diff options
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/Makefile.inc | 1 | ||||
-rw-r--r-- | src/security/vboot/vboot_handoff.c | 15 | ||||
-rw-r--r-- | src/security/vboot/vboot_logic.c | 26 |
3 files changed, 27 insertions, 15 deletions
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 9ce724ed54..3306f41a0b 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -88,6 +88,7 @@ else verstage-y += secdata_tpm.c romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c endif +romstage-y += vboot_logic.c romstage-y += vboot_handoff.c common.c ramstage-y += common.c diff --git a/src/security/vboot/vboot_handoff.c b/src/security/vboot/vboot_handoff.c index 8a6b3d61e8..19773c5438 100644 --- a/src/security/vboot/vboot_handoff.c +++ b/src/security/vboot/vboot_handoff.c @@ -122,21 +122,6 @@ void vboot_fill_handoff(void) /* needed until we finish transtion to vboot2 for kernel verification */ fill_vboot_handoff(vh, sd); - - - /* Log the recovery mode switches if required, before clearing them. */ - log_recovery_mode_switch(); - - /* - * The recovery mode switch is cleared (typically backed by EC) here - * to allow multiple queries to get_recovery_mode_switch() and have - * them return consistent results during the verified boot path as well - * as dram initialization. x86 systems ignore the saved dram settings - * in the recovery path in order to start from a clean slate. Therefore - * clear the state here since this function is called when memory - * is known to be up. - */ - clear_recovery_mode_switch(); } /* diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 7b98be28e4..62e033a0de 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -16,6 +16,7 @@ #include <arch/exception.h> #include <assert.h> #include <bootmode.h> +#include <cbmem.h> #include <console/console.h> #include <console/vtxprintf.h> #include <string.h> @@ -281,6 +282,26 @@ static uint32_t extend_pcrs(struct vb2_context *ctx) vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); } +static void vboot_log_and_clear_recovery_mode_switch(int unused) +{ + /* Log the recovery mode switches if required, before clearing them. */ + log_recovery_mode_switch(); + + /* + * The recovery mode switch is cleared (typically backed by EC) here + * to allow multiple queries to get_recovery_mode_switch() and have + * them return consistent results during the verified boot path as well + * as dram initialization. x86 systems ignore the saved dram settings + * in the recovery path in order to start from a clean slate. Therefore + * clear the state here since this function is called when memory + * is known to be up. + */ + clear_recovery_mode_switch(); +} +#if !CONFIG(VBOOT_STARTS_IN_ROMSTAGE) +ROMSTAGE_CBMEM_INIT_HOOK(vboot_log_and_clear_recovery_mode_switch) +#endif + /** * Verify and select the firmware in the RW image * @@ -448,6 +469,11 @@ void verstage_main(void) vboot_set_selected_region(region_device_region(&fw_main)); verstage_main_exit: + /* If CBMEM is not up yet, let the ROMSTAGE_CBMEM_INIT_HOOK take care + of running this function. */ + if (ENV_ROMSTAGE && CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) + vboot_log_and_clear_recovery_mode_switch(0); + vboot_finalize_work_context(&ctx); timestamp_add_now(TS_END_VBOOT); } |