summaryrefslogtreecommitdiff
path: root/src/security/vboot
AgeCommit message (Collapse)Author
2019-11-11security/vboot: Add rw_region_only support to vbootWim Vervoorn
In some case where the flash space is limited or when a large payload such as LinuxBoot is used, the RO region may not be large enough to contain all components that would normally be added. This patch adds the possibility to add specific components to the RW regions only in the same way as the RO_ONLY_SUPPORT does for the RO region. Please note: this applies only to the items that would normally be added to all regions. If the payload is directed to the RW region only, a recovery payload needs to be added to the RO region manually. BUG=N/A TEST=build Change-Id: Ie0df9b5dfc6df4f24efc5582a1aec9ecfb48c44d Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36544 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-07lib/cbfs: Add fallback to RO region to cbfs_boot_locateWim Vervoorn
With this change cbfs_boot_locate will check the RO (COREBOOT) region if a file can not be found in the active RW region. By doing so it is not required to duplicate static files that are not intended to be updated to the RW regions. The coreboot image can still be updated by adding the file to the RW region. This change is intended to support VBOOT on systems with a small flash device. BUG=N/A TEST=tested on facebook fbg1701 Change-Id: I81ceaf927280cef9a3f09621c796c451e9115211 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36545 Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-06security/vboot/Kconfig: Remove unused symbolsArthur Heymans
Change-Id: I417a2ff45b4a8f5bc800459a64f1c5a861fcd3d5 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36605 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-11-05security/vboot: Removed vboot_prepare from vboot_locatorWim Vervoorn
When prog_locate() is called in the stage VBOOT is starting from and the image to be loaded is not the target image vboot_prepare() may be called too early. To prevent this vboot_prepare() is removed from the vboot_locator structure. This allows more control over the start of the vboot logic. To clarify the change the vboot_prepare() has been renamed to vboot_run_logic() and calls to initialize vboot have been added at the following places: postcar_loader: when VBOOT starts in ROMSTAGE romstage_loader: when VBOOT starts in BOOTBLOCK ramstage_loader: when VBOOT starts in ROMSTAGE BUG=N/A TEST=tested on facebook fbg1701 Change-Id: Id5e8fd78458c09dd3896bfd142bd49c2c3d686df Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36543 Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-10-27src/[northbridge,security]: change "unsigned" to "unsigned int"Martin Roth
Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: If6b5930f78c3da6dcefaa7b6202cd0424a24525b Reviewed-on: https://review.coreboot.org/c/coreboot/+/36331 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-10-27src: Use 'include <boot/coreboot_tables.h>' when appropriateElyes HAOUAS
Change-Id: I3d90e46ed391ce323436750c866a0afc3879e2e6 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36359 Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-10-18build: Mark bootblock files on x86 as IBBPatrick Rudolph
* Add cbfsoption --ibb to mark files as IBB * Will be used by "Legacy FIT TXT" boot Change-Id: I83313f035e7fb7e1eb484b323862522e28cb73d4 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31497 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-10-16vboot: add new vb2ex_abort callbackJoel Kitching
Required for new VB2_ASSERT and VB2_DIE macros in vboot code. (See chromium:972956.) BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none Change-Id: I61a1036ccab80862d6eb12f9f72286f29e8478cf Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36035 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-09-30vboot: create board-specific test-only GBB HWID if not setHung-Te Lin
The HWID in vboot GBB is an identifier for machine model. On Chrome OS, that should be provisioned in manufacturing process (by collecting real hardware information), and will be checked in system startup. For bring up developers, they usually prefer to generate a test-only string for HWID. However that format was not well documented and cause problems. Further more, most Chromebooks are using HWID v3+ today while the test-only HWID is usually v2. Non-Chrome OS developers may also prefer their own format. To simplify development process, the GBB_CONFIG now defaults to empty string, and will be replaced by a board-specific test-only v2 HWID automatically. Developers can still override that in mainboard Kconfig if they prefer v3 or other arbitrary format. BUG=b:140067412 TEST=Built 'kukui' successfully. Removed kukui GBB config and built again, still seeing correct test HWID. Change-Id: I0cda17a374641589291ec8dfb1d66c553f7cbf35 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35634 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-09-21vboot: extend BOOT_MODE_PCR to SHA256 bank on TPM2Andrey Pronin
