summaryrefslogtreecommitdiff
path: root/src/lib/cbfs.c
AgeCommit message (Collapse)Author
2022-11-08vboot: Add VBOOT_CBFS_INTEGRATION supportJakub Czapiga
This patch introduces support signing and verification of firmware slots using CBFS metadata hash verification method for faster initial verification. To have complete verification, CBFS_VERIFICATION should also be enabled, as metadata hash covers only files metadata, not their contents. This patch also adapts mainboards and SoCs to new vboot reset requirements. TEST=Google Volteer/Voxel boots with VBOOT_CBFS_INTEGRATION enabled Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I40ae01c477c4e4f7a1c90e4026a8a868ae64b5ca Reviewed-on: https://review.coreboot.org/c/coreboot/+/66909 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-09-02cbfs/vboot: Adapt to new vb2_digest APIJulius Werner
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new hwcrypto_allowed argument, to potentially let them try to call the vb2ex_hwcrypto API for hash calculation. This change will open hardware crypto acceleration up to all hash calculations in coreboot (most notably CBFS verification). As part of this change, the vb2_digest_buffer() function has been removed, so replace existing instances in coreboot with the newer vb2_hash_calculate() API. Due to the circular dependency of these changes with vboot, this patch also needs to update the vboot submodule: Updating from commit id 18cb85b5: 2load_kernel.c: Expose load kernel as vb2_api to commit id b827ddb9: tests: Ensure auxfw sync runs after EC sync This brings in 15 new commits. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2022-06-07Replace some ENV_ROMSTAGE with ENV_RAMINITKyösti Mälkki
With a combined bootblock+romstage ENV_ROMSTAGE might no longer evaluate true. Change-Id: I733cf4e4ab177e35cd260318556ece1e73d082dc Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63376 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-05-20CBMEM: Change declarations for initialization hooksKyösti Mälkki
There are efforts to have bootflows that do not follow a traditional bootblock-romstage-postcar-ramstage model. As part of that CBMEM initialisation hooks will need to move from romstage to bootblock. The interface towards platforms and drivers will change to use one of CBMEM_CREATION_HOOK() or CBMEM_READY_HOOK(). Former will only be called in the first stage with CBMEM available. Change-Id: Ie24bf4e818ca69f539196c3a814f3c52d4103d7e Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63375 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-05-16rules.h: Use more consistent namingArthur Heymans
Use 'ENV' consistently and drop the redundant 'STAGE' in the naming. Change-Id: I51f2a7e70eefad12aa214e92f23e5fd2edf46698 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64296 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-03-09commonlib/bsd: Remove cb_err_tJulius Werner
cb_err_t was meant to be used in place of `enum cb_err` in all situations, but the choice to use a typedef here seems to be controversial. We should not be arbitrarily using two different identifiers for the same thing across the codebase, so since there are no use cases for serializing enum cb_err at the moment (which would be the primary reason to typedef a fixed-width integer instead), remove cb_err_t again for now. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Iaec36210d129db26d51f0a105d3de070c03b686b Reviewed-on: https://review.coreboot.org/c/coreboot/+/62600 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2022-03-08timestamps: Rename timestamps to make names more consistentJakub Czapiga
This patch aims to make timestamps more consistent in naming, to follow one pattern. Until now there were many naming patterns: - TS_START_*/TS_END_* - TS_BEFORE_*/TS_AFTER_* - TS_*_START/TS_*_END This change also aims to indicate, that these timestamps can be used to create time-ranges, e.g. from TS_BOOTBLOCK_START to TS_BOOTBLOCK_END. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I533e32392224d9b67c37e6a67987b09bf1cf51c6 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62019 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2022-02-07treewide: Remove "ERROR: "/"WARN: " prefixes from log messagesJulius Werner
Now that the console system itself will clearly differentiate loglevels, it is no longer necessary to explicitly add "ERROR: " in front of every BIOS_ERR message to help it stand out more (and allow automated tooling to grep for it). Removing all these extra .rodata characters should save us a nice little amount of binary size. This patch was created by running find src/ -type f -exec perl -0777 -pi -e 's/printk\(\s*BIOS_ERR,\s*"ERROR: /printk\(BIOS_ERR, "/gi' '{}' ';' and doing some cursory review/cleanup on the result. Then doing the same thing for BIOS_WARN with 's/printk\(\s*BIOS_WARNING,\s*"WARN(ING)?: /printk\(BIOS_WARNING, "/gi' Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I3d0573acb23d2df53db6813cb1a5fc31b5357db8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/61309 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Reviewed-by: Lance Zhao Reviewed-by: Jason Glenesk <jason.glenesk@gmail.com>
2021-12-15lib/cbfs: Disable cbfs_preload in romstage when VBOOT_STARTS_IN_ROMSTAGERaul E Rangel
Preloading files before vboot runs and using them after vboot has finished will result in the wrong files getting used. Disable cbfs_preload to avoid this behavior. BUG=b:179699789 TEST=none Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I7698b481a73fb24eecf4c810ff8be8b6826528ca Reviewed-on: https://review.coreboot.org/c/coreboot/+/59876 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-12-15rules.h, thread.h, lib/cbfs: Add ENV_STAGE_SUPPORTS_COOPRaul E Rangel
This change consolidates the COOP rules. Co-op in theory works in all x86 stages now, but it hasn't been enabled yet. BUG=b:179699789 TEST=Boot guybrush to OS and verify preloads still work Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I1197406d1d36391998b08e3076146bb2fff59d00 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59550 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-12-13cbfs: Enable CBFS verification KconfigsJulius Werner
With the elimination of remaining non-verifying CBFS APIs in CB:59682, CBFS verification is now ready to be used in its simplest form, so enable the respective Kconfig options in menuconfig. Add a few more restrictions to the TOCTOU_SAFETY option for problems that haven't been solved yet, and transform a comment in cbfs.c into a die() to make sure we don't accidentally forget implementing it once vboot integration gets added. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ifeba5c962c943856ab79bc6c4cb90a60c1de4a60 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59982 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2021-12-06cbfs: Remove deprecated APIsJulius Werner
This patch removes all remaining pieces of the old CBFS API, now that the last straggling use cases of it have been ported to the new one (meaning cbfs_map()/cbfs_load()/etc... see CB:39304 and CB:38421). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cec0ca2d9d311626a087318d1d78163243bfc3c Reviewed-on: https://review.coreboot.org/c/coreboot/+/59682 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2021-12-03cbfs | tspi: Join hash calculation for verification and measurementJulius Werner
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT is enabled from the lookup step into the code where a file is actually loaded or mapped from flash. This has the advantage that CBFS routines which just look up a file to inspect its metadata (e.g. cbfs_get_size()) do not cause the file to be measured twice. It also removes the existing inefficiency that files are loaded twice when measurement is enabled (once to measure and then again when they are used). When CBFS verification is enabled and uses the same hash algorithm as the TPM, we are even able to only hash the file a single time and use the result for both purposes. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-12-03region: Rename rdev_readat_full to rdev_read_fullJulius Werner
