summaryrefslogtreecommitdiff
path: root/src/security/vboot/Makefile.inc
AgeCommit message (Collapse)Author
2023-06-23Makefile.inc: don't add fmap_config.h dependency twiceFelix Held
Commit d054bbd4f1ba ("Makefile.inc: fix multiple jobs build issue") added a dependency on $(obj)/fmap_config.h to all .c source files in all stages, so it's not needed any more to add it as a dependency to files that include fmap_config.h. Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: I7b62917f32ae9f51f079b243a606e5db07ca9099 Reviewed-on: https://review.coreboot.org/c/coreboot/+/76002 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
2023-04-06security/vboot: Don't add RO pagetables to RW_A/BArthur Heymans
Currently this is only used in bootblock and expects a fixed offset. Change-Id: I3c4db6fffe3343f12383fe9585620ffefb01cf81 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/74218 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
2023-02-16vboot: Add VBOOT_ARMV8_CE_SHA256_ACCELERATION configYidi Lin
Add Kconfig option for VBOOT_ARMV8_CE_SHA256_ACCELERATION, which will use ARMv8 Crypto Extension for SHA256[1] instead of software implementation. This will speed up firmware verification in verstage. [1] https://crrev.com/c/4170144 BUG=b:263514393 BRANCH=corsola TEST='calculating body hash (SHA2)' get 13 msecs improvement on Tentacruel. Before: 509:finished calculating body hash (SHA2) 161,548 (14,490) After: 509:finished calculating body hash (SHA2) 155,101 (1,187) Change-Id: I02671338fd9e0deb5294dbb7c03528061edc18c4 Signed-off-by: Yidi Lin <yidilin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72711 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-02-13security/vboot: Add store/validate methods for AMD VBIOS FMAP cacheMatt DeVillier
Add methods to store and retrieve the hash of the data stored in the VBIOS cache FMAP region. Add a dedicated index in TPM NVRAM to store the hash, and methods to calculate/read/write it. Modeled after mrc_cache_hash_tpm.{c,h} BUG=b:255812886 TEST=tested with rest of patch train Change-Id: I030017d3bf956b8593bc09073ad6545b80a5b52b Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72401 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <gaumless@gmail.com>
2023-02-05security/vboot: Don't build with flashrom supportBrian Norris
We don't need flashrom support just for vboot payloads. The current default (USE_FLASHROM=1) is mostly harmless, especially if libflashrom is not present (the autodetection in vboot_reference just spits out a pkg-config error but doesn't actually fail the build), but it's better to be clear we don't need it. BUG=b:172225709 TEST=build Change-Id: I53bcc2d1e7666646ddad58ba3717cfdd321014e8 Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72716 Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-01-13security/vboot: Check RW_NVRAM at buildtimeArthur Heymans
This avoids runtime failures of lacking a RW_NVRAM section in fmap or one having a size too small. Change-Id: I3415bd719428a23b21210eb2176dbe15fa44eb9c Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71868 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-12-28src/security/vboot: Fix wrong CONFIG nameMaximilian Brune
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: I2af3bc9bf9eaf258b9180da5fc5494b21764f379 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71518 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Add VBOOT_CBFS_INTEGRATION supportJakub Czapiga
This patch introduces support signing and verification of firmware slots using CBFS metadata hash verification method for faster initial verification. To have complete verification, CBFS_VERIFICATION should also be enabled, as metadata hash covers only files metadata, not their contents. This patch also adapts mainboards and SoCs to new vboot reset requirements. TEST=Google Volteer/Voxel boots with VBOOT_CBFS_INTEGRATION enabled Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I40ae01c477c4e4f7a1c90e4026a8a868ae64b5ca Reviewed-on: https://review.coreboot.org/c/coreboot/+/66909 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-07security/vboot: Update build rules using x86 SHA extensionKarthikeyan Ramasubramanian
Currently build rules allow using x86 SHA extensions for all coreboot stages when enabled. On some SoCs where verstage can run in non-x86 environment, x86 SHA extension cannot be used. Update build rules accordingly such that x86 SHA extensions can be used in AMD SoCs. This is particularly useful when CBFS verificiation is enabled which verifies the hash of the CBFS file being loaded. BUG=b:227809919 TEST=Build and boot to OS in Skyrim. Observe that hardware acceleration is used when a CBFS file is loaded and observe an overall improvement of 10 ms. Change-Id: I4f388e963eb82990cda41d3880e66ad937334908 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68953 Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kangheui Won <khwon@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-03soc/intel: Add SI_DESC region to GSCVD rangesJulius Werner
