summaryrefslogtreecommitdiff
path: root/src/vboot
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2017-02-13 17:53:29 -0800
committerJulius Werner <jwerner@chromium.org>2017-03-28 22:18:13 +0200
commit58c3938705af5dd96456216a17d579868e0f5b77 (patch)
treeb1531c163a2679c76395090717e835a851e027ae /src/vboot
parent73d042bd90bc8877f9bfd8b846578fe3e12444c3 (diff)
vboot: Move remaining features out of vendorcode/google/chromeos
This patch attempts to finish the separation between CONFIG_VBOOT and CONFIG_CHROMEOS by moving the remaining options and code (including image generation code for things like FWID and GBB flags, which are intrinsic to vboot itself) from src/vendorcode/google/chromeos to src/vboot. Also taking this opportunity to namespace all VBOOT Kconfig options, and clean up menuconfig visibility for them (i.e. some options were visible even though they were tied to the hardware while others were invisible even though it might make sense to change them). CQ-DEPEND=CL:459088 Change-Id: I3e2e31150ebf5a96b6fe507ebeb53a41ecf88122 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/18984 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/vboot')
-rw-r--r--src/vboot/Kconfig248
-rw-r--r--src/vboot/Makefile.inc125
-rw-r--r--src/vboot/bootmode.c19
-rw-r--r--src/vboot/vboot_handoff.c6
-rw-r--r--src/vboot/vboot_loader.c14
-rw-r--r--src/vboot/vboot_logic.c7
-rw-r--r--src/vboot/verstage.c2
7 files changed, 360 insertions, 61 deletions
diff --git a/src/vboot/Kconfig b/src/vboot/Kconfig
index a92a2fa5e1..c5173239ef 100644
--- a/src/vboot/Kconfig
+++ b/src/vboot/Kconfig
@@ -12,22 +12,39 @@
## GNU General Public License for more details.
##
-config VBOOT_VBNV_OFFSET
- hex
- default 0x26
- depends on PC80_SYSTEM
+menu "Verified Boot (vboot)"
+
+config VBOOT
+ bool "Verify firmware with vboot."
+ default n
+ select TPM if !MAINBOARD_HAS_TPM2
+ select TPM2 if MAINBOARD_HAS_TPM2
+ select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
+ select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
+ depends on HAVE_HARD_RESET
help
- CMOS offset for VbNv data. This value must match cmos.layout
- in the mainboard directory, minus 14 bytes for the RTC.
+ Enabling VBOOT will use vboot to verify the components of the firmware
+ (stages, payload, etc).
+
+if VBOOT
config VBOOT_VBNV_CMOS
- bool "Vboot non-volatile storage in CMOS."
+ bool
default n
+ depends on PC80_SYSTEM
help
VBNV is stored in CMOS
+config VBOOT_VBNV_OFFSET
+ hex
+ default 0x26
+ depends on VBOOT_VBNV_CMOS
+ help
+ CMOS offset for VbNv data. This value must match cmos.layout
+ in the mainboard directory, minus 14 bytes for the RTC.
+
config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
- bool "Back up Vboot non-volatile storage from CMOS to flash."
+ bool
default n
depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
help
@@ -35,35 +52,38 @@ config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
and restored from flash if the CMOS is invalid due to power loss.
config VBOOT_VBNV_EC
- bool "Vboot non-volatile storage in EC."
+ bool
default n
help
VBNV is stored in EC
config VBOOT_VBNV_FLASH
- def_bool n
+ bool
+ default n
depends on BOOT_DEVICE_SUPPORTS_WRITES
help
VBNV is stored in flash storage
config VBOOT_STARTS_IN_BOOTBLOCK
- bool "Vboot starts verifying in bootblock"
+ bool
default n
- depends on VBOOT
help
- Firmware verification happens during or at the end of bootblock.
