summaryrefslogtreecommitdiff
path: root/src/vendorcode
diff options
context:
space:
mode:
Diffstat (limited to 'src/vendorcode')
-rw-r--r--src/vendorcode/google/chromeos/Kconfig39
-rw-r--r--src/vendorcode/google/chromeos/Makefile.inc32
-rw-r--r--src/vendorcode/google/chromeos/chromeos.c284
-rw-r--r--src/vendorcode/google/chromeos/chromeos.h61
-rw-r--r--src/vendorcode/google/chromeos/vboot_context.h11
-rw-r--r--src/vendorcode/google/chromeos/vboot_handoff.c77
-rw-r--r--src/vendorcode/google/chromeos/vboot_handoff.h11
-rw-r--r--src/vendorcode/google/chromeos/vboot_loader.c54
-rw-r--r--src/vendorcode/google/chromeos/verstage.c250
-rw-r--r--src/vendorcode/google/chromeos/verstub.c93
10 files changed, 619 insertions, 293 deletions
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 69ecaf2b02..4e71c3bfe5 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -98,17 +98,17 @@ config VBOOT_VERIFY_FIRMWARE
and boot loader.
config VBOOT2_VERIFY_FIRMWARE
- bool "Firmware Verification with vboot2"
- default n
- depends on CHROMEOS
- help
+ bool "Firmware Verification with vboot2"
+ default n
+ depends on CHROMEOS
+ help
Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
and boot loader.
config EC_SOFTWARE_SYNC
bool "Enable EC software sync"
default n
- depends on VBOOT_VERIFY_FIRMWARE
+ depends on VBOOT_VERIFY_FIRMWARE || VBOOT2_VERIFY_FIRMWARE
help
EC software sync is a mechanism where the AP helps the EC verify its
firmware similar to how vboot verifies the main system firmware. This
@@ -117,22 +117,45 @@ config EC_SOFTWARE_SYNC
config VIRTUAL_DEV_SWITCH
bool "Virtual developer switch support"
default n
- depends on VBOOT_VERIFY_FIRMWARE
+ depends on VBOOT_VERIFY_FIRMWARE || VBOOT2_VERIFY_FIRMWARE
help
Whether this platform has a virtual developer switch.
+config RETURN_FROM_VERSTAGE
+ bool "return from verstage"
+ default n
+ depends on VBOOT2_VERIFY_FIRMWARE
+ help
+ If this is set, the verstage returns back to the bootblock instead of
+ exits to the romstage so that the verstage space can be reused by the
+ romstage. Useful if a ram space is too small to fit both the verstage
+ and the romstage.
+
+# These VBOOT_X_INDEX are the position of X in FW_MAIN_A/B region. The index
+# table is created by cros_bundle_firmware at build time based on the positions
+# of the blobs listed in fmap.dts and stored at the top of FW_MAIN_A/B region.
+# Unfortunately, there is no programmatical link between the blob list and the
+# index number here.
config VBOOT_BOOT_LOADER_INDEX
hex "Bootloader component index"
default 0
- depends on VBOOT_VERIFY_FIRMWARE
+ depends on VBOOT_VERIFY_FIRMWARE || VBOOT2_VERIFY_FIRMWARE
help
This is the index of the bootloader component in the verified
firmware block.
+config VBOOT_ROMSTAGE_INDEX
+ hex
+ default 2
+ depends on VBOOT2_VERIFY_FIRMWARE
+ help
+ This is the index of the romstage component in the verified
+ firmware block.
+
config VBOOT_RAMSTAGE_INDEX
hex "Ramstage component index"
default 1
- depends on VBOOT_VERIFY_FIRMWARE
+ depends on VBOOT_VERIFY_FIRMWARE || VBOOT2_VERIFY_FIRMWARE
help
This is the index of the ramstage component in the verified
firmware block.
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index 701feb7b7f..e9eef4ac19 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -71,7 +71,7 @@ VBOOT_STUB_DEPS += $(obj)/arch/x86/lib/memcpy.rmodules_$(ARCH-romstage-y).o
VBOOT_STUB_DEPS += $(VB_LIB)
