| Age | Commit message (Collapse) | Author |
|---|
|
It's true that vbnv_udc_enable_flag() is called after vbnv_init()
(that's why the assertion was added). However, the former is called in
the ramstage, while the latter in verstage. This means that
vbnv_initialized will be false in ramstage, which leads
to the assertion failure:
[EMERG] ASSERTION ERROR: file 'src/security/vboot/vbnv.c', line 88
Since the ctx->nvdata will be restored in ramstage (by vb2api_reinit()),
simply remove the assertion. So, the patch drops assert call from
vbnv_udc_enable_flag() function.
TEST=Verify Rex system boots to OS without assert error.
Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: I49022155239febd5c5be5cf2c5eca2019ca61c12
Reviewed-on: https://review.coreboot.org/c/coreboot/+/71097
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
|
|
If the temporary nvdata storage inside the vboot context is already
initialized then return immediately without reinitializing from the
backup NV storage. This allows vbnv_init to be called more than once.
Also the check to enable USB Device Controller (UDC) happens after
NVdata is initialized. Hence the nvdata in vboot context can be used
instead of reading from the backup storage again.
BUG=b:242825052
TEST=Build Skyrim BIOS image and boot to OS in Skyrim.
Change-Id: Id72709e2fc3fe6a12ee96df8df25e55cf11e50a7
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/70380
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Change-Id: Ibd41382d0e0ef58498ac925dc9e10b54a76a798a
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69800
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all
ChromeOS devices and they've reached the end of life since Feb 2022.
Therefore, remove VBOOT_VBNV_EC for them, each with different
replacement.
- nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by
reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with
VBOOT_VBNV_FLASH.
- veyron: Add RW_NVRAM to their FMAP (by reducing the size of
SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also
enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing
the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its
allotted size.
- daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for
VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs.
- peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC
option.
Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving
VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for
vboot nvdata (VBNV).
Also add a check in read_vbnv() and save_vbnv() for VBNV options.
BUG=b:178689388
TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a
TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a
TEST=util/abuild/abuild -t GOOGLE_DAISY -a
TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a
BRANCH=none
Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Stefan thinks they don't add value.
Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)
The exceptions are for:
- crossgcc (patch file)
- gcov (imported from gcc)
- elf.h (imported from GNU's libc)
- nvramtool (more complicated header)
The removed lines are:
- fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-# This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */
Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Done with sed and God Lines. Only done for C-like code for now.
Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
|
|
They're listed in AUTHORS and often incorrect anyway, for example:
- What's a "Copyright $year-present"?
- Which incarnation of Google (Inc, LLC, ...) is the current
copyright holder?
- People sometimes have their editor auto-add themselves to files even
though they only deleted stuff
- Or they let the editor automatically update the copyright year,
because why not?
- Who is the copyright holder "The coreboot project Authors"?
- Or "Generated Code"?
Sidestep all these issues by simply not putting these notices in
individual files, let's list all copyright holders in AUTHORS instead
and use the git history to deal with the rest.
Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
With CL:1940398, this option is no longer needed. Recovery
requests are not cleared until kernel verification stage is
reached. If the FSP triggers any reboots, recovery requests
will be preserved. In particular:
- Manual requests will be preserved via recovery switch state,
whose behaviour is modified in CB:38779.
- Other recovery requests will remain in nvdata across reboot.
These functions now only work after verstage has run:
int vboot_check_recovery_request(void)
int vboot_recovery_mode_enabled(void)
int vboot_developer_mode_enabled(void)
BUG=b:124141368, b:35576380
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I52d17a3c6730be5c04c3c0ae020368d11db6ca3c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38780
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: I9dee03da028b9111b685e325368815a86e444a47
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37028
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: If6b5930f78c3da6dcefaa7b6202cd0424a24525b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36331
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
As of CL:1605641, vboot2 code should be used for setting and
checking display init state. Remove all vboot1 OPROM-related
code, and use the vboot2 display init code which has already
been added in previous commits.
coreboot should not be reading vboot NVRAM flags directly.
Remove the function vboot_wants_oprom(), and instead rely on
display_init_required(), which uses the
VBOOT_WD_FLAG_DISPLAY_INIT value stored in
vboot_working_data.flags, initialized during verstage.
Note that this means in the case of CONFIG_VBOOT=y, the return
value of display_init_required() can only be trusted after
verstage has been executed. This should not be a problem
assuming that all display initialization occurs in ramstage.
BUG=b:124141368, b:124192753, chromium:948529
TEST=Build locally
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: Ic8f9dc5a3c7f1546a8fed82bde02be4d04568f8d
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1605641, chromium:1605525
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32723
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Verified Boot OPROM code is being refactored. OPROM is being
generalized into "display initialization". As such, the NVRAM
request flag is being renamed from OPROM_NEEDED to
DISPLAY_REQUEST.
BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
BRANCH=none
Change-Id: I74374abf7d1deb594c073f7a4a76c9de46092143
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1605640
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32720
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
This patch is a raw application of
find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'
Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
This change adds a helper function to read USB Device Controller (UDC)
enable flag from VBNV.
BUG=b:78577893
BRANCH=poppy
Change-Id: Ifd1e9b0781ffee242d695b72287632bc944a50c7
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/25846
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.
Fix vboot2 headers
Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