+ Firmware verification happens during the end of or right after the
+ bootblock. This implies that a static VBOOT2_WORK() buffer must be
+ allocated in memlayout.
config VBOOT_STARTS_IN_ROMSTAGE
- bool "Vboot starts verifying in romstage"
+ bool
default n
- depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK
+ depends on !VBOOT_STARTS_IN_BOOTBLOCK
help
- Firmware verification happens during or at the end of romstage.
+ Firmware verification happens during the end of romstage (after
+ memory initialization). This implies that vboot working data is
+ allocated in CBMEM.
config VBOOT_MOCK_SECDATA
bool "Mock secdata for firmware verification"
default n
- depends on VBOOT
help
Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
verification to avoid access to a secdata storage (typically TPM).
@@ -72,29 +92,28 @@ config VBOOT_MOCK_SECDATA
THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
config VBOOT_DISABLE_DEV_ON_RECOVERY
- bool "Disable dev mode on recovery requests"
+ bool
default n
- depends on VBOOT
help
When this option is enabled, the Chrome OS device leaves the
developer mode as soon as recovery request is detected. This is
handy on embedded devices with limited input capabilities.
-config SEPARATE_VERSTAGE
- bool "Vboot verification is built into a separate stage"
+config VBOOT_SEPARATE_VERSTAGE
+ bool
default n
- depends on VBOOT && VBOOT_STARTS_IN_BOOTBLOCK
+ depends on VBOOT_STARTS_IN_BOOTBLOCK
help
If this option is set, vboot verification runs in a standalone stage
that is loaded from the bootblock and exits into romstage. If it is
not set, the verification code is linked directly into the bootblock
or the romstage and runs as part of that stage (cf. related options
- VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and RETURN_FROM_VERSTAGE).
+ VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE).
-config RETURN_FROM_VERSTAGE
- bool "The separate verification stage returns to its caller"
+config VBOOT_RETURN_FROM_VERSTAGE
+ bool
default n
- depends on SEPARATE_VERSTAGE
+ depends on VBOOT_SEPARATE_VERSTAGE
help
If this is set, the verstage returns back to the calling stage instead
of exiting to the succeeding stage so that the verstage space can be
@@ -104,16 +123,14 @@ config RETURN_FROM_VERSTAGE
config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
bool
default n
- depends on VBOOT
help
This option ensures that the recovery request is not lost because of
reboots caused after vboot verification is run. e.g. reboots caused by
FSP components on Intel platforms.
config VBOOT_OPROM_MATTERS
- bool "Video option ROM matters (= can skip display init)"
+ bool
default n
- depends on VBOOT
help
Set this option to indicate to vboot that this platform will skip its
display initialization on a normal (non-recovery, non-developer) boot.
@@ -125,7 +142,6 @@ config VBOOT_OPROM_MATTERS
config VBOOT_HAS_REC_HASH_SPACE
bool
default n
- depends on VBOOT
help
Set this option to indicate to vboot that recovery data hash space
is present in TPM.
@@ -134,14 +150,168 @@ config VBOOT_SOFT_REBOOT_WORKAROUND
bool
default n
-config VBOOT
- bool "Verify firmware with vboot."
+config VBOOT_EC_SOFTWARE_SYNC
+ bool "Enable EC software sync"
+ default y if EC_GOOGLE_CHROMEEC
default n
- select TPM if !MAINBOARD_HAS_TPM2
- select TPM2 if MAINBOARD_HAS_TPM2
- select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
- select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
- depends on HAVE_HARD_RESET
help
- Enabling VBOOT will use vboot to verify the components of the firmware
- (stages, payload, etc).
+ EC software sync is a mechanism where the AP helps the EC verify its
+ firmware similar to how vboot verifies the main system firmware. This
+ option selects whether vboot should support EC software sync.
+
+config VBOOT_EC_SLOW_UPDATE
+ bool
+ default n
+ depends on VBOOT_EC_SOFTWARE_SYNC
+ help
+ Whether the EC (or PD) is slow to update and needs to display a
+ screen that informs the user the update is happening.