# Remove the '-include' option since that will break vboot's build and ensure
# vboot_reference can get to coreboot's include files.
-VBOOT_CFLAGS += $(patsubst -I%,-I../%,$(filter-out -include $(src)/include/kconfig.h, $(CFLAGS_romstage)))
+VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%,$(filter-out -include $(src)/include/kconfig.h, $(CFLAGS_romstage)))
VBOOT_CFLAGS += -DVBOOT_DEBUG
VBOOT_CFLAGS += $(rmodules_$(ARCH-ROMSTAGE-y)-c-ccopts)
@@ -89,7 +89,7 @@ $(VB_LIB):
CFLAGS="$(VBOOT_CFLAGS)" \
make -C $(VB_SOURCE) \
$(VBOOT_MAKEFLAGS) \
- BUILD=../$(dir $(VB_LIB)) \
+ BUILD=$(top)/$(dir $(VB_LIB)) \
V=$(V) \
fwlib
@@ -97,10 +97,17 @@ endif
ifeq ($(CONFIG_VBOOT2_VERIFY_FIRMWARE),y)
VB_SOURCE := vboot_reference
-VERSTAGE_LIB = $(obj)/vendorcode/google/chromeos/verstage.a
-
INCLUDES += -I$(VB_SOURCE)/firmware/2lib/include
INCLUDES += -I$(VB_SOURCE)/firmware/include
+
+verstage-c-ccopts += -D__PRE_RAM__ -D__VER_STAGE__
+verstage-S-ccopts += -D__PRE_RAM__ -D__VER_STAGE__
+
+ifeq ($(CONFIG_RETURN_FROM_VERSTAGE),y)
+bootblock-y += verstub.c
+else
+verstage-y += verstub.c
+endif
verstage-y += verstage.c fmap.c chromeos.c
verstage-y += antirollback.c vbnv_ec.c
romstage-y += vboot_handoff.c
@@ -121,13 +128,10 @@ $(VB2_LIB): $(obj)/config.h
BUILD=$(top)/$(dir $(VB2_LIB)) \
V=$(V) \
fwlib2
- mv $@ $@.tmp
- @printf " OBJCOPY $(subst $(obj)/,,$(@))\n"
- $(OBJCOPY_verstage) --prefix-symbols=verstage_ $@.tmp $@
-
-$(VERSTAGE_LIB): $$(verstage-objs)
- @printf " AR $(subst $(obj)/,,$(@))\n"
- $(AR_verstage) rc $@.tmp $(verstage-objs)
- @printf " OBJCOPY $(subst $(obj)/,,$(@))\n"
- $(OBJCOPY_verstage) --prefix-symbols=verstage_ $@.tmp $@
-endif
+
+VERSTAGE_ELF = $(objcbfs)/verstage.elf
+cbfs-files-y += $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/verstage
+fallback/verstage-file = $(VERSTAGE_ELF)
+fallback/verstage-type = stage
+fallback/verstage-compression = none
+endif # CONFIG_VBOOT2_VERIFY_FIRMWARE
diff --git a/src/vendorcode/google/chromeos/chromeos.c b/src/vendorcode/google/chromeos/chromeos.c
new file mode 100644
index 0000000000..d2f62d7da7
--- /dev/null
+++ b/src/vendorcode/google/chromeos/chromeos.c
@@ -0,0 +1,284 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "chromeos.h"
+#if CONFIG_VBOOT_VERIFY_FIRMWARE || CONFIG_VBOOT2_VERIFY_FIRMWARE
+#include "fmap.h"
+#include "vboot_handoff.h"
+#include <reset.h>
+#endif
+#include <boot/coreboot_tables.h>
+#include <cbfs.h>
+#include <cbmem.h>
+#include <console/console.h>
+
+#if CONFIG_VBOOT_VERIFY_FIRMWARE
+static int vboot_enable_developer(void)
+{
+ struct vboot_handoff *vbho;
+
+ vbho = cbmem_find(CBMEM_ID_VBOOT_HANDOFF);
+
+ if (vbho == NULL) {
+ printk(BIOS_ERR, "%s: Couldn't find vboot_handoff structure!\n",
+ __func__);
+ return 0;
+ }
+
+ return !!(vbho->init_params.out_flags & VB_INIT_OUT_ENABLE_DEVELOPER);
+}
+
+static int vboot_enable_recovery(void)
+{
+ struct vboot_handoff *vbho;
+
+ vbho = cbmem_find(CBMEM_ID_VBOOT_HANDOFF);
+
+ if (vbho == NULL)
+ return 0;
+
+ return !!(vbho->init_params.out_flags & VB_INIT_OUT_ENABLE_RECOVERY);
+}
+#else
+static inline int vboot_enable_developer(void) { return 0; }
+static inline int vboot_enable_recovery(void) { return 0; }
+#endif
+
+int developer_mode_enabled(void)
+{
+ return get_developer_mode_switch() || vboot_enable_developer();
+}
+
+int recovery_mode_enabled(void)
+{
+ /*
+ * This is called in multiple places and has to detect
+ * recovery mode triggered from the EC and via shared
+ * recovery reason set with crossystem.
+ *
+ * If shared recovery reason is set:
+ * - before VbInit then get_recovery_mode_from_vbnv() is true
+ * - after VbInit then vboot_enable_recovery() is true
+ *
+ * Otherwise the mainboard handler for get_recovery_mode_switch()
+ * will detect recovery mode initiated by the EC.
+ */
+ return get_recovery_mode_switch() || get_recovery_mode_from_vbnv() ||
+ vboot_enable_recovery();
+}
+
+int __attribute__((weak)) clear_recovery_mode_switch(void)
+{
+ // Can be implemented by a mainboard
+ return 0;
+}
+
+int vboot_skip_display_init(void)
+{
+#if CONFIG_VBOOT_VERIFY_FIRMWARE
+ struct vboot_handoff *vbho;
+
+ vbho = cbmem_find(CBMEM_ID_VBOOT_HANDOFF);
+
+ if (vbho == NULL)
+ return 0;
+
+ return !(vbho->init_params.out_flags & VB_INIT_OUT_ENABLE_DISPLAY);
+#else
+ return 0;
+#endif
+}
+
+#ifdef __PRE_RAM__
+void __attribute__((weak)) save_chromeos_gpios(void)
+{
+ // Can be implemented by a mainboard
+}
+
+int __attribute((weak)) vboot_get_sw_write_protect(void)
+{
+ // Can be implemented by a platform / mainboard
+ return 0;
+}
+#endif
+
+#if CONFIG_VBOOT_VERIFY_FIRMWARE || CONFIG_VBOOT2_VERIFY_FIRMWARE
+void vboot_locate_region(const char *name, struct vboot_region *region)
+{
+ region->size = find_fmap_entry(name, (void **)&region->offset_addr);
