summaryrefslogtreecommitdiff
path: root/src/security/vboot
diff options
context:
space:
mode:
authorJoel Kitching <kitching@google.com>2020-02-08 11:17:57 +0800
committerJoel Kitching <kitching@google.com>2020-02-17 08:08:35 +0000
commit56e2f130a64c9da6319631c19d452e0db978e70b (patch)
treedccd0079fb763a39c9ab6e63617fbe7afa3e545f /src/security/vboot
parent81726663bcfe07234eb286ec5eddbff5e55be813 (diff)
vboot: remove VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT option
With CL:1940398, this option is no longer needed. Recovery requests are not cleared until kernel verification stage is reached. If the FSP triggers any reboots, recovery requests will be preserved. In particular: - Manual requests will be preserved via recovery switch state, whose behaviour is modified in CB:38779. - Other recovery requests will remain in nvdata across reboot. These functions now only work after verstage has run: int vboot_check_recovery_request(void) int vboot_recovery_mode_enabled(void) int vboot_developer_mode_enabled(void) BUG=b:124141368, b:35576380 TEST=make clean && make test-abuild BRANCH=none Change-Id: I52d17a3c6730be5c04c3c0ae020368d11db6ca3c Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38780 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security/vboot')
-rw-r--r--src/security/vboot/Kconfig8
-rw-r--r--src/security/vboot/bootmode.c80
-rw-r--r--src/security/vboot/misc.h5
-rw-r--r--src/security/vboot/vbnv.c20
-rw-r--r--src/security/vboot/vbnv.h2
-rw-r--r--src/security/vboot/vboot_logic.c3
6 files changed, 10 insertions, 108 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index ea70e65256..54e88dd594 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -156,14 +156,6 @@ config VBOOT_RETURN_FROM_VERSTAGE
reused by the succeeding stage. This is useful if a RAM space is too
small to fit both the verstage and the succeeding stage.
-config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
- bool
- default n
- help
- This option ensures that the recovery request is not lost because of
- reboots caused after vboot verification is run. e.g. reboots caused by
- FSP components on Intel platforms.
-
config VBOOT_MUST_REQUEST_DISPLAY
bool
default y if VGA_ROM_RUN
diff --git a/src/security/vboot/bootmode.c b/src/security/vboot/bootmode.c
index 2a911cbf10..50b3cc3b6c 100644
--- a/src/security/vboot/bootmode.c
+++ b/src/security/vboot/bootmode.c
@@ -24,79 +24,25 @@
#include <security/vboot/vbnv.h>
#include <security/vboot/vboot_common.h>
-static int vboot_get_recovery_reason_shared_data(void)
-{
- struct vb2_shared_data *sd = vb2_get_sd(vboot_get_context());
- assert(sd);
- return sd->recovery_reason;
-}
-
-void vboot_save_recovery_reason_vbnv(void)
-{
- if (!CONFIG(VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
- return;
-
- int reason = vboot_get_recovery_reason_shared_data();
- if (!reason)
- return;
-
- set_recovery_mode_into_vbnv(reason);
-}
-
-static void vboot_clear_recovery_reason_vbnv(void *unused)
-{
- if (!CONFIG(VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
- return;
-
- set_recovery_mode_into_vbnv(0);
-}
-
/*
- * Recovery reason stored in VBNV needs to be cleared before the state of VBNV
- * is backed-up anywhere or jumping to the payload (whichever occurs
- * first). Currently, vbnv_cmos.c backs up VBNV on POST_DEVICE. Thus, we need to
- * make sure that the stored recovery reason is cleared off before that
- * happens.
- * IMPORTANT: Any reboot occurring after BS_DEV_INIT state will cause loss of
- * recovery reason on reboot. Until now, we have seen reboots occurring on x86
- * only in FSP stages which run before BS_DEV_INIT.
+ * Functions which check vboot information should only be called after verstage
+ * has run. Otherwise, they will hit the assertion in vboot_get_context().
*/
-BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT,
- vboot_clear_recovery_reason_vbnv, NULL);
-/*
- * vb2_check_recovery_request looks up different components to identify if there
- * is a recovery request and returns appropriate reason code:
- * 1. Checks if recovery mode is initiated by EC. If yes, returns
- * VB2_RECOVERY_RO_MANUAL.
- * 2. Checks if recovery request is present in VBNV and returns the code read
- * from it.
- * 3. Checks if vboot verification is done. If yes, return the reason code from
- * shared data.
- * 4. If nothing applies, return 0 indicating no recovery request.