Intel platforms have soft straps stored in the SI_DESC FMAP section which can alter boot behavior and may open up a security risk if they can be modified by an attacker. This patch adds the SI_DESC region to the list of ranges covered by GSC verification (CONFIG_VBOOT_GSCVD). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I0f1b297e207d3c6152bf99ec5a5b0983f01b2d0b Reviewed-on: https://review.coreboot.org/c/coreboot/+/66346 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-08-22Add SBOM (Software Bill of Materials) GenerationMaximilian Brune
Firmware is typically delivered as one large binary image that gets flashed. Since this final image consists of binaries and data from a vast number of different people and companies, it's hard to determine what all the small parts included in it are. The goal of the software bill of materials (SBOM) is to take a firmware image and make it easy to find out what it consists of and where those pieces came from. Basically, this answers the question, who supplied the code that's running on my system right now? For example, buyers of a system can use an SBOM to perform an automated vulnerability check or license analysis, both of which can be used to evaluate risk in a product. Furthermore, one can quickly check to see if the firmware is subject to a new vulnerability included in one of the software parts (with the specified version) of the firmware. Further reference: https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/ - Add Makefile.inc to generate and build coswid tags - Add templates for most payloads, coreboot, intel-microcode, amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM, intel ME and compiler (gcc,clang,other) - Add Kconfig entries to optionally supply a path to CoSWID tags instead of using the default CoSWID tags - Add CBFS entry called SBOM to each build via Makefile.inc - Add goswid utility tool to generate SBOM data Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-07-30security/vboot: Simplify image signingJakub Czapiga
futility now supports image truncation and signing of whole images with a single command invocation. Use it for vboot-enabled coreboot images. TEST=Build and run coreboot on google/volteer Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I49eb7e977b635ccb9f6c1b76e53c36e82be1d795 Reviewed-on: https://review.coreboot.org/c/coreboot/+/66127 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-06-22security/vboot: Deprecate VBOOT_VBNV_ECYu-Ping Wu
Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all ChromeOS devices and they've reached the end of life since Feb 2022. Therefore, remove VBOOT_VBNV_EC for them, each with different replacement. - nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. - veyron: Add RW_NVRAM to their FMAP (by reducing the size of SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its allotted size. - daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs. - peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC option. Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for vboot nvdata (VBNV). Also add a check in read_vbnv() and save_vbnv() for VBNV options. BUG=b:178689388 TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a TEST=util/abuild/abuild -t GOOGLE_DAISY -a TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a BRANCH=none Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-06-21security/vboot: Add support for GSCVD (Google "RO verification")Julius Werner
This patch adds a new CONFIG_VBOOT_GSCVD option that will be enabled by default for TPM_GOOGLE_TI50 devices. It makes the build system run the `futility gscvd` command to create a GSCVD (GSC verification data) which signs the CBFS trust anchor (bootblock and GBB). In order for this to work, boards will need to have an RO_GSCVD section in their FMAP, and production boards should override the CONFIG_VBOOT_GSC_BOARD_ID option with the correct ID for each variant. BUG=b:229015103 Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cf86e90b2687e81edadcefa5a8826b02fbc8b24 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64707 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-05-12Makefile.inc: Generate master header and pointer as C structsArthur Heymans
The makefiles don't like cbfs file names with spaces in them so update the file name with '_' instead of spaces. To keep the master header at the top of cbfs, add a placeholder. This removes the need to handle the cbfs master header in cbfstool. This functionality will be dropped in a later CL. On x86 reserve some space in the linker script to add the pointer. On non-x86 generate a pointer inside a C struct file. As a bonus this would actually fix the master header pointer mechanism on Intel/APL as only the bootblock inside IFWI gets memory mapped. TESTED on thinkpad X201: SeaBIOS correctly finds the cbfs master header. Change-Id: I3ba01be7da1f09a8cac287751497c18cda97d293 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59132 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-07-01vboot: add VBOOT_X86_SHA256_ACCELERATION configSubrata Banik