With the support of various algorithms and banks in tlcl_extend(), digest_algo parameter of tpm_extend_pcr() started defining the target PCR bank in TPM2 case. The OS expects coreboot to extend the SHA256 bank of BOOT_MODE_PCR. The value that the OS expects coreboot to extend into BOOT_MODE_PCR is the SHA1 digest of mode bits extended to the length of SHA256 digest by appending zero bytes. Thus the correct value for digest_algo passed into tpm_extend_pcr() for BOOT_MODE_PCR is TPM_ALG_SHA256. This didn't matter until adding the support for multiple digest introduced by patches like https://review.coreboot.org/c/coreboot/+/33252, as tlcl_extend always used SHA256 bank before. Change-Id: I834fec24023cd10344cc359117f00fc80c61b80c Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35476 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-13security/vboot: Replace use of __PRE_RAM__Kyösti Mälkki
Change-Id: Ibaeda2762c733fdbe48979b635cc0cfd7ee4295d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35387 Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-02vboot: remove fastboot supportJoel Kitching
Fastboot support in vboot_reference is unused, unmaintained, and produces compile errors when enabled. Since there is no current or planned use cases for fastboot, remove it. BUG=b:124141368, chromium:995172 TEST=make clean && make test-abuild BRANCH=none Change-Id: I06ea816ffb910163ec2c3c456b3c09408c806d0b Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35002 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-21vboot: update vboot2 functions to use new vb2_error_tJoel Kitching
To make explicit when vboot2 error codes should be returned, use the new vb2_error_t type on all functions which return VB2_ERROR_* constants. Additionally, add required vboot submodule commit id e6700f4c: 2019-07-31 14:12:30 +0800 - (vboot: update vboot2 functions to use new vb2_error_t) NOTE: This patch was merged separately on the Chromium tree: https://chromium-review.googlesource.com/c/1728499 BUG=b:124141368, chromium:988410 TEST=make clean && make test-abuild BRANCH=none Change-Id: I804c2b407e496d0c8eb9833be629b7c40118415c Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1728292 Reviewed-on: https://review.coreboot.org/c/coreboot/+/34860 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-21vboot: use vboot2 API to set initial secdatak valueJoel Kitching
Previously, the initial value for secdatak was embedded in secdata_tpm.c as a uint8_t array. Switch to using vb2api_secdatak_create instead, and write the value in ctx->secdatak. Remove an unnecessary call to vb2api_secdata_create in _factory_initialize_tpm. BUG=b:124141368, chromium:972956 TEST=make clean && make test-abuild BRANCH=none TEST=Check that size and value of initial secdatak has not changed. Apply the patch below and check for this output: _factory_initialize_tpm():266: _factory_initialize_tpm: secdatak sizes are identical? 1 _factory_initialize_tpm():269: _factory_initialize_tpm: secdatak values are identical? 1 diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index ff62185107..c1818b482f 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -148,6 +148,18 @@ static uint32_t write_secdata(uint32_t index, return TPM_E_CORRUPTED_STATE; } +/* + * This is derived from rollback_index.h of vboot_reference. see struct + * RollbackSpaceKernel for details. + */ +static const uint8_t secdata_kernel[] = { + 0x02, + 0x4C, 0x57, 0x52, 0x47, + 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + 0xE8, +}; + /* * This is used to initialize the TPM space for recovery hash after defining * it. Since there is no data available to calculate hash at the point where TPM @@ -250,6 +262,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) * indication that TPM factory initialization was successfully * completed. */ + VBDEBUG("%s: secdatak sizes are identical? %d\n", __func__, + sizeof(secdata_kernel) == sizeof(ctx->secdatak)); + VBDEBUG("%s: secdatak values are identical? %d\n", __func__, + memcmp(secdata_kernel, ctx->secdatak, + sizeof(secdata_kernel)) == 0); RETURN_ON_FAILURE(set_kernel_space(ctx->secdatak)); if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) @@ -452,7 +469,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) /* Read the firmware space. */ rv = read_space_firmware(ctx); - if (rv == TPM_E_BADINDEX) { + if (true) { /* * This seems the first time we've run. Initialize the TPM. */ Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1652874, chromium:1655049 Reviewed-on: https://review.coreboot.org/c/coreboot/+/33386 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-08vboot: fix conditional using vboot_setup_tpm return valueJoel Kitching
vboot_setup_tpm returns (TPM_SUCCESS == 0) on success. In this case, call antirollback_read_space_firmware. This regression was introduced in CB:34510. BUG=b:139101213 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ifdea1d85167a50a1ada5afe9b107408e3a2e0d6f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34790 Reviewed-by: Subrata Banik <subrata.banik@intel.com> Reviewed-by: Aamir Bohra <aamir.bohra@intel.com> Reviewed-by: Ronak Kanabar <ronak.kanabar@intel.com> Reviewed-by: V Sowmya <v.sowmya@intel.com> Reviewed-by: caveh jalali <caveh@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-06security/vboot: Add Support for Intel PTTChristian Walter
