summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/ec/google/chromeec/Makefile.inc5
-rw-r--r--src/ec/google/chromeec/vboot_storage.c62
2 files changed, 67 insertions, 0 deletions
diff --git a/src/ec/google/chromeec/Makefile.inc b/src/ec/google/chromeec/Makefile.inc
index 59758ca87c..ad9de9e2a5 100644
--- a/src/ec/google/chromeec/Makefile.inc
+++ b/src/ec/google/chromeec/Makefile.inc
@@ -21,4 +21,9 @@ verstage-$(CONFIG_EC_GOOGLE_CHROMEEC_LPC) += ec_lpc.c
verstage-$(CONFIG_EC_GOOGLE_CHROMEEC_MEC) += ec_mec.c
verstage-$(CONFIG_EC_GOOGLE_CHROMEEC_SPI) += ec_spi.c
+ramstage-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c
+smm-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c
+romstage-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c
+verstage-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot_storage.c
+
endif
diff --git a/src/ec/google/chromeec/vboot_storage.c b/src/ec/google/chromeec/vboot_storage.c
new file mode 100644
index 0000000000..f47c2f14e9
--- /dev/null
+++ b/src/ec/google/chromeec/vboot_storage.c
@@ -0,0 +1,62 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2016 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+#include <assert.h>
+#include <console/console.h>
+#include <ec/google/chromeec/ec.h>
+#include <vendorcode/google/chromeos/chromeos.h>
+
+#define VBOOT_HASH_VSLOT 0
+#define VBOOT_HASH_VSLOT_MASK (1 << (VBOOT_HASH_VSLOT))
+
+int vboot_save_hash(void *digest, size_t digest_size)
+{
+ const int slot = VBOOT_HASH_VSLOT;
+ uint32_t lock_status;
+ int num_slots;
+
+ /* Ensure the digests being saved match the EC's slot size. */
+ assert(digest_size == EC_VSTORE_SLOT_SIZE);
+
+ if (google_chromeec_vstore_write(slot, digest, digest_size))
+ return -1;
+
+ /* Assert the slot is locked on successful write. */
+ num_slots = google_chromeec_vstore_info(&lock_status);
+
+ /* Normalize to be 0 based. If num_slots returned 0 then it'll be -1. */
+ num_slots--;
+
+ if (num_slots < slot) {
+ printk(BIOS_ERR, "Not enough vstore slots for vboot hash: %d\n",
+ num_slots + 1);
+ return -1;
+ }
+
+ if ((lock_status & VBOOT_HASH_VSLOT_MASK) == 0) {
+ printk(BIOS_ERR, "Vstore slot not locked after write.\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+int vboot_retrieve_hash(void *digest, size_t digest_size)
+{
+ /* Ensure the digests being saved match the EC's slot size. */
+ assert(digest_size == EC_VSTORE_SLOT_SIZE);
+
+ return google_chromeec_vstore_read(VBOOT_HASH_VSLOT, digest);
+}