Add Kconfig option for VBOOT_X86_SHA256_ACCELERATION, which will use x86-sha extension for SHA256 instead of software implementation. TEST=Able to call vb2ex_hwcrypto_digest_init() and perform SHA using HW crypto engine. Change-Id: Idc8be8711c69f4ebc489cd37cc3749c0b257c610 Signed-off-by: Subrata Banik <subrata.banik@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55611 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-05-30Apply more uses for Kconfig TPMKyösti Mälkki
Change-Id: I54b296563940cd46fe9da9fe789b746f2fc1987d Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55016 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
2021-05-04security/vboot: Include fspt.bin in the RO region onlyArthur Heymans
fspt.bin is run before verstage so it is of no use in RW_A/B. Change-Id: I6fe29793fa638312c8b275b6fa8662df78b3b2bd Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52853 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2021-03-19cpu/intel/fit: Add the FIT table as a separate CBFS fileArthur Heymans
With CBnT a digest needs to be made of the IBB, Initial BootBlock, in this case the bootblock. After that a pointer to the BPM, Boot Policy Manifest, containing the IBB digest needs to be added to the FIT table. If the fit table is inside the IBB, updating it with a pointer to the BPM, would make the digest invalid. The proper solution is to move the FIT table out of the bootblock. The FIT table itself does not need to be covered by the digest as it just contains pointers to structures that can by verified by the hardware itself, such as microcode and ACMs (Authenticated Code Modules). Change-Id: I352e11d5f7717147a877be16a87e9ae35ae14856 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50926 Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-02-27vboot: update GBB flags to use altfw terminologyJoel Kitching
As per CL:2641346, update GBB flag names: GBB_FLAG_FORCE_DEV_BOOT_LEGACY -> GBB_FLAG_FORCE_DEV_BOOT_ALTFW GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY -> GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW BUG=b:179458327 TEST=make clean && make test-abuild BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I0ac5c9fde5a175f8844e9006bb18f792923f4f6d Reviewed-on: https://review.coreboot.org/c/coreboot/+/50906 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2021-02-01security/vboot: Add config for GBB_FLAG_ENABLE_UDCEric Lai
This change adds the missing `GBB_FLAG_ENABLE_UDC` as a config in vboot/Kconfig (just like the other GBB flags) and uses its value to configure GBB_FLAGS Makefile variable. This is done to allow the mainboard to configure GBB flags by selecting appropriate configs in Kconfig. Signed-off-by: Eric Lai <ericr_lai@compal.corp-partner.google.com> Change-Id: I6b397713d643cf9461294e6928596dc847ace6bd Reviewed-on: https://review.coreboot.org/c/coreboot/+/50110 Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-20mrc_cache: Move mrc_cache_*_hash functions into mrc_cache driverShelley Chen
This CL would remove these calls from fsp 2.0. Platforms that select MRC_STASH_TO_CBMEM, updating the TPM NVRAM space is moved from romstage (when data stashed to CBMEM) to ramstage (when data is written back to SPI flash. BUG=b:150502246 BRANCH=None TEST=make sure memory training still works on nami Change-Id: I3088ca6927c7dbc65386c13e868afa0462086937 Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-10-20mrc_cache: Add config MRC_SAVE_HASH_IN_TPMShelley Chen
Use this config to specify whether we want to save a hash of the MRC_CACHE in the TPM NVRAM space. Replace all uses of FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the FSP2_0_USES_TPM_MRC_HASH config. Note that TPM1 platforms will not select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have recovery MRC_CACHE. BUG=b:150502246 BRANCH=None TEST=emerge-nami coreboot chromeos-bootimage Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1 Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-08-13security/vboot/Makefile.inc: Update regions-for-file functionSridhar Siricilla
This patch updates regions-for-file function in the security/vboot/Makefile.inc to support adding a CBFS file into required FMAP REGIONs in a flexible manner. The file that needs to be added to specific REGIONs, those regions list should be specified in the regions-for-file-{CBFS_FILE_TO_BE_ADDED} variable. For example, if a file foo.bin needs to be added in FW_MAIN_B and COREBOOT, then below code needs to be added in a Makefile.inc. regions-for-file-foo := FW_MAIN_B,COREBOOT cbfs-file-y := foo foo-file := foo.bin foo-type := raw TEST=Verified on hatch Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Change-Id: I1f5c22b3d9558ee3c5daa2781a115964f8d2d83b Reviewed-on: https://review.coreboot.org/c/coreboot/+/43766 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2020-07-08security/vboot: Allow files to go into only RW-A or RW-B regionMartin Roth
