summaryrefslogtreecommitdiff
path: root/src/security
AgeCommit message (Collapse)Author
2019-09-15src/security: Remove unused #include <fmap.h>Elyes HAOUAS
Change-Id: I9db59d5db2ed3e792251a94b67fb277d9160e4e8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33734 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-13security/vboot: Replace use of __PRE_RAM__Kyösti Mälkki
Change-Id: Ibaeda2762c733fdbe48979b635cc0cfd7ee4295d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35387 Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-11Revert "security/tpm/tss/tcg-2.0: Add multi digits support to tlcl_extend()"Julius Werner
This reverts commit fdb9805d6884090fd7bf62dbdf9c858692e55fb4. CB:33252 wasn't reviewed by a TPM maintainer and breaks abstraction layers (pulling TSS-details into TSPI, completely changing interpretation of the arguments to tlcl_extend() based on TSS version). It's also not clear why it was implemented the way it was (should have been much easier and cleaner ways to achieve the same thing). Since the author is not reacting, let's revert it for now. It can be cleaned up and resubmitted later. (Not reverting the header changes since those are not objectionable, and there are later patches dependent on it.) Change-Id: Ice44f55c75a0acc07794fe41c757a7bca75406eb Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35351 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-07security/tpm: Use correct hash digest lengthsJacob Garber
TPMU_HA is a union of all the different hash digests, and so sizeof(TPMU_HA) evaluates to 64 (the size of the largest one). This will lead to out-of-bounds writes when copying smaller digests, so use the specific digest size for each algorithm. Change-Id: Ic9101f157d5a19836b200ecd99f060de552498d2 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Found-by: Coverity CID 14049{49,50,51,52,53,54,55,56,57,58,60,61,62} Reviewed-on: https://review.coreboot.org/c/coreboot/+/35287 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-06security/tpm/tss/tcg-2.0: Add support for algorithmsFrans Hendriks
Function marshal_TPMT_HA() supports SHA-256 only. Add support for more algorithms. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: Ife8d44484c7a7cb717035e5ae0870bbee205661b Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35276 Reviewed-by: Lance Zhao <lance.zhao@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-05security/tpm/tss/tcg-2.0: Add multi digits support to tlcl_extend()Frans Hendriks
To support multi digists the tlcl_extend() for TPM2 expects TPML_DIGEST_VALUE pointer as input argument. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I8d86c41c23e4e93a84e0527d7cddcfd30d5d8394 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33252 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
2019-09-03security/tpm/tss/tcg-2.0: Use tlcl_get_hash_size_from_algo() for hash sizeFrans Hendriks
mashal_TPMT_HA() uses size of SHA-256 hash. Use tlcll_get_hash_size_from_algo() to determince the hash size. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I739260e13e9cd10a61d52e13e8741b12ec868d7f Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33251 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lance Zhao <lance.zhao@gmail.com> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2019-09-02vboot: remove fastboot supportJoel Kitching
Fastboot support in vboot_reference is unused, unmaintained, and produces compile errors when enabled. Since there is no current or planned use cases for fastboot, remove it. BUG=b:124141368, chromium:995172 TEST=make clean && make test-abuild BRANCH=none Change-Id: I06ea816ffb910163ec2c3c456b3c09408c806d0b Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35002 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-02security/intel: Add TXT infrastructurePatrick Rudolph
* Add Kconfig to enable TXT * Add possibility to add BIOS and SINIT ACMs * Set default BIOS ACM alignment * Increase FIT space if TXT is enabled The following commits depend on the basic Kconfig infrastructure. Intel TXT isn't supported until all following commits are merged. Change-Id: I5f0f956d2b7ba43d4e7e0062803c6d8ba569a052 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34585 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2019-08-26Split MAYBE_STATIC to _BSS and _NONZERO variantsKyösti Mälkki
These are required to cover the absensce of .data and .bss sections in some programs, most notably ARCH_X86 in execute-in-place with cache-as-ram. Change-Id: I80485ebac94b88c5864a949b17ad1dccdfda6a40 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35003 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-21vboot: update vboot2 functions to use new vb2_error_tJoel Kitching
