[S] Change in coreboot[master]: src/security/vboot: Add platform hook for vboot phase 1 - coreboot-gerrit

25 Nov 2022

Rizwan Qureshi has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/70012 )
Change subject: src/security/vboot: Add platform hook for vboot phase 1
......................................................................
src/security/vboot: Add platform hook for vboot phase 1
Add a hook so that platform or soc code can be called to take actions after
phase 1 has determined the boot mode.
TEST=build and boot nirwen
Signed-off-by: Rizwan Qureshi rizwan.qureshi@intel.com
Change-Id: Ic4f5347d1af02650a6ee0b261050556d95be21cb
---
M src/security/vboot/vboot_common.h
M src/security/vboot/vboot_logic.c
2 files changed, 42 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/12/70012/1

diff --git a/src/security/vboot/vboot_common.h b/src/security/vboot/vboot_common.h
index 2399bf3..490fde2 100644
--- a/src/security/vboot/vboot_common.h
+++ b/src/security/vboot/vboot_common.h
@@ -55,6 +55,15 @@
 void verstage_mainboard_early_init(void);
 void verstage_mainboard_init(void);
+/*
+ * Hook for SoC/Platformn to perform operations after phase 1. Returns 0 on success,
+ * < 0 on error.
+ * On error the recovery reason and sub-code should also be set appropriately.
+ *
+ */
+int vboot_platform_hook_phase1(struct vb2_context *ctx, enum vb2_nv_recovery *rec_reason,
+					uint8_t *subcode);
+
 /* Check boot modes */
 #if CONFIG(VBOOT) && !ENV_SMM
 int vboot_developer_mode_enabled(void);
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 98a044c..4bb46e7 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -237,6 +237,9 @@
 void verstage_main(void)
 {
    struct vb2_context *ctx;
+	enum vb2_nv_recovery plat_rec_reason = VB2_RECOVERY_NOT_REQUESTED;
+	uint8_t plat_rec_subcode = 0;
+
    vb2_error_t rv;
timestamp_add_now(TS_VBOOT_START);
@@ -320,6 +323,14 @@
    	vboot_save_and_reboot(ctx, rv);
    }
+	/* Check for trusted boot and make sure SoC firmware is also booting in the right mode */
+	if(vboot_platform_hook_phase1(ctx, &plat_rec_reason, &plat_rec_subcode)) {
+		printk(BIOS_INFO, "Platform hook after Phase 1 Failed\n");
+		vb2api_fail(ctx, plat_rec_reason, plat_rec_subcode);
+		vboot_save_data(ctx);
+		vboot_reboot();
+	}
+
    /* Determine which firmware slot to boot (based on NVRAM) */
    printk(BIOS_INFO, "Phase 2\n");
    rv = vb2api_fw_phase2(ctx);
@@ -391,3 +402,10 @@
  verstage_main_exit:
    timestamp_add_now(TS_VBOOT_END);
 }
+
+__weak int vboot_platform_hook_phase1(struct vb2_context *ctx, enum vb2_nv_recovery *rec_reason,
+					uint8_t *subcode)
+{
+	printk(BIOS_DEBUG, "WEAK: %s/%s called\n", __FILE__, __func__);
+	return 0;
+}
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/70012
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ic4f5347d1af02650a6ee0b261050556d95be21cb
Gerrit-Change-Number: 70012
Gerrit-PatchSet: 1
Gerrit-Owner: Rizwan Qureshi rizwan.qureshi@intel.com
Gerrit-MessageType: newchange



    