The AMD firmware package created by amdfwtool contains pointers to the various binaries and settings. This means that we need different copies of the package in each region. This change allows for the different files in each of the 3 vboot regions. BUG=b:158124527 TEST=Build trembyle; see the correct versions of the files getting built into the RW-A & RW-B regions. Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: I45ff69dbc2266a67e05597bbe721fbf95cf41777 Reviewed-on: https://review.coreboot.org/c/coreboot/+/42822 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2020-06-15security/vboot: Add option to run verstage before bootblockMartin Roth
For AMD's family 17h, verstage can run as a userspace app in the PSP before the X86 is released. The flags for this have been made generic to support any other future systems that might run verstage before the main processor starts. Although an attempt has been made to make things somewhat generic, since this is the first and currently only chip to support verstage before bootblock, there are a number of options which might ultimately be needed which have currently been left out for simplicity. Examples of this are: - PCI is not currently supported - this is currently just a given instead of making a separate Kconfig option for it. - The PSP uses an ARM v7 processor, so that's the only processor that is getting updated for the verstage-before-bootblock option. BUG=b:158124527 TEST=Build with following patches Signed-off-by: Martin Roth <martin@coreboot.org> Change-Id: I4849777cb7ba9f90fe8428b82c21884d1e662b96 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41814 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2020-05-18src: Remove leading blank lines from SPDX headerElyes HAOUAS
Change-Id: I8a207e30a73d10fe67c0474ff11324ae99e2cec6 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41360 Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-09src/: Replace GPL boilerplate with SPDX headersPatrick Georgi
Used commands: perl -i -p0e 's|\/\*[\s*]*.*is free software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and\/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-2.0-only */|' $(cat filelist) perl -i -p0e 's|\/\*[\s*]*.*is[\s*]*free[\s*]*software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*either[\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License,[\s*]*or[\s*]*.at[\s*]*your[\s*]*option.[\s*]*any[\s*]*later[\s*]*version.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-2.0-or-later */|' $(cat filelist) perl -i -p0e 's|\/\*[\s*]*.*is[\s*#]*free[\s*#]*software[;:,][\s*#]*you[\s*#]*can[\s*#]*redistribute[\s*#]*it[\s*#]*and/or[\s*#]*modify[\s*#]*it[\s*#]*under[\s*#]*the[\s*#]*terms[\s*#]*of[\s*#]*the[\s*#]*GNU[\s*#]*General[\s*#]*Public[\s*#]*License[\s*#]*as[\s*#]*published[\s*#]*by[\s*#]*the[\s*#]*Free[\s*#]*Software[\s*#]*Foundation[;:,][\s*#]*either[\s*#]*version[\s*#]*3[\s*#]*of[\s*#]*the[\s*#]*License[;:,][\s*#]*or[\s*#]*.at[\s*#]*your[\s*#]*option.[\s*#]*any[\s*#]*later[\s*#]*version.[\s*#]*This[\s*#]*program[\s*#]*is[\s*#]*distributed[\s*#]*in[\s*#]*the[\s*#]*hope[\s*#]*that[\s*#]*it[\s*#]*will[\s*#]*be[\s*#]*useful[;:,][\s*#]*but[\s*#]*WITHOUT[\s*#]*ANY[\s*#]*WARRANTY[;:,][\s*#]*without[\s*#]*even[\s*#]*the[\s*#]*implied[\s*#]*warranty[\s*#]*of[\s*#]*MERCHANTABILITY[\s*#]*or[\s*#]*FITNESS[\s*#]*FOR[\s*#]*A[\s*#]*PARTICULAR[\s*#]*PURPOSE.[\s*#]*See[\s*#]*the[\s*#]*GNU[\s*#]*General[\s*#]*Public[\s*#]*License[\s*#]*for[\s*#]*more[\s*#]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-3.0-or-later */|' $(cat filelist) perl -i -p0e 's|(\#\#*)[\w]*.*is free software[:;][\#\s]*you[\#\s]*can[\#\s]*redistribute[\#\s]*it[\#\s]*and\/or[\#\s]*modify[\#\s]*it[\s\#]*under[\s \#]*the[\s\#]*terms[\s\#]*of[\s\#]*the[\s\#]*GNU[\s\#]*General[\s\#]*Public[\s\#]*License[\s\#]*as[\s\#]*published[\s\#]*by[\s\#]*the[\s\#]*Free[\s\#]*Software[\s\#]*Foundation[;,][\s\#]*version[\s\#]*2[\s\#]*of[\s\#]*the[\s\#]*License.*[\s\#]*This[\s\#]*program[\s\#]*is[\s\#]*distributed[\s\#]*in[\s\#]*the[\s\#]*hope[\s\#]*that[\s\#]*it[\s\#]*will[\#\s]*be[\#\s]*useful,[\#\s]*but[\#\s]*WITHOUT[\#\s]*ANY[\#\s]*WARRANTY;[\#\s]*without[\#\s]*even[\#\s]*the[\#\s]*implied[\#\s]*warranty[\#\s]*of[\#\s]*MERCHANTABILITY[\#\s]*or[\#\s]*FITNESS[\#\s]*FOR[\#\s]*A[\#\s]*PARTICULAR[\#\s]*PURPOSE.[\#\s]*See[\#\s]*the[\#\s]*GNU[\#\s]*General[\#\s]*Public[\#\s]*License[\#\s]*for[\#\s]*more[\#\s]*details.\s(#* *\n)*|\1 SPDX-License-Identifier: GPL-2.0-only\n\n|' $(cat filelist) perl -i -p0e 's|(\#\#*)[\w*]*.*is free software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and\/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.\s(#* *\n)*|\1 SPDX-License-Identifier: GPL-2.0-only\n\n|' $(cat filelist) Change-Id: Ia01908544f4b92a2e06ea621eca548e582728280 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41178 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-04security/vboot: Limit vboot verification code access to only verstageSridhar Siricilla