To make explicit when vboot2 error codes should be returned, use the new vb2_error_t type on all functions which return VB2_ERROR_* constants. Additionally, add required vboot submodule commit id e6700f4c: 2019-07-31 14:12:30 +0800 - (vboot: update vboot2 functions to use new vb2_error_t) NOTE: This patch was merged separately on the Chromium tree: https://chromium-review.googlesource.com/c/1728499 BUG=b:124141368, chromium:988410 TEST=make clean && make test-abuild BRANCH=none Change-Id: I804c2b407e496d0c8eb9833be629b7c40118415c Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1728292 Reviewed-on: https://review.coreboot.org/c/coreboot/+/34860 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-21vboot: use vboot2 API to set initial secdatak valueJoel Kitching
Previously, the initial value for secdatak was embedded in secdata_tpm.c as a uint8_t array. Switch to using vb2api_secdatak_create instead, and write the value in ctx->secdatak. Remove an unnecessary call to vb2api_secdata_create in _factory_initialize_tpm. BUG=b:124141368, chromium:972956 TEST=make clean && make test-abuild BRANCH=none TEST=Check that size and value of initial secdatak has not changed. Apply the patch below and check for this output: _factory_initialize_tpm():266: _factory_initialize_tpm: secdatak sizes are identical? 1 _factory_initialize_tpm():269: _factory_initialize_tpm: secdatak values are identical? 1 diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index ff62185107..c1818b482f 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -148,6 +148,18 @@ static uint32_t write_secdata(uint32_t index, return TPM_E_CORRUPTED_STATE; } +/* + * This is derived from rollback_index.h of vboot_reference. see struct + * RollbackSpaceKernel for details. + */ +static const uint8_t secdata_kernel[] = { + 0x02, + 0x4C, 0x57, 0x52, 0x47, + 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + 0xE8, +}; + /* * This is used to initialize the TPM space for recovery hash after defining * it. Since there is no data available to calculate hash at the point where TPM @@ -250,6 +262,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) * indication that TPM factory initialization was successfully * completed. */ + VBDEBUG("%s: secdatak sizes are identical? %d\n", __func__, + sizeof(secdata_kernel) == sizeof(ctx->secdatak)); + VBDEBUG("%s: secdatak values are identical? %d\n", __func__, + memcmp(secdata_kernel, ctx->secdatak, + sizeof(secdata_kernel)) == 0); RETURN_ON_FAILURE(set_kernel_space(ctx->secdatak)); if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) @@ -452,7 +469,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) /* Read the firmware space. */ rv = read_space_firmware(ctx); - if (rv == TPM_E_BADINDEX) { + if (true) { /* * This seems the first time we've run. Initialize the TPM. */ Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1652874, chromium:1655049 Reviewed-on: https://review.coreboot.org/c/coreboot/+/33386 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-08vboot: fix conditional using vboot_setup_tpm return valueJoel Kitching
vboot_setup_tpm returns (TPM_SUCCESS == 0) on success. In this case, call antirollback_read_space_firmware. This regression was introduced in CB:34510. BUG=b:139101213 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ifdea1d85167a50a1ada5afe9b107408e3a2e0d6f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34790 Reviewed-by: Subrata Banik <subrata.banik@intel.com> Reviewed-by: Aamir Bohra <aamir.bohra@intel.com> Reviewed-by: Ronak Kanabar <ronak.kanabar@intel.com> Reviewed-by: V Sowmya <v.sowmya@intel.com> Reviewed-by: caveh jalali <caveh@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-08tpm/tspi: include vb2_sha for vb2_get_hash_algorithm_nameJoel Kitching
BUG=b:124141368 TEST=make clean && make test-abuild BRANCH=none Change-Id: I2e04c16e309d765353f152203a44e90d997394d1 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34742 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-06security/vboot: Add Support for Intel PTTChristian Walter
Add support for Intel PTT. For supporting Intel PTT we need to disable read and write access to the TPM NVRAM during the bootblock. TPM NVRAM will only be available once the DRAM is initialized. To circumvent this, we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is, that the iTPM only supports a stripped down instruction set while the Intel ME is not fully booted up. Details can be found in Intel document number 571993 - Paragraph 2.10. Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-31drivers/crb: Add CRB driver for TPM2 supportChristian Walter
Add the Command Response Buffer which is defined in the TPM 2.0 Specs. CRB can be specified with MAINBOARD_HAS_CRB_TPM, even though it is actually SoC/SB specific. Change-Id: I477e45963fe3cdbc02cda9ae99c19142747e4b46 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34106 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-07-29Revert "src/security/vboot: Add option to skip display init with vboot 2.0"Christian Walter
