From d6fc557b9344cf466122ebe7bd7382e9d247c77c Mon Sep 17 00:00:00 2001
From: Tim Wawrzynczak <twawrzynczak@chromium.org>
Date: Fri, 25 Oct 2019 14:58:15 -0600
Subject: security/vboot: Add vboot callbacks to support EC software sync

Use the new functions introduced into the EC driver to support
performing EC software sync via vboot callbacks.

NOTE: This patch assumes that the EC image is added to CBFS
uncompressed.  Streaming decompression of the image will be added in a
future patch.

Also adds a new Kconfig option VBOOT_EARLY_EC_SYNC.  The new Kconfig
option compiles EC software sync into romstage, dependent upon having a
CrOS EC.

BUG=b:112198832
BRANCH=none
TEST=Successful EC software sync

Change-Id: I9b1458a45ab3ed5623af50f78036c4f88461b226
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36208
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/security/vboot/vboot_logic.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

(limited to 'src/security/vboot/vboot_logic.c')

diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 6ee4d948f3..ccce148882 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -251,21 +251,27 @@ static vb2_error_t hash_body(struct vb2_context *ctx,
 	return VB2_SUCCESS;
 }
 
-/**
- * Save non-volatile and/or secure data if needed.
- */
-static void save_if_needed(struct vb2_context *ctx)
+void vboot_save_nvdata_only(struct vb2_context *ctx)
 {
+	assert(!(ctx->flags & (VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED |
+			       VB2_CONTEXT_SECDATA_KERNEL_CHANGED)));
+
 	if (ctx->flags & VB2_CONTEXT_NVDATA_CHANGED) {
 		printk(BIOS_INFO, "Saving nvdata\n");
 		save_vbnv(ctx->nvdata);
 		ctx->flags &= ~VB2_CONTEXT_NVDATA_CHANGED;
 	}
+}
+
+void vboot_save_data(struct vb2_context *ctx)
+{
 	if (ctx->flags & VB2_CONTEXT_SECDATA_CHANGED) {
 		printk(BIOS_INFO, "Saving secdata\n");
 		antirollback_write_space_firmware(ctx);
 		ctx->flags &= ~VB2_CONTEXT_SECDATA_CHANGED;
 	}
+
+	vboot_save_nvdata_only(ctx);
 }
 
 static uint32_t extend_pcrs(struct vb2_context *ctx)
@@ -368,13 +374,13 @@ void verstage_main(void)
 		 */
 		if (rv == VB2_ERROR_API_PHASE1_RECOVERY) {
 			printk(BIOS_INFO, "Recovery requested (%x)\n", rv);
-			save_if_needed(ctx);
+			vboot_save_data(ctx);
 			extend_pcrs(ctx); /* ignore failures */
 			goto verstage_main_exit;
 		}
 
 		printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
-		save_if_needed(ctx);
+		vboot_save_data(ctx);
 		vboot_reboot();
 	}
 
@@ -383,7 +389,7 @@ void verstage_main(void)
 	rv = vb2api_fw_phase2(ctx);
 	if (rv) {
 		printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
-		save_if_needed(ctx);
+		vboot_save_data(ctx);
 		vboot_reboot();
 	}
 
@@ -394,7 +400,7 @@ void verstage_main(void)
 	timestamp_add_now(TS_END_VERIFY_SLOT);
 	if (rv) {
 		printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
-		save_if_needed(ctx);
+		vboot_save_data(ctx);
 		vboot_reboot();
 	}
 
@@ -405,7 +411,7 @@ void verstage_main(void)
 			"Failed to read FMAP to locate firmware");
 
 	rv = hash_body(ctx, &fw_main);
-	save_if_needed(ctx);
+	vboot_save_data(ctx);
 	if (rv) {
 		printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
 		vboot_reboot();
@@ -419,7 +425,7 @@ void verstage_main(void)
 			printk(BIOS_WARNING,
 			       "Failed to extend TPM PCRs (%#x)\n", rv);
 			vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv);
-			save_if_needed(ctx);
+			vboot_save_data(ctx);
 			vboot_reboot();
 		}
 		timestamp_add_now(TS_END_TPMPCR);
@@ -432,7 +438,7 @@ void verstage_main(void)
 	if (rv) {
 		printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv);
 		vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0);
-		save_if_needed(ctx);
+		vboot_save_data(ctx);
 		vboot_reboot();
 	}
 	timestamp_add_now(TS_END_TPMLOCK);
@@ -445,7 +451,7 @@ void verstage_main(void)
 			       rv);
 			vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR,
 				    0);
-			save_if_needed(ctx);
+			vboot_save_data(ctx);
 			vboot_reboot();
 		}
 	}
-- 
cgit v1.2.3