+
+config VBOOT_PHYSICAL_DEV_SWITCH
+ bool
+ default n
+ help
+ Whether this platform has a physical developer switch. Note that this
+ disables virtual dev switch functionality (through secdata). Operation
+ where both a physical pin and the virtual switch get sampled is not
+ supported by coreboot.
+
+config VBOOT_PHYSICAL_REC_SWITCH
+ bool
+ default n
+ help
+ Whether this platform has a physical recovery switch.
+
+config VBOOT_LID_SWITCH
+ bool
+ default n
+ help
+ Whether this platform has a lid switch. If it does, vboot will not
+ decrement try counters for boot failures if the lid is closed.
+
+config VBOOT_WIPEOUT_SUPPORTED
+ bool
+ default n
+ help
+ When this option is enabled, the firmware provides the ability to
+ signal the application the need for factory reset (a.k.a. wipe
+ out) of the device
+
+config VBOOT_FWID_MODEL
+ string "Firmware ID model"
+ default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
+ help
+ This is the first part of the FWID written to various regions of a
+ vboot firmware image to identify its version.
+
+config VBOOT_FWID_VERSION
+ string "Firmware ID version"
+ default "$(KERNELVERSION)"
+ help
+ This is the second part of the FWID written to various regions of a
+ vboot firmware image to identify its version.
+
+menu "GBB configuration"
+
+config GBB_HWID
+ string "Hardware ID"
+ default "NOCONF HWID"
+
+config GBB_BMPFV_FILE
+ string "Path to bmpfv image"
+ default ""
+
+config GBB_FLAG_DEV_SCREEN_SHORT_DELAY
+ bool "Reduce dev screen delay"
+ default n
+
+config GBB_FLAG_LOAD_OPTION_ROMS
+ bool "Load option ROMs"
+ default n
+
+config GBB_FLAG_ENABLE_ALTERNATE_OS
+ bool "Allow booting a non-Chrome OS kernel if dev switch is on"
+ default n
+
+config GBB_FLAG_FORCE_DEV_SWITCH_ON
+ bool "Force dev switch on"
+ default n
+
+config GBB_FLAG_FORCE_DEV_BOOT_USB
+ bool "Allow booting from USB in dev mode even if dev_boot_usb=0"
+ default y
+
+config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK
+ bool "Disable firmware rollback protection"
+ default y
+
+config GBB_FLAG_ENTER_TRIGGERS_TONORM
+ bool "Return to normal boot with Enter"
+ default n
+
+config GBB_FLAG_FORCE_DEV_BOOT_LEGACY
+ bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0"
+ default n
+
+config GBB_FLAG_FAFT_KEY_OVERIDE
+ bool "Allow booting using alternative keys for FAFT servo testing"
+ default n
+
+config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC
+ bool "Disable EC software sync"
+ default n
+
+config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY
+ bool "Default to booting to legacy in dev mode"
+ default n
+
+config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC
+ bool "Disable PD software sync"
+ default n
+
+config GBB_FLAG_DISABLE_LID_SHUTDOWN
+ bool "Disable shutdown on closed lid"
+ default n
+
+config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP
+ bool "Allow fastboot even if dev_boot_fastboot_full_cap=0"
+ default n
+
+config GBB_FLAG_ENABLE_SERIAL
+ bool "Tell vboot to enable serial console"
+ default n
+
+endmenu # GBB
+
+menu "Vboot Keys"
+config VBOOT_ROOT_KEY
+ string "Root key (public)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
+
+config VBOOT_RECOVERY_KEY
+ string "Recovery key (public)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
+
+config VBOOT_FIRMWARE_PRIVKEY
+ string "Firmware key (private)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
+
+config VBOOT_KERNEL_KEY
+ string "Kernel subkey (public)"
+ default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
+
+config VBOOT_KEYBLOCK
+ string "Keyblock to use for the RW regions"
+ default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
+
+config VBOOT_KEYBLOCK_VERSION
+ int "Keyblock version number"
+ default 1
+
+config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
+ hex "Keyblock preamble flags"
+ default 0x0
+
+endmenu # Keys
+endif # VBOOT
+endmenu # Verified Boot (vboot)
diff --git a/src/vboot/Makefile.inc b/src/vboot/Makefile.inc
index a09811b52c..56a3bacb72 100644
--- a/src/vboot/Makefile.inc
+++ b/src/vboot/Makefile.inc
@@ -67,17 +67,17 @@ verstage-y += common.c
verstage-y += verstage.c
ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y)
libverstage-y += secdata_mock.c
-romstage-$(CONFIG_SEPARATE_VERSTAGE) += secdata_mock.c
+romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_mock.c
else
libverstage-y += secdata_tpm.c
-romstage-$(CONFIG_SEPARATE_VERSTAGE) += secdata_tpm.c
+romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c
endif
romstage-y += vboot_handoff.c common.c
ramstage-y += common.c
postcar-y += common.c
-ifeq ($(CONFIG_SEPARATE_VERSTAGE),y)
+ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-verstage-y))
else
ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
@@ -85,7 +85,7 @@ VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-bootblock-y))
else
VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-romstage-y))
endif
-endif # CONFIG_SEPARATE_VERSTAGE
+endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
VB2_LIB = $(obj)/external/vboot_reference/vboot_fw20.a
VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%, $(filter-out -I$(obj), $(filter-out -include $(src)/include/kconfig.h, $(CPPFLAGS_libverstage))))
@@ -106,7 +106,7 @@ $(VB2_LIB): $(obj)/config.h
libverstage-srcs += $(VB2_LIB)
-ifeq ($(CONFIG_SEPARATE_VERSTAGE),y)
+ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
# This works under the assumption that romstage and verstage use the same
# architecture and thus CC_verstage is the same as CC_romstage. If this is not
@@ -115,7 +115,7 @@ ifeq ($(CONFIG_VBOOT_HAS_REC_HASH_SPACE),y)
romstage-srcs += $(VB2_LIB)
endif
-cbfs-files-$(CONFIG_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage
+cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage
$(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf
$(CONFIG_CBFS_PREFIX)/verstage-type := stage
$(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG)
@@ -137,7 +137,7 @@ bootblock-srcs += $(objgenerated)/libverstage.a
else
romstage-srcs += $(objgenerated)/libverstage.a
endif
-endif # CONFIG_SEPARATE_VERSTAGE
+endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
# Define a list of files that need to be in RO only.
# All other files will be installed into RO and RW regions
@@ -155,4 +155,115 @@ regions-for-file = $(subst $(spc),$(comma),$(sort \
rmu.bin \
,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B)))
+CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
+CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
+CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK))
+CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY))
+CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY))
+CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL))
+CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION))
+
+# bool-to-mask(var, value)
+# return "value" if var is "y", 0 otherwise
+bool-to-mask = $(if $(filter y,$(1)),$(2),0)
+
+GBB_FLAGS := $(call int-add, \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_LEGACY),0x80) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_FAFT_KEY_OVERIDE),0x100) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY),0x400) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP),0x2000) \
+ $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_SERIAL),0x4000) \
+ )
+
+ifneq ($(CONFIG_GBB_BMPFV_FILE),)
+$(obj)/gbb.sizetmp: $(obj)/coreboot.rom
+ $(CBFSTOOL) $< read -r GBB -f $@
+
+$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp
+ @printf " CREATE GBB (with BMPFV)\n"
+ $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp
+ mv $@.tmp $@
+else
+$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
+ @printf " CREATE GBB (without BMPFV)\n"
+ $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
+ mv $@.tmp $@
+endif
+
+$(obj)/gbb.region: $(obj)/gbb.stub
+ @printf " SETUP GBB\n"
+ cp $< $@.tmp
+ $(FUTILITY) gbb_utility -s \
+ --hwid="$(CONFIG_GBB_HWID)" \
+ --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
+ --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
+ --flags=$(GBB_FLAGS) \
+ $@.tmp
+ifneq ($(CONFIG_GBB_BMPFV_FILE),)
+ $(FUTILITY) gbb_utility -s \
+ --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \
+ $@.tmp
+endif
+ mv $@.tmp $@
+
+$(obj)/fwid.region:
+ printf "$(CONFIG_VBOOT_FWID_MODEL)$(CONFIG_VBOOT_FWID_VERSION)\0" > $@
+
+build_complete:: $(obj)/gbb.region $(obj)/fwid.region
+ @printf " WRITE GBB\n"
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region
+
+ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)
+build_complete::
+ printf "\0" > $(obj)/shared_data.region
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region
+endif
+
+# Extract FW_MAIN_? region and minimize it if the last file is empty, so it
+# doesn't contain this empty file (that can have a significant size),
+# improving a lot on hash times due to a smaller amount of data loaded from
+# firmware storage.