+}
+
+void *vboot_get_region(uintptr_t offset_addr, size_t size, void *dest)
+{
+ if (IS_ENABLED(CONFIG_SPI_FLASH_MEMORY_MAPPED)) {
+ if (dest != NULL)
+ return memcpy(dest, (void *)offset_addr, size);
+ else
+ return (void *)offset_addr;
+ } else {
+ struct cbfs_media default_media, *media = &default_media;
+ void *cache;
+
+ init_default_cbfs_media(media);
+ media->open(media);
+ if (dest != NULL) {
+ cache = dest;
+ if (media->read(media, dest, offset_addr, size) != size)
+ cache = NULL;
+ } else {
+ cache = media->map(media, offset_addr, size);
+ if (cache == CBFS_MEDIA_INVALID_MAP_ADDRESS)
+ cache = NULL;
+ }
+ media->close(media);
+ return cache;
+ }
+}
+
+int vboot_get_handoff_info(void **addr, uint32_t *size)
+{
+ struct vboot_handoff *vboot_handoff;
+
+ vboot_handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF);
+
+ if (vboot_handoff == NULL)
+ return -1;
+
+ *addr = vboot_handoff;
+ *size = sizeof(*vboot_handoff);
+ return 0;
+}
+
+/* This will leak a mapping of a fw region */
+struct vboot_components *vboot_locate_components(struct vboot_region *region)
+{
+ size_t req_size;
+ struct vboot_components *vbc;
+
+ req_size = sizeof(*region);
+ req_size += sizeof(struct vboot_component_entry) *
+ MAX_PARSED_FW_COMPONENTS;
+
+ vbc = vboot_get_region(region->offset_addr, req_size, NULL);
+ if (vbc && vbc->num_components > MAX_PARSED_FW_COMPONENTS)
+ vbc = NULL;
+
+ return vbc;
+}
+
+void *vboot_get_payload(int *len)
+{
+ struct vboot_handoff *vboot_handoff;
+ struct firmware_component *fwc;
+
+ vboot_handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF);
+
+ if (vboot_handoff == NULL)
+ return NULL;
+
+ if (CONFIG_VBOOT_BOOT_LOADER_INDEX >= MAX_PARSED_FW_COMPONENTS) {
+ printk(BIOS_ERR, "Invalid boot loader index: %d\n",
+ CONFIG_VBOOT_BOOT_LOADER_INDEX);
+ return NULL;
+ }
+
+ fwc = &vboot_handoff->components[CONFIG_VBOOT_BOOT_LOADER_INDEX];
+
+ /* If payload size is zero fall back to cbfs path. */
+ if (fwc->size == 0)
+ return NULL;
+
+ if (len != NULL)
+ *len = fwc->size;
+
+ printk(BIOS_DEBUG, "Booting 0x%x byte verified payload at 0x%08x.\n",
+ fwc->size, fwc->address);
+
+ /* This will leak a mapping. */
+ return vboot_get_region(fwc->address, fwc->size, NULL);
+}
+#endif
+
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+void *vboot_load_stage(int stage_index,
+ struct vboot_region *fw_main,
+ struct vboot_components *fw_info)
+{
+ struct cbfs_stage *stage;
+ uint32_t fc_addr;
+ uint32_t fc_size;
+
+ if (stage_index >= fw_info->num_components) {
+ printk(BIOS_INFO, "invalid stage index\n");
+ return NULL;
+ }
+
+ fc_addr = fw_main->offset_addr + fw_info->entries[stage_index].offset;
+ fc_size = fw_info->entries[stage_index].size;
+ if (fc_size == 0 ||
+ fc_addr + fc_size > fw_main->offset_addr + fw_main->size) {
+ printk(BIOS_INFO, "invalid stage address or size\n");
+ return NULL;
+ }
+
+ /* Loading to cbfs cache. This stage data must be retained until it's
+ * decompressed. */
+ stage = vboot_get_region(fc_addr, fc_size, NULL);
+
+ if (stage == NULL) {
+ printk(BIOS_INFO, "failed to load a stage\n");
+ return NULL;
+ }
+
+ /* Stages rely the below clearing so that the bss is initialized. */
+ memset((void *) (uintptr_t)stage->load, 0, stage->memlen);
+
+ if (cbfs_decompress(stage->compression,
+ (unsigned char *)stage + sizeof(*stage),
+ (void *) (uintptr_t) stage->load,
+ stage->len)) {
+ printk(BIOS_INFO, "failed to decompress a stage\n");
+ return NULL;
+ }
+
+ return (void *)(uintptr_t)stage->entry;
+}
+
+struct vb2_working_data * const vboot_get_working_data(void)
+{
+ return (struct vb2_working_data *)CONFIG_VBOOT_WORK_BUFFER_ADDRESS;
+}
+
+int vboot_is_slot_selected(struct vb2_working_data *wd)
+{
+ return wd->selected_region.size > 0;
+}
+
+int vboot_is_readonly_path(struct vb2_working_data *wd)
+{
+ return wd->selected_region.size == 0;
+}
+
+void vboot_reboot(void)
+{
+ hard_reset();
+}
+#endif
diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h
index 724ff57893..14e0b10d18 100644
--- a/src/vendorcode/google/chromeos/chromeos.h
+++ b/src/vendorcode/google/chromeos/chromeos.h
@@ -47,6 +47,38 @@ struct romstage_handoff;
/* TODO(shawnn): Remove these CONFIGs and define default weak functions
* that can be overridden in the platform / MB code. */
#if CONFIG_VBOOT_VERIFY_FIRMWARE || CONFIG_VBOOT2_VERIFY_FIRMWARE
+struct vboot_region {
+ uintptr_t offset_addr;
+ int32_t size;
+};
+
+/*
+ * The vboot handoff structure keeps track of a maximum number of firmware
+ * components in the verfieid RW area of flash. This is not a restriction on
+ * the number of components packed in a firmware block. It's only the maximum
+ * number of parsed firmware components (address and size) included in the
+ * handoff structure.
