[coreboot-gerrit] New patch to review for coreboot: 6774ec2 vboot: add mocked secdata

[Patrick Georgi (pgeorgi@google.com)]

Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/9919

-gerrit

commit 6774ec29c9b11741b0fd9168eb0d8db18bcf4137
Author: Daisuke Nojiri <dnojiri at chromium.org>
Date:   Thu Apr 9 08:18:22 2015 -0700

    vboot: add mocked secdata
    
    This patch allows a board without a secdata storage (typically TPM) to pass
    the verification stage if recovery path is taken. It's useful for bringup
    when the actual board is not ready.
    
    BUG=none
    BRANCH=none
    TEST=booted the kernel from a usb stick on a cygnus reference board
    
    Change-Id: I5ab97d1198057d102a1708338d71c606fe106c75
    Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
    Original-Commit-Id: 5d45acee31fd5b7bfe7444f12e3622bae49fc329
    Original-Signed-off-by: Daisuke Nojiri <dnojiri at chromium.org>
    Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212418
    Original-Reviewed-by: Daisuke Nojiri <dnojiri at google.com>
    Original-Commit-Queue: Daisuke Nojiri <dnojiri at google.com>
    Original-Tested-by: Daisuke Nojiri <dnojiri at google.com>
    Original-Change-Id: Iddd9af19a2b6428704254af0c17b642e7a976fb8
    Original-Reviewed-on: https://chromium-review.googlesource.com/265046
---
 src/vendorcode/google/chromeos/vboot2/Kconfig      | 11 +++++
 src/vendorcode/google/chromeos/vboot2/Makefile.inc |  7 +++-
 .../google/chromeos/vboot2/secdata_mock.c          | 48 ++++++++++++++++++++++
 3 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig
index 7ea53fd..16b8110 100644
--- a/src/vendorcode/google/chromeos/vboot2/Kconfig
+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig
@@ -24,6 +24,17 @@ config VBOOT2_VERIFY_FIRMWARE
 	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
 	  and boot loader.
 
+config VBOOT2_MOCK_SECDATA
+	bool "Mock secdata for firmware verification"
+	default n
+	depends on VBOOT2_VERIFY_FIRMWARE
+	help
+	  Enabling VBOOT2_MOCK_SECDATA will mock secdata for the firmware
+	  verification to avoid access to a secdata storage (typically TPM).
+	  All operations for a secdata storage will be successful. This option
+	  can be used during development when a TPM is not present or broken.
+	  THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
+
 config RETURN_FROM_VERSTAGE
 	bool "return from verstage"
 	default n
diff --git a/src/vendorcode/google/chromeos/vboot2/Makefile.inc b/src/vendorcode/google/chromeos/vboot2/Makefile.inc
index 12404d9..e1598aa 100644
--- a/src/vendorcode/google/chromeos/vboot2/Makefile.inc
+++ b/src/vendorcode/google/chromeos/vboot2/Makefile.inc
@@ -28,7 +28,12 @@ bootblock-y += verstub.c
 verstage-y += verstub.c
 bootblock-y += common.c
 verstage-y += verstage.c
-verstage-y += antirollback.c common.c
+verstage-y += common.c
+ifeq (${CONFIG_VBOOT2_MOCK_SECDATA},y)
+verstage-y += secdata_mock.c
+else
+verstage-y += antirollback.c
+endif
 romstage-y += vboot_handoff.c common.c
 
 verstage-y += verstage.ld
diff --git a/src/vendorcode/google/chromeos/vboot2/secdata_mock.c b/src/vendorcode/google/chromeos/vboot2/secdata_mock.c
new file mode 100644
index 0000000..3bd4b17
--- /dev/null
+++ b/src/vendorcode/google/chromeos/vboot2/secdata_mock.c
@@ -0,0 +1,48 @@
+/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Functions for querying, manipulating and locking rollback indices
+ * stored in the TPM NVRAM.
+ */
+
+#include <antirollback.h>
+#include <stdlib.h>
+#include <vb2_api.h>
+
+uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
+			enum vb2_pcr_digest which_digest)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t tpm_clear_and_reenable(void)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
+{
+	vb2api_secdata_create(ctx);
+	return TPM_SUCCESS;
+}
+
+uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t antirollback_lock_space_firmware()
+{
+	return TPM_SUCCESS;
+}