Add support for Intel PTT. For supporting Intel PTT we need to disable read and write access to the TPM NVRAM during the bootblock. TPM NVRAM will only be available once the DRAM is initialized. To circumvent this, we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is, that the iTPM only supports a stripped down instruction set while the Intel ME is not fully booted up. Details can be found in Intel document number 571993 - Paragraph 2.10. Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-29Revert "src/security/vboot: Add option to skip display init with vboot 2.0"Christian Walter
This reverts commit 598af2e2c2785c00eb4290cdcefe1082b2a6f858. Reason for revert: This commit breaks every board with VBOOT enabled if the platform is apollolake, broadwell, skylake, baswell, baytrails or icelake. The reason is, that the SoC selects VBOOT_MUST_REQUEST_DISPLAY by default, and this has a dependency now on VBOOT_MAY_SKIP_DISPLAY_INIT. This will only be auto-selected if it is a CHROMEOS platform. Change-Id: I3872d9aa993326ded135d8a5d950d5b1b1eddf34 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34308 Reviewed-by: Nico Huber <nico.h@gmx.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-23vboot: relocate call to vboot_save_recovery_reason_vbnvJoel Kitching
Relocate call to vboot_save_recovery_reason_vbnv and rename vb2_clear_recovery_reason_vbnv for consistency. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I111cc23cf3d4b16fdb058dd395ac17a97f23a53f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33551 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-07-23vboot: deprecate vboot_handoff structureJoel Kitching
vboot_handoff is no longer used in coreboot, and is not needed in CBMEM or cbtable. BUG=b:124141368, b:124192753 TEST=make clean && make runtests BRANCH=none Change-Id: I782d53f969dc9ae2775e3060371d06e7bf8e1af6 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33536 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-07src/security/vboot: Add option to skip display init with vboot 2.0Sukerkar, Amol N
This config option, when set, will allow the platform to skip display initialization in normal (non-developer, non-recovery) mode. This allows platforms that do not implement firmware UI in normal mode to skip the display init in firmware. TEST=Set option CONFIG_VBOOT and clear CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT and the display should initialize in ramstage when platform boots. Set CONFIG_VBOOT and set CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT and the display initialization should be skipped in coreboot. Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com> Change-Id: Icadad6da34dcb817af02868e89a94ea62dbfa7b3 Reviewed-on: https://review.coreboot.org/c/coreboot/+/33844 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-03vboot: Use CONFIG_VBOOT_MIGRATE_WORKING_DATA on all platformsJulius Werner
When we added CONFIG_VBOOT_MIGRATE_WORKING_DATA, the idea was that on some Arm platforms the original working data buffer was in SRAM, which stays accessbile for the whole runtime of the system. There is no reason to migrate it into CBMEM on those platforms because ramstage and the payload could continue to access it in SRAM. Now that we've had a couple of months of experience with this option, we found that most of our Arm platforms have some issue that requires migrating anyway, because BL31 often claims SRAM for itself and makes it inaccessible to the payload. On the remaining platforms, accessing SRAM from the payload is possible but still an issue, because libpayload doesn't have enough memory layout information to set up proper page tables for it, so we're accessing it uncached and at risk of alignment errors. Rather than having to figure out how to map the right SRAM range for every platform in the payload, let's just get rid of the option. memcpy()ing 12KB isn't worth this much hassle. Change-Id: I1b94e01c998f723c8950be4d12cc8f02b363a1bf Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33952 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
2019-06-27vboot: remove vboot_handoff stepJoel Kitching
Depthcharge no longer reads this data structure, and uses the vboot workbuf in vboot_working_data instead. Since vboot2 downstream migration is not yet completed, the vboot2 -> vboot1 migration code is still required, but has been relocated to depthcharge. BUG=b:124141368, b:124192753 TEST=make clean && make runtests BRANCH=none Change-Id: I769abbff79695b38d11fb6a93c2b42f64d4bafde Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33535 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21security/vboot: Remove useless 'const'Elyes HAOUAS
Change-Id: I3b5ca272abffe46c6a63251cf4905780f87a6836 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33540 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Joel Kitching <kitching@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21vboot: relocate code to log and clear recovery mode switchJoel Kitching
Logging and clearing the recovery mode switch doesn't have anything to do with vboot_handoff. Move it to the main verstage logic file. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I2e74f3893463e43fe5fad4a8df8036560f34e0db Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33534 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-06-21vboot: remove functions which read vboot_handoff.out_flagsJoel Kitching