+ */
+#define MAX_PARSED_FW_COMPONENTS 5
+
+/* The FW areas consist of multiple components. At the beginning of
+ * each area is the number of total compoments as well as the size and
+ * offset for each component. One needs to caculate the total size of the
+ * signed firmware region based off of the embedded metadata. */
+struct vboot_component_entry {
+ uint32_t offset;
+ uint32_t size;
+} __attribute__((packed));
+
+struct vboot_components {
+ uint32_t num_components;
+ struct vboot_component_entry entries[0];
+} __attribute__((packed));
+
+void vboot_locate_region(const char *name, struct vboot_region *region);
+
+struct vboot_components *vboot_locate_components(struct vboot_region *region);
+
/*
* This is a dual purpose routine. If dest is non-NULL the region at
* offset_addr will be read into the area pointed to by dest. If dest
@@ -87,8 +119,31 @@ static inline void chromeos_reserve_ram_oops(struct device *dev, int idx) {}
#endif /* CONFIG_CHROMEOS_RAMOOPS */
#if CONFIG_VBOOT2_VERIFY_FIRMWARE
-void select_firmware(void);
-void vboot_create_handoff(void * vboot_workbuf);
-#endif
+void *vboot_load_ramstage(void);
+void vboot2_verify_firmware(void);
+void verstage_main(void);
+void *vboot_load_stage(int stage_index,
+ struct vboot_region *fw_main,
+ struct vboot_components *fw_info);
+void vboot_reboot(void);
+
+/*
+ * this is placed at the start of the vboot work buffer. selected_region is used
+ * for the verstage to return the location of the selected slot. buffer is used
+ * by the vboot2 core.
+ *
+ * TODO: Make the sizes of the struct and its members independent of cpu
+ * architectures as it crosses stage boundaries.
+ */
+struct vb2_working_data {
+ struct vboot_region selected_region;
+ size_t buffer_size;
+ uint8_t *buffer;
+};
+
+struct vb2_working_data * const vboot_get_working_data(void);
+int vboot_is_slot_selected(struct vb2_working_data *wd);
+int vboot_is_readonly_path(struct vb2_working_data *wd);
+#endif /* CONFIG_VBOOT2_VERIFY_FIRMWARE */
#endif
diff --git a/src/vendorcode/google/chromeos/vboot_context.h b/src/vendorcode/google/chromeos/vboot_context.h
index cd82aacf0a..2517f63e63 100644
--- a/src/vendorcode/google/chromeos/vboot_context.h
+++ b/src/vendorcode/google/chromeos/vboot_context.h
@@ -21,21 +21,12 @@
#include <stdint.h>
#include <vboot_api.h>
+#include "chromeos.h"
struct cbmem_entry;
/* The vboot context structure provides all the necessary data for invoking
* vboot. The vboot loader sets everything up for vboot module to use. */
-
-struct vboot_region {
- /*
- * The offset_addr field may be an offset or an address. It depends
- * on the capabilities of the underlying architecture.
- */
- uintptr_t offset_addr;
- int32_t size;
-};
-
struct vboot_context {
struct vboot_handoff *handoff;
VbCommonParams *cparams;
diff --git a/src/vendorcode/google/chromeos/vboot_handoff.c b/src/vendorcode/google/chromeos/vboot_handoff.c
index 3b276aac95..ae3096aee2 100644
--- a/src/vendorcode/google/chromeos/vboot_handoff.c
+++ b/src/vendorcode/google/chromeos/vboot_handoff.c
@@ -19,6 +19,8 @@
#include <2recovery_reasons.h>
#include <2struct.h>
+#include <arch/stages.h>
+#include <assert.h>
#include <stdint.h>
#include <stddef.h>
#include <string.h>
@@ -33,13 +35,33 @@
#include "vboot_handoff.h"
#include <vboot_struct.h>
+static void *load_ramstage(struct vboot_handoff *vboot_handoff,
+ struct vboot_region *fw_main)
+{
+ struct vboot_components *fw_info;
+ int i;
+
+ fw_info = vboot_locate_components(fw_main);
+ if (fw_info == NULL)
+ die("failed to locate firmware components\n");
+
+ /* these offset & size are used to load a rw boot loader */
+ for (i = 0; i < fw_info->num_components; i++) {
+ vboot_handoff->components[i].address =
+ fw_main->offset_addr + fw_info->entries[i].offset;
+ vboot_handoff->components[i].size = fw_info->entries[i].size;
+ }
+
+ return vboot_load_stage(CONFIG_VBOOT_RAMSTAGE_INDEX, fw_main, fw_info);
+}
+
/**
* Sets vboot_handoff based on the information in vb2_shared_data
*
* TODO: Read wp switch to set VBSD_BOOT_FIRMWARE_WP_ENABLED
*/
static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
- struct vb2_shared_data *vb2_sd)
+ struct vb2_shared_data *vb2_sd)
{
VbSharedDataHeader *vb_sd =
(VbSharedDataHeader *)vboot_handoff->shared_data;
@@ -49,7 +71,6 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
