Timothy Pearson (tpearson@raptorengineeringinc.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/12289

-gerrit

commit bc4a9f009d121e8baa87f70a01aef23b37bc38d9 Author: Timothy Pearson tpearson@raptorengineeringinc.com Date: Sun Nov 1 02:13:17 2015 -0600

drivers/pc80: Ensure recovery mode always boots fallback image

The current fallback / failed boot count checks only look at the value of last_boot when determining whether to execute the normal or fallback image. Furthermore, the normal boot bit is unconditionally set if the failed boot count has not exceeded its threshold, thereby overriding a request from the user to boot into fallback mode if the user does not also set the failed boot count above the failure threshold.

Only check the failed boot count if the normal boot bit is set in nvram.

NOTE: The existing code did not function as intended when used with recovery jumpers or nvramtool. Even when the user set a recovery jumper or used nvramtool to set the next boot attempt to Fallback, the bootblock would execute the normal code if the failed boot count was below threshold. The only way to recover from this situation was to forcibly power off and on the board repeatedly until the failed boot count rose high enough, or to directly reflash the ROM.

Note that clearing the CMOS actually had the opposite effect from what was intended, as it reset the failed boot count and set the normal boot bit.

Change-Id: I753ae9f0710c524875a85354ac2547df0c305569 Signed-off-by: Timothy Pearson tpearson@raptorengineeringinc.com --- src/drivers/pc80/mc146818rtc_early.c | 51 +++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 15 deletions(-)

diff --git a/src/drivers/pc80/mc146818rtc_early.c b/src/drivers/pc80/mc146818rtc_early.c index 421af2f..6efb2e8 100644 --- a/src/drivers/pc80/mc146818rtc_early.c +++ b/src/drivers/pc80/mc146818rtc_early.c @@ -12,6 +12,9 @@ #error "CONFIG_MAX_REBOOT_CNT too high" #endif

+#define RTC_BOOT_TRY_NORMAL 0x1 +#define RTC_BOOT_LAST_WAS_NORMAL_AND_REACHED_PAYLOAD 0x2 + static int cmos_error(void) { unsigned char reg_d; @@ -67,29 +70,47 @@ static inline __attribute__((unused)) int do_normal_boot(void) /* The RTC_BOOT_BYTE is now o.k. see where to go. */ byte = cmos_read(RTC_BOOT_BYTE);

+ /* If booting past the bootblock is all that is required + * to reset the failed boot checks, then clear the boot + * count. This code must execute before any of the boot + * count checks below to function correctly. + */ if (!IS_ENABLED(CONFIG_SKIP_MAX_REBOOT_CNT_CLEAR)) - /* Are we in normal mode? */ - if (byte & 1) + /* Are we attempting to boot normally? */ + if (byte & RTC_BOOT_TRY_NORMAL) byte &= 0x0f; /* yes, clear the boot count */

- /* Properly set the last boot flag */ - byte &= 0xfc; - if ((byte >> 4) < CONFIG_MAX_REBOOT_CNT) { - byte |= (1<<1); - } - - /* Are we already at the max count? */ - if ((byte >> 4) < CONFIG_MAX_REBOOT_CNT) { - byte += 1 << 4; /* No, add 1 to the count */ - } - else { - byte &= 0xfc; /* Yes, put in fallback mode */ + /* Are we attempting to boot normally? */ + if (byte & RTC_BOOT_TRY_NORMAL) { + /* Properly set the last boot flag */ + byte &= 0xfc; + if ((byte >> 4) < CONFIG_MAX_REBOOT_CNT) { + byte |= RTC_BOOT_LAST_WAS_NORMAL_AND_REACHED_PAYLOAD; + } + + /* Are we already at the max count? */ + if ((byte >> 4) < CONFIG_MAX_REBOOT_CNT) { + byte += 1 << 4; /* No, add 1 to the count */ + } + else { + byte &= 0xfc; /* Yes, put in fallback mode */ + } }

/* Save the boot byte */ cmos_write(byte, RTC_BOOT_BYTE);

- return (byte & (1<<1)); + /* Return selected code path for this boot attempt + * If a boot path was selected and we successfully reach + * the payload, the last boot state bit will indicate + * which code path was taken. + * + * In other words, RTC_BOOT_LAST_WAS_NORMAL_AND_REACHED_PAYLOAD + * has final and absolute say on which code path to take. + * RTC_BOOT_TRY_NORMAL is only a request to try normal boot if + * possible (i.e. the payload can be reached via normal boot). + */ + return (byte & RTC_BOOT_LAST_WAS_NORMAL_AND_REACHED_PAYLOAD); }

unsigned read_option_lowlevel(unsigned start, unsigned size, unsigned def)