Change in coreboot[master]: security/vboot: Add failure safety configurations - coreboot-gerrit

29 Jul 2018

Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/27714
Change subject: security/vboot: Add failure safety configurations
......................................................................
security/vboot: Add failure safety configurations
* Make an user interface and board configuration
through kconfig available.
* 3 modes are now supported:
  + RO only
  + RO + RW_A
  + RO + RW_A + RW_B
* The default mode is always RO + RW_A + RW_B
Change-Id: I278fc060522b13048b00090b8e5261c14496f56e
Signed-off-by: Philipp Deppenwiese zaolin@das-labor.org
---
M src/security/vboot/Kconfig
M src/security/vboot/Makefile.inc
2 files changed, 84 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/14/27714/1

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index e13101b..4467c02 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -25,6 +25,59 @@
if VBOOT
+config VBOOT_SAFETY_AB
+	bool
+	default y if MAINBOARD_HAS_VBOOT_SAFETY_AB || USER_VBOOT_SAFETY_AB
+
+config VBOOT_SAFETY_A
+	bool
+	default y if MAINBOARD_HAS_VBOOT_SAFETY_A || USER_VBOOT_SAFETY_A
+
+config VBOOT_SAFETY_RO
+	bool
+	default y if MAINBOARD_HAS_VBOOT_SAFETY_RO || USER_VBOOT_SAFETY_RO
+
+config MAINBOARD_HAS_VBOOT_SAFETY_AB
+	bool
+
+config MAINBOARD_HAS_VBOOT_SAFETY_A
+	bool
+
+config MAINBOARD_HAS_VBOOT_SAFETY_RO
+	bool
+
+if !MAINBOARD_HAS_VBOOT_SAFETY_AB && !MAINBOARD_HAS_VBOOT_SAFETY_A && !MAINBOARD_HAS_VBOOT_SAFETY_RO
+
+choice
+
+prompt "Failure safety"
+	default USER_VBOOT_SAFETY_AB
+	help
+	  Select the failure safety mode in which VBOOT should run.
+	  VBOOT can have up to two recovery partitions for A & B updates
+	  which also provide failure safety.
+
+config USER_VBOOT_SAFETY_AB
+	bool "Firmware RO + A & B"
+	help
+	  Have two update partitions/fallbacks.
+
+config USER_VBOOT_SAFETY_A
+	bool "Firmware RO + A"
+	help
+	  Have one update partition/fallback.
+
+config USER_VBOOT_SAFETY_RO
+	bool "Firmware RO only"
+	help
+	  Have no update partition/fallback.
+	  If the coreboot region is write protected no
+	  updates are possible in this configuration.
+
+endchoice
+
+endif
+
 config VBOOT_VBNV_CMOS
    bool
    default n
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index b542425..1e8a46f 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -142,6 +142,19 @@
 endif
 endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
+# Check safety mode
+ifeq ($(CONFIG_VBOOT_SAFETY_AB),y)
+VBOOT_PARTITIONS := COREBOOT FW_MAIN_A FW_MAIN_B
+endif
+
+ifeq ($(CONFIG_VBOOT_SAFETY_A),y)
+VBOOT_PARTITIONS := COREBOOT FW_MAIN_A
+endif
+
+ifeq ($(CONFIG_VBOOT_SAFETY_RO),y)
+VBOOT_PARTITIONS := COREBOOT
+endif
+
 # Define a list of files that need to be in RO only.
 # All other files will be installed into RO and RW regions
 # Use $(sort) to cut down on extra spaces that would be translated to commas
@@ -159,7 +172,7 @@
    	cmos_layout.bin \
    	cmos.default \
    	$(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
-		,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B)))
+		,$(1)),COREBOOT,$(VBOOT_PARTITIONS))))
CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
 CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
@@ -230,8 +243,13 @@
    @printf "    WRITE GBB\n"
    $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region
    $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region
+ifeq ($(CONFIG_VBOOT_SAFETY_AB),y)
    $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
    $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region
+endif
+ifeq ($(CONFIG_VBOOT_SAFETY_A),y)
+	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
+endif
ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)
 build_complete::
@@ -263,8 +281,20 @@
    	--kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \
    	--flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS)
+ifeq ($(CONFIG_VBOOT_SAFETY_AB),y)
 files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin
    $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin
    $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin
+	@printf "    FLASHMAP Layout generated for RO, A and B partition.\n"
+endif
+ifeq ($(CONFIG_VBOOT_SAFETY_A),y)
+files_added:: $(obj)/VBLOCK_A.bin
+	$(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin
+	@printf "    FLASHMAP Layout generated for RO and A partition.\n"
+endif
+ifeq ($(CONFIG_VBOOT_SAFETY_RO),y)
+files_added::
+	@printf "    FLASHMAP Layout generated for RO partition only, beware no updates possible!\n"
+endif
endif # CONFIG_VBOOT
-- 
To view, visit https://review.coreboot.org/27714
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I278fc060522b13048b00090b8e5261c14496f56e
Gerrit-Change-Number: 27714
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese zaolin.daisuki@gmail.com



    