vboot_handoff->selected_firmware = vb2_sd->fw_slot;
- /* TODO: fw_slot is never 0xff while firmware_index can. */
vb_sd->firmware_index = vb2_sd->fw_slot;
vb_sd->magic = VB_SHARED_DATA_MAGIC;
@@ -61,7 +82,7 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
if (vb2_sd->recovery_reason) {
vb_sd->firmware_index = 0xFF;
if (vb2_sd->recovery_reason == VB2_RECOVERY_RO_MANUAL)
- vb_sd->flags |= VBSD_BOOT_REC_SWITCH_ON;
+ vb_sd->flags |= VBSD_BOOT_REC_SWITCH_ON;
*oflags |= VB_INIT_OUT_ENABLE_RECOVERY;
*oflags |= VB_INIT_OUT_CLEAR_RAM;
*oflags |= VB_INIT_OUT_ENABLE_DISPLAY;
@@ -75,6 +96,7 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
vb_sd->flags |= VBSD_BOOT_DEV_SWITCH_ON;
vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON;
}
+ /* TODO: Set these in depthcharge */
if (CONFIG_VIRTUAL_DEV_SWITCH)
vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH;
if (CONFIG_EC_SOFTWARE_SYNC) {
@@ -92,51 +114,58 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
if (vb2_sd->workbuf_preamble_size) {
struct vb2_fw_preamble *fp;
uintptr_t dst, src;
- printk(BIOS_ERR, "Copying FW preamble\n");
+ printk(BIOS_INFO, "Copying FW preamble\n");
fp = (struct vb2_fw_preamble *)( (uintptr_t)vb2_sd +
vb2_sd->workbuf_preamble_offset);
- src = (uintptr_t)&fp->kernel_subkey + fp->kernel_subkey.key_offset;
+ src = (uintptr_t)&fp->kernel_subkey +
+ fp->kernel_subkey.key_offset;
dst = (uintptr_t)vb_sd + sizeof(VbSharedDataHeader);
- memcpy((void *)dst, (void *)src, fp->kernel_subkey.key_size);
- vb_sd->data_used += fp->kernel_subkey.key_size;
+ assert(dst + fp->kernel_subkey.key_size <=
+ (uintptr_t)vboot_handoff + sizeof(*vboot_handoff));
+ memcpy((void *)dst, (void *)src,
+ fp->kernel_subkey.key_size);
+ vb_sd->data_used += fp->kernel_subkey.key_size;
vb_sd->kernel_subkey.key_offset =
dst - (uintptr_t)&vb_sd->kernel_subkey;
vb_sd->kernel_subkey.key_size = fp->kernel_subkey.key_size;
vb_sd->kernel_subkey.algorithm = fp->kernel_subkey.algorithm;
- vb_sd->kernel_subkey.key_version = fp->kernel_subkey.key_version;
+ vb_sd->kernel_subkey.key_version =
+ fp->kernel_subkey.key_version;
}
vb_sd->recovery_reason = vb2_sd->recovery_reason;
}
/**
- * Create vboot handoff struct
- *
- * struct vboot_handoff {
- * VbInitParams init_params;
- * uint32_t selected_firmware;
- * struct firmware_component components[MAX_PARSED_FW_COMPONENTS];
- * char shared_data[VB_SHARED_DATA_MIN_SIZE];
- * } __attribute__((packed));
+ * Load ramstage and return the entry point
*/
-void vboot_create_handoff(void *vboot_workbuf)
+void *vboot_load_ramstage(void)
{
struct vboot_handoff *vh;
struct vb2_shared_data *sd;
+ struct vb2_working_data *wd = vboot_get_working_data();
- sd = (struct vb2_shared_data *)vboot_workbuf;
+ sd = (struct vb2_shared_data *)wd->buffer;
sd->workbuf_hash_offset = 0;
sd->workbuf_hash_size = 0;
- printk(BIOS_INFO, "Creating vboot_handoff structure\n");
+ printk(BIOS_INFO, "creating vboot_handoff structure\n");
vh = cbmem_add(CBMEM_ID_VBOOT_HANDOFF, sizeof(*vh));
-
- if (vh == NULL) {
- printk(BIOS_ERR, "Could not add vboot_handoff structure\n");
- return;
- }
+ if (vh == NULL)
+ /* we don't need to failover gracefully here because this
+ * shouldn't happen with the image that has passed QA. */
+ die("failed to allocate vboot_handoff structure\n");
memset(vh, 0, sizeof(*vh));
+ /* needed until we finish transtion to vboot2 for kernel verification */
fill_vboot_handoff(vh, sd);
+
+ if (vboot_is_readonly_path(wd))
+ /* we're on recovery path. continue to ro-ramstage. */
+ return NULL;
+
+ printk(BIOS_INFO,
+ "loading ramstage from Slot %c\n", sd->fw_slot ? 'B' : 'A');
+ return load_ramstage(vh, &wd->selected_region);
}
diff --git a/src/vendorcode/google/chromeos/vboot_handoff.h b/src/vendorcode/google/chromeos/vboot_handoff.h
index e1e519f081..b0017438ac 100644
--- a/src/vendorcode/google/chromeos/vboot_handoff.h
+++ b/src/vendorcode/google/chromeos/vboot_handoff.h
@@ -21,16 +21,7 @@
#include <vboot_api.h>
#include <vboot_struct.h>
-
-/*
- * The vboot handoff structure keeps track of a maximum number of firmware
- * components in the verfieid RW area of flash. This is not a restriction on
- * the number of components packed in a firmware block. It's only the maximum
- * number of parsed firmware components (address and size) included in the
- * handoff structure.