Make vboot verification code accessible in only verstage. Vboot verification code in vboot_logic.c is being used in verstage. Due to support function vboot_save_data(), so core functionality in vboot_logic.c is made available in romstage. The patch decouples the support function frm vboot_logic.c to limit itself to verstage. BUG=b:155544643 TEST=Verified on hatch Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Change-Id: Id1ede45c4dffe90afcef210eabaa657cf92a9335 Reviewed-on: https://review.coreboot.org/c/coreboot/+/40562 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
2020-04-28vboot: Always build secdata functions for romstageJulius Werner
Since CB:40389, all platforms with CONFIG_VBOOT_EARLY_EC_SYNC need to write back secdata in romstage. Those platforms currently all happen to have CONFIG_VBOOT_SEPARATE_VERSTAGE set as well, but there's no official dependency between those options. Change the Makefile to unconditionally build the secdata access routines for romstage so that this would work on other platforms as well. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I0b3c79e9bb8af9d09ef91f5749953ca109dd2a40 Reviewed-on: https://review.coreboot.org/c/coreboot/+/40760 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-03-31security/vboot: Decouple measured boot from verified bootBill XIE
Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-03-17src (minus soc and mainboard): Remove copyright noticesPatrick Georgi
They're listed in AUTHORS and often incorrect anyway, for example: - What's a "Copyright $year-present"? - Which incarnation of Google (Inc, LLC, ...) is the current copyright holder? - People sometimes have their editor auto-add themselves to files even though they only deleted stuff - Or they let the editor automatically update the copyright year, because why not? - Who is the copyright holder "The coreboot project Authors"? - Or "Generated Code"? Sidestep all these issues by simply not putting these notices in individual files, let's list all copyright holders in AUTHORS instead and use the git history to deal with the rest. Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-06security/vboot: Support enabling EC EFS with EC software syncSam McNally
If the ChromeOS EC uses EC early firmware selection (EFS), the AP vboot build must also enable EC EFS. Add an option to control this, passing it through to vboot. BUG=b:150742950 TEST=none BRANCH=none Signed-off-by: Sam McNally <sammc@chromium.org> Change-Id: I697e90748e19d15af154011413b30c0f2a0bf52e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39272 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Edward O'Callaghan <quasisec@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2020-02-17vboot: rename GBB flag FAFT_KEY_OVERIDE to FLAG_RUNNING_FAFTJoel Kitching
This was renamed in vboot_reference CL:1977902. BUG=b:124141368, chromium:965914 TEST=make clean && make test-abuild BRANCH=none Change-Id: I79af304e9608a30c6839cd616378c7330c3de00a Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37462 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-07security/vboot: relocate vb2ex_abort and vb2ex_printfJoel Kitching
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage. Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT. Relevant vboot_reference commit: CL:2037263. BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38706 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>
2019-12-20security/vboot: Add a dedicated flag for building of vboot libraryBill XIE
As discussed in CB:35077, since both measured boot and verified boot depends on vboot library, it had better to introduce a dedicated flag CONFIG_VBOOT_LIB to control the building and linking of the vboot library, and make other flags needing vboot library select it. Only the actual verification stuff should be conditional on CONFIG_VBOOT. Change-Id: Ia1907a11c851ee45a70582e02bdbe08fb18cc6a4 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37787 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
2019-12-18vboot: remove 2lib headers from MakefileJoel Kitching
Only headers from firmware/lib should be imported. As far as I can tell, nothing imports 2lib headers directly anymore, so we can get rid of this CFLAG. BUG=b:124141368, chromium:968464 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ie5f3fe1d0180113b332e57ed07d4cfe563e7ecf2 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37786 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-28security/vboot: Use persistent context to read GBB flagsJulius Werner