+# When passing the minimized image to vbutil_firmware, its length is recorded
+# in the keyblock, and coreboot's vboot code clips the region_device to match,
+# which prevents any potential extension attacks.
+$(obj)/FW_MAIN_%.bin: $(obj)/coreboot.rom
+ $(CBFSTOOL) $< read -r $(basename $(notdir $@)) -f $@.tmp
+ $(CBFSTOOL) $(obj)/coreboot.rom print -k -r $(basename $(notdir $@)) | \
+ tail -1 | \
+ sed "s,^(empty)[[:space:]]\(0x[0-9a-f]*\)\tnull\t.*$$,\1," \
+ > $@.tmp.size
+ if [ -n "$$(cat $@.tmp.size)" ] && [ $$( printf "%d" $$(cat $@.tmp.size)) -gt 0 ]; then \
+ head -c $$( printf "%d" $$(cat $@.tmp.size)) $@.tmp > $@.tmp2 && \
+ mv $@.tmp2 $@; \
+ else \
+ mv $@.tmp $@; \
+ fi
+
+$(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY)
+ $(FUTILITY) vbutil_firmware \
+ --vblock $@ \
+ --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \
+ --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \
+ --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \
+ --fv $< \
+ --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \
+ --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS)
+
+files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin
+
endif # CONFIG_VBOOT
diff --git a/src/vboot/bootmode.c b/src/vboot/bootmode.c
index d66911fa91..23dec13396 100644
--- a/src/vboot/bootmode.c
+++ b/src/vboot/bootmode.c
@@ -75,7 +75,7 @@ BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT,
static int vboot_possibly_executed(void)
{
if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) {
- if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_SEPARATE_VERSTAGE))
+ if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE))
return 0;
return 1;
}
@@ -141,6 +141,23 @@ int vboot_recovery_mode_enabled(void)
return !!vboot_check_recovery_request();
}
+int __attribute__((weak)) clear_recovery_mode_switch(void)
+{
+ // Weak implementation. Nothing to do.
+ return 0;
+}
+
+int __attribute__((weak)) get_sw_write_protect_state(void)
+{
+ // Can be implemented by a platform / mainboard
+ return 0;
+}
+
+void __attribute__((weak)) log_recovery_mode_switch(void)
+{
+ // Weak implementation. Nothing to do.
