summaryrefslogtreecommitdiff
path: root/src/security/vboot
AgeCommit message (Collapse)Author
2020-04-04assert.h: Add a tag parameter to dead_code()Nico Huber
When dead_code() is used in inline functions in a header file, the generated function names (based on the line number) may collide with a dead_code() in the code file. Now that we are hit by such a case, we need a quick solution: Add a tag argument for all invocations in header files. Change-Id: I0c548ce998cf8e28ae9f76b5c0ea5630b4e91ae2 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40140 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-04-04src/security: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-03-31security/vboot: relocate and rename vboot_platform_is_resuming()Bill XIE
After measured boot is decoupled from verified boot in CB:35077, vboot_platform_is_resuming() is never vboot-specific, thus it is renamed to platform_is_resuming() and declared in bootmode.h. Change-Id: I29b5b88af0576c34c10cfbd99659a5cdc0c75842 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39103 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31security/vboot: Decouple measured boot from verified bootBill XIE
Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-03-17src (minus soc and mainboard): Remove copyright noticesPatrick Georgi
They're listed in AUTHORS and often incorrect anyway, for example: - What's a "Copyright $year-present"? - Which incarnation of Google (Inc, LLC, ...) is the current copyright holder? - People sometimes have their editor auto-add themselves to files even though they only deleted stuff - Or they let the editor automatically update the copyright year, because why not? - Who is the copyright holder "The coreboot project Authors"? - Or "Generated Code"? Sidestep all these issues by simply not putting these notices in individual files, let's list all copyright holders in AUTHORS instead and use the git history to deal with the rest. Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-12vboot: remove extraneous vboot_recovery_mode_memory_retrainJoel Kitching
Just call get_recovery_mode_retrain_switch() directly. BUG=b:124141368 TEST=make clean && make test-abuild BRANCH=none Change-Id: Icb88d6862db1782e0218276984e527638b21fd3a Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39343 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-03-07vboot: Upgrade kernel space to v1.0dnojiri
This patch upgrades the kernel space to v1.0 to accommodate EC hash, which is used for CrOS EC's early firmware selection. BUG=chromium:1045217 BRANCH=none TEST=Boot Helios. Verify software sync works. Cq-Depend: chromium:2041695 Change-Id: I525f1551afd1853cae826e87198057410167b239 Signed-off-by: dnojiri <dnojiri@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39137 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-06security/vboot: Support enabling EC EFS with EC software syncSam McNally
If the ChromeOS EC uses EC early firmware selection (EFS), the AP vboot build must also enable EC EFS. Add an option to control this, passing it through to vboot. BUG=b:150742950 TEST=none BRANCH=none Signed-off-by: Sam McNally <sammc@chromium.org> Change-Id: I697e90748e19d15af154011413b30c0f2a0bf52e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39272 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Edward O'Callaghan <quasisec@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2020-02-24treewide: Capitalize 'CMOS'Elyes HAOUAS
Change-Id: I1d36e554618498d70f33f6c425b0abc91d4fb952 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38928 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Peter Lemenkov <lemenkov@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-24vboot: remove rogue vboot_struct.h includeJoel Kitching
As part of vboot1 deprecation, remove an unused vboot_struct.h include. coreboot is now free of vboot1 data structure use. One vboot_api.h include remains as part of security/vboot/ec_sync.c. BUG=b:124141368 TEST=make clean && make test-abuild BRANCH=none Change-Id: I042d692aa252f8f859d4005455eb6a2eabc24a87 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39024 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-19vboot: use vb2api_get_recovery_reason functionJoel Kitching
Use vb2api_get_recovery_reason() API function rather than accessing vb2_shared_data internals. Of all the vanilla verified boot code in coreboot, this is the last remaining use of vboot's internal data structures in coreboot. There remains only one sole instance in Eltan's code. BUG=b:124141368, chromium:957880 TEST=make clean && make test-abuild BRANCH=none Change-Id: I845c9b14ffa830bc7de28e9a38188f7066871803 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:2055662 Reviewed-on: https://review.coreboot.org/c/coreboot/+/38886 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-18security/vboot: Correct help text of VBOOT_STARTS_IN_ROMSTAGEYu-Ping Wu
Since CB:37231 [1], the vboot working data has been replaced with vboot work buffer, so corrrect the help text of option VBOOT_STARTS_IN_ROMSTAGE accordingly. [1] security/vboot: Remove struct vboot_working_data BRANCH=none BUG=chromium:1021452 TEST=none Change-Id: I80783274179ae7582bbb4c8f9d392895623badce Signed-off-by: Yu-Ping Wu <yupingso@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38900 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