The 'at' part of the name refers to starting to read from a specific offset, so it doesn't make sense for the 'full' version of the function. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I60d595f0cbd161df171eaa4a76c7a00b6377e2b0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59820 Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-11-30cbfs: Add unverified_area APIsJulius Werner
This patch adds a new ..._unverified_area_... group of functions to the cbfs_map/_load/_alloc() APIs. These functions can be used to access custom FMAP sections and are meant to replace the existing cbfs_locate_file_in_region(). The name is intended to highlight that accesses through this API will not be verified when CBFS_VERIFICATION is enabled and should always be treated as if they may return malicious data. (Due to laziness I'm not adding the combination of this API with the ..._type_... variant at this point, since it seems very unlikely that we'll ever have a use case for that. If we ever do, it should be easy to add later.) (Also remove the 'inline' from cbfs_file_hash_mismatch(). I'm not sure why I put it there in the first place, probably a bad copy&paste.) Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I402265900f7075aa0c2f58d812c67ea63ddf2900 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59678 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-11-17cbfs: Add helper functions to look up size and type of a fileJulius Werner
This patch adds cbfs_get_size() and cbfs_get_type() helper functions (and _ro_ variations) to look up the size or type of a CBFS file without loading it. Generally, use of these should be discouraged because that tends to mean that the file needs to be looked up more than once, and cbfs_alloc() or cbfs_type_load() are usually the more efficient alternative... but sometimes they're unavoidable, so we might as well offer them. Also remove the <cbfs_private.h> header which had already become sort of unnecessary with previous changes. cbfs_boot_lookup() is now exported in <cbfs.h> for use in inlines, but should not be used directly by other files (and is prefixed with an underscore to highlight that). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I8092d8f6e04bdfb4df6c626dc7d42b402fe0a8ba Reviewed-on: https://review.coreboot.org/c/coreboot/+/59312 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Jakub Czapiga <jacz@semihalf.com> Reviewed-by: Lean Sheng Tan <lean.sheng.tan@intel.com>
2021-11-04lib/cbfs: Add cbfs_preload()Raul E Rangel
This API will hide all the complexity of preloading a CBFS file. It makes it so the callers simply specify the file to preload and CBFS takes care of the rest. It will start a new thread to read the file into the cbfs_cache. When the file is actually required (i.e., cbfs_load, etc) it will wait for the preload thread to complete (if it hasn't already) and perform verification/decompression using the preloaded buffer. This design allows decompression/verification to happen in the main BSP thread so that timestamps are correctly reflected. BUG=b:179699789 TEST=Test with whole CL chain, verify VGA bios was preloaded and boot time was reduced by 12ms. Logs: Preloading VGA ROM CBFS DEBUG: _cbfs_preload(name='pci1002,1638.rom', force_ro=false) CBFS: Found 'pci1002,1638.rom' @0x20ac40 size 0xd800 in mcache @0xcb7dd0f0 spi_dma_readat_dma: start: dest: 0x021c0000, source: 0x51cc80, size: 55296 took 0 us to acquire mutex start_spi_dma_transaction: dest: 0x021c0000, source: 0x51cc80, remaining: 55296 ... spi_dma_readat_dma: end: dest: 0x021c0000, source: 0x51cc80, remaining: 0 ... CBFS DEBUG: _cbfs_alloc(name='pci1002,1638.rom', alloc=0x00000000(0x00000000), force_ro=false, type=-1) CBFS: Found 'pci1002,1638.rom' @0x20ac40 size 0xd800 in mcache @0xcb7dd0f0 waiting for thread took 0 us CBFS DEBUG: get_preload_rdev(name='pci1002,1638.rom', force_ro=false) preload successful In CBFS, ROM address for PCI: 03:00.0 = 0x021c0000 PCI expansion ROM, signature 0xaa55, INIT size 0xd800, data ptr 0x01b0 PCI ROM image, vendor ID 1002, device ID 1638, PCI ROM image, Class Code 030000, Code Type 00 Copying VGA ROM Image from 0x021c0000 to 0xc0000, 0xd800 bytes $ cbmem ... 40:device configuration 5,399,404 (8,575) 65:Option ROM initialization 5,403,474 (4,070) 66:Option ROM copy done 5,403,488 (14) ... Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I879fc1316f97417a4b82483d353abdbd02b98a31 Reviewed-on: https://review.coreboot.org/c/coreboot/+/56491 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2021-11-04lib/cbfs: Add CBFS_CACHE_ALIGN Kconfig optionRaul E Rangel
This option will allow platforms to set the alignment of the cbfs_cache buffers. BUG=b:179699789 TEST=gdb -ex 'p cbfs_cache' /tmp/coreboot/guybrush/cbfs/fallback/ramstage.debug $1 = {buf = 0x0, size = 0, alignment = 8, last_alloc = 0x0, second_to_last_alloc = 0x0, free_offset = 0} Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I74598d4bcbca9a01cc8c65012d7e4ae341d052b1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/58706 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-11-04commonlib/mem_pool: Allow configuring the alignmentRaul E Rangel
AMD platforms require the destination to be 64 byte aligned in order to use the SPI DMA controller. This is enforced by the destination address register because the first 6 bits are marked as reserved. This change adds an option to the mem_pool so the alignment can be configured. BUG=b:179699789 TEST=Boot guybrush to OS Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I8d77ffe4411f86c54450305320c9f52ab41a3075 Reviewed-on: https://review.coreboot.org/c/coreboot/+/56580 Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-10-29lib/cbfs: Enable cbfs_cache for x86Raul E Rangel
The reason cbfs_cache was disabled on x86 was due to the lack of .data sections in the pre-RAM stages. By using ENV_STAGE_HAS_DATA_SECTION we enable x86 to start using the cbfs_cache. We still need to add a cbfs_cache region into the memlayout for it to be enabled. BUG=b:179699789 TEST=Build guybrush and verify cbfs_cache.size == 0. Suggested-by: Julius Werner <jwerner@chromium.org> Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I74434ef9250ff059e7587147b1456aeabbee33aa Reviewed-on: https://review.coreboot.org/c/coreboot/+/56577 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
2021-10-20lib/cbfs: Call rdev_unmap on hash mismatchRaul E Rangel
We don't want to leak any mappings. BUG=b:179699789 TEST=none Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: Ibcd28ce12cbd5e221e8f4fa910fd8472bedb802f Reviewed-on: https://review.coreboot.org/c/coreboot/+/56576 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
2021-07-20lib/cbfs,device/pci_rom: Move cbfs_boot_map_optionrom and modernizeRaul E Rangel
These methods are oprom specific. Move them out of CBFS. I also deleted the tohex methods and replaced them with snprintf. BUG=b:179699789 TEST=Boot guybrush and see oprom still loads Signed-off-by: Raul E Rangel <rrangel@chromium.org> Change-Id: I03791f19c93fabfe62d9ecd4f9b4fad0e6a6146e Reviewed-on: https://review.coreboot.org/c/coreboot/+/56393 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-04-21commonlib/region: Turn addrspace_32bit into a more official APIJulius Werner
We had the addrspace_32bit rdev in prog_loaders.c for a while to help represent memory ranges as an rdev, and we've found it useful for a couple of things that have nothing to do with program loading. This patch moves the concept straight into commonlib/region.c so it is no longer anchored in such a weird place, and easier to use in unit tests. Also expand the concept to the whole address space (there's no real need to restrict it to 32 bits in 64-bit environments) and introduce an rdev_chain_mem() helper function to make it a bit easier to use. Replace some direct uses of struct mem_region_device with this new API where it seems to make sense. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ie4c763b77f77d227768556a9528681d771a08dca Reviewed-on: https://review.coreboot.org/c/coreboot/+/52533 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-04-06cbfs: Add file data hashing for CONFIG_CBFS_VERIFICATIONJulius Werner