- */
-
-#define MAX_PARSED_FW_COMPONENTS 5
+#include "chromeos.h"
struct firmware_component {
uint32_t address;
diff --git a/src/vendorcode/google/chromeos/vboot_loader.c b/src/vendorcode/google/chromeos/vboot_loader.c
index 0294ac63ac..2a1ee3e7a7 100644
--- a/src/vendorcode/google/chromeos/vboot_loader.c
+++ b/src/vendorcode/google/chromeos/vboot_loader.c
@@ -34,26 +34,9 @@
#include <stdlib.h>
#include <timestamp.h>
#include "chromeos.h"
-#include "fmap.h"
#include "vboot_context.h"
#include "vboot_handoff.h"
-/* The FW areas consist of multiple components. At the beginning of
- * each area is the number of total compoments as well as the size and
- * offset for each component. One needs to caculate the total size of the
- * signed firmware region based off of the embedded metadata. */
-
-struct component_entry {
- uint32_t offset;
- uint32_t size;
-} __attribute__((packed));
-
-struct components {
- uint32_t num_components;
- struct component_entry entries[0];
-} __attribute__((packed));
-
-
#define TEMP_CBMEM_ID_VBOOT 0xffffffff
#define TEMP_CBMEM_ID_VBLOCKS 0xfffffffe
@@ -93,24 +76,13 @@ static void fatal_error(void)
hard_reset();
}
-static void locate_region(const char *name, struct vboot_region *region)
-{
- region->size = find_fmap_entry(name, (void **)&region->offset_addr);
-}
-
static int fw_region_size(struct vboot_region *r)
{
- struct components *fw_info;
+ struct vboot_components *fw_info;
int32_t size;
- size_t req_size;
int i;
- req_size = sizeof(*fw_info);
- req_size += sizeof(struct component_entry) * MAX_PARSED_FW_COMPONENTS;
-
- /* This will leak a mapping. */
- fw_info = vboot_get_region(r->offset_addr, req_size, NULL);
-
+ fw_info = vboot_locate_components(r);
if (fw_info == NULL)
return -1;
@@ -118,7 +90,7 @@ static int fw_region_size(struct vboot_region *r)
return -1;
size = sizeof(*fw_info);
- size += sizeof(struct component_entry) * fw_info->num_components;
+ size += sizeof(struct vboot_component_entry) * fw_info->num_components;
for (i = 0; i < fw_info->num_components; i++)
size += ALIGN(fw_info->entries[i].size, sizeof(uint32_t));
@@ -190,9 +162,8 @@ static int vboot_fill_params(struct vboot_context *ctx)
static void fill_handoff(struct vboot_context *context)
{
- struct components *fw_info;
+ struct vboot_components *fw_info;
struct vboot_region *region;
- size_t req_size;
int i;
/* Fix up the handoff structure. */
@@ -207,12 +178,7 @@ static void fill_handoff(struct vboot_context *context)
else
return;
- req_size = sizeof(*fw_info);
- req_size += sizeof(struct component_entry) * MAX_PARSED_FW_COMPONENTS;
-
- /* This will leak a mapping. */
- fw_info = vboot_get_region(region->offset_addr, req_size, NULL);
-
+ fw_info = vboot_locate_components(region);
if (fw_info == NULL)
return;
@@ -273,11 +239,11 @@ static void vboot_invoke_wrapper(struct vboot_handoff *vboot_handoff)
cparams.shared_data_size = VB_SHARED_DATA_MIN_SIZE;
cparams.caller_context = &context;
- locate_region("GBB", &context.gbb);
- locate_region("VBLOCK_A", &context.vblock_a);
- locate_region("VBLOCK_B", &context.vblock_b);
- locate_region("FW_MAIN_A", &context.fw_a);
- locate_region("FW_MAIN_B", &context.fw_b);
+ vboot_locate_region("GBB", &context.gbb);
+ vboot_locate_region("VBLOCK_A", &context.vblock_a);
+ vboot_locate_region("VBLOCK_B", &context.vblock_b);
+ vboot_locate_region("FW_MAIN_A", &context.fw_a);
+ vboot_locate_region("FW_MAIN_B", &context.fw_b);
/* Check all fmap entries. */
if (context.fw_a.size < 0 || context.fw_b.size < 0 ||
diff --git a/src/vendorcode/google/chromeos/verstage.c b/src/vendorcode/google/chromeos/verstage.c
index 1564d8031b..4970124b04 100644
--- a/src/vendorcode/google/chromeos/verstage.c
+++ b/src/vendorcode/google/chromeos/verstage.c
@@ -1,58 +1,38 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
#include <2api.h>
#include <2struct.h>
#include <antirollback.h>
-#include <arch/exception.h>
-#include <arch/stages.h>
-#include <soc/nvidia/tegra124/cache.h>
-#include <cbfs.h>
#include <console/console.h>
#include <console/vtxprintf.h>
-#include <reset.h>
-#include <soc/addressmap.h>
-#include <soc/clock.h>
#include <string.h>
#include "chromeos.h"
-#include "fmap.h"
-
-#define VBDEBUG(format, args...) \
- printk(BIOS_INFO, "%s():%d: " format, __func__, __LINE__, ## args)
-#define TODO_BLOCK_SIZE 8192
-#define MAX_PARSED_FW_COMPONENTS 5
-#define ROMSTAGE_INDEX 2
-
-struct component_entry {
- uint32_t offset;
- uint32_t size;
-} __attribute__((packed));
-
-struct components {
- uint32_t num_components;
- struct component_entry entries[MAX_PARSED_FW_COMPONENTS];
-} __attribute__((packed));
-
-struct vboot_region {
- uintptr_t offset_addr;
- int32_t size;
-};
-
-static void locate_region(const char *name, struct vboot_region *region)
-{
- region->size = find_fmap_entry(name, (void **)&region->offset_addr);
- VBDEBUG("Located %s @%x\n", name, region->offset_addr);
-}
+
+#define TODO_BLOCK_SIZE 1024
static int is_slot_a(struct vb2_context *ctx)
{
return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B);
}
-static int in_ro(void)
-{
- /* TODO: Implement */
- return 1;
-}
-
/* exports */
void vb2ex_printf(const char *func, const char *fmt, ...)
@@ -61,7 +41,7 @@ void vb2ex_printf(const char *func, const char *fmt, ...)
printk(BIOS_INFO, "VB2:%s() ", func);
va_start(args, fmt);
- printk(BIOS_INFO, fmt, args);
+ vprintk(BIOS_INFO, fmt, args);
va_end(args);
return;
@@ -70,7 +50,7 @@ void vb2ex_printf(const char *func, const char *fmt, ...)
