_DIR)/vboot.fmd" + help + The build system creates a default FMAP from ROM_SIZE and CBFS_SIZE, + but in some cases more complex setups are required. + When an fmd is specified, it overrides the default format. + endif # BOARD_INTEL_QUARK diff --git a/src/mainboard/intel/galileo/Makefile.inc b/src/mainboard/intel/galileo/Makefile.inc index 16b2b4a..f2fda31 100644 --- a/src/mainboard/intel/galileo/Makefile.inc +++ b/src/mainboard/intel/galileo/Makefile.inc @@ -20,8 +20,13 @@ endif bootblock-y += gpio.c bootblock-y += reg_access.c
+verstage-y += gpio.c +verstage-y += reg_access.c +verstage-$(CONFIG_VBOOT) += vboot.c + romstage-y += gpio.c romstage-y += reg_access.c +romstage-$(CONFIG_VBOOT) += vboot.c
postcar-y += gpio.c postcar-y += reg_access.c diff --git a/src/mainboard/intel/galileo/vboot.c b/src/mainboard/intel/galileo/vboot.c new file mode 100644 index 0000000..22c9615 --- /dev/null +++ b/src/mainboard/intel/galileo/vboot.c @@ -0,0 +1,69 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2016 Intel Corp. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * GNU General Public License for more details. + */ + +#include <assert.h> +#include <bootmode.h> +#include <console/console.h> +#include <delay.h> +#include <device/i2c.h> +#include <lib.h> +#include "reg_access.h" +#include "gen1.h" +#include "gen2.h" +#include <spi_flash.h> +#include <vboot/vboot_common.h> + +int clear_recovery_mode_switch(void) +{ + /* Nothing to do */ + return 0; +} + +int get_developer_mode_switch(void) +{ + return 0; +} + +int get_recovery_mode_switch(void) +{ + return 0; +} + +int get_sw_write_protect_state(void) +{ +#if 0 + uint8_t status; + const struct spi_flash *flash; + + flash = boot_device_spi_flash(); + if (!flash) + return 0; + + /* Return unprotected status if status read fails */ + return spi_flash_status(flash, &status) ? 0 : !!(status & 0x80); +#endif // 0 + + /* Not write protected */ + return 0; +} + +int get_write_protect_state(void) +{ + /* Not write protected */ + return 0; +} + +void log_recovery_mode_switch(void) +{ +} + +void verstage_mainboard_init(void) +{ +} diff --git a/src/mainboard/intel/galileo/vboot.fmd b/src/mainboard/intel/galileo/vboot.fmd new file mode 100644 index 0000000..49ac9a7 --- /dev/null +++ b/src/mainboard/intel/galileo/vboot.fmd @@ -0,0 +1,39 @@ +FLASH@0xff800000 0x800000 { + SI_ALL@0x0 0x200000 { + SI_DESC@0x0 0x1000 + SI_ME@0x1000 0x1ff000 + } + SI_BIOS@0x200000 0x600000 { + RW_SECTION_A@0x0 0xf0000 { + VBLOCK_A@0x0 0x10000 + FW_MAIN_A(CBFS)@0x10000 0xdffc0 + RW_FWID_A@0xeffc0 0x40 + } + RW_SECTION_B@0xf0000 0xf0000 { + VBLOCK_B@0x0 0x10000 + FW_MAIN_B(CBFS)@0x10000 0xdffc0 + RW_FWID_B@0xeffc0 0x40 + } + RW_MRC_CACHE@0x1e0000 0x10000 + RW_ELOG@0x1f0000 0x4000 + RW_SHARED@0x1f4000 0x4000 { + SHARED_DATA@0x0 0x2000 + VBLOCK_DEV@0x2000 0x2000 + } + RW_VPD@0x1f8000 0x2000 + RW_UNUSED@0x1fa000 0x6000 + RW_LEGACY(CBFS)@0x200000 0x200000 + WP_RO@0x400000 0x200000 { + RO_VPD@0x0 0x4000 + RO_UNUSED@0x4000 0xc000 + RO_SECTION@0x10000 0x1f0000 { + FMAP@0x0 0x800 + RO_FRID@0x800 0x40 + RO_FRID_PAD@0x840 0x7c0 +# GBB@0x1000 0xef000 +# COREBOOT(CBFS)@0xf0000 0x100000 + COREBOOT(CBFS)@0x1000 0x1ef000 + } + } + } +}