This patch adds file data hashing for CONFIG_CBFS_VERIFICATION. With this, all CBFS accesses using the new CBFS APIs (cbfs_load/_map/_alloc and variants) will be fully verified when verification is enabled. (Note that some use of legacy APIs remains and thus the CBFS_VERIFICATION feature is not fully finished.) Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ic9fff279f69cf3b7c38a0dc2ff3c970eaa756aa8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/52084 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-04-06cbfs: Simplify cbfs_load_and_decompress() and stop exporting itJulius Werner
With the last external user to cbfs_load_and_decompress() gone, we can stop exporting this function to the rest of coreboot and make it local to cbfs.c. Also remove a couple of arguments that no longer really make a difference and fold the stage-specific code for in-place LZ4 decompression into cbfs_prog_stage_load(). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4b459650a28e020c4342a66090f55264fbd26363 Reviewed-on: https://review.coreboot.org/c/coreboot/+/52083 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-04-05cbfs: Make `mdata` argument to cbfs_allocator_t constJulius Werner
Right before CB:49334 was submitted, I changed the signature of cbfs_allocator_t function pointers to include another argument passing in the already loaded CBFS metadata (to allow for the rare edge case of allocators needing to read CBFS attributes). This interface is not meant to be able to modify the passed-in metadata, so to clarify that and prevent potential errors, we should declare the argument const. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I7e3756490b9ad7ded91268c61797cef36c4118ee Reviewed-on: https://review.coreboot.org/c/coreboot/+/52081 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2021-03-17cbfs: Move stage header into a CBFS attributeJulius Werner
The CBFS stage header is part of the file data (not the header) from CBFS's point of view, which is problematic for verification: in pre-RAM environments, there's usually not enough scratch space in CBFS_CACHE to load the full stage into memory, so it must be directly loaded into its final destination. However, that destination is decided from reading the stage header. There's no way we can verify the stage header without loading the whole file and we can't load the file without trusting the information in the stage header. To solve this problem, this patch changes the CBFS stage format to move the stage header out of the file contents and into a separate CBFS attribute. Attributes are part of the metadata, so they have already been verified before the file is loaded. Since CBFS stages are generally only meant to be used by coreboot itself and the coreboot build system builds cbfstool and all stages together in one go, maintaining backwards-compatibility should not be necessary. An older version of coreboot will build the old version of cbfstool and a newer version of coreboot will build the new version of cbfstool before using it to add stages to the final image, thus cbfstool and coreboot's stage loader should stay in sync. This only causes problems when someone stashes away a copy of cbfstool somewhere and later uses it to try to extract stages from a coreboot image built from a different revision... a debugging use-case that is hopefully rare enough that affected users can manually deal with finding a matching version of cbfstool. The SELF (payload) format, on the other hand, is designed to be used for binaries outside of coreboot that may use independent build systems and are more likely to be added with a potentially stale copy of cbfstool, so it would be more problematic to make a similar change for SELFs. It is not necessary for verification either, since they're usually only used in post-RAM environments and selfload() already maps SELFs to CBFS_CACHE before loading them to their final destination anyway (so they can be hashed at that time). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I8471ad7494b07599e24e82b81e507fcafbad808a Reviewed-on: https://review.coreboot.org/c/coreboot/+/46484 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-16cbfs: Remove prog_locate() for stages and rmodulesJulius Werner
This patch removes the prog_locate() step for stages and rmodules. Instead, the stage and rmodule loading functions will now perform the locate step directly together with the actual loading. The long-term goal of this is to eliminate prog_locate() (and the rdev member in struct prog that it fills) completely in order to make CBFS verification code safer and its security guarantees easier to follow. prog_locate() is the main remaining use case where a raw rdev of CBFS file data "leaks" out of cbfs.c into other code, and that other code needs to manually make sure that the contents of the rdev get verified during loading. By eliminating this step and moving all code that directly deals with file data into cbfs.c, we can concentrate the code that needs to worry about file data hashing (and needs access to cbfs_private.h APIs) into one file, making it easier to keep track of and reason about. This patch is the first step of this move, later patches will do the same for SELFs and other program types. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ia600e55f77c2549a00e2606f09befc1f92594a3a Reviewed-on: https://review.coreboot.org/c/coreboot/+/49335 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-08cbfs: Add cbfs_alloc() primitive and combine cbfs_load() and cbfs_map()Julius Werner
This patchs adds a new CBFS primitive that allows callers to pass in an allocator function that will be called once the size of the file to load is known, to decide on its final location. This can be useful for loading a CBFS file straight into CBMEM, for example. The new primitive is combined with cbfs_map() and cbfs_load() into a single underlying function that can handle all operations, to reduce the amount of code that needs to be duplicated (especially later when file verification is added). Also add a new variation that allows restraining or querying the CBFS type of a file as it is being loaded, and reorganize the documentation/definition of all these accessors and variations in the header file a little. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I5fe0645387c0e9053ad5c15744437940fc904392 Reviewed-on: https://review.coreboot.org/c/coreboot/+/49334 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-08cbfs: Pull handling of the CBFS_CACHE mem_pool into CBFS coreJulius Werner
This patch pulls control of the memory pool serving allocations from the CBFS_CACHE memlayout area into cbfs.c and makes it a core part of the CBFS API. Previously, platforms would independently instantiate this as part of boot_device_ro() (mostly through cbfs_spi.c). The new cbfs_cache pool is exported as a global so these platforms can still use it to directly back rdev_mmap() on their boot device, but the cbfs_cache can now also use it to directly make allocations itself. This is used to allow transparent decompression support in cbfs_map(). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I0d52b6a8f582a81a19fd0fd663bb89eab55a49d9 Reviewed-on: https://review.coreboot.org/c/coreboot/+/49333 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-08cbfs: Move trivial wrappers to static inlinesJulius Werner
The new CBFS API contains a couple of trivial wrappers that all just call the same base functions with slightly different predetermined arguments, and I'm planning to add several more of them as well. This patch changes these functions to become static inlines, and reorganizes the cbfs.h header a bit for better readability while I'm at it. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: If0170401b2a70c158691b6eb56c7e312553afad1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/49331 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-08cbfs: Reflow cbfs.c and cbfs.h to 96-character line lengthsJulius Werner