+}
+
int __attribute__((weak)) get_recovery_mode_retrain_switch(void)
{
return 0;
diff --git a/src/vboot/vboot_handoff.c b/src/vboot/vboot_handoff.c
index 85be928ae3..b3a5c19641 100644
--- a/src/vboot/vboot_handoff.c
+++ b/src/vboot/vboot_handoff.c
@@ -83,11 +83,11 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON;
}
/* TODO: Set these in depthcharge */
- if (!IS_ENABLED(CONFIG_PHYSICAL_DEV_SWITCH))
+ if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH))
vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH;
- if (IS_ENABLED(CONFIG_EC_SOFTWARE_SYNC))
+ if (IS_ENABLED(CONFIG_VBOOT_EC_SOFTWARE_SYNC))
vb_sd->flags |= VBSD_EC_SOFTWARE_SYNC;
- if (!IS_ENABLED(CONFIG_PHYSICAL_REC_SWITCH))
+ if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_REC_SWITCH))
vb_sd->flags |= VBSD_BOOT_REC_SWITCH_VIRTUAL;
if (IS_ENABLED(CONFIG_VBOOT_EC_SLOW_UPDATE))
vb_sd->flags |= VBSD_EC_SLOW_UPDATE;
diff --git a/src/vboot/vboot_loader.c b/src/vboot/vboot_loader.c
index 3629402f7e..9aab789854 100644
--- a/src/vboot/vboot_loader.c
+++ b/src/vboot/vboot_loader.c
@@ -29,11 +29,11 @@
_Static_assert(IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) +
IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE) == 1,
"vboot must either start in bootblock or romstage (not both!)");
-_Static_assert(!IS_ENABLED(CONFIG_SEPARATE_VERSTAGE) ||
+_Static_assert(!IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) ||
IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),
"stand-alone verstage must start in (i.e. after) bootblock");
-_Static_assert(!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) ||
- IS_ENABLED(CONFIG_SEPARATE_VERSTAGE),
+_Static_assert(!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE) ||
+ IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE),
"return from verstage only makes sense for separate verstages");
/* The stage loading code is compiled and entered from multiple stages. The
@@ -42,7 +42,7 @@ _Static_assert(!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) ||
static int verification_should_run(void)
{
- if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE))
+ if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE))
return ENV_VERSTAGE;
else if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE))
return ENV_ROMSTAGE;
@@ -54,7 +54,7 @@ static int verification_should_run(void)
static int verstage_should_load(void)
{
- if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE))
+ if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE))
return ENV_BOOTBLOCK;
else
return 0;
@@ -87,7 +87,7 @@ int vb2_logic_executed(void)
static void vboot_prepare(void)
{
if (verification_should_run()) {
- /* Note: this path is not used for RETURN_FROM_VERSTAGE */
+ /* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */
verstage_main();
car_set_var(vboot_executed, 1);
vb2_save_recovery_reason_vbnv();
@@ -130,7 +130,7 @@ static void vboot_prepare(void)
/* This is not actually possible to hit this condition at
* runtime, but this provides a hint to the compiler for dead
* code elimination below. */
- if (!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE))
+ if (!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE))
return;
car_set_var(vboot_executed, 1);
diff --git a/src/vboot/vboot_logic.c b/src/vboot/vboot_logic.c
index fbbe3e8be7..9145ad003e 100644
--- a/src/vboot/vboot_logic.c
+++ b/src/vboot/vboot_logic.c
@@ -329,7 +329,7 @@ void verstage_main(void)
antirollback_read_space_firmware(&ctx);
timestamp_add_now(TS_END_TPMINIT);
- if (IS_ENABLED(CONFIG_PHYSICAL_DEV_SWITCH) &&
+ if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) &&
get_developer_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
@@ -339,10 +339,11 @@ void verstage_main(void)
ctx.flags |= VB2_DISABLE_DEVELOPER_MODE;
}
- if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch())
+ if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) &&
+ get_wipeout_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE;
- if (IS_ENABLED(CONFIG_LID_SWITCH) && !get_lid_switch())
+ if (IS_ENABLED(CONFIG_VBOOT_LID_SWITCH) && !get_lid_switch())
ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT;
/* Do early init (set up secdata and NVRAM, load GBB) */
diff --git a/src/vboot/verstage.c b/src/vboot/verstage.c
index 64fadc736e..aca4ab328d 100644
--- a/src/vboot/verstage.c
+++ b/src/vboot/verstage.c
@@ -30,7 +30,7 @@ void main(void)
exception_init();
verstage_mainboard_init();
- if (IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) {
+ if (IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)) {
verstage_main();
} else {
run_romstage();