These functions are no longer used and may be removed: * vboot_handoff_check_recovery_flag * vboot_get_handoff_flag BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ie05652ef1288eef74bd2e7e8bea79fd29d523859 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33533 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21vboot: remove vboot_handoff_get_recovery_reasonJoel Kitching
Two functions retrieve vboot recovery_reason: * vboot_handoff_get_recovery_reason * vboot_get_recovery_reason_shared_data Previously, when CBMEM comes online, a vboot_handoff data structure is created, and depending on the architecture, coreboot may eventually lose access to vboot_working_data. After implementing vboot_working_data CBMEM migration, vboot_working_data is always guaranteed to be accessible. vboot_get_recovery_reason_shared_data is corrected to also allow accessing vboot_working_data in ramstage and postcar. Now, vboot_handoff_get_recovery reason returning a valid recovery reason implies that vboot_get_recovery_reason_shared_data should *also* return a valid recovery reason. Thus we may remove the former. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: Iac216dc968dd155d9d4f8bd0f2dfd5034762f9a0 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33532 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-06-12vboot: recovery path should finalize work contextJoel Kitching
Recovery path should finalize work context, and trim vboot_working_data buffer_size. Otherwise, depthcharge ingests the full 12 KB workbuf in recovery path. BUG=chromium:972528, b:134893812 TEST=Build with vboot_reference CL:1584488. Check that USB disks are properly verified in recovery path. BRANCH=none Change-Id: Icf2600d2eb5d846a26aec35a153946dd2f7f128c Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33358 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-22post_code: add post code for failure to load next stageKeith Short
Add a new post code, POST_INVALID_ROM, used when coreboot fails to locate or validate a resource that is stored in ROM. BUG=b:124401932 BRANCH=sarien TEST=build coreboot for sarien and arcada platforms Change-Id: Ie6de6590595d8fcdc57ad156237fffa03d5ead38 Signed-off-by: Keith Short <keithshort@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32770 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-22vboot: determine display init before recovery checkEric Lai
Display is required by recovery mode. Determine display init before recovery check. BUG=b:133197727,b:133175864 TEST=enter recovery mode, checked the display shows up Signed-off-by: Eric Lai <ericr_lai@compal.corp-partner.google.com> Change-Id: Id6ac611f51241373bca3e2b394a94dcd52d3fde7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32906 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-20security/vboot/vboot_crtm.h: Remove ENV_ for vboot_measure_cbfs_hook()Frans Hendriks
vboot_measure_cbfs_hook() is included when CONFIG_VBOOT_MEASURED_BOOT is enabled, but this function is defined as 0 in vboot_crtm.h using ENV_ Remove ENV_ for vboot_measure_cbfs_hook() function definition. This function is added to bootblock stage also. BUG=NA TEST=Build Google Banon and Google Cyan Change-Id: Ic62c18db09c119dfb85340a6b7f36bfd148aaa45 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32532 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-20vboot: save whether developer mode is enabledJoel Kitching
Save whether or not vboot has selected developer mode as a flag in vboot_working_data. Other coreboot code may access this flag without needing to consult vboot_handoff (which is in the process of being deprecated). BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ieb6ac4937c943aea78ddc762595a05387d2b8114 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32843 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-15vboot: remove OPROM-related codeJoel Kitching
As of CL:1605641, vboot2 code should be used for setting and checking display init state. Remove all vboot1 OPROM-related code, and use the vboot2 display init code which has already been added in previous commits. coreboot should not be reading vboot NVRAM flags directly. Remove the function vboot_wants_oprom(), and instead rely on display_init_required(), which uses the VBOOT_WD_FLAG_DISPLAY_INIT value stored in vboot_working_data.flags, initialized during verstage. Note that this means in the case of CONFIG_VBOOT=y, the return value of display_init_required() can only be trusted after verstage has been executed. This should not be a problem assuming that all display initialization occurs in ramstage. BUG=b:124141368, b:124192753, chromium:948529 TEST=Build locally TEST=make clean && make test-abuild BRANCH=none Change-Id: Ic8f9dc5a3c7f1546a8fed82bde02be4d04568f8d Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1605641, chromium:1605525 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32723 Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-15vboot: rename BOOT_OPROM_NEEDED to BOOT_DISPLAY_REQUESTJoel Kitching
