security/vboot: Move vboot2 to security kconfig section

This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.

Fix vboot2 headers

Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>

1 files changed, 0 insertions, 190 deletions

diff --git a/src/vboot/vboot_handoff.c b/src/vboot/vboot_handoff.c
deleted file mode 100644
index 974fe78ec3..0000000000
--- a/src/vboot/vboot_handoff.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * This file is part of the coreboot project.
- *
- * Copyright (C) 2013 Google, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; version 2 of the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- */
-
-/* This needs to be pulled in first so that the handoff code below and
- * peek into the vb2 data structures. Additionally, vboot doesn't currently
- * include what it uses in its own headers. Provide the types it's after.
- * TODO: fix this necessity. */
-#define NEED_VB20_INTERNALS
-#include <stddef.h>
-#include <stdint.h>
-#include <vb2_api.h>
-
-#include <arch/stages.h>
-#include <assert.h>
-#include <bootmode.h>
-#include <string.h>
-#include <cbfs.h>
-#include <cbmem.h>
-#include <console/console.h>
-#include <console/vtxprintf.h>
-#include <fmap.h>
-#include <stdlib.h>
-#include <timestamp.h>
-#include <vboot_struct.h>
-#include <vboot/vbnv.h>
-#include <vboot/misc.h>
-
-/**
- * Sets vboot_handoff based on the information in vb2_shared_data
- */
-static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
-			       struct vb2_shared_data *vb2_sd)
-{
-	VbSharedDataHeader *vb_sd =
-		(VbSharedDataHeader *)vboot_handoff->shared_data;
-	uint32_t *oflags = &vboot_handoff->init_params.out_flags;
-
-	vb_sd->flags |= VBSD_BOOT_FIRMWARE_VBOOT2;
-
-	vboot_handoff->selected_firmware = vb2_sd->fw_slot;
-
-	vb_sd->firmware_index = vb2_sd->fw_slot;
-
-	vb_sd->magic = VB_SHARED_DATA_MAGIC;
-	vb_sd->struct_version = VB_SHARED_DATA_VERSION;
-	vb_sd->struct_size = sizeof(VbSharedDataHeader);
-	vb_sd->data_size = VB_SHARED_DATA_MIN_SIZE;
-	vb_sd->data_used = sizeof(VbSharedDataHeader);
-	vb_sd->fw_version_tpm = vb2_sd->fw_version_secdata;
-
-	if (get_write_protect_state())
-		vb_sd->flags |= VBSD_BOOT_FIRMWARE_WP_ENABLED;
-
-	if (vb2_sd->recovery_reason) {
-		vb_sd->firmware_index = 0xFF;
-		if (vb2_sd->flags & VB2_SD_FLAG_MANUAL_RECOVERY)
-			vb_sd->flags |= VBSD_BOOT_REC_SWITCH_ON;
-		*oflags |= VB_INIT_OUT_ENABLE_RECOVERY;
-		*oflags |= VB_INIT_OUT_CLEAR_RAM;
-		*oflags |= VB_INIT_OUT_ENABLE_DISPLAY;
-		*oflags |= VB_INIT_OUT_ENABLE_USB_STORAGE;
-	}
-	if (vb2_sd->flags & VB2_SD_DEV_MODE_ENABLED) {
-		*oflags |= VB_INIT_OUT_ENABLE_DEVELOPER;
-		*oflags |= VB_INIT_OUT_CLEAR_RAM;
-		*oflags |= VB_INIT_OUT_ENABLE_DISPLAY;
-		*oflags |= VB_INIT_OUT_ENABLE_USB_STORAGE;
-		vb_sd->flags |= VBSD_BOOT_DEV_SWITCH_ON;
-		vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON;
-	}
-	/* TODO: Set these in depthcharge */
-	if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH))
-		vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH;
-	if (IS_ENABLED(CONFIG_VBOOT_EC_SOFTWARE_SYNC)) {
-		vb_sd->flags |= VBSD_EC_SOFTWARE_SYNC;
-		if (IS_ENABLED(CONFIG_VBOOT_EC_SLOW_UPDATE))
-			vb_sd->flags |= VBSD_EC_SLOW_UPDATE;
-		if (IS_ENABLED(CONFIG_VBOOT_EC_EFS))
-			vb_sd->flags |= VBSD_EC_EFS;
-	}
-	if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_REC_SWITCH))
-		vb_sd->flags |= VBSD_BOOT_REC_SWITCH_VIRTUAL;