This reverts commit 598af2e2c2785c00eb4290cdcefe1082b2a6f858. Reason for revert: This commit breaks every board with VBOOT enabled if the platform is apollolake, broadwell, skylake, baswell, baytrails or icelake. The reason is, that the SoC selects VBOOT_MUST_REQUEST_DISPLAY by default, and this has a dependency now on VBOOT_MAY_SKIP_DISPLAY_INIT. This will only be auto-selected if it is a CHROMEOS platform. Change-Id: I3872d9aa993326ded135d8a5d950d5b1b1eddf34 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34308 Reviewed-by: Nico Huber <nico.h@gmx.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-23vboot: relocate call to vboot_save_recovery_reason_vbnvJoel Kitching
Relocate call to vboot_save_recovery_reason_vbnv and rename vb2_clear_recovery_reason_vbnv for consistency. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I111cc23cf3d4b16fdb058dd395ac17a97f23a53f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33551 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-07-23vboot: deprecate vboot_handoff structureJoel Kitching
vboot_handoff is no longer used in coreboot, and is not needed in CBMEM or cbtable. BUG=b:124141368, b:124192753 TEST=make clean && make runtests BRANCH=none Change-Id: I782d53f969dc9ae2775e3060371d06e7bf8e1af6 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33536 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-19security/tpm/tss/tcg-2.0: Add TPM2 function tlcl_getcapability()Frans Hendriks
Add function tlcl_getcapability() to return TPM2 capability. To support TPM2 capability TPM_CAP_PCRS handling is added to unmarshal_get_capability(). BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I85e1bd2822aa6e7fd95ff2b9faa25cf183e6de37 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/30826 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-07src/security/vboot: Add option to skip display init with vboot 2.0Sukerkar, Amol N
This config option, when set, will allow the platform to skip display initialization in normal (non-developer, non-recovery) mode. This allows platforms that do not implement firmware UI in normal mode to skip the display init in firmware. TEST=Set option CONFIG_VBOOT and clear CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT and the display should initialize in ramstage when platform boots. Set CONFIG_VBOOT and set CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT and the display initialization should be skipped in coreboot. Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com> Change-Id: Icadad6da34dcb817af02868e89a94ea62dbfa7b3 Reviewed-on: https://review.coreboot.org/c/coreboot/+/33844 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-03vboot: Use CONFIG_VBOOT_MIGRATE_WORKING_DATA on all platformsJulius Werner
When we added CONFIG_VBOOT_MIGRATE_WORKING_DATA, the idea was that on some Arm platforms the original working data buffer was in SRAM, which stays accessbile for the whole runtime of the system. There is no reason to migrate it into CBMEM on those platforms because ramstage and the payload could continue to access it in SRAM. Now that we've had a couple of months of experience with this option, we found that most of our Arm platforms have some issue that requires migrating anyway, because BL31 often claims SRAM for itself and makes it inaccessible to the payload. On the remaining platforms, accessing SRAM from the payload is possible but still an issue, because libpayload doesn't have enough memory layout information to set up proper page tables for it, so we're accessing it uncached and at risk of alignment errors. Rather than having to figure out how to map the right SRAM range for every platform in the payload, let's just get rid of the option. memcpy()ing 12KB isn't worth this much hassle. Change-Id: I1b94e01c998f723c8950be4d12cc8f02b363a1bf Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33952 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
2019-07-02security/memory: Clear memory in ramstagePatrick Rudolph
* Add architecture independend way of clearing all DRAM * Implemented in ramstage as MTRRs need to be set to speed up clearing. Takes up to 15 seconds per GiB otherwise. * Use memset_pae on x86 * Add quirks for FSP1.0 Tested on P8H61M-Pro: * Clears 4GiB in less than 1 second Tested on wedge100s: * Clears 8GiB in 2 seconds Change-Id: Idaadb8fb438e5b95557c0f65a14534e8762fde20 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31550 Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-01security/tpm/tss/tcg-2.0/tss.c: Add debug message to tlcl_lib_init()Frans Hendriks
