Joel Kitching has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_common.c, which is linked into ramstage.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/vboot_common.c M src/security/vboot/vboot_logic.c 2 files changed, 23 insertions(+), 21 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/1
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c index 3342524..73aefe2 100644 --- a/src/security/vboot/vboot_common.c +++ b/src/security/vboot/vboot_common.c @@ -16,6 +16,8 @@ #include <boot_device.h> #include <cbmem.h> #include <console/cbmem_console.h> +#include <console/console.h> +#include <console/vtxprintf.h> #include <fmap.h> #include <reset.h> #include <stddef.h> @@ -56,3 +58,24 @@ vboot_platform_prepare_reboot(); board_reset(); } + +/* exports */ + +void vb2ex_printf(const char *func, const char *fmt, ...) +{ + va_list args; + + if (func) + printk(BIOS_INFO, "VB2:%s() ", func); + + va_start(args, fmt); + vprintk(BIOS_INFO, fmt, args); + va_end(args); + + return; +} + +void vb2ex_abort(void) +{ + die("vboot has aborted execution; exit\n"); +} diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 1d17a17..182128c 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -17,8 +17,6 @@ #include <assert.h> #include <bootmode.h> #include <cbmem.h> -#include <console/console.h> -#include <console/vtxprintf.h> #include <fmap.h> #include <string.h> #include <timestamp.h> @@ -37,20 +35,6 @@
/* exports */
-void vb2ex_printf(const char *func, const char *fmt, ...) -{ - va_list args; - - if (func) - printk(BIOS_INFO, "VB2:%s() ", func); - - va_start(args, fmt); - vprintk(BIOS_INFO, fmt, args); - va_end(args); - - return; -} - vb2_error_t vb2ex_read_resource(struct vb2_context *ctx, enum vb2_resource_index index, uint32_t offset, @@ -83,11 +67,6 @@ return VB2_SUCCESS; }
-void vb2ex_abort(void) -{ - die("vboot has aborted execution; exit\n"); -} - /* No-op stubs that can be overridden by SoCs with hardware crypto support. */ __weak vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_t data_size)
build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/1/src/security/vboot/vboot_co... File src/security/vboot/vboot_common.c:
https://review.coreboot.org/c/coreboot/+/38706/1/src/security/vboot/vboot_co... PS1, Line 76: } void function return statements are not generally useful
Hello Aaron Durbin, Julius Werner, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38706
to look at the new patch set (#2).
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_common.c, which is linked into ramstage.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/vboot_common.c M src/security/vboot/vboot_logic.c 2 files changed, 21 insertions(+), 21 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/2
Hello Aaron Durbin, Julius Werner, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38706
to look at the new patch set (#3).
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_common.c, which is linked into ramstage.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/vboot_common.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/lib/Makefile.inc 3 files changed, 23 insertions(+), 22 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/3
Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 3:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/1/src/security/vboot/vboot_co... File src/security/vboot/vboot_common.c:
https://review.coreboot.org/c/coreboot/+/38706/1/src/security/vboot/vboot_co... PS1, Line 76: }
void function return statements are not generally useful
Good point. Let's just remove that.
Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 3:
Would adding vb2ex_abort() and vb2ex_printf() to vboot library be the preferred solution?
Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 3:
Patch Set 3:
Would adding vb2ex_abort() and vb2ex_printf() to vboot library be the preferred solution?
By design, the "vb2ex" functions are supposed to be implemented by the caller. These are mostly lower-level functions interacting with drivers or hardware in some way. This also allows implementation to differ across the firmware being linked, i.e. coreboot or depthcharge.
Hello Aaron Durbin, Julius Werner, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38706
to look at the new patch set (#4).
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_common.c, which is linked into ramstage.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/vboot_common.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/lib/Makefile.inc 3 files changed, 25 insertions(+), 22 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/4
Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... File src/security/vboot/vboot_common.c:
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... PS4, Line 29: #if CONFIG(VBOOT) Why does this need to be guarded? If this function isn't used it will get dropped at link time.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/38706/4//COMMIT_MSG@13 PS4, Line 13: which is linked into ramstage. Maybe go even further and change compilation of vboot_common.c to be guarded by CONFIG_VBOOT_LIB, not CONFIG_VBOOT? These two callbacks are so generic that they may eventually come up in use cases of the vboot library that aren't tied to verification.
Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 4:
(2 comments)
https://review.coreboot.org/c/coreboot/+/38706/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/38706/4//COMMIT_MSG@13 PS4, Line 13: which is linked into ramstage.
Maybe go even further and change compilation of vboot_common. […]
I agree -- but perhaps we should hold off on this until we have cleaned up/merged security/vboot/common.c and security/vboot/vboot_common.c?
Or perhaps we can have one file for "vboot common" and one for "vboot lib common"?
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... File src/security/vboot/vboot_common.c:
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... PS4, Line 29: #if CONFIG(VBOOT)
Why does this need to be guarded? If this function isn't used it will get dropped at link time.
This is to match the CONFIG(VBOOT) conditional in vboot_common.h. Unfortunately the set of functions defined in the conditional are spread all over the place. The "vboot utility code" in coreboot could probably use some shuffling around.
https://qa.coreboot.org/job/coreboot-gerrit/115915/ failure:
src/security/vboot/vboot_common.c:30:5: error: redefinition of 'vboot_can_enable_udc' int vboot_can_enable_udc(void) ^~~~~~~~~~~~~~~~~~~~ In file included from src/security/vboot/misc.h:20, from src/security/vboot/vboot_common.c:24: src/security/vboot/vboot_common.h:80:19: note: previous definition of 'vboot_can_enable_udc' was here static inline int vboot_can_enable_udc(void) { return 1; }
Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... File src/security/vboot/vboot_common.c:
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... PS4, Line 29: #if CONFIG(VBOOT)
This is to match the CONFIG(VBOOT) conditional in vboot_common.h. […]
Oh. Because of the different definitions and guards. I see. I just assumed if it wasn't used it wouldn't be linked in. nm.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 4:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... File src/security/vboot/vboot_common.c:
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... PS4, Line 29: #if CONFIG(VBOOT)
Oh. Because of the different definitions and guards. I see. […]
Well, then this is probably just not the right file to add this? Maybe just make a new one (vboot_lib.c or whatever) for these for now and make it conditional on CONFIG_VBOOT_LIB. I agree that we should still do more consolidation and clarification of what belongs where at some point, but can leave that to a later patch. I think I'd rather have too many files in the short term than random #ifdefs spread around.
Hello Aaron Durbin, Julius Werner, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38706
to look at the new patch set (#5).
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/Makefile.inc A src/security/vboot/vboot_lib.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/lib/Makefile.inc 4 files changed, 46 insertions(+), 22 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/5
Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 5:
(2 comments)
https://review.coreboot.org/c/coreboot/+/38706/4//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/38706/4//COMMIT_MSG@13 PS4, Line 13: which is linked into ramstage.
I agree -- but perhaps we should hold off on this until we have cleaned up/merged security/vboot/com […]
Adding vboot_lib.c as suggested in other comment.
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... File src/security/vboot/vboot_common.c:
https://review.coreboot.org/c/coreboot/+/38706/4/src/security/vboot/vboot_co... PS4, Line 29: #if CONFIG(VBOOT)
Well, then this is probably just not the right file to add this? Maybe just make a new one (vboot_li […]
Sure -- let's do that.
Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 5:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/5/src/vendorcode/eltan/securi... File src/vendorcode/eltan/security/lib/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/38706/5/src/vendorcode/eltan/securi... PS5, Line 45: bootblock-y += ../../../../security/vboot/vboot_lib.c vboot_lib.c should replace vboot_logic.c. Can vboot_logic.c be removed?
Hello Aaron Durbin, Julius Werner, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38706
to look at the new patch set (#6).
