summaryrefslogtreecommitdiff
path: root/src/security/vboot/ec_sync.c
AgeCommit message (Collapse)Author
2021-04-14vboot: ec_sync: Switch to new CBFS APIJulius Werner
This patch changes the vboot EC sync code to use the new CBFS API. As a consequence, we have to map the whole EC image file at once (because the new API doesn't support partial mapping). This should be fine on the only platform that uses this code (Google_Volteer/_Dedede family) because they are x86 devices that support direct mapping from flash, but the code was originally written to more carefully map the file in smaller steps to be theoretically able to support Arm devices. EC sync in romstage for devices without memory-mapped flash would be hard to combine with CBFS verification because there's not enough SRAM to ever hold the whole file in memory at once, but we can't validate the file hash until we have loaded the whole file and for performance (or TOCTOU-safety, if applicable) reasons we wouldn't want to load anything more than once. The "good" solution for this would be to introduce a CBFS streaming API can slowly feed chunks of the file into a callback but in the end still return a "hash valid/invalid" result to the caller. If use cases like this become pressing in the future, we may have to implement such an API. However, for now this code is the only part of coreboot with constraints like that, it was only ever used on platforms that do support memory-mapped flash, and due to the new EC-EFS2 model used on more recent Chrome OS devices we don't currently anticipate this to ever be needed again. Therefore this patch goes the easier way of just papering over the problem and punting the work of implementing a more generic solution until we actually have a real need for it. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I7e263272aef3463f3b2924887d96de9b2607f5e5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/52280 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-02cbfs: Simplify load/map API names, remove type argumentsJulius Werner
This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file() to cbfs_map() and cbfs_load() respectively. This is supposed to be the start of a new, better organized CBFS API where the most common operations have the most simple and straight-forward names. Less commonly used variants of these operations (e.g. cbfs_ro_load() or cbfs_region_load()) can be introduced later. It seems unnecessary to keep carrying around "boot" in the names of most CBFS APIs if the vast majority of accesses go to the boot CBFS (instead, more unusual operations should have longer names that describe how they diverge from the common ones). cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly reap mappings when desired. A few new cbfs_unmap() calls are added to generic code where it makes sense, but it seems unnecessary to introduce this everywhere in platform or architecture specific code where the boot medium is known to be memory-mapped anyway. In fact, even for non-memory-mapped platforms, sometimes leaking a mapping to the CBFS cache is a much cleaner solution than jumping through hoops to provide some other storage for some long-lived file object, and it shouldn't be outright forbidden when it makes sense. Additionally, remove the type arguments from these function signatures. The goal is to eventually remove type arguments for lookup from the whole CBFS API. Filenames already uniquely identify CBFS files. The type field is just informational, and there should be APIs to allow callers to check it when desired, but it's not clear what we gain from forcing this as a parameter into every single CBFS access when the vast majority of the time it provides no additional value and is just clutter. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-by: Mariusz SzafraƄski <mariuszx.szafranski@intel.com> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-18vboot: stop implementing VbExDisplayScreenJoel Kitching
This function is no longer required to be implemented since EC/AUXFW sync was decoupled from vboot UI. (See CL:2087016.) BUG=b:172343019 TEST=Compile locally BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: I43e8160a4766a38c4fa14bcf4495fc719fbcd6c2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/47233 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-01security/vboot: Convert reboot-related errors to vboot2-styleYu-Ping Wu
