summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Georgi <pgeorgi@chromium.org>2016-02-02 14:43:56 +0100
committerPatrick Georgi <pgeorgi@google.com>2016-02-03 18:53:53 +0100
commit0db0e61f6491ac64016e8ebcb45ab9950a2c7c79 (patch)
treef3b83df3da1ac64a8a90f1af38867a54ebc1c870
parent4505787724616221a42a6cf81f89383d732a9cb3 (diff)
chromeos: Create GBB at build time
The GBB contains hardware-specific data plus some configuration. The latter isn't supported by this change yet and will come later. The fields that are supported (hardware ID, bmpfv, vboot keys) are configurable through Kconfig and point to Chrome OS-style default (eg. developer keys). While adding vboot keys, the two keys used to sign RW regions are also added to Kconfig, even if not yet used. Change-Id: Icfba6061ca83182df560cd36052fbb257826d4b0 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: https://review.coreboot.org/13558 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
-rw-r--r--src/vendorcode/google/chromeos/Kconfig44
-rw-r--r--src/vendorcode/google/chromeos/Makefile.inc32
2 files changed, 76 insertions, 0 deletions
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index d2a42a13d5..f06081773f 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -168,5 +168,49 @@ config HAVE_REGULATORY_DOMAIN
source src/vendorcode/google/chromeos/vboot2/Kconfig
+menu "GBB configuration"
+
+config GBB_HWID
+ string "Hardware ID"
+ default "NOCONF HWID"
+
+config GBB_BMPFV_FILE
+ string "Path to bmpfv image"
+ depends on GBB_HAVE_BMPFV
+ default ""
+
+endmenu # GBB
+
+menu "Vboot Keys"
+config VBOOT_ROOT_KEY
+ string "Root key (public)"
+ default "3rdparty/vboot/tests/devkeys/root_key.vbpubk"
+
+config VBOOT_RECOVERY_KEY
+ string "Recovery key (public)"
+ default "3rdparty/vboot/tests/devkeys/recovery_key.vbpubk"
+
+config VBOOT_FIRMWARE_PRIVKEY
+ string "Firmware key (private)"
+ default "3rdparty/vboot/tests/devkeys/firmware_data_key.vbprivk"
+
+config VBOOT_KERNEL_KEY
+ string "Kernel subkey (public)"
+ default "3rdparty/vboot/tests/devkeys/kernel_subkey.vbpubk"
+
+config VBOOT_KEYBLOCK
+ string "Keyblock to use for the RW regions"
+ default "3rdparty/vboot/tests/devkeys/firmware.keyblock"
+
+config VBOOT_KEYBLOCK_VERSION
+ int "Keyblock version number"
+ default 1
+
+config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
+ hex "Keyblock preamble flags"
+ default 0
+
+endmenu # Keys
+
endif # CHROMEOS
endmenu
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index 3f016a5a58..8e12e3a5c3 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -51,3 +51,35 @@ CFLAGS_common += -DMOCK_TPM=0
endif
subdirs-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot2
+
+CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
+CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
+
+ifneq ($(CONFIG_GBB_BMPFV_FILE),)
+$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
+ @printf " CREATE GBB (with BMPFV)\n"
+ $(CBFSTOOL) $< read -r GBB -f $(obj)/gbb.stub.tmp
+ $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract $(call file-size,$(obj)/gbb.stub.tmp) 0x2180),0x1000 $@.tmp
+ rm -f $(obj)/gbb.stub.tmp
+ mv $@.tmp $@
+else
+$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
+ @printf " CREATE GBB (without BMPFV)\n"
+ $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
+ mv $@.tmp $@
+endif
+
+$(obj)/gbb.region: $(obj)/gbb.stub
+ @printf " SETUP GBB\n"
+ cp $< $@.tmp
+ $(FUTILITY) gbb_utility -s \
+ --hwid="$(CONFIG_GBB_HWID)" \
+ --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
+ --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
+ --flags=0 \
+ $@.tmp
+ mv $@.tmp $@
+
+build_complete:: $(obj)/gbb.region
+ @printf " WRITE GBB\n"
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -f $<