diff options
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/misc.h | 59 | ||||
-rw-r--r-- | src/security/vboot/vboot_loader.c | 50 |
2 files changed, 56 insertions, 53 deletions
diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h index b4fae19d74..23159c8a0d 100644 --- a/src/security/vboot/misc.h +++ b/src/security/vboot/misc.h @@ -16,6 +16,8 @@ #ifndef __VBOOT_MISC_H__ #define __VBOOT_MISC_H__ +#include <assert.h> +#include <arch/early_variables.h> #include <security/vboot/vboot_common.h> struct vb2_context; @@ -66,13 +68,62 @@ int vboot_is_slot_selected(void); void vboot_fill_handoff(void); /* - * Source: security/vboot/vboot_loader.c + * Source: security/vboot/bootmode.c */ -int vboot_logic_executed(void); +void vboot_save_recovery_reason_vbnv(void); /* - * Source: security/vboot/bootmode.c + * The stage loading code is compiled and entered from multiple stages. The + * helper functions below attempt to provide more clarity on when certain + * code should be called. They are implemented inline for better compile-time + * code elimination. */ -void vboot_save_recovery_reason_vbnv(void); + +static inline int verification_should_run(void) +{ + if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) + return ENV_VERSTAGE; + else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) + return ENV_ROMSTAGE; + else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) + return ENV_BOOTBLOCK; + else + dead_code(); +} + +static inline int verstage_should_load(void) +{ + if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) + return ENV_BOOTBLOCK; + else + return 0; +} + +static inline int vboot_logic_executed(void) +{ + extern int vboot_executed; /* should not be globally accessible */ + + /* If we are in the stage that runs verification, or in the stage that + both loads the verstage and is returned to from it afterwards, we + need to check a global to see if verfication has run. */ + if (verification_should_run() || + (verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE))) + return car_get_var(vboot_executed); + + if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) { + /* All other stages are "after the bootblock" */ + return !ENV_BOOTBLOCK; + } else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) { + /* Post-RAM stages are "after the romstage" */ +#ifdef __PRE_RAM__ + return 0; +#else + return 1; +#endif + } else { + dead_code(); + } +} + #endif /* __VBOOT_MISC_H__ */ diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index 3bbb3da99c..1350307425 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -36,55 +36,7 @@ _Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) || CONFIG(VBOOT_SEPARATE_VERSTAGE), "return from verstage only makes sense for separate verstages"); -/* The stage loading code is compiled and entered from multiple stages. The - * helper functions below attempt to provide more clarity on when certain - * code should be called. */ - -static int verification_should_run(void) -{ - if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) - return ENV_VERSTAGE; - else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) - return ENV_ROMSTAGE; - else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) - return ENV_BOOTBLOCK; - else - die("impossible!"); -} - -static int verstage_should_load(void) -{ - if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) - return ENV_BOOTBLOCK; - else - return 0; -} - -static int vboot_executed CAR_GLOBAL; - -int vboot_logic_executed(void) -{ - /* If we are in the stage that runs verification, or in the stage that - both loads the verstage and is returned to from it afterwards, we - need to check a global to see if verfication has run. */ - if (verification_should_run() || - (verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE))) - return car_get_var(vboot_executed); - - if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) { - /* All other stages are "after the bootblock" */ - return !ENV_BOOTBLOCK; - } else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) { - /* Post-RAM stages are "after the romstage" */ -#ifdef __PRE_RAM__ - return 0; -#else - return 1; -#endif - } else { - die("impossible!"); - } -} +int vboot_executed CAR_GLOBAL; static void vboot_prepare(void) { |