Change in coreboot[master]: vboot: Add VB2_CONTEXT_EC_IN_RO - coreboot-gerrit

12 May 2021

Daisuke Nojiri has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/54099 )
Change subject: vboot: Add VB2_CONTEXT_EC_IN_RO
......................................................................
vboot: Add VB2_CONTEXT_EC_IN_RO
This patch makes coreboot set VB2_CONTEXT_EC_IN_RO based on the boot
mode read from the GSC. Vboot will check VB2_CONTEXT_EC_IN_RO to
determine whether the EC can be trusted or not.
BUG=b:180927027, b:187871195
BRANCH=
TEST=
Signed-off-by: Daisuke Nojiri dnojiri@chromium.org
Change-Id: I9fa09dd7ae5baa1efb4e1ed4f0fe9a6803167c93
---
M .gitignore
M 3rdparty/amd_blobs
M 3rdparty/arm-trusted-firmware
M 3rdparty/blobs
M 3rdparty/chromeec
M 3rdparty/cmocka
M 3rdparty/fsp
M 3rdparty/intel-microcode
M 3rdparty/libgfxinit
M 3rdparty/libhwbase
M 3rdparty/qc_blobs
M 3rdparty/vboot
M src/security/vboot/vboot_logic.c
13 files changed, 20 insertions(+), 14 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/54099/1

diff --git a/.gitignore b/.gitignore
index 11a6173..c003ba9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,4 @@
 *.kdev4
doxygen/*
+/3rdparty/
diff --git a/3rdparty/amd_blobs b/3rdparty/amd_blobs
index dded82f..7874c7d 160000
--- a/3rdparty/amd_blobs
+++ b/3rdparty/amd_blobs
@@ -1 +1 @@
-Subproject commit dded82f1435b8b8eb687faf38a05a9b1f31e9fa0
+Subproject commit 7874c7d3cebc0ebca57875e24911ddd55aec9711
diff --git a/3rdparty/arm-trusted-firmware b/3rdparty/arm-trusted-firmware
index 7ad3981..ace2368 160000
--- a/3rdparty/arm-trusted-firmware
+++ b/3rdparty/arm-trusted-firmware
@@ -1 +1 @@
-Subproject commit 7ad39818b184850d263008e7d36ba16adf72a669
+Subproject commit ace23683beb81354d6edbc61c087ab8c384d0631
diff --git a/3rdparty/blobs b/3rdparty/blobs
index f388b67..4d2d7ef 160000
--- a/3rdparty/blobs
+++ b/3rdparty/blobs
@@ -1 +1 @@
-Subproject commit f388b6794e6f1f93b847de353f5eab8ba3e3b328
+Subproject commit 4d2d7efe93e79bafb234356484d80296ae801fea
diff --git a/3rdparty/chromeec b/3rdparty/chromeec
index 1e800ac..a1afae4 160000
--- a/3rdparty/chromeec
+++ b/3rdparty/chromeec
@@ -1 +1 @@
-Subproject commit 1e800ac838504c0d2950c7aa90cdfe7bde251545
+Subproject commit a1afae4e002a3eccd7835ac898259b0690e9e61a
diff --git a/3rdparty/cmocka b/3rdparty/cmocka
index 672c5ce..5a4b158 160000
--- a/3rdparty/cmocka
+++ b/3rdparty/cmocka
@@ -1 +1 @@
-Subproject commit 672c5cee79eb412025c3dd8b034e611c1f119055
+Subproject commit 5a4b15870efa2225e6586fbb4c3af05ff0659434
diff --git a/3rdparty/fsp b/3rdparty/fsp
index e7138bf..0bc2b07 160000
--- a/3rdparty/fsp
+++ b/3rdparty/fsp
@@ -1 +1 @@
-Subproject commit e7138bf11508b8b82350bd17fb611b67c0c64e6b
+Subproject commit 0bc2b07eab29a8a75cd084963c285ee5434e6666
diff --git a/3rdparty/intel-microcode b/3rdparty/intel-microcode
index 49bb67f..ee319ae 160000
--- a/3rdparty/intel-microcode
+++ b/3rdparty/intel-microcode
@@ -1 +1 @@
-Subproject commit 49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+Subproject commit ee319ae7bc59e88b60142f40a9ec1b46656de4db
diff --git a/3rdparty/libgfxinit b/3rdparty/libgfxinit
index bc0588e..8fc8e49 160000
--- a/3rdparty/libgfxinit
+++ b/3rdparty/libgfxinit
@@ -1 +1 @@
-Subproject commit bc0588e482b1320d5739900b00a45033f5b587f4
+Subproject commit 8fc8e49a932c7a011429b333765c6b0ed09cd742
diff --git a/3rdparty/libhwbase b/3rdparty/libhwbase
index a3edc6e..bd0ed91 160000
--- a/3rdparty/libhwbase
+++ b/3rdparty/libhwbase
@@ -1 +1 @@
-Subproject commit a3edc6ef32d09c566b7ea3555bc753458ec63039
+Subproject commit bd0ed91cb985a697033edd9fd62d322aa017e791
diff --git a/3rdparty/qc_blobs b/3rdparty/qc_blobs
index 02ba9a6..053eb2a 160000
--- a/3rdparty/qc_blobs
+++ b/3rdparty/qc_blobs
@@ -1 +1 @@
-Subproject commit 02ba9a6a362f67ccd097c285fa8a202dedd38631
+Subproject commit 053eb2ab5f89a8e2b2077fd70c9ae7ff945e440e
diff --git a/3rdparty/vboot b/3rdparty/vboot
index 57c0c5b..c531000 160000
--- a/3rdparty/vboot
+++ b/3rdparty/vboot
@@ -1 +1 @@
-Subproject commit 57c0c5be50767c3f86c648bf33e15955cc349f25
+Subproject commit c531000f851418520b6873f65c202d21f141eb84
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 70c7d77..7906032 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -212,15 +212,18 @@
    	   vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
 }
-#define EC_EFS_BOOT_MODE_NORMAL		0x00
+#define EC_EFS_BOOT_MODE_RO		0x00
 #define EC_EFS_BOOT_MODE_NO_BOOT	0x01
+#define EC_EFS_BOOT_MODE_VERIFIED	0x02
static const char *get_boot_mode_string(uint8_t boot_mode)
 {
-	if (boot_mode == EC_EFS_BOOT_MODE_NORMAL)
-		return "NORMAL";
+	if (boot_mode == EC_EFS_BOOT_MODE_RO)
+		return "RO";
    else if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT)
    	return "NO_BOOT";
+	else if (boot_mode == EC_EFS_BOOT_MODE_VERIFIED)
+		return "VERIFIED";
    else
    	return "UNDEFINED";
 }
@@ -255,6 +258,8 @@
if (boot_mode == EC_EFS_BOOT_MODE_NO_BOOT)
    	ctx->flags |= VB2_CONTEXT_NO_BOOT;
+	else if (boot_mode == EC_EFS_BOOT_MODE_RO)
+		ctx->flags |= VB2_CONTEXT_EC_IN_RO;
 }
/**
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/54099
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I9fa09dd7ae5baa1efb4e1ed4f0fe9a6803167c93
Gerrit-Change-Number: 54099
Gerrit-PatchSet: 1
Gerrit-Owner: Daisuke Nojiri dnojiri@chromium.org
Gerrit-MessageType: newchange



    