Doing this all in one go keeps the files consistent and should make future refactoring easier. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4a701d24fc9ccd68dce8789aab15fd21964a55f9 Reviewed-on: https://review.coreboot.org/c/coreboot/+/49330 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-03lib/cbfs.c: Fix return value of failure to measureArthur Heymans
Returning an error on a failure to measure makes the system not bootable. Change-Id: Ifd20e543d3b30de045c0656eccdcc494c2fb10ce Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/51099 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-12-09cbfs: Allow mcache to be found after the first lookupJulius Werner
This patch addresses the same problem as CB:48429, but hopefully this time correctly. Since the mcache is not guaranteed to be available on the first CBFS lookup for some special cases, we can no longer treat it as a one-time fire-and-forget initialization. Instead, we test cbd->mcache_size to check if the mcache has been initialized yet, and keep trying on every lookup if we don't find it the first time. Since the mcache is a hard requirement for TOCTOU safety, also make it more clear in Kconfig that configurations known to do CBFS accesses before CBMEM init are incompatbile with that, and make sure we die() rather than do something unsafe if there's a case that Kconfig didn't catch. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4e01e9a9905f7dcba14eaf05168495201ed5de60 Reviewed-on: https://review.coreboot.org/c/coreboot/+/48482 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-09Revert "cbfs: Skip mcache in post-RAM stages before CBMEM is online"Julius Werner
This reverts commit b652aaef990cc3eb481dea7f8d4cc3eecd92ffa1. It was dumb and didn't actually fix anything. Change-Id: I074135dd12face1226105e0706c78ae8ecba18e0 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/48481 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Christian Walter <christian.walter@9elements.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-08cbfs: Skip mcache in post-RAM stages before CBMEM is onlineJulius Werner
There have been a few issues with the new CBFS mcache code in stages after romstage, where the mcache resides in CBMEM. In a few special cases the stage may be doing a CBFS lookup before calling cbmem_initialize(). To avoid breaking those cases, this patch makes the CBFS code fall back to a lookup from flash if CBMEM hasn't been reinitialized yet in those stages. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Icf6d1a1288cb243d0c4c893cc58251687e2873b0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/48429 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-12-04cbfs: Add more error messages for lookupJulius Werner
The new CBFS stack will log messages for found files but leaves error messages up to the caller. This patch adds appropriate generic error messages to cbfs_lookup(), matching the behavior of the old CBFS stack for not found files. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I8cf44026accc03c466105d06683027caf1693ff0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/48278 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-12-03cbfs: Add verification for RO CBFS metadata hashJulius Werner
This patch adds the first stage of the new CONFIG_CBFS_VERIFICATION feature. It's not useful to end-users in this stage so it cannot be selected in menuconfig (and should not be used other than for development) yet. With this patch coreboot can verify the metadata hash of the RO CBFS when it starts booting, but it does not verify individual files yet. Likewise, verifying RW CBFSes with vboot is not yet supported. Verification is bootstrapped from a "metadata hash anchor" structure that is embedded in the bootblock code and marked by a unique magic number. This anchor contains both the CBFS metadata hash and a separate hash for the FMAP which is required to find the primary CBFS. Both are verified on first use in the bootblock (and halt the system on failure). The CONFIG_TOCTOU_SAFETY option is also added for illustrative purposes to show some paths that need to be different when full protection against TOCTOU (time-of-check vs. time-of-use) attacks is desired. For normal verification it is sufficient to check the FMAP and the CBFS metadata hash only once in the bootblock -- for TOCTOU verification we do the same, but we need to be extra careful that we do not re-read the FMAP or any CBFS metadata in later stages. This is mostly achieved by depending on the CBFS metadata cache and FMAP cache features, but we allow for one edge case in case the RW CBFS metadata cache overflows (which may happen during an RW update and could otherwise no longer be fixed because mcache size is defined by RO code). This code is added to demonstrate design intent but won't really matter until RW CBFS verification can be supported. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I8930434de55eb938b042fdada9aa90218c0b5a34 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41120 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-12-03cbfs: Introduce cbfs_ro_map() and cbfs_ro_load()Julius Werner
This patch introduces two new CBFS API functions which are equivalent to cbfs_map() and cbfs_load(), respectively, with the difference that they always operate on the read-only CBFS region ("COREBOOT" FMAP section). Use it to replace some of the simple cases that needed to use cbfs_locate_file_in_region(). Change-Id: I9c55b022b6502a333a9805ab0e4891dd7b97ef7f Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39306 Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-02cbfs: Port cbfs_load() and cbfs_map() to new APIJulius Werner
This patch adapts cbfs_load() and cbfs_map() to use the new CBFS API directly, rather than through cbfs_boot_locate(). For cbfs_load() this means that attribute metadata does not need to be read twice. Change-Id: I754cc34b1c1471129e15475aa0f1891e02439a02 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39305 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-12-02cbfs: Simplify load/map API names, remove type argumentsJulius Werner
This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file() to cbfs_map() and cbfs_load() respectively. This is supposed to be the start of a new, better organized CBFS API where the most common operations have the most simple and straight-forward names. Less commonly used variants of these operations (e.g. cbfs_ro_load() or cbfs_region_load()) can be introduced later. It seems unnecessary to keep carrying around "boot" in the names of most CBFS APIs if the vast majority of accesses go to the boot CBFS (instead, more unusual operations should have longer names that describe how they diverge from the common ones). cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly reap mappings when desired. A few new cbfs_unmap() calls are added to generic code where it makes sense, but it seems unnecessary to introduce this everywhere in platform or architecture specific code where the boot medium is known to be memory-mapped anyway. In fact, even for non-memory-mapped platforms, sometimes leaking a mapping to the CBFS cache is a much cleaner solution than jumping through hoops to provide some other storage for some long-lived file object, and it shouldn't be outright forbidden when it makes sense. Additionally, remove the type arguments from these function signatures. The goal is to eventually remove type arguments for lookup from the whole CBFS API. Filenames already uniquely identify CBFS files. The type field is just informational, and there should be APIs to allow callers to check it when desired, but it's not clear what we gain from forcing this as a parameter into every single CBFS access when the vast majority of the time it provides no additional value and is just clutter. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Mariusz Szafrański <mariuszx.szafranski@intel.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-02cbfs: Move more stuff into cbfs_boot_lookup()Julius Werner