With the persistent vboot context coreboot no longer needs to read GBB flags from flash itself -- it can just ask vboot for the cached result. This patch removes the existing GBB code and provides gbb_is_flag_set() (with a slightly better namespaced name) as a static inline instead. Change-Id: Ibc3ed0f3fbeb53d630925d47df4dc474b0ed07ee Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37261 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-22Makefiles: Remove -D__PRE_RAM__Kyösti Mälkki
All cases of testing for __PRE_RAM__ have been converted to equivalent ENV_xxx definitions from <rules.h>. Change-Id: Ib6cd598f17109cc1072818cebe4791f7410c3428 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37075 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-20security/vboot: Build vboot library with same .a that depthcharge usesTim Wawrzynczak
Currently, depthcharge and coreboot are using two different vboot libraries. coreboot is using "fwlib20", while depthcharge uses "fwlib". The only difference between the two libraries is the inclusion of vboot1-only compilation units in fwlib, which are now deprecated. Therefore, coreboot may as well use fwlib too. Vboot is expected to converge on a single firmware library soon. BUG=none BRANCH=none TEST=compiles and runs verstage correctly Change-Id: I905b781c3596965ec7ef45a2a7eafe15fdd4d9cc Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36341 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-20security/vboot: Add vboot callbacks to support EC software syncTim Wawrzynczak
Use the new functions introduced into the EC driver to support performing EC software sync via vboot callbacks. NOTE: This patch assumes that the EC image is added to CBFS uncompressed. Streaming decompression of the image will be added in a future patch. Also adds a new Kconfig option VBOOT_EARLY_EC_SYNC. The new Kconfig option compiles EC software sync into romstage, dependent upon having a CrOS EC. BUG=b:112198832 BRANCH=none TEST=Successful EC software sync Change-Id: I9b1458a45ab3ed5623af50f78036c4f88461b226 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36208 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-11security/vboot: Add rw_region_only support to vbootWim Vervoorn
In some case where the flash space is limited or when a large payload such as LinuxBoot is used, the RO region may not be large enough to contain all components that would normally be added. This patch adds the possibility to add specific components to the RW regions only in the same way as the RO_ONLY_SUPPORT does for the RO region. Please note: this applies only to the items that would normally be added to all regions. If the payload is directed to the RW region only, a recovery payload needs to be added to the RO region manually. BUG=N/A TEST=build Change-Id: Ie0df9b5dfc6df4f24efc5582a1aec9ecfb48c44d Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36544 Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-10-18build: Mark bootblock files on x86 as IBBPatrick Rudolph
* Add cbfsoption --ibb to mark files as IBB * Will be used by "Legacy FIT TXT" boot Change-Id: I83313f035e7fb7e1eb484b323862522e28cb73d4 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31497 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-30vboot: create board-specific test-only GBB HWID if not setHung-Te Lin
The HWID in vboot GBB is an identifier for machine model. On Chrome OS, that should be provisioned in manufacturing process (by collecting real hardware information), and will be checked in system startup. For bring up developers, they usually prefer to generate a test-only string for HWID. However that format was not well documented and cause problems. Further more, most Chromebooks are using HWID v3+ today while the test-only HWID is usually v2. Non-Chrome OS developers may also prefer their own format. To simplify development process, the GBB_CONFIG now defaults to empty string, and will be replaced by a board-specific test-only v2 HWID automatically. Developers can still override that in mainboard Kconfig if they prefer v3 or other arbitrary format. BUG=b:140067412 TEST=Built 'kukui' successfully. Removed kukui GBB config and built again, still seeing correct test HWID. Change-Id: I0cda17a374641589291ec8dfb1d66c553f7cbf35 Signed-off-by: Hung-Te Lin <hungte@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35634 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-09-02vboot: remove fastboot supportJoel Kitching
Fastboot support in vboot_reference is unused, unmaintained, and produces compile errors when enabled. Since there is no current or planned use cases for fastboot, remove it. BUG=b:124141368, chromium:995172 TEST=make clean && make test-abuild BRANCH=none Change-Id: I06ea816ffb910163ec2c3c456b3c09408c806d0b Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35002 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-06security/vboot: Add Support for Intel PTTChristian Walter
