security/vboot: Move vboot2 to security kconfig section

This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.

Fix vboot2 headers

Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>

1 files changed, 0 insertions, 334 deletions

diff --git a/src/vboot/Kconfig b/src/vboot/Kconfig
deleted file mode 100644
index d5b5de291e..0000000000
--- a/src/vboot/Kconfig
+++ /dev/null
@@ -1,334 +0,0 @@
-## This file is part of the coreboot project.
-##
-## Copyright (C) 2014 The ChromiumOS Authors.  All rights reserved.
-##
-## This program is free software; you can redistribute it and/or modify
-## it under the terms of the GNU General Public License as published by
-## the Free Software Foundation; version 2 of the License.
-##
-## This program is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-## GNU General Public License for more details.
-##
-
-menu "Verified Boot (vboot)"
-
-config VBOOT
-	bool "Verify firmware with vboot."
-	default n
-	select TPM if !MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
-	select TPM2 if MAINBOARD_HAS_TPM2 && !VBOOT_MOCK_SECDATA
-	select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
-	select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
-	depends on HAVE_HARD_RESET
-	help
-	  Enabling VBOOT will use vboot to verify the components of the firmware
-	  (stages, payload, etc).
-
-if VBOOT
-
-config VBOOT_VBNV_CMOS
-	bool
-	default n
-	depends on PC80_SYSTEM
-	help
-	  VBNV is stored in CMOS
-
-config VBOOT_VBNV_OFFSET
-	hex
-	default 0x26
-	depends on VBOOT_VBNV_CMOS
-	help
-	  CMOS offset for VbNv data. This value must match cmos.layout
-	  in the mainboard directory, minus 14 bytes for the RTC.
-
-config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
-	bool
-	default n
-	depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
-	help
-	  Vboot non-volatile storage data will be backed up from CMOS to flash
-	  and restored from flash if the CMOS is invalid due to power loss.
-
-config VBOOT_VBNV_EC
-	bool
-	default n
-	help
-	  VBNV is stored in EC
-
-config VBOOT_VBNV_FLASH
-	bool
-	default n
-	depends on BOOT_DEVICE_SUPPORTS_WRITES
-	help
-	  VBNV is stored in flash storage
-
-config VBOOT_STARTS_IN_BOOTBLOCK
-	bool
-	default n
-	help
-	  Firmware verification happens during the end of or right after the
-	  bootblock. This implies that a static VBOOT2_WORK() buffer must be
-	  allocated in memlayout.
-
-config VBOOT_STARTS_IN_ROMSTAGE
-	bool
-	default n
-	depends on !VBOOT_STARTS_IN_BOOTBLOCK
-	help
-	  Firmware verification happens during the end of romstage (after
-	  memory initialization). This implies that vboot working data is
-	  allocated in CBMEM.
-
-config VBOOT_MOCK_SECDATA
-	bool "Mock secdata for firmware verification"
-	default n
-	help
-	  Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
-	  verification to avoid access to a secdata storage (typically TPM).
-	  All operations for a secdata storage will be successful. This option
-	  can be used during development when a TPM is not present or broken.
-	  THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
-
-config VBOOT_DISABLE_DEV_ON_RECOVERY
-	bool
-	default n
-	help
-	  When this option is enabled, the Chrome OS device leaves the
-	  developer mode as soon as recovery request is detected. This is
-	  handy on embedded devices with limited input capabilities.
-
-config VBOOT_SEPARATE_VERSTAGE
-	bool
-	default n
-	depends on VBOOT_STARTS_IN_BOOTBLOCK
-	help
-	  If this option is set, vboot verification runs in a standalone stage
-	  that is loaded from the bootblock and exits into romstage. If it is
-	  not set, the verification code is linked directly into the bootblock
-	  or the romstage and runs as part of that stage (cf. related options
-	  VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE).
-
-config VBOOT_RETURN_FROM_VERSTAGE
-	bool
-	default n
-	depends on VBOOT_SEPARATE_VERSTAGE
-	help
-	  If this is set, the verstage returns back to the calling stage instead
-	  of exiting to the succeeding stage so that the verstage space can be
-	  reused by the succeeding stage. This is useful if a RAM space is too
-	  small to fit both the verstage and the succeeding stage.
-
-config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
-	bool
-	default n
-	help
-	  This option ensures that the recovery request is not lost because of
-	  reboots caused after vboot verification is run. e.g. reboots caused by
-	  FSP components on Intel platforms.
-
-config VBOOT_OPROM_MATTERS
-	bool
-	default n
-	help
-	  Set this option to indicate to vboot that this platform will skip its
-	  display initialization on a normal (non-recovery, non-developer) boot.
-	  Vboot calls this "oprom matters" because on x86 devices this
-	  traditionally meant that the video option ROM will not be loaded, but
-	  it works functionally the same for other platforms that can skip their
-	  native display initialization code instead.
-
-config VBOOT_HAS_REC_HASH_SPACE
-	bool
-	default n
-	help
-	  Set this option to indicate to vboot that recovery data hash space
-	  is present in TPM.
-