Verified Boot OPROM code is being refactored. OPROM is being generalized into "display initialization". As such, the NVRAM request flag is being renamed from OPROM_NEEDED to DISPLAY_REQUEST. BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make test-abuild BRANCH=none Change-Id: I74374abf7d1deb594c073f7a4a76c9de46092143 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1605640 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32720 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-10vboot: Turn vboot_logic_executed() into a static inlineJulius Werner
This patch moves vboot_logic_executed() (and its dependencies) into a header and turns it into a static inline function. The function is used to guard larger amounts of code in several places, so this should allow us to save some more space through compile-time elimination (and also makes it easier to avoid undefined reference issues in some cases). Change-Id: I193f608882cbfe07dc91ee90d02fafbd67a3c324 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32716 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-05-10vboot: Make vboot_logic_executed() a bit more preciseJulius Werner
This patch adds another check to vboot_logic_executed() to make sure we only do a runtime check for verstage_should_load() if CONFIG_VBOOT_RETURN_FROM_VERSTAGE is enabled. That's the only case where the stage that's loading the verstage can execute after verification has run (because the verstage will return to it when it's done). In the other case, the stage that loads verstage really just loads it and will never do anything again after hand-off, so it's guaranteed to always execute before verification. This change may allow extra dead-code elimination in some cases. Change-Id: I7019b6f7b0acfbf0a8173914b53364751b08f2cf Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32714 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-05-09vboot: include vb2_sha.h when requiredJoel Kitching
Should include vb2_sha.h header when SHA library functions or constants are required. This replaces NEED_VB2_SHA_LIBRARY. BUG=b:124141368, chromium:956474 TEST=make clean && make test-abuild BRANCH=none Change-Id: I9f32174dbf3de05fbe5279cb8017888757abf368 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1583820 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32454 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09vboot: communicate display requirements with vb2api_fw_phase1Joel Kitching
Input: tell vb2api_fw_phase1 if display unconditionally available Output: vb2api_fw_phase1 may request coreboot to initialize display, if needed based on some internal request Move setting the VBOOT_FLAG_DISPLAY_REQUESTED flag into verstage_main. BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make test-abuild BRANCH=none Change-Id: I81c82c46303564b63b8a32e7f80beb9d891a4628 Cq-Depend: chromium:1564232 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32324 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09vboot: remove use of VbInitParamsJoel Kitching
The VbInitParams struct will be deprecated. Remove its use in preparation. Additionally, remove use of the flag VB_INIT_OUT_ENABLE_USB_STORAGE, which is no longer used downstream since vboot_reference CL:347257. BUG=b:124141368, chromium:960226 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ibe02cb6ba639de0d7cbdf79fc4dbf49044c92278 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1583943 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32664 Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-06vboot: remove use of GoogleBinaryBlockHeaderJoel Kitching
Remove use of deprecated GoogleBinaryBlockHeader struct, and replace with vb2_gbb_header. BUG=b:124141368, chromium:954774 TEST=make clean && make test-abuild BRANCH=none Change-Id: Iee3bd877cb1791a689efdeabda324f43f7d0c6f2 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32455 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-30vboot: refactor OPROM codeJoel Kitching
The name OPROM is somewhat inaccurate, since other steps to bring up display and graphics are needed depending on mainboard/SoC. This patch cleans up OPROM code nomenclature, and works towards the goal of deprecating vboot1: * Rename CONFIG_VBOOT_OPROM_MATTERS to CONFIG_VBOOT_MUST_REQUEST_DISPLAY and clarify Kconfig description * Remove function vboot_handoff_skip_display_init * Remove use of the VbInit oflag VB_INIT_OUT_ENABLE_DISPLAY * Add |flags| field to vboot_working_data struct * Create VBOOT_FLAG_DISPLAY_REQUESTED and set in vboot_handoff BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make test-abuild TEST=build and flash eve device; attempt loading dev/rec modes BRANCH=none Change-Id: Idf111a533c3953448b4b9084885a9a65a2432a8b Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32262 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-29vboot: specify NEED_VB20_INTERNALS when neededJoel Kitching
NEED_VB20_INTERNALS should always be specified when peeking into vboot internal data structures. BUG=b:124141368, chromium:956474 TEST=make clean && make test-abuild BRANCH=none Change-Id: I5a47a28350fd5a68efeff0d06ca150c1ae145412 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32452 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-23src: include <assert.h> when appropriateElyes HAOUAS
