romstage: add support for vboot firmware selection

This patch implements support for vboot firmware selection. The vboot
support is comprised of the following pieces:

1. vboot_loader.c - this file contains the entry point,
   vboot_verify_firmware(), for romstage to call in order to perform
   vboot selection. The loader sets up all the data for the wrapper
   to use.
2. vboot_wrapper.c - this file contains the implementation calling the vboot
   API. It calls VbInit() and VbSelectFirmware() with the data supplied
   by the loader.

The vboot wrapper is compiled and linked as an rmodule and placed in
cbfs as 'fallback/vboot'. It's loaded into memory and relocated just
like the way ramstage would be. After being loaded the loader calls into
wrapper. When the wrapper sees that a given piece of firmware has been
selected it parses firmware component information for a predetermined
number of components.

Vboot result information is passed to downstream users by way of the
vboot_handoff structure. This structure lives in cbmem and contains
the shared data, selected firmware, VbInitParams, and parsed firwmare
components.

During ramstage there are only 2 changes:

1. Copy the shared vboot data from vboot_handoff to the chromeos acpi
   table.
2. If a firmware selection was made in romstage the boot loader
   component is used for the payload.

Noteable Information:
- no vboot path for S3.
- assumes that all RW firmware contains a book keeping header for the
  components that comprise the signed firmware area.
- As sanity check there is a limit to the number of firmware components
  contained in a signed firmware area. That's so that an errant value
  doesn't cause the size calculation to erroneously read memory it
  shouldn't.
- RO normal path isn't supported. It's assumed that firmware will always
  load the verified RW on all boots but recovery.
- If vboot requests memory to be cleared it is assumed that the boot
  loader will take care of that by looking at the out flags in
VbInitParams.

Built and booted. Noted firmware select worked on an image with
RW firmware support. Also checked that recovery mode worked as well
by choosing the RO path.

Change-Id: I45de725c44ee5b766f866692a20881c42ee11fa8
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/2854
Tested-by: build bot (Jenkins)
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>

1 files changed, 18 insertions, 0 deletions

diff --git a/src/vendorcode/google/chromeos/gnvs.c b/src/vendorcode/google/chromeos/gnvs.c
index 2e9975c9cb..0d4095061d 100644
--- a/src/vendorcode/google/chromeos/gnvs.c
+++ b/src/vendorcode/google/chromeos/gnvs.c
@@ -19,12 +19,17 @@
 
 #include <types.h>
 #include <string.h>
+#include <stdlib.h>
 #include <cbfs.h>
+#include <cbmem.h>
 #include <console/console.h>
 #include <elog.h>
 
 #include "chromeos.h"
 #include "gnvs.h"
+#if CONFIG_VBOOT_VERIFY_FIRMWARE
+#include "vboot_handoff.h"
+#endif
 
 chromeos_acpi_t *vboot_data = NULL;
 static u32 me_hash_saved[8];
@@ -36,6 +41,19 @@ void chromeos_init_vboot(chromeos_acpi_t *chromeos)
 	/* Copy saved ME hash into NVS */
 	memcpy(vboot_data->mehh, me_hash_saved, sizeof(vboot_data->mehh));
 
+#if CONFIG_VBOOT_VERIFY_FIRMWARE
+	/* Save the vdat from the vboot handoff structure. Downstream software
+	 * consumes the data located in the ACPI table. Ensure it reflects
+	 * the shared data from VbInit() and VbSelectFirmware(). */
+	struct vboot_handoff *vboot_handoff;
+
+	vboot_handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF);
+
+	if (vboot_handoff != NULL)
+		memcpy(&chromeos->vdat[0], &vboot_handoff->shared_data[0],
+		       ARRAY_SIZE(chromeos->vdat));
+#endif
+
 #if CONFIG_ELOG
 	if (developer_mode_enabled() ||
 	    (vboot_wants_oprom() && !recovery_mode_enabled()))