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly migrating all APIs to bypass it. That means common features (like RO-fallback or measurement) need to be moved to the new cbfs_boot_lookup(). Also export the function externally. Since it is a low-level API and most code should use the higher-level loading or mapping functions instead, put it into a new <cbfs_private.h> to raise the mental barrier for using this API (this will make more sense once cbfs_boot_locate() is removed from <cbfs.h>). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-11-21cbfs: Add metadata cacheJulius Werner
This patch adds a new CBFS "mcache" (metadata cache) -- a memory buffer that stores the headers of all CBFS files. Similar to the existing FMAP cache, this cache should reduce the amount of SPI accesses we need to do every boot: rather than having to re-read all CBFS headers from SPI flash every time we're looking for a file, we can just walk the same list in this in-memory copy and finally use it to directly access the flash at the right position for the file data. This patch adds the code to support the cache but doesn't enable it on any platform. The next one will turn it on by default. Change-Id: I5b1084bfdad1c6ab0ee1b143ed8dd796827f4c65 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38423 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-10-30cbfs: Hook up to new CBFS implementationJulius Werner
This patch hooks coreboot up to the new commonlib/bsd CBFS implementation. This is intended as the "minimum viable patch" that makes the new implementation useable with the smallest amount of changes -- that is why some of this may look a bit roundabout (returning the whole metadata for a file but then just using that to fill out the rdevs of the existing struct cbfsf). Future changes will migrate the higher level CBFS APIs one-by-one to use the new implementation directly (rather than translated into the results of the old one), at which point this will become more efficient. Change-Id: I4d112d1239475920de2d872dac179c245275038d Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38422 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-13lib/cbfs: deserialize cbfs_stage objects correctlyAaron Durbin
cbfstool emits cbfs_stage objects in little endian encoding. However, big endian targets then read the wrong values from these objects. To maintain backwards compatibility with existing cbfs objects add in the little endian deserialization. Change-Id: Ia113f7ddfa93f0ba5a76e0397f06f9b84c833727 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46227 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Marty E. Plummer <hanetzer@startmail.com>
2020-05-28drivers/intel/fsp2_0: add option to compress FSP-M in cbfsAaron Durbin
Allow the ability for chipset or mainboard to choose to compress FSP-M in cbfs using LZMA or LZ4 routines. However, only non-XIP platforms will support FSP-M compression. Since the main cbfs decompression paths are utilized add the appropriate checks for including compression algorithms under the FSP-M compression options. On picasso FSP-M (debug builds) the following savings were measured: no-compression: fspm.bin 720896 none FSP_COMPRESS_FSP_M_LZ4: fspm.bin 138379 LZ4 (720896 decompressed) -80% FSP_COMPRESS_FSP_M_LZMA: fspm.bin 98921 LZMA (720896 decompressed) -86% BUG=b:155322763,b:150746858,b:152909132 Change-Id: I5c88510c134b56a36ff1cd97a64b51ab2fea0ab0 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41450 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-05-28drivers/intel/fsp2_0: add option to compress FSP-S in cbfsAaron Durbin
Allow the ability for chipset or mainboard to choose to compress FSP-S in cbfs using LZMA or LZ4 routines. To accomplish this fsp_load_component() is added as an assist for performing the necessary logic and allow the caller to provide the destination selection. Since the main cbfs decompression paths are utilized add the appropriate checks for including compression algorithms under the FSP-S compression options. On picasso FSP-S (debug builds) the following savings were measured: no-compression: fsps.bin 327680 none FSP_COMPRESS_FSP_S_LZ4: fsps.bin 98339 LZ4 (327680 decompressed) -70% FSP_COMPRESS_FSP_S_LZMA: fsps.bin 71275 LZMA (327680 decompressed) -78% BUG=b:155322763,b:150746858,b:152909132 Change-Id: I8aa5d8c1cbaf4d08f38a918a9031a2570bc5247e Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41449 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-05-28lib/cbfs: add cbfs_stage_load_and_decompress helperAaron Durbin
The LZ4 compressed stages assume in-place decompression. The constraints are validated in cbfstool for _stages_ such that they can be decompressed in place. However, that is only true for stages. As such, add a wrapper, cbfs_stage_load_and_decompress(), that handles the LZ4 stage loading case. BUG=b:155322763,b:150746858,b:152909132 Change-Id: I9525a266250aa6c775283b598c09d4f40692db55 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41755 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-28lib/cbfs: refactor code culling compression checksAaron Durbin
Provide helper functions to determine if a compression algorithm is supported in a given stage. Future patches can use those functions to amend which algorithms to include in the final link. BUG=b:155322763,b:150746858,b:152909132 Change-Id: I898c939cec73d1f300ea38b165f379038877f05e Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41754 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-23rules.h: Rename ENV_VERSTAGE to ENV_SEPARATE_VERSTAGEJulius Werner
When CONFIG_SEPARATE_VERSTAGE=n, all verstage code gets linked into the appropriate calling stage (bootblock or romstage). This means that ENV_VERSTAGE is actually 0, and instead ENV_BOOTBLOCK or ENV_ROMSTAGE are 1. This keeps tripping up people who are just trying to write a simple "are we in verstage (i.e. wherever the vboot init logic runs)" check, e.g. for TPM init functions which may run in "verstage" or ramstage depending on whether vboot is enabled. Those checks will not work as intended for CONFIG_SEPARATE_VERSTAGE=n. This patch renames ENV_VERSTAGE to ENV_SEPARATE_VERSTAGE to try to clarify that this macro can really only be used to check whether code is running in a *separate* verstage, and clue people in that they may need to cover the linked-in verstage case as well. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I2ff3a3c3513b3db44b3cff3d93398330cd3632ea Reviewed-on: https://review.coreboot.org/c/coreboot/+/40582 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-04-04src/lib: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: Id3a0b63272ebda3dad13803700bcff36d36f4815 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40054 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2020-03-31security/tpm: Include mrc.bin in CRTM if presentBill XIE
mrc.bin, on platforms where it is present, is code executed on CPU, so it should be considered a part of CRTM. cbfs_locate_file_in_region() is hooked to measurement here too, since mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR. TODO: I have heard that SMM is too resource-limited to link with vboot library, so currently tspi_measure_cbfs_hook() is masked in SMM. Please correct me if I am wrong. Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31security/vboot: Decouple measured boot from verified bootBill XIE
Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-03-25src/device: Add option to look at revision in option romsMartin Roth
AMD's Family 17h SOCs have the same vendor and device IDs for their graphics blocks, but need different video BIOSes. The only difference is the revision number. Add a Kconfig option that allows us to add the revision number of the graphics device to the PCI option rom saved in CBFS. Because searching CBFS takes a non-trivial amount of time, only enable the option if it's needed. If it's not used, or if nothing matches, the check will fall through and search for an option rom with no version. BUG=b:145817712 TEST=With surrounding patches, loads dali vbios Change-Id: Icb610a2abe7fcd0f4dc3716382b9853551240a7a Signed-off-by: Martin Roth <martinroth@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/2013181 Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: Martin Roth <martinroth@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39792 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2020-03-17src (minus soc and mainboard): Remove copyright noticesPatrick Georgi
