diff options
| author | Arthur Heymans <arthur@aheymans.xyz> | 2021-05-29 08:10:49 +0200 |
|---|---|---|
| committer | Felix Held <felix-coreboot@felixheld.de> | 2023-11-09 13:20:18 +0000 |
| commit | a2bc2540c2d004b475b401ccf0b162c2452857bb (patch) | |
| tree | 902284670b43d9e06d7dccc64dbeec24073fca4e /src/security | |
| parent | 4ce52f622ed7fbac4bf5545fd7d39256203cdefe (diff) | |
Allow to build romstage sources inside the bootblock
Having a separate romstage is only desirable:
- with advanced setups like vboot or normal/fallback
- boot medium is slow at startup (some ARM SOCs)
- bootblock is limited in size (Intel APL 32K)
When this is not the case there is no need for the extra complexity
that romstage brings. Including the romstage sources inside the
bootblock substantially reduces the total code footprint. Often the
resulting code is 10-20k smaller.
This is controlled via a Kconfig option.
TESTED: works on qemu x86, arm and aarch64 with and without VBOOT.
Change-Id: Id68390edc1ba228b121cca89b80c64a92553e284
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55068
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/vboot/Kconfig | 1 | ||||
| -rw-r--r-- | src/security/vboot/Makefile.inc | 6 | ||||
| -rw-r--r-- | src/security/vboot/misc.h | 2 | ||||
| -rw-r--r-- | src/security/vboot/vboot_common.c | 2 |
4 files changed, 9 insertions, 2 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index a2af5d2564..2d5b20f50d 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -90,6 +90,7 @@ config VBOOT_STARTS_BEFORE_BOOTBLOCK config VBOOT_STARTS_IN_BOOTBLOCK bool default n + depends on SEPARATE_ROMSTAGE help Firmware verification happens during the end of or right after the bootblock. This implies that a static VBOOT2_WORK() buffer must be diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index f152444044..1b3568a1ec 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -43,7 +43,9 @@ $(1)-srcs += $$(VBOOT_LIB_$(1)) endef # vboot-for-stage $(eval $(call vboot-for-stage,bootblock)) +ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y) $(eval $(call vboot-for-stage,romstage)) +endif $(eval $(call vboot-for-stage,ramstage)) $(eval $(call vboot-for-stage,postcar)) @@ -157,7 +159,11 @@ else # CONFIG_VBOOT_SEPARATE_VERSTAGE ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs)) else +ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y) postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs)) +else +postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs)) +endif endif endif # CONFIG_VBOOT_SEPARATE_VERSTAGE diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h index 8310647760..a7069f38fe 100644 --- a/src/security/vboot/misc.h +++ b/src/security/vboot/misc.h @@ -48,7 +48,7 @@ static inline int verification_should_run(void) if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) return ENV_SEPARATE_VERSTAGE; else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) - return ENV_ROMSTAGE; + return ENV_RAMINIT; else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) return ENV_BOOTBLOCK; else diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c index f9080c585a..68df1406a7 100644 --- a/src/security/vboot/vboot_common.c +++ b/src/security/vboot/vboot_common.c @@ -29,7 +29,7 @@ static void save_secdata(struct vb2_context *ctx) void vboot_save_data(struct vb2_context *ctx) { - if (!verification_should_run() && !(ENV_ROMSTAGE && CONFIG(VBOOT_EARLY_EC_SYNC))) { + if (!verification_should_run() && !(ENV_RAMINIT && CONFIG(VBOOT_EARLY_EC_SYNC))) { if (ctx->flags & (VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED | VB2_CONTEXT_SECDATA_KERNEL_CHANGED)) |