Error codes are renamed as follows: VBERROR_SHUTDOWN_REQUESTED --> VB2_REQUEST_SHUTDOWN VBERROR_REBOOT_REQUIRED --> VB2_REQUEST_REBOOT VBERROR_EC_REBOOT_TO_SWITCH_RW --> VB2_REQUEST_REBOOT_EC_SWITCH_RW VBERROR_EC_REBOOT_TO_RO_REQUIRED --> VB2_REQUEST_REBOOT_EC_TO_RO BRANCH=none BUG=b:124141368, chromium:988410 TEST=emerge-nami coreboot Cq-Depend: chromium:2143030 Change-Id: Id82cf85f49dfb63a9c3d41aacd3969786bffcac7 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40749 Reviewed-by: Joel Kitching <kitching@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-17ec_sync: Run EFS2 in romstagednojiri
EFS2 allows EC RO to enable PD for special cases. When doing so, it sets NO_BOOT flag to avoid booting the OS. AP needs to get NO_BOOT flag from Cr50 and enforce that. This patch makes verstage get a boot mode and a mirrored hash stored in kernel secdata from Cr50. This patch also makes romstage write an expected EC hash (a.k.a. Hexp) to Cr50 (if there is an update). BUG=b:147298634, chromium:1045217, b:148259137 BRANCH=none TEST=Verify software sync succeeds on Puff. Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: I1f387b6e920205b9cc4c8536561f2a279c36413d Reviewed-on: https://review.coreboot.org/c/coreboot/+/40389 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-04src/security: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-02-24vboot: remove rogue vboot_struct.h includeJoel Kitching
As part of vboot1 deprecation, remove an unused vboot_struct.h include. coreboot is now free of vboot1 data structure use. One vboot_api.h include remains as part of security/vboot/ec_sync.c. BUG=b:124141368 TEST=make clean && make test-abuild BRANCH=none Change-Id: I042d692aa252f8f859d4005455eb6a2eabc24a87 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39024 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-14vboot: fix up some includesJoel Kitching
These header files need to make use of vb2_shared_data. Remove the last vestiges of vboot1 data structures in coreboot. BUG=b:124141368, chromium:1038260 TEST=Build locally with CL:2054269 TEST=make clean && make test-abuild BRANCH=none Change-Id: I61b27e33751c11aac9f8af261a75d83b003b5f92 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38884 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-12-09EC sync: Properly handle VBERROR return codes from vb2api_ec_syncTim Wawrzynczak
Some return codes were missed when implementing this initially; the vboot logic can require the system to command the EC to reboot to its RO, switch RW slots or it can require a poweroff of the SoC. This patch appropriately handles these return codes. BUG=b:145768046 BRANCH=firmware-hatch-12672.B TEST=ODM verified this patch fixes the issues seen. Change-Id: I2748cf626d49c255cb0274cb336b072dcdf8cded Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37562 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-06vboot: update VbExNvStorageWrite functionJoel Kitching
Going forwards, vb2ex_commit_data will be used to flush both nvdata and secdata. The patch that is circularly dependent on this lies between a patch that makes vboot no longer build and the patch that fixes that, so we have to pull the whole thing in at once to sort out the mess. Updating from commit id 1c4dbaa0: 2019-11-18 Julius Werner Makefile: Fix typo for MOCK_TPM to commit id 695c56dc: 2019-12-04 Julius Werner Makefile: Make loop unrolling fully controllable by the caller BUG=b:124141368, chromium:1006689 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ia2612da0df101cd3c46151dbce728633a39fada1 Signed-off-by: Joel Kitching <kitching@google.com> Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37315 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-20security/vboot/sync_ec: Add timestampsTim Wawrzynczak
Add 4 new timestamps to the EC software sync flow: 1) Beginning of EC software sync 2) EC finished calculating Vboot hash 3) EC is no longer requesting power limiting 4) End of EC software sync BUG=none BRANCH=none TEST=verified timestamps show up in cbmem log Change-Id: I6e5703c146b5ec27d01700fdb39cb3d2092ea8a8 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36209 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20security/vboot: Add vboot callbacks to support EC software syncTim Wawrzynczak
Use the new functions introduced into the EC driver to support performing EC software sync via vboot callbacks. NOTE: This patch assumes that the EC image is added to CBFS uncompressed. Streaming decompression of the image will be added in a future patch. Also adds a new Kconfig option VBOOT_EARLY_EC_SYNC. The new Kconfig option compiles EC software sync into romstage, dependent upon having a CrOS EC. BUG=b:112198832 BRANCH=none TEST=Successful EC software sync Change-Id: I9b1458a45ab3ed5623af50f78036c4f88461b226 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36208 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>