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/Makefile.inc A src/security/vboot/vboot_lib.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/lib/Makefile.inc 4 files changed, 46 insertions(+), 23 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/6
Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 6:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/5/src/vendorcode/eltan/securi... File src/vendorcode/eltan/security/lib/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/38706/5/src/vendorcode/eltan/securi... PS5, Line 45: bootblock-y += ../../../../security/vboot/vboot_lib.c
vboot_lib.c should replace vboot_logic.c. […]
Yes, it seems like all Eltan needs here to be happy is vb2ex_printf.
Aaron Durbin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 6:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... File src/security/vboot/vboot_lib.c:
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... PS6, Line 4: * Copyright 2020 The Chromium OS Authors. All rights reserved. we should move to the spdx headers for copyright. Grep for SPDX-License-Identifer for an example.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 6: Code-Review+2
(3 comments)
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/Makefile... File src/security/vboot/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/Makefile... PS6, Line 61: verstage-y += vboot_lib.c nit: There's no need to put this down here, the verstage class won't be used by any rules when not building for vboot but it doesn't hurt to still add files to it. I think it's more easy to read if you always put the lines of all classes for the same file together. (In fact, I've frequently thought we should add an 'all' class as a shorthand for all that library code that we want available everywhere, but that's one of those things you never actually end up finding time for.)
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... File src/security/vboot/vboot_lib.c:
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... PS6, Line 4: * Copyright 2020 The Chromium OS Authors. All rights reserved.
we should move to the spdx headers for copyright. Grep for SPDX-License-Identifer for an example.
I'm somewhat confused what's going on there actually, I thought the plan was to migrate whole directories at a time (so not every patch author needs to worry about it until their directory was migrated and the linter starts reminding them to), but it seems like nothing is happening anymore... (same as with the 96 character thing).
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... PS6, Line 20: /* vboot_reference callbacks implemented by coreboot. */ nit: maybe be a bit more specific what separates these callbacks from the one implemented in vboot_logic.c?
Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 6:
(1 comment)
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... File src/security/vboot/vboot_lib.c:
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... PS6, Line 4: * Copyright 2020 The Chromium OS Authors. All rights reserved.
I'm somewhat confused what's going on there actually, I thought the plan was to migrate whole direct […]
So yes, this is still planned, but people are busy with other things. As for the license header, we can accept both right now. Things will work through the transition.
Hello Aaron Durbin, Julius Werner, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38706
to look at the new patch set (#7).
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/Makefile.inc A src/security/vboot/vboot_lib.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/lib/Makefile.inc 4 files changed, 37 insertions(+), 23 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/7
Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 7:
(2 comments)
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/Makefile... File src/security/vboot/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/Makefile... PS6, Line 61: verstage-y += vboot_lib.c
nit: There's no need to put this down here, the verstage class won't be used by any rules when not b […]
Done. Now the question becomes, what order should they be listed (=
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... File src/security/vboot/vboot_lib.c:
https://review.coreboot.org/c/coreboot/+/38706/6/src/security/vboot/vboot_li... PS6, Line 4: * Copyright 2020 The Chromium OS Authors. All rights reserved.
So yes, this is still planned, but people are busy with other things. […]
Done
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 7: Code-Review+2
Frans Hendriks has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 7: Code-Review+1
Hello Aaron Durbin, Julius Werner, Frans Hendriks, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/38706
to look at the new patch set (#8).
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/Makefile.inc A src/security/vboot/vboot_lib.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/verified_boot/Makefile.inc 4 files changed, 36 insertions(+), 22 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/06/38706/8
Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 8:
Unfortunately had to rebase on Eltan's change -- everything is the same, except moving the change from one Makefile.inc to another.
Martin Roth has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 8: Code-Review+2
Martin Roth has submitted this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage.
Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT.
Relevant vboot_reference commit: CL:2037263.
BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching kitching@google.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/38706 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Martin Roth martinroth@google.com --- M src/security/vboot/Makefile.inc A src/security/vboot/vboot_lib.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/verified_boot/Makefile.inc 4 files changed, 36 insertions(+), 22 deletions(-)
Approvals: build bot (Jenkins): Verified Martin Roth: Looks good to me, approved
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index a700e00..2fe2d92 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -16,6 +16,12 @@
ifeq ($(CONFIG_VBOOT_LIB),y)
+bootblock-y += vboot_lib.c +verstage-y += vboot_lib.c +romstage-y += vboot_lib.c +ramstage-y += vboot_lib.c +postcar-y += vboot_lib.c + vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\ $(patsubst $(src)/%.h,$(top)/$(src)/%.h,\ $(filter-out -I$(obj),$(1)))) diff --git a/src/security/vboot/vboot_lib.c b/src/security/vboot/vboot_lib.c new file mode 100644 index 0000000..b2303c0 --- /dev/null +++ b/src/security/vboot/vboot_lib.c @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* This file is part of the coreboot project. */ + +#include <console/console.h> +#include <console/vtxprintf.h> +#include <vb2_api.h> + +/* + * vboot callbacks implemented by coreboot -- necessary for making general API + * calls when CONFIG_VBOOT_LIB is enabled. For callbacks specific to verstage + * (CONFIG_VBOOT), please see vboot_logic.c. + */ + +void vb2ex_printf(const char *func, const char *fmt, ...) +{ + va_list args; + + if (func) + printk(BIOS_INFO, "VB2:%s() ", func); + + va_start(args, fmt); + vprintk(BIOS_INFO, fmt, args); + va_end(args); +} + +void vb2ex_abort(void) +{ + die("vboot has aborted execution; exit\n"); +} diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 1d17a17..182128c 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -17,8 +17,6 @@ #include <assert.h> #include <bootmode.h> #include <cbmem.h> -#include <console/console.h> -#include <console/vtxprintf.h> #include <fmap.h> #include <string.h> #include <timestamp.h> @@ -37,20 +35,6 @@
/* exports */
-void vb2ex_printf(const char *func, const char *fmt, ...) -{ - va_list args; - - if (func) - printk(BIOS_INFO, "VB2:%s() ", func); - - va_start(args, fmt); - vprintk(BIOS_INFO, fmt, args); - va_end(args); - - return; -} - vb2_error_t vb2ex_read_resource(struct vb2_context *ctx, enum vb2_resource_index index, uint32_t offset, @@ -83,11 +67,6 @@ return VB2_SUCCESS; }
-void vb2ex_abort(void) -{ - die("vboot has aborted execution; exit\n"); -} - /* No-op stubs that can be overridden by SoCs with hardware crypto support. */ __weak vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_t data_size) diff --git a/src/vendorcode/eltan/security/verified_boot/Makefile.inc b/src/vendorcode/eltan/security/verified_boot/Makefile.inc index 827535b..2acad84 100644 --- a/src/vendorcode/eltan/security/verified_boot/Makefile.inc +++ b/src/vendorcode/eltan/security/verified_boot/Makefile.inc @@ -17,7 +17,7 @@
CPPFLAGS_common += -I$(src)/security/vboot
-bootblock-y += ../../../../security/vboot/vboot_logic.c +bootblock-y += ../../../../security/vboot/vboot_lib.c bootblock-y += vboot_check.c postcar-y += vboot_check.c romstage-y += vboot_check.c
9elements QA has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38706 )
Change subject: security/vboot: relocate vb2ex_abort and vb2ex_printf ......................................................................
Patch Set 9:
Automatic boot test returned (PASS/FAIL/TOTAL): 3/0/3 Emulation targets: EMULATION_QEMU_X86_Q35 using payload TianoCore : SUCCESS : https://lava.9esec.io/r/487 EMULATION_QEMU_X86_Q35 using payload SeaBIOS : SUCCESS : https://lava.9esec.io/r/486 EMULATION_QEMU_X86_I440FX using payload SeaBIOS : SUCCESS : https://lava.9esec.io/r/485
Please note: This test is under development and might not be accurate at all!
-
9elements QA (Code Review) -
Aaron Durbin (Code Review)
-
build bot (Jenkins) (Code Review)
-
Frans Hendriks (Code Review)
-
Joel Kitching (Code Review)
-
Julius Werner (Code Review)
-
Martin Roth (Code Review)
-
Patrick Georgi (Code Review)