summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJoel Kitching <kitching@google.com>2019-06-16 17:23:03 +0800
committerJulius Werner <jwerner@chromium.org>2019-06-21 00:52:35 +0000
commit532e0c74e15bba27f1b91001e9427c5305f405c8 (patch)
treec632fb7bf4422f0632611c690094250ea03a3c51 /src/security
parentb6bcb6cc8f8b217254ccdb81ef8b2d852047d5b8 (diff)
vboot: relocate code to log and clear recovery mode switch
Logging and clearing the recovery mode switch doesn't have anything to do with vboot_handoff. Move it to the main verstage logic file. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I2e74f3893463e43fe5fad4a8df8036560f34e0db Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33534 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/Makefile.inc1
-rw-r--r--src/security/vboot/vboot_handoff.c15
-rw-r--r--src/security/vboot/vboot_logic.c26
3 files changed, 27 insertions, 15 deletions
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index 9ce724ed54..3306f41a0b 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -88,6 +88,7 @@ else
verstage-y += secdata_tpm.c
romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c
endif
+romstage-y += vboot_logic.c
romstage-y += vboot_handoff.c common.c
ramstage-y += common.c
diff --git a/src/security/vboot/vboot_handoff.c b/src/security/vboot/vboot_handoff.c
index 8a6b3d61e8..19773c5438 100644
--- a/src/security/vboot/vboot_handoff.c
+++ b/src/security/vboot/vboot_handoff.c
@@ -122,21 +122,6 @@ void vboot_fill_handoff(void)
/* needed until we finish transtion to vboot2 for kernel verification */
fill_vboot_handoff(vh, sd);
-
-
- /* Log the recovery mode switches if required, before clearing them. */
- log_recovery_mode_switch();
-
- /*
- * The recovery mode switch is cleared (typically backed by EC) here
- * to allow multiple queries to get_recovery_mode_switch() and have
- * them return consistent results during the verified boot path as well
- * as dram initialization. x86 systems ignore the saved dram settings
- * in the recovery path in order to start from a clean slate. Therefore
- * clear the state here since this function is called when memory
- * is known to be up.
- */
- clear_recovery_mode_switch();
}
/*
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 7b98be28e4..62e033a0de 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -16,6 +16,7 @@
#include <arch/exception.h>
#include <assert.h>
#include <bootmode.h>
+#include <cbmem.h>
#include <console/console.h>
#include <console/vtxprintf.h>
#include <string.h>
@@ -281,6 +282,26 @@ static uint32_t extend_pcrs(struct vb2_context *ctx)
vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
}
+static void vboot_log_and_clear_recovery_mode_switch(int unused)
+{
+ /* Log the recovery mode switches if required, before clearing them. */
+ log_recovery_mode_switch();
+
+ /*
+ * The recovery mode switch is cleared (typically backed by EC) here
+ * to allow multiple queries to get_recovery_mode_switch() and have
+ * them return consistent results during the verified boot path as well
+ * as dram initialization. x86 systems ignore the saved dram settings
+ * in the recovery path in order to start from a clean slate. Therefore
+ * clear the state here since this function is called when memory
+ * is known to be up.
+ */
+ clear_recovery_mode_switch();
+}
+#if !CONFIG(VBOOT_STARTS_IN_ROMSTAGE)
+ROMSTAGE_CBMEM_INIT_HOOK(vboot_log_and_clear_recovery_mode_switch)
+#endif
+
/**
* Verify and select the firmware in the RW image
*
@@ -448,6 +469,11 @@ void verstage_main(void)
vboot_set_selected_region(region_device_region(&fw_main));
verstage_main_exit:
+ /* If CBMEM is not up yet, let the ROMSTAGE_CBMEM_INIT_HOOK take care
+ of running this function. */
+ if (ENV_ROMSTAGE && CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
+ vboot_log_and_clear_recovery_mode_switch(0);
+
vboot_finalize_work_context(&ctx);
timestamp_add_now(TS_END_VBOOT);
}