2020-02-17vboot: rename GBB flag FAFT_KEY_OVERIDE to FLAG_RUNNING_FAFTJoel Kitching
This was renamed in vboot_reference CL:1977902. BUG=b:124141368, chromium:965914 TEST=make clean && make test-abuild BRANCH=none Change-Id: I79af304e9608a30c6839cd616378c7330c3de00a Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37462 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-17vboot: remove VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT optionJoel Kitching
With CL:1940398, this option is no longer needed. Recovery requests are not cleared until kernel verification stage is reached. If the FSP triggers any reboots, recovery requests will be preserved. In particular: - Manual requests will be preserved via recovery switch state, whose behaviour is modified in CB:38779. - Other recovery requests will remain in nvdata across reboot. These functions now only work after verstage has run: int vboot_check_recovery_request(void) int vboot_recovery_mode_enabled(void) int vboot_developer_mode_enabled(void) BUG=b:124141368, b:35576380 TEST=make clean && make test-abuild BRANCH=none Change-Id: I52d17a3c6730be5c04c3c0ae020368d11db6ca3c Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38780 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-17vboot: push clear recovery mode switch until BS_WRITE_TABLESJoel Kitching
Serves two purposes: (1) On some platforms, FSP initialization may cause a reboot. Push clearing the recovery mode switch until after FSP code runs, so that a manual recovery request (three-finger salute) will function correctly under this condition. (2) The recovery mode switch value is needed at BS_WRITE_TABLES for adding an event to elog. (Previously this was done by stashing the value in CBMEM_ID_EC_HOSTEVENT.) BUG=b:124141368, b:35576380 TEST=make clean && make test-abuild BRANCH=none Change-Id: I30c02787c620b937e5a50a5ed94ac906e3112dad Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38779 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-14vboot: fix up some includesJoel Kitching
These header files need to make use of vb2_shared_data. Remove the last vestiges of vboot1 data structures in coreboot. BUG=b:124141368, chromium:1038260 TEST=Build locally with CL:2054269 TEST=make clean && make test-abuild BRANCH=none Change-Id: I61b27e33751c11aac9f8af261a75d83b003b5f92 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38884 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-10vboot: correct workbuf size when VBOOT_STARTS_IN_ROMSTAGEJoel Kitching
Part of the design of vboot persistent context is that the workbuf gets placed in CBMEM and stays there for depthcharge to use in kernel verification. As such, the space allocated in CBMEM needs to be at least VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE. In the VBOOT_STARTS_IN_ROMSTAGE case, prior to this CL, vboot_get_context() would get invoked for the first time after CBMEM comes up, and it would only allocate VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE. Initialize the workbuf directly in vboot_setup_cbmem() instead with the correct VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE. BUG=b:124141368, chromium:994060 TEST=make clean && make test-abuild TEST=boot on GOOGLE_EVE with VBOOT_STARTS_IN_ROMSTAGE set BRANCH=none Change-Id: Ie09c39f960b3f14f3a64c648eee6ca3f23214d9a Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38778 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-07security/vboot: relocate vb2ex_abort and vb2ex_printfJoel Kitching
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage. Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT. Relevant vboot_reference commit: CL:2037263. BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38706 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>
2020-02-05vendorcode/eltan/security: Switch to vb2 vboot libraryWim Vervoorn
The eltan verified_boot is using the vboot 2.1 data structures and code, as well as the fwlib21 build target, they are all deprecated. Refer to CB:37654 for more information. The verified_boot code is updated to use the vb2 structures and code and make sure only public functions are used. BUG=N/A TEST=build Change-Id: I1e1a7bce6110fe35221a4d7a47c1eb7c7074c318 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38590 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2020-01-25vboot: Remove hard dependency on MISSING_BOARD_RESETJulius Werner
Having a working board reset is certainly better when you're running vboot (because otherwise you'll hang when transitioning into recovery mode), but I don't think it should be strictly required, since it's still somewhat usable without. This is particularly important for certain test platforms that don't have a good way to reset but might still be useful for vboot testing/prototyping. Change-Id: Ia765f54b6e2e176e2d54478fb1e0839d8cab9849 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38417 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-01-18security/vboot: Allow UDC regardless of vboot stateWim Vervoorn
