libpayload: Enable vboot integration

This patch introduces building and linking of 3rdparty/vboot with
libpayload. VBoot can be enabled by setting CONFIG_LP_VBOOT_LIB.
Moreover it can be configured to use either TPM or TPM 2.0 mode,
and whether to use SHA256 processor extension instructions on x86.

Change-Id: I2d9d766a461edaa0081041c020ecf580fd2ca64e
Signed-off-by: Jakub Czapiga <jacz@semihalf.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60080
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>

2 files changed, 73 insertions, 0 deletions

diff --git a/payloads/libpayload/vboot/Kconfig b/payloads/libpayload/vboot/Kconfig
new file mode 100644
index 0000000000..4d5d8818e0
--- /dev/null
+++ b/payloads/libpayload/vboot/Kconfig
@@ -0,0 +1,25 @@
+# SPDX-License-Identifier: BSD-3-Clause
+
+config VBOOT_LIB
+	bool "Compile verified boot (vboot) library"
+	default n
+	help
+	  This option enables compiling and building vboot libraries vboot_fw and tlcl.
+
+if VBOOT_LIB
+
+config VBOOT_TPM2_MODE
+	bool "TPM2 Mode"
+	default y
+	help
+	  This option enables TPM 2.0 support in vboot. Disabling it allows using TPM 1.2.
+
+config VBOOT_X86_SHA_EXT
+	bool "x86 SHA Extension"
+	default n
+	depends on ARCH_X86
+	help
+	  This option enables SHA256 implementation using x86 SHA processor extension
+	  instructions: sha256msg1, sha256msg2, sha256rnds2.
+
+endif
diff --git a/payloads/libpayload/vboot/Makefile.inc b/payloads/libpayload/vboot/Makefile.inc
new file mode 100644
index 0000000000..8289f63945
--- /dev/null
+++ b/payloads/libpayload/vboot/Makefile.inc
@@ -0,0 +1,48 @@
+# SPDX-License-Identifier: BSD-3-Clause
+
+VBOOT_SOURCE ?= $(coreboottop)/3rdparty/vboot
+
+VBOOT_BUILD_DIR ?= $(abspath $(obj)/external/vboot)
+VBOOT_FW_LIB = $(VBOOT_BUILD_DIR)/vboot_fw.a
+TLCL_LIB = $(VBOOT_BUILD_DIR)/tlcl.a
+
+vboot_fw-objs += $(VBOOT_FW_LIB)
+tlcl-objs += $(TLCL_LIB)
+
+kconfig-to-binary=$(if $(1),1,0)
+vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\
+		       $(patsubst include/%.h,$(top)/include/%.h,\
+		       $(filter-out -I$(obj),$(1))))
+
+ifeq ($(CONFIG_LP_ARCH_MOCK),)
+VBOOT_CFLAGS += $(call vboot-fixup-includes,$(CFLAGS))
+VBOOT_CFLAGS += -I$(abspath $(obj))
+endif
+
+# Enable vboot debug by default
+VBOOT_CFLAGS += -DVBOOT_DEBUG
+
+VBOOT_FIRMWARE_ARCH-$(CONFIG_LP_ARCH_ARM) := arm
+VBOOT_FIRMWARE_ARCH-$(CONFIG_LP_ARCH_X86) := x86
+VBOOT_FIRMWARE_ARCH-$(CONFIG_LP_ARCH_ARM64) := arm64
+
+ifeq ($(CONFIG_LP_ARCH_MOCK)$(VBOOT_FIRMWARE_ARCH-y),)
+$(error vboot requires architecture to be set in the configuration)
+endif
+
+$(VBOOT_FW_LIB): $(obj)/libpayload-config.h
+	@printf "    MAKE       $(subst $(obj)/,,$(@))\n"
+	+$(Q) FIRMWARE_ARCH=$(VBOOT_FIRMWARE_ARCH-y) \
+		CC=$(CC) \
+		CFLAGS="$(VBOOT_CFLAGS)" \
+		$(MAKE) -C "$(VBOOT_SOURCE)" \
+		TPM2_MODE=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_TPM2_MODE)) \
+		X86_SHA_EXT=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_X86_SHA_EXT)) \
+		UNROLL_LOOPS=1 \
+		BUILD=$(VBOOT_BUILD_DIR) \
+		V=$(V) \
+		$(VBOOT_BUILD_DIR)/vboot_fw.a tlcl
+
+$(TLCL_LIB): $(VBOOT_FW_LIB)
+
+.PHONY: $(VBOOT_FW_LIB) $(TLCL_LIB)