They're listed in AUTHORS and often incorrect anyway, for example: - What's a "Copyright $year-present"? - Which incarnation of Google (Inc, LLC, ...) is the current copyright holder? - People sometimes have their editor auto-add themselves to files even though they only deleted stuff - Or they let the editor automatically update the copyright year, because why not? - Who is the copyright holder "The coreboot project Authors"? - Or "Generated Code"? Sidestep all these issues by simply not putting these notices in individual files, let's list all copyright holders in AUTHORS instead and use the git history to deal with the rest. Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-11cbfs: Remove unused functionsJulius Werner
cbfs_boot_load_stage_by_name() and cbfs_prog_stage_section() are no longer used. Remove them to make refactoring the rest of the CBFS API easier. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ie44a9507c4a03499b06cdf82d9bf9c02a8292d5e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39334 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2020-01-28commonlib: Add commonlib/bsdJulius Werner
This patch creates a new commonlib/bsd subdirectory with a similar purpose to the existing commonlib, with the difference that all files under this subdirectory shall be licensed under the BSD-3-Clause license (or compatible permissive license). The goal is to allow more code to be shared with libpayload in the future. Initially, I'm going to move a few files there that have already been BSD-licensed in the existing commonlib. I am also exracting most contents of the often-needed <commonlib/helpers.h> as long as they have either been written by me (and are hereby relicensed) or have an existing equivalent in BSD-licensed libpayload code. I am also relicensing <commonlib/compression.h> (written by me) and <commonlib/compiler.h> (same stuff exists in libpayload). Finally, I am extracting the cb_err error code definitions from <types.h> into a new BSD-licensed header so that future commonlib/bsd code can build upon a common set of error values. I am making the assumption here that the enum constants and the half-sentence fragments of documentation next to them by themselves do not meet the threshold of copyrightability. Change-Id: I316cea70930f131e8e93d4218542ddb5ae4b63a2 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38420 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2020-01-18cbfs: Remove locator conceptJulius Werner
When vboot was first integrated into CBFS it was still part of Google vendorcode. So to not directly tie custom vendorcode into the core CBFS library, the concept of cbfs_locator was introduced to decouple core code from an arbitrary amount of platform-specific implementations that want to decide where the CBFS can be found. Nowadays vboot is a core coreboot feature itself, and the locator concept isn't used by anything else anymore. This patch simplifies the code by removing it and just calling vboot from the CBFS library directly. That should make it easier to more closely integrate vboot into CBFS in the future. Change-Id: I7b9112adc7b53aa218c58b8cb5c85982dcc1dbc0 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38419 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2019-11-20cbfs: switch to region_device for location APIsAaron Durbin
Drop struct cbfs_props and replace with struct region_device object. The goal of the cbfs locator APIs are to determine the correct region device to find the cbfs files. Therefore, start directly using struct region_device in the cbfs location paths. Update the users of the API and leverage the default boot region device implementation for apollolake. Change-Id: I0158a095cc64c9900d8738f8ffd45ae4040575ea Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36939 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-15cbfs: remove prepare() callback from struct cbfs_locatorAaron Durbin
The prepare() callback is no longer utilized in the code. Remove the callback and support for it. Change-Id: Ic438e5a80850a3df619dbbfdecb522a9dc2c1949 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36690 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2019-11-14cbfs: Stop checking master headerJulius Werner
The CBFS master header is a legacy structure that just conveys the same information we already have from the FMAP these days. We're still including it to support older CBFS implementations in some payloads, but there's no need for coreboot itself to follow this indirection anymore. This patch simplifies the default CBFS locator to just return the CBFS offset and size from the FMAP directly. Change-Id: I6b00dd7f276364d62fa1f637efbaee0e80607c49 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36688 Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-14lib/fmap: Add optional pre-RAM cacheJulius Werner
This patch adds an optional pre-RAM cache for the FMAP which most platforms should be able to use, complementing the recently added post-RAM FMAP cache in CBMEM. vboot systems currently read the FMAP about half a dozen times from flash in verstage, which will all be coalesced into a single read with this patch. It will also help future vboot improvements since when FMAP reads become "free" vboot doesn't need to keep track of so much information separately. In order to make sure we have a single, well-defined point where the new cache is first initialized, eliminate the build-time hardcoding of the CBFS section offsets, so that all CBFS accesses explicitly read the FMAP. Add FMAP_CACHEs to all platforms that can afford it (other than the RISC-V things where I have no idea how they work), trying to take the space from things that look like they were oversized anyway (pre-RAM consoles and CBFS caches). Change-Id: I2820436776ef620bdc4481b5cd4b6957764248ea Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36657 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-14cbfs: Make cbfs_master_header_props() externally availableJulius Werner
This patch makes the CBFS default locator .locate() callback externally available so that code which overrides cbfs_master_header_locator can reuse or wrap it and doesn't have to copy&paste the whole thing. Use it for the Eltan vendorcode implementation which previously did this. Change-Id: I54dad5c8ea64ea0fc472217e275daa815736991e Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36797 Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-07lib/cbfs: Add fallback to RO region to cbfs_boot_locateWim Vervoorn
With this change cbfs_boot_locate will check the RO (COREBOOT) region if a file can not be found in the active RW region. By doing so it is not required to duplicate static files that are not intended to be updated to the RW regions. The coreboot image can still be updated by adding the file to the RW region. This change is intended to support VBOOT on systems with a small flash device. BUG=N/A TEST=tested on facebook fbg1701 Change-Id: I81ceaf927280cef9a3f09621c796c451e9115211 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36545 Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-04cbfs: read header offset as explicitly LEMarty E. Plummer
le32_to_cpu spits out uint32_t on BE targets, cast it. Change-Id: Idc99b0c133faa2aa15d06f998e7371d332ffa490 Signed-off-by: Marty E. Plummer <hanetzer@startmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36346 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-10-28lib/cbfs: Don't load XIP stages from bootblockArthur Heymans
This should improve boot times as it skips unnecessary read and writes. Change-Id: I8cf36613903783e741b2e3bfeeee5bc29ab26d5b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36323 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-04-23src: Use include <console/console.h> when appropriateElyes HAOUAS
Change-Id: Iddba5b03fc554a6edc4b26458d834e47958a6b08 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32214 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: David Guckian