When a VBOOT enabled system is used without ChromeOS it may be valid to allow the UDC independent of the vboot state. Provide the option to always allow UDC when CHROMEOS is not selected. BUG=N/A TEST=build Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-01-18cbfs: Remove locator conceptJulius Werner
When vboot was first integrated into CBFS it was still part of Google vendorcode. So to not directly tie custom vendorcode into the core CBFS library, the concept of cbfs_locator was introduced to decouple core code from an arbitrary amount of platform-specific implementations that want to decide where the CBFS can be found. Nowadays vboot is a core coreboot feature itself, and the locator concept isn't used by anything else anymore. This patch simplifies the code by removing it and just calling vboot from the CBFS library directly. That should make it easier to more closely integrate vboot into CBFS in the future. Change-Id: I7b9112adc7b53aa218c58b8cb5c85982dcc1dbc0 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38419 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-01-10src/security: Fix typosElyes HAOUAS
Change-Id: I238fce2d48cf62003a701f972a87974415419538 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38198 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-12-26src: Remove unused include <string.h>Elyes HAOUAS
Change-Id: Ic6b66dd8fa387e67bb0ce609fb7e2553eeb66b3c Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37888 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-20security/vboot: Add a dedicated flag for building of vboot libraryBill XIE
As discussed in CB:35077, since both measured boot and verified boot depends on vboot library, it had better to introduce a dedicated flag CONFIG_VBOOT_LIB to control the building and linking of the vboot library, and make other flags needing vboot library select it. Only the actual verification stuff should be conditional on CONFIG_VBOOT. Change-Id: Ia1907a11c851ee45a70582e02bdbe08fb18cc6a4 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37787 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
2019-12-19src/security: Remove unused <stdlib.h>Elyes HAOUAS
Change-Id: I0b5c375baf7911ebced2f8c43a88aae014c877ad Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33694 Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-12-19arch/x86: Drop uses of ROMCC_BOOTBLOCKArthur Heymans
Change-Id: Ia0405fdd448cb31b3c6ca3b3d76e49e9f430bf74 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37339 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-12-18vboot: remove 2lib headers from MakefileJoel Kitching
Only headers from firmware/lib should be imported. As far as I can tell, nothing imports 2lib headers directly anymore, so we can get rid of this CFLAG. BUG=b:124141368, chromium:968464 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ie5f3fe1d0180113b332e57ed07d4cfe563e7ecf2 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37786 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-18vboot: Fix MOCK_SECDATA for new naming schemeJulius Werner
CB:37655 updated all secdata_xxx to secdata_firmware_xxx, but forgot the code that's only compiled when MOCK_SECDATA is set. This patch fixes it. Change-Id: Icf12fe405d7ce46345ccbdcb76f6aa1b56ed0194 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37772 Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Joel Kitching <kitching@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-12-13security/vboot: Ensure firmware body size is respected againJulius Werner
CB:36845 simplified how coreboot finds the RW CBFS after vboot has and eliminated a layer of caching. Unfortunately, we missed the fact that the former cached value didn't exactly match the FMAP section... it was in fact truncated to the data actually used by vboot. That patch unintentionally broke this truncation which leads to performance regressions on certain CBFS accesses. This patch makes use of a new API function added to vboot (CL:1965920) which we can use to retrieve the real firmware body length as before. (Also stop making all the vb2_context pointers const. vboot generally never marks context pointers as const in its API functions, even when the function doesn't modify the context. Therefore constifying it inside coreboot just makes things weird because it prevents you from calling random API functions for no reason. If we really want const context pointers, that's a refactoring that would have to start inside vboot first.) This patch brings in upstream vboot commit 4b0408d2: 2019-12-12 Julius Werner 2lib: Move firmware body size reporting to separate function Change-Id: I167cd40cb435dbae7f09d6069c9f1ffc1d99fe13 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37680 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Mathew King <mathewk@chromium.org>
2019-12-12vboot: update secdata naming schemeJoel Kitching