Add support for Intel PTT. For supporting Intel PTT we need to disable read and write access to the TPM NVRAM during the bootblock. TPM NVRAM will only be available once the DRAM is initialized. To circumvent this, we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is, that the iTPM only supports a stripped down instruction set while the Intel ME is not fully booted up. Details can be found in Intel document number 571993 - Paragraph 2.10. Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-06-27vboot: remove vboot_handoff stepJoel Kitching
Depthcharge no longer reads this data structure, and uses the vboot workbuf in vboot_working_data instead. Since vboot2 downstream migration is not yet completed, the vboot2 -> vboot1 migration code is still required, but has been relocated to depthcharge. BUG=b:124141368, b:124192753 TEST=make clean && make runtests BRANCH=none Change-Id: I769abbff79695b38d11fb6a93c2b42f64d4bafde Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33535 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21vboot: relocate code to log and clear recovery mode switchJoel Kitching
Logging and clearing the recovery mode switch doesn't have anything to do with vboot_handoff. Move it to the main verstage logic file. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I2e74f3893463e43fe5fad4a8df8036560f34e0db Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33534 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-05-20security/vboot/vboot_crtm.h: Remove ENV_ for vboot_measure_cbfs_hook()Frans Hendriks
vboot_measure_cbfs_hook() is included when CONFIG_VBOOT_MEASURED_BOOT is enabled, but this function is defined as 0 in vboot_crtm.h using ENV_ Remove ENV_ for vboot_measure_cbfs_hook() function definition. This function is added to bootblock stage also. BUG=NA TEST=Build Google Banon and Google Cyan Change-Id: Ic62c18db09c119dfb85340a6b7f36bfd148aaa45 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32532 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-02-25security/vboot: Add measured boot modePhilipp Deppenwiese
* Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-02-22vboot: fix STARTS_IN_BOOTBLOCK/_ROMSTAGE logicJoel Kitching
Fix up the logic of when to include VBOOT2_WORK symbols on x86, which are only needed when VBOOT_STARTS_IN_BOOTBLOCK is enabled. Also correct the value of the __PRE_RAM__ macro in the case that VBOOT_STARTS_IN_ROMSTAGE is selected. In this case, DRAM is already up and verstage should not be considered pre-ram. BUG=b:124141368, b:124192753 TEST=Build locally for eve TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x TEST=make clean && make test-abuild BRANCH=none Change-Id: Ie51e8f93b99ab230f3caeede2a33ec8b443e3d7a Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/31541 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-01-28vboot: Makefile: Also apply CPPFLAGS include path fixups to ccoptsJulius Werner
In some cases (e.g. Arm architecture variants), include paths are stuck into <stage>-generic-ccopts rather than CPPFLAGS_<stage> (in fact, the whole redundancy between these two is kinda stupid and we should probably eliminate the latter, but I don't want to get into that right now). This patch makes sure those paths are also correctly translated when invoking $(MAKE) for vboot. Change-Id: I37f09b88e555567590664e0e6fac23c34fd887df Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/31084 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2018-11-28security/vboot: Add VB2_LIB to romstage sources without dependenciesWerner Zeh
The coming feature "measured boot" relies on VB2_LIB in romstage. In the case where there is no separate verstage, compile the library just for romstage as it will then be shared across verstage and romstage code. If there is a separate verstage, compile the library separately for verstage and romstage. Change-Id: I8126c21b8fbe8dd65d95af49cbe2ad776b8ef605 Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29827 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-08security/vboot: Add selection for firmware slots used by VBOOTPhilipp Deppenwiese
Make the firmware slot configuration in VBOOT selectable. The following three modes are available: -RO only -RO + RW_A -RO + RW_A + RW_B The mode "RO only" is the lowest mode with no safety during update. You can select either RW_A or RW_AB via Kconfig which will add the selected parttions to the final image. Change-Id: I278fc060522b13048b00090b8e5261c14496f56e Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/27714 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-11-08security/vboot: Add VB2_LIB to postcar stage if availableWerner Zeh