2019-03-08coreboot: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX)Julius Werner
This patch is a raw application of find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g' Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-02-25security/vboot: Add measured boot modePhilipp Deppenwiese
* Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-12-07cbfs: Alert if something goes wrong in cbfs_boot_locate()Nico Huber
Change-Id: I5a3cb41b3a7ff2aa527cc2b40c9d7438474c2f93 Signed-off-by: Nico Huber <nico.huber@secunet.com> Reviewed-on: https://review.coreboot.org/c/30084 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-10-08Move compiler.h to commonlibNico Huber
Its spreading copies got out of sync. And as it is not a standard header but used in commonlib code, it belongs into commonlib. While we are at it, always include it via GCC's `-include` switch. Some Windows and BSD quirk handling went into the util copies. We always guard from redefinitions now to prevent further issues. Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/28927 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-06-28vboot: Fix linking error with USE_OPTION_TABLE enabledPatrick Rudolph
Fix a linking problem with VBOOT and USE_OPTION_TABLE enabled. Make use of cbfs_locate_file_in_region() and always search the cmos_layout.bin in the 'COREBOOT' region. With this change applied there's no need to include the vboot_locator in SMM any more, we can't break NVRAM with different CMOS layouts, and we keep VBOOT and non VBOOT behaviour the same. Only include cmos_layout.bin and cmos.default in RO region. Add notes explaining the decisions. Tested on Intel Sandybridge, builds and boots with vboot enabled. Change-Id: I10ae94d7936581bbb5ea49384122062bd4934ea5 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/26863 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-06-04lib/cbfs: Optimise LZMA away from romstageKyösti Mälkki
If we have POSTCAR_STAGE there is no need for romstage to include LZMA decompression code. Reduces romstage by about 4 kiB on x86. Change-Id: I4c475986b2a94e5cd540c3eead433ed6c0a815ed Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/26759 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2018-05-02lib/cbfs.c: fix typoPatrick Georgi
Change-Id: I39c12ab3f28b5448fa4f46958cf23f2623a92378 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/25928 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-04-24compiler.h: add __weak macroAaron Durbin
Instead of writing out '__attribute__((weak))' use a shorter form. Change-Id: If418a1d55052780077febd2d8f2089021f414b91 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/25767 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Justin TerAvest <teravest@chromium.org>
2018-04-17cbfs: Add cbfs_boot_load_file()T Michael Turney
Generalize cbfs_boot_load_struct() by passing in CBFS type Change-Id: I6e5f845cb4ce5b00f01a39619919f85e39028f19 Signed-off-by: T Michael Turney <mturney@codeaurora.org> Reviewed-on: https://review.coreboot.org/25648 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2017-07-06src/lib: add IS_ENABLED() around Kconfig symbol referencesMartin Roth
Some of these can be changed from #if to if(), but that will happen in a follow-on commmit. Change-Id: Idcea3f8b1a4246cb6b29999a84a191a3133e5c78 Signed-off-by: Martin Roth <martinroth@google.com> Reviewed-on: https://review.coreboot.org/20341 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2017-03-09src/lib: Fix space between type, * and variable nameLee Leahy
Fix the following errors detected by checkpatch.pl: ERROR: "foo* bar" should be "foo *bar" ERROR: "(foo*)" should be "(foo *)" ERROR: "foo * const * bar" should be "foo * const *bar" TEST=Build and run on Galileo Gen2 Change-Id: I0d20ca360d8829f7d7670bacf0da4a0300bfb0c1 Signed-off-by: Lee Leahy <Leroy.P.Leahy@intel.com> Reviewed-on: https://review.coreboot.org/18696 Tested-by: build bot (Jenkins) Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2016-12-10cbfs: Add API to locate a file from specific regionPratik Prajapati
This patch adds an API to find file by name from any specific region of fmap. Change-Id: Iabe785a6434937be6a57c7009882a0d68f6c8ad4 Signed-off-by: Pratik Prajapati <pratikkumar.v.prajapati@intel.com> Reviewed-on: https://review.coreboot.org/17664 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-11-09ACPI S3: Remove HIGH_MEMORY_SAVE where possibleKyösti Mälkki
Add implementation to use actual requirements of ramstage size for S3 resume backup in CBMEM. The backup covers complete pages of 4 KiB. Only the required amount of low memory is backed up when ACPI_TINY_LOWMEM_BACKUP is selected for the platform. Enable this option for AGESA and binaryPI, other platforms (without RELOCATABLE_RAMSTAGE) currently keep their romstage ramstack in low memory for s3 resume path. Change-Id: Ide7ce013f3727c2928cdb00fbcc7e7e84e859ff1 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/15255 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) Tested-by: Raptor Engineering Automated Test Stand <noreply@raptorengineeringinc.com>
2016-08-27cbfs: Add "struct" file type and associated helpersJulius Werner
This patch adds functionality to compile a C data structure into a raw binary file, add it to CBFS and allow coreboot to load it at runtime. This is useful in all cases where we need to be able to have several larger data sets available in an image, but will only require a small subset of them at boot (a classic example would be DRAM parameters) or only require it in certain boot modes. This allows us to load less data from flash and increase boot speed compared to solutions that compile all data sets into a stage. Each structure has to be defined in a separate .c file which contains no functions and only a single global variable. The data type must be serialization safe (composed of only fixed-width types, paying attention to padding). It must be added to CBFS in a Makefile with the 'struct' file processor. Change-Id: Iab65c0b6ebea235089f741eaa8098743e54d6ccc Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/16272 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-08-19Kconfig: separate memory mapped boot device from SPIAaron Durbin
Make the indication of the boot device being memory mapped separate from SPI. However, retain the same defaults that previously existed. BUG=chrome-os-partner:56151 Change-Id: I06f138078c47a1e4b4b3edbdbf662f171e11c9d4 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16228 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Martin Roth <martinroth@google.com>
2016-08-15Revert "Kconfig: separate memory mapped boot device from SPI"Aaron Durbin
This reverts commit a83bbf58541cf41ea7a97dedbc8c02dffa59e86d. This was submitted out of order. Change-Id: Ic5a28faf94c1f1901a72e46343722eb4224c5086 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16226 Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Nico Huber <nico.h@gmx.de>
2016-08-15Kconfig: separate memory mapped boot device from SPIAaron Durbin
Make the indication of the boot device being memory mapped separate from SPI. However, retain the same defaults that previously existed. BUG=chrome-os-partner:56151 Change-Id: Ibdd7c8754f9bf560a878136b1f55238e2c2549d3 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16193 Reviewed-by: Andrey Petrov <andrey.petrov@intel.com> Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2016-07-28vboot: Separate vboot from chromeosFurquan Shaikh
VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-26lib: Don't require ULZMA compression for postcarLee Leahy
The build fails during postcar when ULZMA compression is not selected. Fix cbfs.c to support LZ compression for ramstage as well. The build error is: build/postcar/lib/cbfs.o: In function `cbfs_load_and_decompress': /home/lee/coreboot/public/src/lib/cbfs.c:116: undefined reference to `ulzman' make: *** [build/cbfs/fallback/postcar.debug] Error 1 TEST=Build and run on Galileo Gen2 Change-Id: I7fa8ff33c0d32e0c5ff5de7918e13e6efb1df38e Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com> Reviewed-on: https://review.coreboot.org/15841 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-06-02cbfs: Use NO_XIP_EARLY_STAGES to decide if stage is XIPFurquan Shaikh