secdata -> secdata_firmware secdatak -> secdata_kernel BUG=b:124141368, chromium:972956 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ie2051de51c8f483a8921831385557fad816eb9fb Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37655 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-10vboot: remove old vboot_fill_handoff function headerJoel Kitching
This function was removed in CB:33535. BUG=b:124141368 TEST=make clean && make runtests BRANCH=none Change-Id: Ifded75319c92dcbb4befbb3fbecc1cd2df8a9ad0 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37588 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-09EC sync: Properly handle VBERROR return codes from vb2api_ec_syncTim Wawrzynczak
Some return codes were missed when implementing this initially; the vboot logic can require the system to command the EC to reboot to its RO, switch RW slots or it can require a poweroff of the SoC. This patch appropriately handles these return codes. BUG=b:145768046 BRANCH=firmware-hatch-12672.B TEST=ODM verified this patch fixes the issues seen. Change-Id: I2748cf626d49c255cb0274cb336b072dcdf8cded Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37562 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-06vboot: Clear secdata change flags after factory initJulius Werner
factory_initialize_tpm() calls secdata_xxx_create() (for both firmware and kernel space) and then immediately writes those spaces out to the TPM. The create() functions make vboot think it just changed the secdata (because it reinitialized the byte arrays in the context), so we also need to clear the VB2_CONTEXT_SECDATA_xxx_CHANGED flags again, otherwise vboot thinks it still needs to flush the spaces out to the TPM even though we already did that. Also clean up some minor related stuff (VB2_CONTEXT_SECDATA_CHANGED notation is deprecated, and secdata space intialization should use the same write-and-readback function we use for updates). Change-Id: I231fadcf7b35a1aec3b39254e7e41c3d456d4911 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37471 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-06vboot: update VbExNvStorageWrite functionJoel Kitching
Going forwards, vb2ex_commit_data will be used to flush both nvdata and secdata. The patch that is circularly dependent on this lies between a patch that makes vboot no longer build and the patch that fixes that, so we have to pull the whole thing in at once to sort out the mess. Updating from commit id 1c4dbaa0: 2019-11-18 Julius Werner Makefile: Fix typo for MOCK_TPM to commit id 695c56dc: 2019-12-04 Julius Werner Makefile: Make loop unrolling fully controllable by the caller BUG=b:124141368, chromium:1006689 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ia2612da0df101cd3c46151dbce728633a39fada1 Signed-off-by: Joel Kitching <kitching@google.com> Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37315 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-02src: Move 'static' to the beginning of declarationElyes HAOUAS
Change-Id: I9b2cc1bb58922d9e32202ea4c20b9aacfe308bad Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33673 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-02lib/coreboot_table: Add CBMEM_ID_VBOOT_WORKBUF pointer to coreboot tableYu-Ping Wu
Since struct vb2_shared_data already contains workbuf_size and vboot_workbuf_size is never used in depthcharge, remove it from struct sysinfo_t. In addition, remove lb_vboot_workbuf() and add CBMEM_ID_VBOOT_WORKBUF pointer to coreboot table with add_cbmem_pointers(). Parsing of coreboot table in libpayload is modified accordingly. BRANCH=none BUG=chromium:1021452 TEST=emerge-nami coreboot libpayload depthcharge; Akali booted correctly Change-Id: I890df3ff93fa44ed6d3f9ad05f9c6e49780a8ecb Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37234 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-02security/vboot: Remove struct vboot_working_dataYu-Ping Wu
After CB:36808, CB:36844 and CB:36845, all fields except buffer_offset were removed from struct vboot_working_data. Since buffer_offset is used to record the offset of the workbuf relative to the whole structure, it is no longer needed. This patch removes the structure, and renames vboot_get_working_data() to vboot_get_workbuf(). BRANCH=none BUG=chromium:1021452 TEST=emerge-nami coreboot Change-Id: I304a5e4236f13b1aecd64b88ca5c8fbc1526e592 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37231 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-29security/vboot: Drop CAR_GLOBAL_MIGRATION supportArthur Heymans
Change-Id: I9dee03da028b9111b685e325368815a86e444a47 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37028 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-28security/vboot: Use persistent context to read GBB flagsJulius Werner
With the persistent vboot context coreboot no longer needs to read GBB flags from flash itself -- it can just ask vboot for the cached result. This patch removes the existing GBB code and provides gbb_is_flag_set() (with a slightly better namespaced name) as a static inline instead. Change-Id: Ibc3ed0f3fbeb53d630925d47df4dc474b0ed07ee Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37261 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-26security/vboot: Remove duplicate offsetof() definitionJacob Garber