-config VBOOT_SOFT_REBOOT_WORKAROUND
-	bool
-	default n
-
-config VBOOT_EC_SOFTWARE_SYNC
-	bool "Enable EC software sync"
-	default y if EC_GOOGLE_CHROMEEC
-	default n
-	help
-	  EC software sync is a mechanism where the AP helps the EC verify its
-	  firmware similar to how vboot verifies the main system firmware. This
-	  option selects whether vboot should support EC software sync.
-
-config VBOOT_EC_SLOW_UPDATE
-	bool
-	default n
-	depends on VBOOT_EC_SOFTWARE_SYNC
-	help
-	  Whether the EC (or PD) is slow to update and needs to display a
-	  screen that informs the user the update is happening.
-
-config VBOOT_EC_EFS
-	bool
-	default n
-	depends on VBOOT_EC_SOFTWARE_SYNC
-	help
-	  CrosEC can support EFS: Early Firmware Selection. If it's enabled,
-	  software sync need to also support it. This setting tells vboot to
-	  perform EFS software sync.
-
-config VBOOT_PHYSICAL_DEV_SWITCH
-	bool
-	default n
-	help
-	  Whether this platform has a physical developer switch. Note that this
-	  disables virtual dev switch functionality (through secdata). Operation
-	  where both a physical pin and the virtual switch get sampled is not
-	  supported by coreboot.
-
-config VBOOT_PHYSICAL_REC_SWITCH
-	bool
-	default n
-	help
-	  Whether this platform has a physical recovery switch.
-
-config VBOOT_LID_SWITCH
-	bool
-	default n
-	help
-	  Whether this platform has a lid switch. If it does, vboot will not
-	  decrement try counters for boot failures if the lid is closed.
-
-config VBOOT_WIPEOUT_SUPPORTED
-	bool
-	default n
-	help
-	  When this option is enabled, the firmware provides the ability to
-	  signal the application the need for factory reset (a.k.a. wipe
-	  out) of the device
-
-config VBOOT_FWID_MODEL
-	string "Firmware ID model"
-	default "Google_$(CONFIG_MAINBOARD_PART_NUMBER)" if CHROMEOS
-	default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
-	help
-	  This is the first part of the FWID written to various regions of a
-	  vboot firmware image to identify its version.
-
-config VBOOT_FWID_VERSION
-	string "Firmware ID version"
-	default ".$(KERNELVERSION)"
-	help
-	  This is the second part of the FWID written to various regions of a
-	  vboot firmware image to identify its version.
-
-config RO_REGION_ONLY
-	string "Additional files that should not be copied to RW"
-	default ""
-	help
-	  Add a space delimited list of filenames that should only be in the
-	  RO section.
-
-menu "GBB configuration"
-
-config GBB_HWID
-	string "Hardware ID"
-	default "NOCONF HWID"
-
-config GBB_BMPFV_FILE
-	string "Path to bmpfv image"
-	default ""
-
-config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
-	bool "Reduce dev screen delay"
-	default n
-
-config GBB_FLAG_LOAD_OPTION_ROMS
-	bool "Load option ROMs"
-	default n
-
-config GBB_FLAG_ENABLE_ALTERNATE_OS
-	bool "Allow booting a non-Chrome OS kernel if dev switch is on"
-	default n
-
-config GBB_FLAG_FORCE_DEV_SWITCH_ON
-	bool "Force dev switch on"
-	default n
-
-config GBB_FLAG_FORCE_DEV_BOOT_USB
-	bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
-	default y
-
-config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
-	bool "Disable firmware rollback protection"
-	default y
-
-config GBB_FLAG_ENTER_TRIGGERS_TONORM
-	bool "Return to normal boot with Enter"
-	default n
-
-config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
-	bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
-	default n
-
-config GBB_FLAG_FAFT_KEY_OVERIDE
-	bool "Allow booting using alternative keys for FAFT servo testing"
-	default n
-
-config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
-	bool "Disable EC software sync"
-	default n
-
-config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
-	bool "Default to booting to legacy in dev mode"
-	default n
-
-config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
-	bool "Disable PD software sync"
-	default n
-
-config GBB_FLAG_DISABLE_LID_SHUTDOWN
-	bool "Disable shutdown on closed lid"
-	default n
-
-config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP
-	bool "Allow fastboot even if dev_boot_fastboot_full_cap=0"
-	default n
-
-config GBB_FLAG_ENABLE_SERIAL
-	bool "Tell vboot to enable serial console"
-	default n
-
-endmenu # GBB
-
-menu "Vboot Keys"
-config VBOOT_ROOT_KEY
-	string "Root key (public)"
-	default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
-
-config VBOOT_RECOVERY_KEY
-	string "Recovery key (public)"
-	default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
-
-config VBOOT_FIRMWARE_PRIVKEY
-	string "Firmware key (private)"
-	default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
-
-config VBOOT_KERNEL_KEY
-	string "Kernel subkey (public)"
-	default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
-
-config VBOOT_KEYBLOCK
-	string "Keyblock to use for the RW regions"
-	default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
-
-config VBOOT_KEYBLOCK_VERSION
-	int "Keyblock version number"
-	default 1
-
-config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
-	hex "Keyblock preamble flags"
-	default 0x0
-
-endmenu # Keys
-endif # VBOOT
-endmenu # Verified Boot (vboot)