Modern platforms like Apollolake do not use XIP for early stages. In such cases, cbfs_prog_stage_load should check for NO_XIP_EARLY_STAGES instead of relying on ARCH_X86 to decide if a stage is XIP. Change-Id: I1729ce82b5f678ce8c37256090fcf353cc22b1ec Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15045 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-05-03lib/cbfs: Use fmap derived information about the COREBOOT regionPatrick Georgi
It used to use CONFIG_CBFS_SIZE. The plan is that CBFS_SIZE only informs default*.fmd generation, while everything else derives its information from there. Also document the existing assumption that boot media should access the COREBOOT region (and not any other potentially existing fmap region containing a CBFS). Change-Id: I08254e4510f71edf99c2c8b56ac8f92008727c4a Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: https://review.coreboot.org/14572 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-04-02lib/prog_loading: introduce prog_segment_loaded()Aaron Durbin
In order to not muddle arch vs chipset implementations provide a generic prog_segment_loaded() which calls platform_segment_loaded() and arch_segment_loaded() in that order. This allows the arch variants to live in src/arch while the chipset/platform code can implement their own. Change-Id: I17b6497219ec904d92bd286f18c9ec96b2b7af25 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/14214 Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Andrey Petrov <andrey.petrov@intel.com>
2016-02-22cbfs: Add LZ4 in-place decompression support for pre-RAM stagesJulius Werner
This patch ports the LZ4 decompression code that debuted in libpayload last year to coreboot for use in CBFS stages (upgrading the base algorithm to LZ4's dev branch to access the new in-place decompression checks). This is especially useful for pre-RAM stages in constrained SRAM-based systems, which previously could not be compressed due to the size requirements of the LZMA scratchpad and bounce buffer. The LZ4 algorithm offers a very lean decompressor function and in-place decompression support to achieve roughly the same boot speed gains (trading compression ratio for decompression time) with nearly no memory overhead. For now we only activate it for the stages that had previously not been compressed at all on non-XIP (read: non-x86) boards. In the future we may also consider replacing LZMA completely for certain boards, since which algorithm wins out on boot speed depends on board-specific parameters (architecture, processor speed, SPI transfer rate, etc.). BRANCH=None BUG=None TEST=Built and booted Oak, Jerry, Nyan and Falco. Measured boot time on Oak to be about ~20ms faster (cutting load times for affected stages almost in half). Change-Id: Iec256c0e6d585d1b69985461939884a54e3ab900 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/13638 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-01-06commonlib: Add common cbfs parsing logic to coreboot and cbfstool.Aaron Durbin
To continue sharing more code between the tools and coreboot proper provide cbfs parsing logic in commonlib. A cbfs_for_each_file() function was added to allow one to act on each file found within a cbfs. cbfs_locate() was updated to use that logic. BUG=chrome-os-partner:48412 BUG=chromium:445938 BRANCH=None TEST=Utilized and booted on glados. Change-Id: I1f23841583e78dc3686f106de9eafe1adbef8c9f Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/12783 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-12-10lib: remove assets infrastructureAaron Durbin
Now that only CBFS access is supported for finding resources within the boot media the assets infrastructure can be removed. Remove it. BUG=chromium:445938 BRANCH=None TEST=Built and ran on glados. Change-Id: I383fd6579280cf9cfe5a18c2851baf74cad004e9 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/12690 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-12-10cbfs/vboot: remove firmware component supportAaron Durbin
The Chrome OS verified boot path supported multiple CBFS instances in the boot media as well as stand-alone assets sitting in each vboot RW slot. Remove the support for the stand-alone assets and always use CBFS accesses as the way to retrieve data. This is implemented by adding a cbfs_locator object which is queried for locating the current CBFS. Additionally, it is also signalled prior to when a program is about to be loaded by coreboot for the subsequent stage/payload. This provides the same opportunity as previous for vboot to hook in and perform its logic. BUG=chromium:445938 BRANCH=None TEST=Built and ran on glados. CQ-DEPEND=CL:307121,CL:31691,CL:31690 Change-Id: I6a3a15feb6edd355d6ec252c36b6f7885b383099 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/12689 Tested-by: build bot (Jenkins) Tested-by: Raptor Engineering Automated Test Stand <noreply@raptorengineeringinc.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-12-04cbfs: Fix typo in cbfs_prog_stage_load()Julius Werner
The proper return value to signal an error from cbfs_prog_stage_load() is -1, not 0. Change-Id: Ie53b0359c7c036e3f809d1f941dab53f090b84ab Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/12633 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
2015-10-31tree: drop last paragraph of GPL copyright headerPatrick Georgi
It encourages users from writing to the FSF without giving an address. Linux also prefers to drop that and their checkpatch.pl (that we imported) looks out for that. This is the result of util/scripts/no-fsf-addresses.sh with no further editing. Change-Id: Ie96faea295fe001911d77dbc51e9a6789558fbd6 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/11888 Tested-by: build bot (Jenkins) Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
2015-10-11cbfs: don't load x86 programs over the top of read-only mediaAaron Durbin
On x86 the early stages are currently execute-in-place which means they live in the memory-mapped spi flash. However, when loading romstage from verstage the romstage is execute-in-place so it's unnecessary to write over a read-only media -- not to mention writing to read-only memory is wrong to begin with. BUG=chrome-os-partner:44827 BRANCH=None TEST=Built and booted glados. Noted reduction of 20ms when loading romstage. Change-Id: I7cd399302a3925a05fbce82600b4c50ea66a0fcb Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/11823 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-10-07cbfs: add struct cbfsfAaron Durbin
Now that cbfs is adding more metadata in the cbfs file header one needs to access that metadata. Therefore, add struct cbfsf which tracks the metadata and data of the file separately. Note that stage and payload metadata specific to itself is still contained within the 'data' portion of a cbfs file. Update the cbfs API to use struct cbfsf. Additionally, remove struct cbfsd as there's nothing else associated with a cbfs region aside from offset and size which tracked by a region_device (thanks, CBFS_ALIGNMENT!). BUG=None BRANCH=None TEST=Built and booted through end of ramstage on qemu armv7. Built and booted glados using Chrome OS. Change-Id: I05486c6cf6cfcafa5c64b36324833b2374f763c2 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/11679 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-07-15cbfs: hardcode file alignmentPatrick Georgi
Assume that it's 64 byte. Change-Id: I168facd92f64c2cf99c26c350c60317807a4aed4 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/10919 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2015-06-02assets: abstract away the firmware assets used for bootingAaron Durbin
As there can be more than one source of firmware assets this patch generalizes the notion of locating a particular asset. struct asset is added along with some helper functions for working on assets as a first class citizen. Change-Id: I2ce575d1e5259aed4c34c3dcfd438abe9db1d7b9 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10264 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)