Change-Id: Ib843eb7144b7dc2932931b9e8f3f1d816bcc1e1a Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/26796 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: David Guckian
2019-04-11vboot: do not set VBSD_BOOT_FIRMWARE_WP_ENABLED flagJoel Kitching
The value of "write protect" GPIO shall be read in depthcharge, and the flag shall be set there instead. BUG=b:124141368, b:124192753, chromium:1556855 TEST=Build locally CQ-DEPEND=CL:1556855 BRANCH=none Change-Id: I4d24a057b1385244a836a67c565ee6726a894fdc Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32234 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-06src: Use include <delay.h> when appropriateElyes HAOUAS
Change-Id: I23bc0191ca8fcd88364e5c08be7c90195019e399 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32012 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: David Guckian
2019-04-04vboot: remove Kconfig option VBOOT_PHYSICAL_REC_SWITCHJoel Kitching
This option is duplicated in depthcharge: https://crrev.com/c/1545144 BUG=b:124141368, b:124192753, chromium:943150 TEST=make clean && make test-abuild CQ-DEPEND=CL:1545144 BRANCH=none Change-Id: I48e20ad21cdcb948a23387d3e5fcf142723b0c82 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32135 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2019-04-01vboot: Select CONFIG_VBOOT_OPROM_MATTERS in more casesJulius Werner
This patch enables CONFIG_VBOOT_OPROM_MATTERS in a few more cases where I think(?) it should be. Haswell, Broadwell and Baytrail Chromebooks have this enabled in their old depthcharge firmware branches -- we presumably just forgot to move it over when vboot2 migrated the option to coreboot. Braswell didn't, but it seems like this requirement was added when it was migrated to FSP 1.1...? (Not very sure about that one, but it does call load_vbt() right now which executes things based on display_init_required().) Additionally, it seems to make sense to enable it whenever the user explicitly selects VGA_ROM_RUN in menuconfig (like one of the Intel defconfigs does). Once we have all this, one could take a step back and ask whether this option still makes sense at all anymore. It's enabled for almost all devices (that work with vboot at all), it will presumably be enabled for all future devices, and it seems that most devices that don't enable it use libgfxinit, which as far as I can tell isn't gated on display_init_required() but probably should be. Realistically, whatever kind of display init a board needs to do (native or option ROM), it's probably expensive enough that it's worth skipping on a normal mode vboot boot, and we'd want to have this enabled by default on everything except boards that actually don't have a display. So maybe we should flip it around to CONFIG_VBOOT_OPROM_DOESNT_MATTER, but doing that would probably lead to nobody ever selecting it at all. Not sure what the best solution there is yet, but I think this patch at least moves things in the more correct direction. Change-Id: Id96a88296ddb9cfbb58ea67d93e1638d95570e2c Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32114 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-03-29src: Use include <reset.h> when appropriateElyes HAOUAS
Change-Id: I3b852cae4ef84d257bf1e5486447583bdd16b441 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/29301 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-03-27vboot_handoff: do not set VBSD_HONOR_VIRT_DEV_SWITCHJoel Kitching
As part of chromium:942901, physical dev switch functionality is being deprecated. This flag is no longer read after CL:1526070, and thus does not need to be set here. coreboot's vboot subrepository needs to be updated to include CL:1526070 before this CL can be merged. BUG=b:124141368, b:124192753, chromium:942901 TEST=Build and deploy to eve TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=make clean && make test-abuild CQ-DEPEND=CL:1526070 BRANCH=none Change-Id: Ie5849f9e0fcb8e4e6d35d542a141bf635e751af4 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31952 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-27vboot: deprecate physical dev switchJoel Kitching
Currently only two devices make use of physical dev switch: stumpy, lumpy Deprecate this switch. If these devices are flashed to ToT, they may still make use of virtual dev switch, activated via recovery screen. BUG=b:124141368, b:124192753, chromium:942901 TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x TEST=make clean && make test-abuild BRANCH=none Change-Id: I87ec0db6148c1727b95475d94e3e3f6e7ec83193 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31943 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-26vboot: remove VBOOT_EC_SOFTWARE_SYNC Kconfig optionJoel Kitching
This option is duplicated in depthcharge: https://crrev.com/c/1524811 BUG=b:124141368, b:124192753, b:128737909 TEST=Build and deploy to eve TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x TEST=make clean && make test-abuild CQ-DEPEND=CL:1524811 BRANCH=none Change-Id: Id8c207ec4ad5a476e24eee1ceb9e40f24d55e725 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31926 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>