New patch to review for coreboot: 0997785 vboot2: add verstage - coreboot-gerrit

6 Jan 2015

Marc Jones (marc.jones@se-eng.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/8159
-gerrit
commit 09977850361376f438b96223a078bfad51e3e7da
Author: Daisuke Nojiri dnojiri@chromium.org
Date:   Thu Jun 19 19:09:47 2014 -0700
vboot2: add verstage
Verstage will host vboot2 for firmware verification.
    It's a stage in the sense that it has its own set of toolchains, compiler flags,
    and includes. This allows us to easily add object files as needed. But
    it's directly linked to bootblock. This allows us to avoid code
    duplication for stage loading and jumping (e.g. cbfs driver) for the boards
    where bootblock has to run in a different architecture (e.g. Tegra124).
    To avoid name space conflict, verstage symbols are prefixed with verstage_.
TEST=Built with VBOOT2_VERIFY_FIRMWARE on/off. Booted Nyan Blaze.
    BUG=None
    BRANCH=none
Original-Signed-off-by: Daisuke Nojiri dnojiri@chromium.org
    Original-Change-Id: Iad57741157ec70426c676e46c5855e6797ac1dac
    Original-Reviewed-on: https://chromium-review.googlesource.com/204376
    Original-Reviewed-by: Randall Spangler rspangler@chromium.org
(cherry picked from commit 27940f891678dae975b68f2fc729ad7348192af3)
    Signed-off-by: Marc Jones marc.jones@se-eng.com
Change-Id: I42b2b3854a24ef6cda2316eb741ca379f41516e0
---
 Makefile.inc                                | 9 ++++++++-
 src/arch/arm/Kconfig                        | 4 ++++
 src/arch/arm/Makefile.inc                   | 2 +-
 src/arch/arm/armv7/Kconfig                  | 4 ++++
 src/soc/nvidia/tegra124/Kconfig             | 1 +
 src/soc/nvidia/tegra124/Makefile.inc        | 2 ++
 src/soc/nvidia/tegra124/bootblock.c         | 9 ++++++++-
 src/soc/nvidia/tegra124/verstage.c          | 9 +++++++++
 src/soc/nvidia/tegra124/verstage.h          | 2 ++
 src/vendorcode/google/chromeos/Kconfig      | 8 ++++++++
 src/vendorcode/google/chromeos/Makefile.inc | 9 +++++++++
 toolchain.inc                               | 2 +-
 12 files changed, 57 insertions(+), 4 deletions(-)

diff --git a/Makefile.inc b/Makefile.inc
index b0289c0..0c6aafa 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -75,7 +75,7 @@ subdirs-y += site-local
#######################################################################
 # Add source classes and their build options
-classes-y := ramstage romstage bootblock smm smmstub cpu_microcode
+classes-y := ramstage romstage bootblock smm smmstub cpu_microcode verstage
# Add dynamic classes for rmodules
 $(foreach supported_arch,$(ARCH_SUPPORTED), \
@@ -128,6 +128,8 @@ ramstage-postprocess=$(foreach d,$(sort $(dir $(1))), \
    $(eval $(d)ramstage.o: $(call files-in-dir,$(d),$(1)); $$(LD_ramstage) -o $$@ -r $$^ ) \
    $(eval ramstage-objs:=$(d)ramstage.o $(filter-out $(call files-in-dir,$(d),$(1)),$(ramstage-objs))))
+verstage-c-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
+verstage-S-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
