Edward O'Callaghan has submitted this change. ( https://review.coreboot.org/c/coreboot/+/45964 )
Change subject: soc/amd/picasso: Die if the workbuf is missing two boots in a row ......................................................................
soc/amd/picasso: Die if the workbuf is missing two boots in a row
BUG=b:169199392 TEST=Corrupt vboot signature to force an error, see that the system halts instead of rebooting forever. BRANCH=Zork
Signed-off-by: Martin Roth martinroth@chromium.org Change-Id: I949f94e78d25720f6cd7e81de8d030084e267f29 Reviewed-on: https://review.coreboot.org/c/coreboot/+/45964 Reviewed-by: Marshall Dawson marshalldawson3rd@gmail.com Reviewed-by: Edward O'Callaghan quasisec@chromium.org Reviewed-by: Aaron Durbin adurbin@chromium.org Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/amd/picasso/Makefile.inc M src/soc/amd/picasso/bootblock/bootblock.c 2 files changed, 11 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Aaron Durbin: Looks good to me, approved Marshall Dawson: Looks good to me, approved Edward O'Callaghan: Looks good to me, approved
diff --git a/src/soc/amd/picasso/Makefile.inc b/src/soc/amd/picasso/Makefile.inc index 1e9ba4a..9c5d4d0 100644 --- a/src/soc/amd/picasso/Makefile.inc +++ b/src/soc/amd/picasso/Makefile.inc @@ -22,6 +22,7 @@ bootblock-y += gpio.c bootblock-y += smi_util.c bootblock-y += config.c +bootblock-y += pmutil.c bootblock-y += reset.c
romstage-y += i2c.c diff --git a/src/soc/amd/picasso/bootblock/bootblock.c b/src/soc/amd/picasso/bootblock/bootblock.c index 4700027..a450544 100644 --- a/src/soc/amd/picasso/bootblock/bootblock.c +++ b/src/soc/amd/picasso/bootblock/bootblock.c @@ -17,6 +17,7 @@ #include <amdblocks/amd_pci_mmconf.h> #include <acpi/acpi.h> #include <security/vboot/symbols.h> +#include <security/vboot/vbnv.h>
/* vboot includes directory may not be in include path if vboot is not enabled */ #if CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK) @@ -134,10 +135,17 @@
#if CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK) if (*(uint32_t *)_vboot2_work != VB2_SHARED_DATA_MAGIC) { + /* + * If the system has already been rebooted once, but still returns here, + * instead of rebooting to verstage again, assume that the system is in + * a reboot loop, so halt instead. + */ + if ((!vbnv_cmos_failed()) && cmos_read(CMOS_RECOVERY_BYTE) == + CMOS_RECOVERY_MAGIC_VAL) + die("Error: Reboot into recovery was unsuccessful. Halting."); + printk(BIOS_ERR, "ERROR: VBOOT workbuf not valid.\n"); - printk(BIOS_DEBUG, "Signature: %#08x\n", *(uint32_t *)_vboot2_work); - cmos_init(0); cmos_write(CMOS_RECOVERY_MAGIC_VAL, CMOS_RECOVERY_BYTE); warm_reset();