No message is reported in tlcl_lib_init() when tis_init() or tis_open() returned an error value. Add debug string. BUG=N/A TEST=Build binary and verified logging on Facebook FBG-1701 Change-Id: I522e488ddd3a1bd94a1a8c8470c757bd79c6d5c5 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33415 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2019-06-27security: Add memory subfolderPatrick Rudolph
Add files to introduce a memory clearing framework. Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by platforms, that are able to clear all DRAM. Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user selectable to always clear DRAM on non S3 boot. The function security_clear_dram_request tells the calling platform when to wipe all DRAM. Will be extended by TEE frameworks. Add Documentation for the new security API. Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2019-06-27vboot: remove vboot_handoff stepJoel Kitching
Depthcharge no longer reads this data structure, and uses the vboot workbuf in vboot_working_data instead. Since vboot2 downstream migration is not yet completed, the vboot2 -> vboot1 migration code is still required, but has been relocated to depthcharge. BUG=b:124141368, b:124192753 TEST=make clean && make runtests BRANCH=none Change-Id: I769abbff79695b38d11fb6a93c2b42f64d4bafde Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33535 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21security/vboot: Remove useless 'const'Elyes HAOUAS
Change-Id: I3b5ca272abffe46c6a63251cf4905780f87a6836 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33540 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Joel Kitching <kitching@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21security/tpm/Makefile.inc: Remove VBOOT dependency for tss files in postcarFrans Hendriks
tss_marshaling.c and tss.c depends on VBOOT for postcar. Eltan vendorcode used function in these file, but has VBOOT disabled. Remove depency of VBOOT for postcar fo tss/tcg-2.0/tss-marshaling.c and tss/tcg-2.0/tss.c BUG=N/A TEST=Created binary and verify logging on Facebook FBG-1701 Change-Id: I195c79283abf403208f406518372bf52289772ed Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33444 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-06-21vboot: relocate code to log and clear recovery mode switchJoel Kitching
Logging and clearing the recovery mode switch doesn't have anything to do with vboot_handoff. Move it to the main verstage logic file. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I2e74f3893463e43fe5fad4a8df8036560f34e0db Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33534 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-06-21vboot: remove functions which read vboot_handoff.out_flagsJoel Kitching
These functions are no longer used and may be removed: * vboot_handoff_check_recovery_flag * vboot_get_handoff_flag BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ie05652ef1288eef74bd2e7e8bea79fd29d523859 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33533 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21vboot: remove vboot_handoff_get_recovery_reasonJoel Kitching
Two functions retrieve vboot recovery_reason: * vboot_handoff_get_recovery_reason * vboot_get_recovery_reason_shared_data Previously, when CBMEM comes online, a vboot_handoff data structure is created, and depending on the architecture, coreboot may eventually lose access to vboot_working_data. After implementing vboot_working_data CBMEM migration, vboot_working_data is always guaranteed to be accessible. vboot_get_recovery_reason_shared_data is corrected to also allow accessing vboot_working_data in ramstage and postcar. Now, vboot_handoff_get_recovery reason returning a valid recovery reason implies that vboot_get_recovery_reason_shared_data should *also* return a valid recovery reason. Thus we may remove the former. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: Iac216dc968dd155d9d4f8bd0f2dfd5034762f9a0 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33532 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-06-12vboot: recovery path should finalize work contextJoel Kitching
Recovery path should finalize work context, and trim vboot_working_data buffer_size. Otherwise, depthcharge ingests the full 12 KB workbuf in recovery path. BUG=chromium:972528, b:134893812 TEST=Build with vboot_reference CL:1584488. Check that USB disks are properly verified in recovery path. BRANCH=none Change-Id: Icf2600d2eb5d846a26aec35a153946dd2f7f128c Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33358 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-22post_code: add post code for failure to load next stageKeith Short
Add a new post code, POST_INVALID_ROM, used when coreboot fails to locate or validate a resource that is stored in ROM. BUG=b:124401932 BRANCH=sarien TEST=build coreboot for sarien and arcada platforms Change-Id: Ie6de6590595d8fcdc57ad156237fffa03d5ead38 Signed-off-by: Keith Short <keithshort@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32770 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-22vboot: determine display init before recovery checkEric Lai