 romstage-c-ccopts:=-D__PRE_RAM__
 romstage-S-ccopts:=-D__PRE_RAM__
 ifeq ($(CONFIG_TRACE),y)
@@ -162,6 +164,7 @@ endif
ramstage-c-deps:=$$(OPTION_TABLE_H)
 romstage-c-deps:=$$(OPTION_TABLE_H)
+verstage-c-deps:=$$(OPTION_TABLE_H)
 bootblock-c-deps:=$$(OPTION_TABLE_H)
 smm-c-deps:=$$(OPTION_TABLE_H)
@@ -374,6 +377,10 @@ $(obj)/%.romstage.o $(abspath $(obj))/%.romstage.o: $(obj)/%.c $(obj)/config.h $
    @printf "    CC         $(subst $(obj)/,,$(@))\n"
    $(CC_romstage) -MMD $(CFLAGS_romstage) $(CPPFLAGS_romstage) $(romstage-c-ccopts) -c -o $@ $<
+$(obj)/%.verstage.o $(abspath $(obj))/%.verstage.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
+	@printf "    CC         $(subst $(obj)/,,$(@))\n"
+	$(CC_verstage) -MMD $(CFLAGS_verstage) $(verstage-c-ccopts) -c -o $@ $<
+
 $(obj)/%.bootblock.o $(abspath $(obj))/%.bootblock.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
    @printf "    CC         $(subst $(obj)/,,$(@))\n"
    $(CC_bootblock) -MMD $(CFLAGS_bootblock) $(CPPFLAGS_bootblock) $(bootblock-c-ccopts) -c -o $@ $<
diff --git a/src/arch/arm/Kconfig b/src/arch/arm/Kconfig
index 156c8c2..f73ad27 100644
--- a/src/arch/arm/Kconfig
+++ b/src/arch/arm/Kconfig
@@ -3,6 +3,10 @@ config ARCH_BOOTBLOCK_ARM
    default n
    select ARCH_ARM
+config ARCH_VERSTAGE_ARM
+  bool
+  default n
+
 config ARCH_ROMSTAGE_ARM
    bool
    default n
diff --git a/src/arch/arm/Makefile.inc b/src/arch/arm/Makefile.inc
index 5698f38..ba7fb60 100644
--- a/src/arch/arm/Makefile.inc
+++ b/src/arch/arm/Makefile.inc
@@ -61,7 +61,7 @@ bootblock-y += memcpy.S
 bootblock-y += memmove.S
 bootblock-y += div0.c
-$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs)
+$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs) $$(VERSTAGE_LIB) 
    @printf "    LINK       $(subst $(obj)/,,$(@))\n"
    $(LD_bootblock) --gc-sections -static -o $@ -L$(obj) --start-group $(bootblock-objs) --end-group -T $(src)/arch/arm/bootblock.ld
diff --git a/src/arch/arm/armv7/Kconfig b/src/arch/arm/armv7/Kconfig
index f8e0205..aa188e2 100644
--- a/src/arch/arm/armv7/Kconfig
+++ b/src/arch/arm/armv7/Kconfig
@@ -2,6 +2,10 @@ config ARCH_BOOTBLOCK_ARMV7
    def_bool n
    select ARCH_BOOTBLOCK_ARM
+config ARCH_VERSTAGE_ARMV7
+	def_bool n
+	select ARCH_VERSTAGE_ARM
+
 config ARCH_ROMSTAGE_ARMV7
    def_bool n
    select ARCH_ROMSTAGE_ARM
diff --git a/src/soc/nvidia/tegra124/Kconfig b/src/soc/nvidia/tegra124/Kconfig
index 195261e..ea946e6 100644
--- a/src/soc/nvidia/tegra124/Kconfig
+++ b/src/soc/nvidia/tegra124/Kconfig
@@ -2,6 +2,7 @@ config SOC_NVIDIA_TEGRA124
    bool
    default n
    select ARCH_BOOTBLOCK_ARMV4
+	select ARCH_VERSTAGE_ARMV7
    select ARCH_ROMSTAGE_ARMV7
    select ARCH_RAMSTAGE_ARMV7
    select HAVE_UART_SPECIAL
diff --git a/src/soc/nvidia/tegra124/Makefile.inc b/src/soc/nvidia/tegra124/Makefile.inc
index 792bb99..b306412 100644
--- a/src/soc/nvidia/tegra124/Makefile.inc
+++ b/src/soc/nvidia/tegra124/Makefile.inc