-	if (IS_ENABLED(CONFIG_VBOOT_OPROM_MATTERS)) {
-		vb_sd->flags |= VBSD_OPROM_MATTERS;
-		/*
-		 * Inform vboot if the display was enabled by dev/rec
-		 * mode or was requested by vboot kernel phase.
-		 */
-		if ((*oflags & VB_INIT_OUT_ENABLE_DISPLAY) ||
-		    vboot_wants_oprom()) {
-			vb_sd->flags |= VBSD_OPROM_LOADED;
-			*oflags |= VB_INIT_OUT_ENABLE_DISPLAY;
-		}
-	}
-
-	/* In vboot1, VBSD_FWB_TRIED is
-	 * set only if B is booted as explicitly requested. Therefore, if B is
-	 * booted because A was found bad, the flag should not be set. It's
-	 * better not to touch it if we can only ambiguously control it. */
-	/* if (vb2_sd->fw_slot)
-		vb_sd->flags |= VBSD_FWB_TRIED; */
-
-	/* copy kernel subkey if it's found */
-	if (vb2_sd->workbuf_preamble_size) {
-		struct vb2_fw_preamble *fp;
-		uintptr_t dst, src;
-		printk(BIOS_INFO, "Copying FW preamble\n");
-		fp = (struct vb2_fw_preamble *)((uintptr_t)vb2_sd +
-				vb2_sd->workbuf_preamble_offset);
-		src = (uintptr_t)&fp->kernel_subkey +
-				fp->kernel_subkey.key_offset;
-		dst = (uintptr_t)vb_sd + sizeof(VbSharedDataHeader);
-		assert(dst + fp->kernel_subkey.key_size <=
-		       (uintptr_t)vboot_handoff + sizeof(*vboot_handoff));
-		memcpy((void *)dst, (void *)src,
-		       fp->kernel_subkey.key_size);
-		vb_sd->data_used += fp->kernel_subkey.key_size;
-		vb_sd->kernel_subkey.key_offset =
-				dst - (uintptr_t)&vb_sd->kernel_subkey;
-		vb_sd->kernel_subkey.key_size = fp->kernel_subkey.key_size;
-		vb_sd->kernel_subkey.algorithm = fp->kernel_subkey.algorithm;
-		vb_sd->kernel_subkey.key_version =
-				fp->kernel_subkey.key_version;
-	}
-
-	vb_sd->recovery_reason = vb2_sd->recovery_reason;
-}
-
-void vboot_fill_handoff(void)
-{
-	struct vboot_handoff *vh;
-	struct vb2_shared_data *sd;
-
-	sd = vb2_get_shared_data();
-	sd->workbuf_hash_offset = 0;
-	sd->workbuf_hash_size = 0;
-
-	printk(BIOS_INFO, "creating vboot_handoff structure\n");
-	vh = cbmem_add(CBMEM_ID_VBOOT_HANDOFF, sizeof(*vh));
-	if (vh == NULL)
-		/* we don't need to failover gracefully here because this
-		 * shouldn't happen with the image that has passed QA. */
-		die("failed to allocate vboot_handoff structure\n");
-
-	memset(vh, 0, sizeof(*vh));
-
-	/* needed until we finish transtion to vboot2 for kernel verification */
-	fill_vboot_handoff(vh, sd);
-
-
-	/* Log the recovery mode switches if required, before clearing them. */
-	log_recovery_mode_switch();
-
-	/*
-	 * The recovery mode switch is cleared (typically backed by EC) here
-	 * to allow multiple queries to get_recovery_mode_switch() and have
-	 * them return consistent results during the verified boot path as well
-	 * as dram initialization. x86 systems ignore the saved dram settings
-	 * in the recovery path in order to start from a clean slate. Therefore
-	 * clear the state here since this function is called when memory
-	 * is known to be up.
-	 */
-	clear_recovery_mode_switch();
-}
-
-/*
- * For platforms that employ VBOOT_STARTS_IN_ROMSTAGE, the vboot
- * verification doesn't happen until after cbmem is brought online.
- * Therefore, the vboot results would not be initialized so don't
- * automatically add results when cbmem comes online.
- */
-#if !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)
-static void vb2_fill_handoff_cbmem(int unused)
-{
-	vboot_fill_handoff();
-}
-ROMSTAGE_CBMEM_INIT_HOOK(vb2_fill_handoff_cbmem)
-#endif