Display is required by recovery mode. Determine display init before recovery check. BUG=b:133197727,b:133175864 TEST=enter recovery mode, checked the display shows up Signed-off-by: Eric Lai <ericr_lai@compal.corp-partner.google.com> Change-Id: Id6ac611f51241373bca3e2b394a94dcd52d3fde7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32906 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-20security/vboot/vboot_crtm.h: Remove ENV_ for vboot_measure_cbfs_hook()Frans Hendriks
vboot_measure_cbfs_hook() is included when CONFIG_VBOOT_MEASURED_BOOT is enabled, but this function is defined as 0 in vboot_crtm.h using ENV_ Remove ENV_ for vboot_measure_cbfs_hook() function definition. This function is added to bootblock stage also. BUG=NA TEST=Build Google Banon and Google Cyan Change-Id: Ic62c18db09c119dfb85340a6b7f36bfd148aaa45 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32532 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-20vboot: save whether developer mode is enabledJoel Kitching
Save whether or not vboot has selected developer mode as a flag in vboot_working_data. Other coreboot code may access this flag without needing to consult vboot_handoff (which is in the process of being deprecated). BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ieb6ac4937c943aea78ddc762595a05387d2b8114 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32843 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-15vboot: remove OPROM-related codeJoel Kitching
As of CL:1605641, vboot2 code should be used for setting and checking display init state. Remove all vboot1 OPROM-related code, and use the vboot2 display init code which has already been added in previous commits. coreboot should not be reading vboot NVRAM flags directly. Remove the function vboot_wants_oprom(), and instead rely on display_init_required(), which uses the VBOOT_WD_FLAG_DISPLAY_INIT value stored in vboot_working_data.flags, initialized during verstage. Note that this means in the case of CONFIG_VBOOT=y, the return value of display_init_required() can only be trusted after verstage has been executed. This should not be a problem assuming that all display initialization occurs in ramstage. BUG=b:124141368, b:124192753, chromium:948529 TEST=Build locally TEST=make clean && make test-abuild BRANCH=none Change-Id: Ic8f9dc5a3c7f1546a8fed82bde02be4d04568f8d Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1605641, chromium:1605525 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32723 Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-15vboot: rename BOOT_OPROM_NEEDED to BOOT_DISPLAY_REQUESTJoel Kitching
Verified Boot OPROM code is being refactored. OPROM is being generalized into "display initialization". As such, the NVRAM request flag is being renamed from OPROM_NEEDED to DISPLAY_REQUEST. BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make test-abuild BRANCH=none Change-Id: I74374abf7d1deb594c073f7a4a76c9de46092143 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1605640 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32720 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-10vboot: Turn vboot_logic_executed() into a static inlineJulius Werner
This patch moves vboot_logic_executed() (and its dependencies) into a header and turns it into a static inline function. The function is used to guard larger amounts of code in several places, so this should allow us to save some more space through compile-time elimination (and also makes it easier to avoid undefined reference issues in some cases). Change-Id: I193f608882cbfe07dc91ee90d02fafbd67a3c324 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32716 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-05-10vboot: Make vboot_logic_executed() a bit more preciseJulius Werner
This patch adds another check to vboot_logic_executed() to make sure we only do a runtime check for verstage_should_load() if CONFIG_VBOOT_RETURN_FROM_VERSTAGE is enabled. That's the only case where the stage that's loading the verstage can execute after verification has run (because the verstage will return to it when it's done). In the other case, the stage that loads verstage really just loads it and will never do anything again after hand-off, so it's guaranteed to always execute before verification. This change may allow extra dead-code elimination in some cases. Change-Id: I7019b6f7b0acfbf0a8173914b53364751b08f2cf Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32714 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-05-09vboot: include vb2_sha.h when requiredJoel Kitching
