diff options
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/vboot/Kconfig | 9 | ||||
| -rw-r--r-- | src/security/vboot/Makefile.inc | 8 | ||||
| -rw-r--r-- | src/security/vboot/common.c | 10 | ||||
| -rw-r--r-- | src/security/vboot/misc.h | 4 | ||||
| -rw-r--r-- | src/security/vboot/vboot_loader.c | 9 |
5 files changed, 29 insertions, 11 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index d317cb6447..0637edce01 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -71,6 +71,13 @@ config VBOOT_VBNV_FLASH help VBNV is stored in flash storage +config VBOOT_STARTS_BEFORE_BOOTBLOCK + def_bool n + select VBOOT_SEPARATE_VERSTAGE + help + Firmware verification happens before the main processor is brought + online. + config VBOOT_STARTS_IN_BOOTBLOCK bool default n @@ -109,7 +116,7 @@ config VBOOT_DISABLE_DEV_ON_RECOVERY config VBOOT_SEPARATE_VERSTAGE bool default n - depends on VBOOT_STARTS_IN_BOOTBLOCK + depends on VBOOT_STARTS_IN_BOOTBLOCK || VBOOT_STARTS_BEFORE_BOOTBLOCK help If this option is set, vboot verification runs in a standalone stage that is loaded from the bootblock and exits into romstage. If it is diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index bc1dc5ca9b..1e0166ef37 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -96,7 +96,9 @@ postcar-y += vboot_common.c bootblock-y += common.c verstage-y += vboot_logic.c verstage-y += common.c +ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),) verstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += verstage.c +endif ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y) verstage-y += secdata_mock.c romstage-y += secdata_mock.c @@ -122,10 +124,12 @@ ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) $(eval $(call vboot-for-stage,verstage)) +ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),) cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage $(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf $(CONFIG_CBFS_PREFIX)/verstage-type := stage $(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG) +endif # CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y) $(CONFIG_CBFS_PREFIX)/verstage-options := -a 64 -S ".car.data" @@ -167,8 +171,8 @@ endif # Use $(sort) to cut down on extra spaces that would be translated to commas regions-for-file = $(subst $(spc),$(comma),$(sort \ $(if $(filter \ - $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \ - %/romstage) \ + $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)), \ + %/romstage,) \ mts \ %/verstage \ locales \ diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c index db51fa13b8..0121f56e8c 100644 --- a/src/security/vboot/common.c +++ b/src/security/vboot/common.c @@ -18,8 +18,7 @@ static void *vboot_get_workbuf(void) if (cbmem_possibly_online()) wb = cbmem_find(CBMEM_ID_VBOOT_WORKBUF); - if (wb == NULL && CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) && - preram_symbols_available()) + if (wb == NULL && !CONFIG(VBOOT_STARTS_IN_ROMSTAGE) && preram_symbols_available()) wb = _vboot2_work; assert(wb != NULL); @@ -76,6 +75,11 @@ static void vboot_setup_cbmem(int unused) void *wb_cbmem = cbmem_add(CBMEM_ID_VBOOT_WORKBUF, cbmem_size); assert(wb_cbmem != NULL); /* + * On platforms where VBOOT_STARTS_BEFORE_BOOTBLOCK, the verification + * occurs before the main processor starts running. The vboot data- + * structure is available in the _vboot2_work memory area as soon + * as the main processor is released. + * * For platforms where VBOOT_STARTS_IN_BOOTBLOCK, vboot verification * occurs before CBMEM is brought online, using pre-RAM. In order to * make vboot data structures available downstream, copy vboot workbuf @@ -85,7 +89,7 @@ static void vboot_setup_cbmem(int unused) * after CBMEM is brought online. Directly initialize vboot data * structures in CBMEM, which will also be available downstream. */ - if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) + if (!CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) rv = vb2api_relocate(wb_cbmem, _vboot2_work, cbmem_size, &vboot_ctx); else diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h index 8af0c827a8..470102111e 100644 --- a/src/security/vboot/misc.h +++ b/src/security/vboot/misc.h @@ -57,7 +57,7 @@ static inline int verification_should_run(void) static inline int verstage_should_load(void) { - if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) + if (CONFIG(VBOOT_SEPARATE_VERSTAGE) && !CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK)) return ENV_BOOTBLOCK; else return 0; @@ -80,6 +80,8 @@ static inline int vboot_logic_executed(void) } else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) { /* Post-RAM stages are "after the romstage" */ return !ENV_ROMSTAGE_OR_BEFORE; + } else if (CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK)) { + return !ENV_SEPARATE_VERSTAGE; } else { dead_code(); } diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index dc8ba3777b..bca4c3e3b7 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -10,11 +10,12 @@ /* Ensure vboot configuration is valid: */ _Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) + + CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK) + CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1, - "vboot must either start in bootblock or romstage (not both!)"); -_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) || - CONFIG(VBOOT_STARTS_IN_BOOTBLOCK), - "stand-alone verstage must start in (i.e. after) bootblock"); + "vboot must start in bootblock, PSP or romstage (but only one!)"); +_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) || CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) || + CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK), + "stand-alone verstage must start in or before bootblock "); _Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) || CONFIG(VBOOT_SEPARATE_VERSTAGE), "return from verstage only makes sense for separate verstages"); |