int vb2ex_tpm_clear_owner(struct vb2_context *ctx)
{
uint32_t rv;
- VBDEBUG("Clearing TPM owner\n");
+ printk(BIOS_INFO, "Clearing TPM owner\n");
rv = tpm_clear_and_reenable();
if (rv)
return VB2_ERROR_EX_TPM_CLEAR_OWNER;
@@ -87,13 +67,13 @@ int vb2ex_read_resource(struct vb2_context *ctx,
switch (index) {
case VB2_RES_GBB:
- locate_region("GBB", &region);
+ vboot_locate_region("GBB", &region);
break;
case VB2_RES_FW_VBLOCK:
if (is_slot_a(ctx))
- locate_region("VBLOCK_A", &region);
+ vboot_locate_region("VBLOCK_A", &region);
else
- locate_region("VBLOCK_B", &region);
+ vboot_locate_region("VBLOCK_B", &region);
break;
default:
return VB2_ERROR_EX_READ_RESOURCE_INDEX;
@@ -108,29 +88,10 @@ int vb2ex_read_resource(struct vb2_context *ctx,
return VB2_SUCCESS;
}
-static void reboot(void)
-{
- cpu_reset();
-}
-
-static void recovery(void)
-{
- void *entry;
-
- if (!in_ro())
- reboot();
-
- entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, "fallback/romstage");
- if (entry != (void *)-1)
- stage_exit(entry);
-
- for (;;);
-}
-
static int hash_body(struct vb2_context *ctx, struct vboot_region *fw_main)
{
uint32_t expected_size;
- uint8_t block[TODO_BLOCK_SIZE];
+ MAYBE_STATIC uint8_t block[TODO_BLOCK_SIZE];
size_t block_size = sizeof(block);
uintptr_t offset;
int rv;
@@ -168,122 +129,57 @@ static int hash_body(struct vb2_context *ctx, struct vboot_region *fw_main)
return VB2_SUCCESS;
}
-static int locate_fw_components(struct vb2_context *ctx,
- struct vboot_region *fw_main,
- struct components *fw_info)
+static int locate_firmware(struct vb2_context *ctx,
+ struct vboot_region *fw_main)
{
if (is_slot_a(ctx))
- locate_region("FW_MAIN_A", fw_main);
+ vboot_locate_region("FW_MAIN_A", fw_main);
else
- locate_region("FW_MAIN_B", fw_main);
+ vboot_locate_region("FW_MAIN_B", fw_main);
+
if (fw_main->size < 0)
return 1;
- if (vboot_get_region(fw_main->offset_addr,
- sizeof(*fw_info), fw_info) == NULL)
- return 1;
return 0;
}
-static struct cbfs_stage *load_stage(struct vb2_context *ctx,
- int stage_index,
- struct vboot_region *fw_main,
- struct components *fw_info)
-{
- struct cbfs_stage *stage;
- uint32_t fc_addr;
- uint32_t fc_size;
-
- /* Check for invalid address. */
- fc_addr = fw_main->offset_addr + fw_info->entries[stage_index].offset;
- fc_size = fw_info->entries[stage_index].size;
- if (fc_addr == 0 || fc_size == 0) {
- VBDEBUG("romstage address invalid.\n");
- return NULL;
- }
-
- /* Loading to cbfs cache. This stage data must be retained until it's
- * decompressed. */
- stage = vboot_get_region(fc_addr, fc_size, NULL);
-
- if (stage == NULL) {
- VBDEBUG("Unable to load a stage.\n");
- return NULL;
- }
-
- return stage;
-}
-
-static void enter_stage(struct cbfs_stage *stage)
-{
- /* Stages rely the below clearing so that the bss is initialized. */
- memset((void *) (uintptr_t)stage->load, 0, stage->memlen);
-
- if (cbfs_decompress(stage->compression,
- (unsigned char *)stage + sizeof(*stage),
- (void *) (uintptr_t) stage->load,
- stage->len))
- return;
-
- VBDEBUG("Jumping to entry @%llx.\n", stage->entry);
- stage_exit((void *)(uintptr_t)stage->entry);
-}
-
-static void enable_cache(void)
-{
- mmu_init();
- mmu_config_range(0, CONFIG_SYS_SDRAM_BASE >> 20, DCACHE_OFF);
- mmu_config_range(0x40000000 >> 20, 2, DCACHE_WRITEBACK);
- mmu_disable_range(0, 1);
- VBDEBUG("Enabling cache\n");
- dcache_mmu_enable();
-}
-
/**
* Save non-volatile and/or secure data if needed.
*/
static void save_if_needed(struct vb2_context *ctx)
{
if (ctx->flags & VB2_CONTEXT_NVDATA_CHANGED) {
- VBDEBUG("Saving nvdata\n");
+ printk(BIOS_INFO, "Saving nvdata\n");
save_vbnv(ctx->nvdata);
ctx->flags &= ~VB2_CONTEXT_NVDATA_CHANGED;
}
if (ctx->flags & VB2_CONTEXT_SECDATA_CHANGED) {
- VBDEBUG("Saving secdata\n");
+ printk(BIOS_INFO, "Saving secdata\n");
antirollback_write_space_firmware(ctx);
ctx->flags &= ~VB2_CONTEXT_SECDATA_CHANGED;
}
}
/**
- * Load and verify the next stage from RW image and jump to it
- *
- * If validation fails, it exits to romstage for recovery or reboots.
+ * Verify and select the firmware in the RW image
*
* TODO: Avoid loading a stage twice (once in hash_body & again in load_stage).
* when per-stage verification is ready.