- */
int vboot_check_recovery_request(void)
{
- int reason = 0;
-
- /* EC-initiated recovery. */
- if (get_recovery_mode_switch())
- return VB2_RECOVERY_RO_MANUAL;
-
- /* Recovery request in VBNV. */
- if ((reason = get_recovery_mode_from_vbnv()) != 0)
- return reason;
-
- /* Identify if vboot verification is already complete. */
- if (vboot_logic_executed())
- return vboot_get_recovery_reason_shared_data();
-
- return 0;
+ /* TODO: Expose vb2api_recovery_reason() and vb2api_need_train_and_reboot(). */
+ return vb2_get_sd(vboot_get_context())->recovery_reason;
}
int vboot_recovery_mode_enabled(void)
{
- return !!vboot_check_recovery_request();
+ return vboot_get_context()->flags & VB2_CONTEXT_RECOVERY_MODE;
+}
+
+int vboot_developer_mode_enabled(void)
+{
+ return vboot_get_context()->flags & VB2_CONTEXT_DEVELOPER_MODE;
}
int __weak clear_recovery_mode_switch(void)
@@ -133,12 +79,6 @@ int vboot_recovery_mode_memory_retrain(void)
return get_recovery_mode_retrain_switch();
}
-int vboot_developer_mode_enabled(void)
-{
- return vboot_logic_executed() &&
- vboot_get_context()->flags & VB2_CONTEXT_DEVELOPER_MODE;
-}
-
#if CONFIG(VBOOT_NO_BOARD_SUPPORT)
/**
* TODO: Create flash protection interface which implements get_write_protect_state.
diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h
index 324af5ca11..97944d92a6 100644
--- a/src/security/vboot/misc.h
+++ b/src/security/vboot/misc.h
@@ -50,11 +50,6 @@ static inline bool vboot_is_gbb_flag_set(enum vb2_gbb_flag flag)
int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw);
/*
- * Source: security/vboot/bootmode.c
- */
-void vboot_save_recovery_reason_vbnv(void);
-
-/*
* The stage loading code is compiled and entered from multiple stages. The
* helper functions below attempt to provide more clarity on when certain
* code should be called. They are implemented inline for better compile-time
diff --git a/src/security/vboot/vbnv.c b/src/security/vboot/vbnv.c
index be598acb18..a5a780664c 100644
--- a/src/security/vboot/vbnv.c
+++ b/src/security/vboot/vbnv.c
@@ -101,26 +101,6 @@ void save_vbnv(const uint8_t *vbnv_copy)
vbnv_initialized = 0;
}
-/* Save a recovery reason into VBNV. */
-void set_recovery_mode_into_vbnv(int recovery_reason)
-{
- uint8_t vbnv_copy[VBOOT_VBNV_BLOCK_SIZE];
-
- read_vbnv(vbnv_copy);
-
- vbnv_copy[RECOVERY_OFFSET] = recovery_reason;
- vbnv_copy[CRC_OFFSET] = crc8_vbnv(vbnv_copy, CRC_OFFSET);
-
- save_vbnv(vbnv_copy);
-}
-
-/* Read the recovery reason from VBNV. */
-int get_recovery_mode_from_vbnv(void)
-{
- vbnv_setup();
- return vbnv[RECOVERY_OFFSET];
-}
-
/* Read the USB Device Controller(UDC) enable flag from VBNV. */
int vbnv_udc_enable_flag(void)
{
diff --git a/src/security/vboot/vbnv.h b/src/security/vboot/vbnv.h
index a2f0b4c978..7d288d5773 100644
--- a/src/security/vboot/vbnv.h
+++ b/src/security/vboot/vbnv.h
@@ -23,8 +23,6 @@ void read_vbnv(uint8_t *vbnv_copy);
void save_vbnv(const uint8_t *vbnv_copy);
int verify_vbnv(uint8_t *vbnv_copy);
void regen_vbnv_crc(uint8_t *vbnv_copy);
-int get_recovery_mode_from_vbnv(void);
-void set_recovery_mode_into_vbnv(int recovery_reason);
/* Read the USB Device Controller(UDC) enable flag from VBNV. */
int vbnv_udc_enable_flag(void);
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 18c96d77ff..df2f00243b 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -408,8 +408,5 @@ void verstage_main(void)
vboot_is_firmware_slot_a(ctx) ? 'A' : 'B');
verstage_main_exit:
- /* Save recovery reason in case of unexpected reboots on x86. */
- vboot_save_recovery_reason_vbnv();
-
timestamp_add_now(TS_END_VBOOT);
}