@@ -20,6 +20,8 @@ ifeq ($(CONFIG_BOOTBLOCK_CONSOLE),y)
 bootblock-$(CONFIG_CONSOLE_SERIAL) += uart.c
 endif
+verstage-y += verstage.c
+
 romstage-y += cbfs.c
 romstage-y += cbmem.c
 romstage-y += clock.c
diff --git a/src/soc/nvidia/tegra124/bootblock.c b/src/soc/nvidia/tegra124/bootblock.c
index 2857a90..0456b48 100644
--- a/src/soc/nvidia/tegra124/bootblock.c
+++ b/src/soc/nvidia/tegra124/bootblock.c
@@ -23,10 +23,13 @@
 #include <console/console.h>
 #include <soc/clock.h>
 #include <soc/nvidia/tegra/apbmisc.h>
-
 #include "pinmux.h"
 #include "power.h"
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+#include "verstage.h"
+#endif
+
 void main(void)
 {
    void *entry;
@@ -72,7 +75,11 @@ void main(void)
    power_enable_cpu_rail();
    power_ungate_cpu();
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+	entry = (void *)verstage_vboot_main;
+#else
    entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, "fallback/romstage");
+#endif
if (entry)
    	clock_cpu0_config_and_reset(entry);
diff --git a/src/soc/nvidia/tegra124/verstage.c b/src/soc/nvidia/tegra124/verstage.c
new file mode 100644
index 0000000..234a89d
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.c
@@ -0,0 +1,9 @@
+#include "verstage.h"
+
+/**
+ * Stage entry point
+ */
+void vboot_main(void)
+{
+	for(;;);
+}
diff --git a/src/soc/nvidia/tegra124/verstage.h b/src/soc/nvidia/tegra124/verstage.h
new file mode 100644
index 0000000..a0bac34
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.h
@@ -0,0 +1,2 @@
+void vboot_main(void);
+void verstage_vboot_main(void);
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 8156758..62d991b 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -85,6 +85,14 @@ config VBOOT_VERIFY_FIRMWARE
      Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
      and boot loader.
+config VBOOT2_VERIFY_FIRMWARE
+  bool "Firmware Verification with vboot2"
+  default n
+  depends on CHROMEOS
+  help
+	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
+	  and boot loader.
+
 config EC_SOFTWARE_SYNC
    bool "Enable EC software sync"
    default n
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index e17f50c..12d35b6 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -93,3 +93,12 @@ $(VB_LIB):
    	fwlib
endif
+
+ifeq ($(CONFIG_VBOOT2_VERIFY_FIRMWARE),y)
+VERSTAGE_LIB = $(obj)/vendorcode/google/chromeos/verstage.a
+$(VERSTAGE_LIB): $$(verstage-objs)
+	@printf "    AR         $(subst $(obj)/,,$(@))\n"
+	$(AR_verstage) rc $@.tmp $(verstage-objs)
+	@printf "    OBJCOPY    $(subst $(obj)/,,$(@))\n"
+	$(OBJCOPY_verstage) --prefix-symbols=verstage_ $@.tmp $@
+endif
diff --git a/toolchain.inc b/toolchain.inc
index e6f530a..40fff39 100644
--- a/toolchain.inc
+++ b/toolchain.inc
@@ -51,7 +51,7 @@ HOSTCXX:=CCC_CXX="$(HOSTCXX)" $(CXX)
 ROMCC=CCC_CC="$(ROMCC_BIN)" $(CC)
 endif
-COREBOOT_STANDARD_STAGES := bootblock romstage ramstage
+COREBOOT_STANDARD_STAGES := bootblock verstage romstage ramstage
ARCHDIR-i386    := x86
 ARCHDIR-x86_32  := x86

    