This macro is already defined in commonlib/helpers.h Change-Id: I1fce2936757b13807e254f4a844f583b938bf349 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37181 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Alex James <theracermaster@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-25Kconfig: Drop the C_ENVIRONMENT_BOOTBLOCK symbolArthur Heymans
The romcc bootblock will be deprecated soon and most platforms use C_ENVIRONMENT_BOOTBLOCK already. This patch drops the CONFIG_C_ENVIRONMENT_BOOTBLOCK symbol and adds CONFIG_ROMCC_BOOTBLOCK where needed. Change-Id: I773a76aade623303b7cd95ebe9b0411e5a7ecbaf Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37154 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2019-11-22Makefiles: Remove -D__PRE_RAM__Kyösti Mälkki
All cases of testing for __PRE_RAM__ have been converted to equivalent ENV_xxx definitions from <rules.h>. Change-Id: Ib6cd598f17109cc1072818cebe4791f7410c3428 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37075 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-20security/vboot: Build vboot library with same .a that depthcharge usesTim Wawrzynczak
Currently, depthcharge and coreboot are using two different vboot libraries. coreboot is using "fwlib20", while depthcharge uses "fwlib". The only difference between the two libraries is the inclusion of vboot1-only compilation units in fwlib, which are now deprecated. Therefore, coreboot may as well use fwlib too. Vboot is expected to converge on a single firmware library soon. BUG=none BRANCH=none TEST=compiles and runs verstage correctly Change-Id: I905b781c3596965ec7ef45a2a7eafe15fdd4d9cc Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36341 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-20security/vboot/sync_ec: Add timestampsTim Wawrzynczak
Add 4 new timestamps to the EC software sync flow: 1) Beginning of EC software sync 2) EC finished calculating Vboot hash 3) EC is no longer requesting power limiting 4) End of EC software sync BUG=none BRANCH=none TEST=verified timestamps show up in cbmem log Change-Id: I6e5703c146b5ec27d01700fdb39cb3d2092ea8a8 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36209 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20security/vboot: Add vboot callbacks to support EC software syncTim Wawrzynczak
Use the new functions introduced into the EC driver to support performing EC software sync via vboot callbacks. NOTE: This patch assumes that the EC image is added to CBFS uncompressed. Streaming decompression of the image will be added in a future patch. Also adds a new Kconfig option VBOOT_EARLY_EC_SYNC. The new Kconfig option compiles EC software sync into romstage, dependent upon having a CrOS EC. BUG=b:112198832 BRANCH=none TEST=Successful EC software sync Change-Id: I9b1458a45ab3ed5623af50f78036c4f88461b226 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36208 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-20cbfs: switch to region_device for location APIsAaron Durbin
Drop struct cbfs_props and replace with struct region_device object. The goal of the cbfs locator APIs are to determine the correct region device to find the cbfs files. Therefore, start directly using struct region_device in the cbfs location paths. Update the users of the API and leverage the default boot region device implementation for apollolake. Change-Id: I0158a095cc64c9900d8738f8ffd45ae4040575ea Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36939 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20security/vboot: Remove selected_region from struct vboot_working_dataYu-Ping Wu
Since we already have pre-RAM cache for FMAP (CB:36657), calling load_firmware() multiple times is no longer a problem. This patch replaces vboot_get_selected_region() usage with vboot_locate_firmware(), which locates the firmware by reading from the CBMEM cache. In addition, returning false from vboot_is_slot_selected() implies the recovery path was requested, i.e., vb2_shared_data.recovery_reason was set. Therefore, we simply remove the vboot_is_slot_selected() check from vboot_check_recovery_request(). BRANCH=none BUG=chromium:1021452 TEST=emerge-kukui coreboot Change-Id: I27cb1a2175beb189053fc3e44b17b60aba474bb0 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36845 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20security/vboot: Remove buffer_size from struct vboot_working_dataYu-Ping Wu
Since buffer_size is no longer used, remove it from struct vboot_working_data. BRANCH=none BUG=chromium:1021452 TEST=emerge-kukui coreboot Change-Id: Ie770e89b4a45e0ec703d5bbb8fb6a298ce915056 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36844 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-19security/vboot: Remove vboot_named_region_device(_rw)Yu-Ping Wu
Remove vboot_named_region_device(_rw) and use fmap_locate_area_as_rdev(_rw) directly. BRANCH=none BUG=none TEST=emerge-kukui coreboot Change-Id: I244ac4e01ae5b80285162b3baffc0b30aa057bfb Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36922 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>