Should include vb2_sha.h header when SHA library functions or constants are required. This replaces NEED_VB2_SHA_LIBRARY. BUG=b:124141368, chromium:956474 TEST=make clean && make test-abuild BRANCH=none Change-Id: I9f32174dbf3de05fbe5279cb8017888757abf368 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1583820 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32454 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09vboot: communicate display requirements with vb2api_fw_phase1Joel Kitching
Input: tell vb2api_fw_phase1 if display unconditionally available Output: vb2api_fw_phase1 may request coreboot to initialize display, if needed based on some internal request Move setting the VBOOT_FLAG_DISPLAY_REQUESTED flag into verstage_main. BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make test-abuild BRANCH=none Change-Id: I81c82c46303564b63b8a32e7f80beb9d891a4628 Cq-Depend: chromium:1564232 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32324 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09vboot: remove use of VbInitParamsJoel Kitching
The VbInitParams struct will be deprecated. Remove its use in preparation. Additionally, remove use of the flag VB_INIT_OUT_ENABLE_USB_STORAGE, which is no longer used downstream since vboot_reference CL:347257. BUG=b:124141368, chromium:960226 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ibe02cb6ba639de0d7cbdf79fc4dbf49044c92278 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1583943 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32664 Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-06vboot: remove use of GoogleBinaryBlockHeaderJoel Kitching
Remove use of deprecated GoogleBinaryBlockHeader struct, and replace with vb2_gbb_header. BUG=b:124141368, chromium:954774 TEST=make clean && make test-abuild BRANCH=none Change-Id: Iee3bd877cb1791a689efdeabda324f43f7d0c6f2 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32455 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-30vboot: refactor OPROM codeJoel Kitching
The name OPROM is somewhat inaccurate, since other steps to bring up display and graphics are needed depending on mainboard/SoC. This patch cleans up OPROM code nomenclature, and works towards the goal of deprecating vboot1: * Rename CONFIG_VBOOT_OPROM_MATTERS to CONFIG_VBOOT_MUST_REQUEST_DISPLAY and clarify Kconfig description * Remove function vboot_handoff_skip_display_init * Remove use of the VbInit oflag VB_INIT_OUT_ENABLE_DISPLAY * Add |flags| field to vboot_working_data struct * Create VBOOT_FLAG_DISPLAY_REQUESTED and set in vboot_handoff BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make test-abuild TEST=build and flash eve device; attempt loading dev/rec modes BRANCH=none Change-Id: Idf111a533c3953448b4b9084885a9a65a2432a8b Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32262 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-29vboot: specify NEED_VB20_INTERNALS when neededJoel Kitching
NEED_VB20_INTERNALS should always be specified when peeking into vboot internal data structures. BUG=b:124141368, chromium:956474 TEST=make clean && make test-abuild BRANCH=none Change-Id: I5a47a28350fd5a68efeff0d06ca150c1ae145412 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32452 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-24security/tpm: Change POWER_OFF_ON_CR50_UPDATE so it can be disabledKeith Short
Modify the POWER_OFF_ON_CR50_UPDATE Kconfig option so that specific mainboard implementations can disable the option. BUG=b:126632503 BRANCH=none TEST=Build coreboot on sarien/arcada. TEST=Perform Cr50 firmware update on Sarien, confirm the platform boots normally after sending TURN_UPDATE_ON to the Cr50. Change-Id: I3beefaae21de61e53ae232dbdc8ea9dbb2c78cd5 Signed-off-by: Keith Short <keithshort@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32435 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-04-23src: include <assert.h> when appropriateElyes HAOUAS
Change-Id: Ib843eb7144b7dc2932931b9e8f3f1d816bcc1e1a Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/26796 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: David Guckian
2019-04-11vboot: do not set VBSD_BOOT_FIRMWARE_WP_ENABLED flagJoel Kitching
The value of "write protect" GPIO shall be read in depthcharge, and the flag shall be set there instead. BUG=b:124141368, b:124192753, chromium:1556855 TEST=Build locally CQ-DEPEND=CL:1556855 BRANCH=none Change-Id: I4d24a057b1385244a836a67c565ee6726a894fdc Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32234 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-08{src,util}: Correct typo in comment and debug stringFrans Hendriks
Correct typo in comment and debug string. BUG=N/A TEST=build Change-Id: I0362bb8d7c883e7fcbc6a2fc2f9918251f0d8d6e Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/29321 Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>