VB2_LIB will be used across all stages to hash data. Add it to postcar stage sources so that it is compiled if postcar exists. In this way the new function tpm_measure_region() introduced in commit 61322d7 (security/tpm: Add function to measure a region device) can be used in every stage. Change-Id: I933d33b0188d1b123bb4735722b6086e7786624f Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/29465 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-31security/tpm: Add function to measure a region deviceWerner Zeh
Add a new function which can hash a given region device and extend a PCR in the TPM with the result. The needed SHA algorithms are included from 3rdparty/vboot and thus not duplicated in the coreboot tree. For now VB2_LIB is not usable in postcar stage. Follow-up commits will add the ability to use the lib in postcar as well. Once this feature is ready, the library will be included in postcar stage to make this function available in every stage. Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/29234 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-31security/vboot: build vboot_fw20.a per stagePatrick Georgi
When used more widely across the tree, we don't want to have to worry if all its users are on the same architecture (eg. aarch32 vs aarch64), so just build their own library for each stage. Change-Id: Ib6807ff73c2713f3b23f43055325b2c40ff1a17d Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/29253 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-10-08Move compiler.h to commonlibNico Huber
Its spreading copies got out of sync. And as it is not a standard header but used in commonlib code, it belongs into commonlib. While we are at it, always include it via GCC's `-include` switch. Some Windows and BSD quirk handling went into the util copies. We always guard from redefinitions now to prevent further issues. Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/28927 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-08-13security/vboot/Makefile: Use shell cat instead of make file commandRaul E Rangel
The make `file` command is apparently a v4.2 feature only. Replace it with a shell cat. BUG=none TEST=verified fwid.region was created correctly Change-Id: I5e32a521ad3e6759853f0cde2e4c4db6e564d3be Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/27990 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org>
2018-08-08security/vboot: Split fwid.region build targetRaul E Rangel
Add the ability to specify the fwid version via a file instead of via config. This makes it so when doing an incremental build all objects are not invalidated when bumping the fwid. The coreboot ebuild will create this file to pass the latest version. BUG=b:112267918 TEST=ran dmidecide -t 0 and verified version was present Change-Id: I955106efd648a75a1311f24ede46bd238d1517e0 Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/27884 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2018-07-17security/vboot: Add interface for FSP 2.0 mrc cachingPhilipp Deppenwiese
* Move vboot/tpm specific implementation to vboot. * Only call functions if CONFIG_FSP2_0_USES_TPM_MRC_HASH is set. * Preparation for software hash function support, no logic changed. Change-Id: I41a458186c7981adaf3fea8974adec2ca8668f14 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/24904 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-06-28vboot: Fix linking error with USE_OPTION_TABLE enabledPatrick Rudolph
Fix a linking problem with VBOOT and USE_OPTION_TABLE enabled. Make use of cbfs_locate_file_in_region() and always search the cmos_layout.bin in the 'COREBOOT' region. With this change applied there's no need to include the vboot_locator in SMM any more, we can't break NVRAM with different CMOS layouts, and we keep VBOOT and non VBOOT behaviour the same. Only include cmos_layout.bin and cmos.default in RO region. Add notes explaining the decisions. Tested on Intel Sandybridge, builds and boots with vboot enabled. Change-Id: I10ae94d7936581bbb5ea49384122062bd4934ea5 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/26863 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-04-09vboot: Add support for reading GBB flagsFurquan Shaikh
This change adds basic support for reading flags from GBB header located in "GBB" section on SPI flash. Change-Id: I35ecb5ba964511379baa4e9f458ba2e8c6b74b4e Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/25459 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-03-26vboot: Update to most recent GBB flag usageJulius Werner
This patch changes the GBB flag configuration to the latest usage in upstream vboot (as of https://chromium-review.googlesource.com/976660). Change-Id: I585d662d7de34b4964d028e3d06b4df5665fbe9e Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/25346 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-10-22security/vboot: Move vboot2 to security kconfig sectionPhilipp Deppenwiese
This commit just moves the vboot sources into the security directory and fixes kconfig/makefile paths. Fix vboot2 headers Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22074 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>