mainboard/intel/galileo: Add vboot support

Add the necessary files and changes to support vboot. TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield 1. Obtain and install a SparkFun CryptoShield. https://www.sparkfun.com/products/13183 2. Edit src/mainboard/intel/galileo/Kconfig to select VBOOT_WITH_CRYPTO_SHIELD 3. Use make menuconfig to update the config values and select a payload that will fit. I used SeaBIOS which does not boot. 4. Build coreboot 5. Use the command file below to generate the signed coreboot image. 6. Flash build/coreboot.rom onto the Galileo board 7. The test is successful if verstage detects that it needs recovery after Phase 1. This is expected because the image does not contain the GBB section. 8. Flash build/coreboot.signed.bin onto the Galileo board 9. The test is successful if verstage reaches Phase 4 and selects SLOT A to load the rest of the files. commands: gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob dd conv=fdatasync ibs=4096 obs=4096 count=1553 \ if=build/coreboot.rom of=build/coreboot.signed.rom dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \ of=build/coreboot.signed.rom dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \ count=368 if=build/coreboot.rom of=build/coreboot.signed.rom gbb_utility \ --set --hwid='Galileo' \ -r $PWD/keys/recovery_key.vbpubk \ -k $PWD/keys/root_key.vbpubk \ build/coreboot.signed.rom 3rdparty/vboot/scripts/image_signing/sign_firmware.sh \ build/coreboot.signed.rom \ $PWD/keys \ build/coreboot.signed.rom Change-Id: I02eb0ef647cd34c13a5fe8be0bdbe1bb38524d0c Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com> Reviewed-on: https://review.coreboot.org/18821 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
author: Lee Leahy <leroy.p.leahy@intel.com> 2017-01-04 08:34:01 -0800
committer: Lee Leahy <leroy.p.leahy@intel.com> 2017-03-16 04:10:25 +0100
commit: 28c3f23b4627966b2112feaedc228977c4425a87 (patch)
tree: 7727942ea6f6086ca671966d774d2321e791b67b /src/mainboard/intel/galileo/vboot.c
parent: 1b39f176a9bbce85791440745dcbdad629b79373 (diff)
1 files changed, 111 insertions, 0 deletions
diff --git a/src/mainboard/intel/galileo/vboot.c b/src/mainboard/intel/galileo/vboot.c
new file mode 100644
index 0000000000..cc8831eaeb
--- /dev/null
+++ b/src/mainboard/intel/galileo/vboot.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2016-2017 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but without any warranty; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <assert.h>
+#include <bootmode.h>
+#include <console/console.h>
+#include <delay.h>
+#include <device/i2c.h>
+#include <lib.h>
+#include <soc/i2c.h>
+#include <soc/reg_access.h>
+#include "reg_access.h"
+#include "gen1.h"
+#include "gen2.h"
+#include <spi_flash.h>
+#include <vboot/vboot_common.h>
+
+int clear_recovery_mode_switch(void)
+{
+	/* Nothing to do */
+	return 0;
+}
+
+int get_developer_mode_switch(void)
+{
+	return 0;
+}
+
+int get_recovery_mode_switch(void)
+{
+	return 0;
+}
+
+int get_sw_write_protect_state(void)
+{
+	/* Not write protected */
+	return 0;
+}
+
+int get_write_protect_state(void)
+{
+	/* Not write protected */
+	return 0;
+}
+
+void log_recovery_mode_switch(void)
+{
+}
+
+void verstage_mainboard_init(void)
+{
+	const struct reg_script *script;
+
+	/* Crypto Shield I2C Addresses:
+	 *
+	 * 0x29: AT97S3204T - TPM 1.2
+	 * 0x50: ATAES132 - AES-128
+	 * 0x60: ATECC108 - Elliptical Curve
+	 * 0x64: ATSHA204 - SHA-256
+	 * 0x68: DS3231M - RTC
+	 */
+
+	/* Determine the correct script for the board */
+	if (IS_ENABLED(CONFIG_GALILEO_GEN2))
+		script = gen2_i2c_init;
+	else
+		/* Determine which I2C address is in use */
+		script = (reg_legacy_gpio_read (R_QNC_GPIO_RGLVL_RESUME_WELL)
+			& GALILEO_DETERMINE_IOEXP_SLA_RESUMEWELL_GPIO)
+			? gen1_i2c_0x20_init : gen1_i2c_0x21_init;
+
+	/* Direct the I2C SDA and SCL signals to the Arduino connector */
+	reg_script_run(script);
+}
+
+void __attribute__((weak)) vboot_platform_prepare_reboot(void)
+{
+	const struct reg_script *script;
+
+	/* Crypto Shield I2C Addresses:
+	 *
+	 * 0x29: AT97S3204T - TPM 1.2
+	 * 0x50: ATAES132 - AES-128
+	 * 0x60: ATECC108 - Elliptical Curve
+	 * 0x64: ATSHA204 - SHA-256
+	 * 0x68: DS3231M - RTC
+	 */
+
+	/* Determine the correct script for the board */
+	if (IS_ENABLED(CONFIG_GALILEO_GEN2))
+		script = gen2_tpm_reset;
+	else
+		/* Determine which I2C address is in use */
+		script = (reg_legacy_gpio_read (R_QNC_GPIO_RGLVL_RESUME_WELL)
+			& GALILEO_DETERMINE_IOEXP_SLA_RESUMEWELL_GPIO)
+			? gen1_tpm_reset_0x20 : gen1_tpm_reset_0x21;
+
+	/* Reset the TPM */
+	reg_script_run(script);
+}
author	Lee Leahy <leroy.p.leahy@intel.com>	2017-01-04 08:34:01 -0800
committer	Lee Leahy <leroy.p.leahy@intel.com>	2017-03-16 04:10:25 +0100
commit	28c3f23b4627966b2112feaedc228977c4425a87 (patch)
tree	7727942ea6f6086ca671966d774d2321e791b67b /src/mainboard/intel/galileo/vboot.c
parent	1b39f176a9bbce85791440745dcbdad629b79373 (diff)