romstage: add support for vboot firmware selection

This patch implements support for vboot firmware selection. The vboot
support is comprised of the following pieces:

1. vboot_loader.c - this file contains the entry point,
   vboot_verify_firmware(), for romstage to call in order to perform
   vboot selection. The loader sets up all the data for the wrapper
   to use.
2. vboot_wrapper.c - this file contains the implementation calling the vboot
   API. It calls VbInit() and VbSelectFirmware() with the data supplied
   by the loader.

The vboot wrapper is compiled and linked as an rmodule and placed in
cbfs as 'fallback/vboot'. It's loaded into memory and relocated just
like the way ramstage would be. After being loaded the loader calls into
wrapper. When the wrapper sees that a given piece of firmware has been
selected it parses firmware component information for a predetermined
number of components.

Vboot result information is passed to downstream users by way of the
vboot_handoff structure. This structure lives in cbmem and contains
the shared data, selected firmware, VbInitParams, and parsed firwmare
components.

During ramstage there are only 2 changes:

1. Copy the shared vboot data from vboot_handoff to the chromeos acpi
   table.
2. If a firmware selection was made in romstage the boot loader
   component is used for the payload.

Noteable Information:
- no vboot path for S3.
- assumes that all RW firmware contains a book keeping header for the
  components that comprise the signed firmware area.
- As sanity check there is a limit to the number of firmware components
  contained in a signed firmware area. That's so that an errant value
  doesn't cause the size calculation to erroneously read memory it
  shouldn't.
- RO normal path isn't supported. It's assumed that firmware will always
  load the verified RW on all boots but recovery.
- If vboot requests memory to be cleared it is assumed that the boot
  loader will take care of that by looking at the out flags in
VbInitParams.

Built and booted. Noted firmware select worked on an image with
RW firmware support. Also checked that recovery mode worked as well
by choosing the RO path.

Change-Id: I45de725c44ee5b766f866692a20881c42ee11fa8
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/2854
Tested-by: build bot (Jenkins)
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>

1 files changed, 40 insertions, 0 deletions

diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 31094de956..06ed7d3255 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -67,6 +67,46 @@ config FLASHMAP_OFFSET
 
 endmenu
 
+config VBOOT_VERIFY_FIRMWARE
+	bool "Verify firmware with vboot."
+	default n
+	depends on CHROMEOS
+	help
+	  Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
+	  and boot loader.
+
+config EC_SOFTWARE_SYNC
+	bool "Enable EC software sync"
+	default n
+	depends on VBOOT_VERIFY_FIRMWARE
+	help
+	  EC software sync is a mechanism where the AP helps the EC verify its
+	  firmware similar to how vboot verifies the main system firmware. This
+	  option selects whether depthcharge should support EC software sync.
+
+config VIRTUAL_DEV_SWITCH
+	bool "Virtual developer switch support"
+	default n
+	depends on VBOOT_VERIFY_FIRMWARE
+	help
+	  Whether this platform has a virtual developer switch.
+
+config VBOOT_BOOT_LOADER_INDEX
+	hex "Bootloader component index"
+	default 0
+	depends on VBOOT_VERIFY_FIRMWARE
+	help
+	  This is the index of the bootloader component in the verified
+	  firmware block.
+
+config VBOOT_RAMSTAGE_INDEX
+	hex "Ramstage component index"
+	default 1
+	depends on VBOOT_VERIFY_FIRMWARE
+	help
+	  This is the index of the ramstage component in the verified
+	  firmware block.
+
 config NO_TPM_RESUME
 	bool
 	default n