[commit] r3317 - cpu/x86/pc/olpc - openfirmware

19 Sep 2012

Author: wmb
Date: Wed Sep 19 09:06:03 2012
New Revision: 3317
URL: http://tracker.coreboot.org/trac/openfirmware/changeset/3317
Log:
OLPC - Implemented ?ofw-reflash in security.fth so that the version in /boot/olpc.fth will not be used.  This has the effect of extending the rule of "bootfw.zip" must be named "bootfw4.zip" for XO-4 to the unsecure boot domain too.
Modified:
   cpu/x86/pc/olpc/security.fth
Modified: cpu/x86/pc/olpc/security.fth
==============================================================================

--- cpu/x86/pc/olpc/security.fth	Wed Sep 19 08:31:04 2012	(r3316)
+++ cpu/x86/pc/olpc/security.fth	Wed Sep 19 09:06:03 2012	(r3317)
@@ -886,13 +886,17 @@
    fw#buf 4 + c@  bl  =  if  [char] 0 fw#buf 4 + c!  then
    base @ >r  d# 36 base !
    fw#buf 5 $number  if
-      show-x
-      " Invalid firmware version number"  .security-failure
+      secure?  if
+         show-x
+         " Invalid firmware version number"  .security-failure
+      else
+	 0
+      then
    then
    pop-base
 ;
 : (fw-version)  ( base-adr -- n )
-   h# f.ffc7 +  ((fw-version))
+   signature-offset +  7 +  ((fw-version))
 ;
\ Returns an integer that is derived from a base-36 decoding
@@ -904,8 +908,8 @@
: firmware-up-to-date?  ( img$ -- flag )
    /flash <>  if  show-x  " Invalid Firmware image" .security-failure  then  ( adr )
-   h# f.ffc7 + ((fw-version))       ( file-version# )
-   ofw-version-int                  ( file-version# rom-version# )
+   signature-offset + 7 + ((fw-version))   ( file-version# )
+   ofw-version-int                         ( file-version# rom-version# )
    u<=
 ;
@@ -1025,6 +1029,20 @@
    " Reflash returned, unexpectedly" .security-failure
 ;
+\ Check for new firmware.  Used by /boot/olpc.fth.
+\ Before calling, set dn-buf to the device, e.g. " int:"
+\ and pn-buf to the path, e.g. " \boot"
+: ?ofw-reflash  ( -- )
+   \ It is okay to overwrite cn-buf here, as ?ofw-reflash is used for non-secure
+   \ boot from olpc.fth.  cn-buf is used for the secure boot path.
+   null$ cn-buf place
+   " bootfw" bundle-present?  if
+      img$  firmware-up-to-date?  0=  if
+         img$ do-firmware-update
+      then
+   then
+;
+
 \ Turn off indexed I/O unless the OS is signed with the firmware
 \ key in addition to the OS key.

    