Philipp Deppenwiese has uploaded this change for review.

View Change

security/vboot: Add failure safety configurations

* Make an user interface and board configuration
through kconfig available.
* 3 modes are now supported:
  + RO only
  + RO + RW_A
  + RO + RW_A + RW_B
* The default mode is always RO + RW_A + RW_B

Change-Id: I278fc060522b13048b00090b8e5261c14496f56e
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
---
M src/security/vboot/Kconfig
M src/security/vboot/Makefile.inc
2 files changed, 84 insertions(+), 1 deletion(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/14/27714/1

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index e13101b..4467c02 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -25,6 +25,59 @@
 
 if VBOOT
 
+config VBOOT_SAFETY_AB
+	bool
+	default y if MAINBOARD_HAS_VBOOT_SAFETY_AB || USER_VBOOT_SAFETY_AB
+
+config VBOOT_SAFETY_A
+	bool
+	default y if MAINBOARD_HAS_VBOOT_SAFETY_A || USER_VBOOT_SAFETY_A
+
+config VBOOT_SAFETY_RO
+	bool
+	default y if MAINBOARD_HAS_VBOOT_SAFETY_RO || USER_VBOOT_SAFETY_RO
+
+config MAINBOARD_HAS_VBOOT_SAFETY_AB
+	bool
+
+config MAINBOARD_HAS_VBOOT_SAFETY_A
+	bool
+
+config MAINBOARD_HAS_VBOOT_SAFETY_RO
+	bool
+
+if !MAINBOARD_HAS_VBOOT_SAFETY_AB && !MAINBOARD_HAS_VBOOT_SAFETY_A && !MAINBOARD_HAS_VBOOT_SAFETY_RO
+
+choice
+
+prompt "Failure safety"
+	default USER_VBOOT_SAFETY_AB
+	help
+	  Select the failure safety mode in which VBOOT should run.
+	  VBOOT can have up to two recovery partitions for A & B updates
+	  which also provide failure safety.
+
+config USER_VBOOT_SAFETY_AB
+	bool "Firmware RO + A & B"
+	help
+	  Have two update partitions/fallbacks.
+
+config USER_VBOOT_SAFETY_A
+	bool "Firmware RO + A"
+	help
+	  Have one update partition/fallback.
+
+config USER_VBOOT_SAFETY_RO
+	bool "Firmware RO only"
+	help
+	  Have no update partition/fallback.
+	  If the coreboot region is write protected no
+	  updates are possible in this configuration.
+
+endchoice
+
+endif
+
 config VBOOT_VBNV_CMOS
 	bool
 	default n
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index b542425..1e8a46f 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -142,6 +142,19 @@
 endif
 endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
 
+# Check safety mode
+ifeq ($(CONFIG_VBOOT_SAFETY_AB),y)
+VBOOT_PARTITIONS := COREBOOT FW_MAIN_A FW_MAIN_B
+endif
+
+ifeq ($(CONFIG_VBOOT_SAFETY_A),y)
+VBOOT_PARTITIONS := COREBOOT FW_MAIN_A
+endif
+
+ifeq ($(CONFIG_VBOOT_SAFETY_RO),y)
+VBOOT_PARTITIONS := COREBOOT
+endif
+
 # Define a list of files that need to be in RO only.
 # All other files will be installed into RO and RW regions
 # Use $(sort) to cut down on extra spaces that would be translated to commas
@@ -159,7 +172,7 @@
 		cmos_layout.bin \
 		cmos.default \
 		$(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
-		,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B)))
+		,$(1)),COREBOOT,$(VBOOT_PARTITIONS))))
 
 CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
 CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
@@ -230,8 +243,13 @@
 	@printf "    WRITE GBB\n"
 	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region
 	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region
+ifeq ($(CONFIG_VBOOT_SAFETY_AB),y)
 	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
 	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region
+endif
+ifeq ($(CONFIG_VBOOT_SAFETY_A),y)
+	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
+endif
 
 ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)
 build_complete::
@@ -263,8 +281,20 @@
 		--kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \
 		--flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS)
 
+ifeq ($(CONFIG_VBOOT_SAFETY_AB),y)
 files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin
 	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin
 	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin
+	@printf "    FLASHMAP Layout generated for RO, A and B partition.\n"
+endif
+ifeq ($(CONFIG_VBOOT_SAFETY_A),y)
+files_added:: $(obj)/VBLOCK_A.bin
+	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin
+	@printf "    FLASHMAP Layout generated for RO and A partition.\n"
+endif
+ifeq ($(CONFIG_VBOOT_SAFETY_RO),y)
+files_added::
+	@printf "    FLASHMAP Layout generated for RO partition only, beware no updates possible!\n"
+endif
 
 endif # CONFIG_VBOOT

To view, visit change 27714. To unsubscribe, or for help writing mail filters, visit settings.