*/
-void __attribute__((noinline)) select_firmware(void)
+#if CONFIG_RETURN_FROM_VERSTAGE
+void main(void)
+#else
+void verstage_main(void)
+#endif /* CONFIG_RETURN_FROM_VERSTAGE */
{
struct vb2_context ctx;
- uint8_t *workbuf = (uint8_t *)CONFIG_VBOOT_WORK_BUFFER_ADDRESS;
- struct vboot_region fw_main;
- struct components fw_info;
- struct cbfs_stage *stage;
+ struct vb2_working_data *wd = vboot_get_working_data();
int rv;
- /* Do minimum to enable cache and run vboot at full speed */
- configure_l2_cache();
- console_init();
- exception_init();
- enable_cache();
-
- /* Set up context */
+ /* Set up context and work buffer */
memset(&ctx, 0, sizeof(ctx));
- ctx.workbuf = workbuf;
- ctx.workbuf_size = CONFIG_VBOOT_WORK_BUFFER_SIZE;
- memset(ctx.workbuf, 0, ctx.workbuf_size);
+ ctx.workbuf = wd->buffer;
+ ctx.workbuf_size = wd->buffer_size;
/* Read nvdata from a non-volatile storage */
read_vbnv(ctx.nvdata);
@@ -301,59 +197,53 @@ void __attribute__((noinline)) select_firmware(void)
}
/* Do early init */
- VBDEBUG("Phase 1\n");
+ printk(BIOS_INFO, "Phase 1\n");
rv = vb2api_fw_phase1(&ctx);
if (rv) {
- VBDEBUG("Recovery requested (%x)\n", rv);
+ printk(BIOS_INFO, "Recovery requested (%x)\n", rv);
/* If we need recovery mode, leave firmware selection now */
save_if_needed(&ctx);
- recovery();
+ return;
}
/* Determine which firmware slot to boot */
- VBDEBUG("Phase 2\n");
+ printk(BIOS_INFO, "Phase 2\n");
rv = vb2api_fw_phase2(&ctx);
if (rv) {
- VBDEBUG("Reboot requested (%x)\n", rv);
+ printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
save_if_needed(&ctx);
- reboot();
+ vboot_reboot();
}
/* Try that slot */
- VBDEBUG("Phase 3\n");
+ printk(BIOS_INFO, "Phase 3\n");
rv = vb2api_fw_phase3(&ctx);
if (rv) {
- VBDEBUG("Reboot requested (%x)\n", rv);
+ printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
save_if_needed(&ctx);
- reboot();
+ vboot_reboot();
}
- VBDEBUG("Phase 4\n");
- rv = locate_fw_components(&ctx, &fw_main, &fw_info);
- if (rv) {
- VBDEBUG("Failed to locate firmware components\n");
- reboot();
- }
- rv = hash_body(&ctx, &fw_main);
- stage = load_stage(&ctx, ROMSTAGE_INDEX, &fw_main, &fw_info);
- if (stage == NULL) {
- VBDEBUG("Failed to load stage\n");
- reboot();
- }
+ printk(BIOS_INFO, "Phase 4\n");
+ rv = locate_firmware(&ctx, &wd->selected_region);
+ if (rv)
+ die("Failed to read FMAP to locate firmware");
+
+ rv = hash_body(&ctx, &wd->selected_region);
save_if_needed(&ctx);
if (rv) {
- VBDEBUG("Reboot requested (%x)\n", rv);
- reboot();
+ printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
+ vboot_reboot();
}
- /* TODO: Do we need to lock secdata? */
- VBDEBUG("Locking TPM\n");
-
- /* Load next stage and jump to it */
- VBDEBUG("Jumping to rw-romstage @%llx\n", stage->entry);
- enter_stage(stage);
+ /* Lock TPM */
+ rv = antirollback_lock_space_firmware();
+ if (rv) {
+ printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv);
+ vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0);
+ save_if_needed(&ctx);
+ vboot_reboot();
+ }
- /* Shouldn't reach here */
- VBDEBUG("Halting\n");
- for (;;);
+ printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B');
}
diff --git a/src/vendorcode/google/chromeos/verstub.c b/src/vendorcode/google/chromeos/verstub.c
new file mode 100644
index 0000000000..5df1777bb2
--- /dev/null
+++ b/src/vendorcode/google/chromeos/verstub.c
@@ -0,0 +1,93 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2014 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <arch/stages.h>
+#include <cbfs.h>
+#include <console/console.h>
+#include <string.h>
+#include "chromeos.h"
+
+static struct vb2_working_data *init_vb2_working_data(void)
+{
+ struct vb2_working_data *wd;
+
+ wd = vboot_get_working_data();
+ memset(wd, 0, CONFIG_VBOOT_WORK_BUFFER_SIZE);
+ /* 8-byte alignment for ARMv7 */
+ wd->buffer = (uint8_t *)ALIGN_UP((uintptr_t)&wd[1], 8);
+ wd->buffer_size = CONFIG_VBOOT_WORK_BUFFER_SIZE + (uintptr_t)wd
+ - (uintptr_t)wd->buffer;
+
+ return wd;
+}
+
+/**
+ * Verify a slot and jump to the next stage
+ *
+ * This could be either part of the (1) bootblock or the (2) verstage, depending
+ * on CONFIG_RETURN_FROM_VERSTAGE.
+ *
+ * 1) It jumps to the verstage and comes back, then, loads the romstage over the
+ * verstage space and exits to it. (note the cbfs cache is trashed on return
+ * from the verstage.)
+ *
+ * 2) We're already in the verstage. Verify firmware, then load the romstage and
+ * exits to it.
+ */
+void vboot2_verify_firmware(void)
+{
+ void *entry;
+ struct vb2_working_data *wd;
+
+ wd = init_vb2_working_data();
+
+#if CONFIG_RETURN_FROM_VERSTAGE
+ /* load verstage from RO */
+ entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA,
+ CONFIG_CBFS_PREFIX "/verstage");
+ if (entry == -1)
+ die("failed to load verstage");
+
+ /* verify and select a slot */
+ stage_exit(entry);
+#else
+ verstage_main();
+#endif /* CONFIG_RETURN_FROM_VERSTAGE */
+
+ /* jump to the selected slot */
+ entry = NULL;
+ if (vboot_is_slot_selected(wd)) {
+ /* RW A or B */
+ struct vboot_components *fw_info =
+ vboot_locate_components(&wd->selected_region);
+ if (fw_info == NULL)
+ die("failed to locate firmware components\n");
+ entry = vboot_load_stage(CONFIG_VBOOT_ROMSTAGE_INDEX,
+ &wd->selected_region, fw_info);
+ } else if (vboot_is_readonly_path(wd)) {
+ /* RO */
+ entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA,
+ CONFIG_CBFS_PREFIX "/romstage");
+ }
+
+ if (entry != NULL && entry != (void *)-1)
+ stage_exit(entry);
+
+ die("failed to exit from stage\n");
+}