Aaron Durbin (adurbin@chromium.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/10024
-gerrit
commit b8a86cd42545491ae2ffa890593e774d489c42cd Author: Aaron Durbin adurbin@chromium.org Date: Tue Apr 28 16:17:25 2015 -0500
vboot: add and rejuggle Kconfig options
The ChromeOS machines employing vboot verfication require different combinations of support:
1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage?
For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches.
Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin adurbin@chromium.org --- src/soc/marvell/bg4cd/Kconfig | 2 +- src/vendorcode/google/chromeos/vboot2/Kconfig | 37 ++++++++++++++-------- src/vendorcode/google/chromeos/vboot2/Makefile.inc | 4 +++ 3 files changed, 28 insertions(+), 15 deletions(-)
diff --git a/src/soc/marvell/bg4cd/Kconfig b/src/soc/marvell/bg4cd/Kconfig index 96fd8ef..9c0dc14 100644 --- a/src/soc/marvell/bg4cd/Kconfig +++ b/src/soc/marvell/bg4cd/Kconfig @@ -32,7 +32,7 @@ config SOC_MARVELL_BG4CD select GENERIC_UDELAY select HAVE_MONOTONIC_TIMER select GENERIC_GPIO_LIB - select VERSTAGE_IN_BOOTBLOCK + select VBOOT_STARTS_IN_BOOTBLOCK
if SOC_MARVELL_BG4CD
diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig index 3b5c594..8396113 100644 --- a/src/vendorcode/google/chromeos/vboot2/Kconfig +++ b/src/vendorcode/google/chromeos/vboot2/Kconfig @@ -16,6 +16,20 @@ ## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ##
+config VBOOT_STARTS_IN_BOOTBLOCK + bool + default n + depends on VBOOT_VERIFY_FIRMWARE + help + Firmware verification happens during or at the end of bootblock. + +config VBOOT_STARTS_IN_ROMSTAGE + bool + default n + depends on VBOOT_VERIFY_FIRMWARE && !VBOOT_STARTS_IN_BOOTBLOCK + help + Firmware verification happens during or at the end of romstage. + config VBOOT2_MOCK_SECDATA bool "Mock secdata for firmware verification" default n @@ -27,16 +41,6 @@ config VBOOT2_MOCK_SECDATA can be used during development when a TPM is not present or broken. THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
-config RETURN_FROM_VERSTAGE - bool "return from verstage" - default n - depends on VBOOT_VERIFY_FIRMWARE - help - If this is set, the verstage returns back to the bootblock instead of - exits to the romstage so that the verstage space can be reused by the - romstage. Useful if a ram space is too small to fit both the verstage - and the romstage. - config VBOOT_DISABLE_DEV_ON_RECOVERY bool "Disable dev mode on recovery requests" default n @@ -46,15 +50,20 @@ config VBOOT_DISABLE_DEV_ON_RECOVERY developer mode as soon as recovery request is detected. This is handy on embedded devices with limited input capabilities.
-config VERSTAGE_IN_BOOTBLOCK +config SEPARATE_VERSTAGE bool default n depends on VBOOT_VERIFY_FIRMWARE
-config SEPARATE_VERSTAGE +config RETURN_FROM_VERSTAGE bool - default !VERSTAGE_IN_BOOTBLOCK - depends on VBOOT_VERIFY_FIRMWARE + default n + depends on SEPARATE_VERSTAGE + help + If this is set, the verstage returns back to the calling stage instead + of exiting to the succeeding stage so that the verstage space can be + reused by the succeeding stage. This is useful if a ram space is too + small to fit both the verstage and the succeeding stage.
# These VBOOT_X_INDEX are the position of X in FW_MAIN_A/B region. The index # table is created by cros_bundle_firmware at build time based on the positions diff --git a/src/vendorcode/google/chromeos/vboot2/Makefile.inc b/src/vendorcode/google/chromeos/vboot2/Makefile.inc index b2d2dc1..4c53aed 100644 --- a/src/vendorcode/google/chromeos/vboot2/Makefile.inc +++ b/src/vendorcode/google/chromeos/vboot2/Makefile.inc @@ -63,5 +63,9 @@ fallback/verstage-file = $(objcbfs)/verstage.elf fallback/verstage-type = stage fallback/verstage-compression = none else +ifeq ($(VBOOT_STARTS_IN_BOOTBLOCK),y) bootblock-srcs += $(objgenerated)/libverstage.a +else +romstage-srcs += $(objgenerated)/libverstage.a endif +endif # CONFIG_SEPARATE_VERSTAGE