summaryrefslogtreecommitdiff
path: root/src/security/vboot/vboot_logic.c
AgeCommit message (Collapse)Author
2022-11-08vboot: Add VBOOT_CBFS_INTEGRATION supportJakub Czapiga
This patch introduces support signing and verification of firmware slots using CBFS metadata hash verification method for faster initial verification. To have complete verification, CBFS_VERIFICATION should also be enabled, as metadata hash covers only files metadata, not their contents. This patch also adapts mainboards and SoCs to new vboot reset requirements. TEST=Google Volteer/Voxel boots with VBOOT_CBFS_INTEGRATION enabled Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I40ae01c477c4e4f7a1c90e4026a8a868ae64b5ca Reviewed-on: https://review.coreboot.org/c/coreboot/+/66909 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Introduce handy vboot reboot functionsJakub Czapiga
This patch groups vboot context, recovery reason and subcode saving, and reboot calls into two handy functions: - vboot_save_and_reboot() - save context and reboot - vboot_fail_and_reboot() - store recovery reason and call function above Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Ie29410e8985e7cf19bd8d4cccc393b050ca1f1c5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/69208 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-04-21tpm: Refactor TPM Kconfig dimensionsJes B. Klinke
Break TPM related Kconfig into the following dimensions: TPM transport support: config CRB_TPM config I2C_TPM config SPI_TPM config MEMORY_MAPPED_TPM (new) TPM brand, not defining any of these is valid, and result in "generic" support: config TPM_ATMEL (new) config TPM_GOOGLE (new) config TPM_GOOGLE_CR50 (new, implies TPM_GOOGLE) config TPM_GOOGLE_TI50 (new to be used later, implies TPM_GOOGLE) What protocol the TPM chip supports: config MAINBOARD_HAS_TPM1 config MAINBOARD_HAS_TPM2 What the user chooses to compile (restricted by the above): config NO_TPM config TPM1 config TPM2 The following Kconfigs will be replaced as indicated: config TPM_CR50 -> TPM_GOOGLE config MAINBOARD_HAS_CRB_TPM -> CRB_TPM config MAINBOARD_HAS_I2C_TPM_ATMEL -> I2C_TPM && TPM_ATMEL config MAINBOARD_HAS_I2C_TPM_CR50 -> I2C_TPM && TPM_GOOGLE config MAINBOARD_HAS_I2C_TPM_GENERIC -> I2C_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_LPC_TPM -> MEMORY_MAPPED_TPM config MAINBOARD_HAS_SPI_TPM -> SPI_TPM && !TPM_GOOGLE && !TPM_ATMEL config MAINBOARD_HAS_SPI_TPM_CR50 -> SPI_TPM && TPM_GOOGLE Signed-off-by: Jes B. Klinke <jbk@chromium.org> Change-Id: I4656b2b90363b8dfd008dc281ad591862fe2cc9e Reviewed-on: https://review.coreboot.org/c/coreboot/+/63424 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-03-08timestamps: Rename timestamps to make names more consistentJakub Czapiga
This patch aims to make timestamps more consistent in naming, to follow one pattern. Until now there were many naming patterns: - TS_START_*/TS_END_* - TS_BEFORE_*/TS_AFTER_* - TS_*_START/TS_*_END This change also aims to indicate, that these timestamps can be used to create time-ranges, e.g. from TS_BOOTBLOCK_START to TS_BOOTBLOCK_END. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I533e32392224d9b67c37e6a67987b09bf1cf51c6 Reviewed-on: https://review.coreboot.org/c/coreboot/+/62019 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-11-15Reland "vboot_logic: Set VB2_CONTEXT_EC_TRUSTED in verstage_main"Hsuan-ting Chen
This reverts commit adb393bdd6cd6734fa2672bd174aca4588a68016. This relands commit 6260bf712a836762b18d80082505e981e040f4bc. Reason for revert: The original CL did not handle some devices correctly. With the fixes: * commit 36721a4 (mb/google/brya: Add GPIO_IN_RW to all variants' early GPIO tables) * commit 3bfe46c (mb/google/guybrush: Add GPIO EC in RW to early GPIO tables) * commit 3a30cf9 (mb/google/guybrush: Build chromeos.c in verstage This CL also fix the following platforms: * Change to always trusted: cyan. * Add to early GPIO table: dedede, eve, fizz, glados, hatch, octopus, poppy, reef, volteer. * Add to both Makefile and early GPIO table: zork. For mb/intel: * adlrvp: Add support for get_ec_is_trusted(). * glkrvp: Add support for get_ec_is_trusted() with always trusted. * kblrvp: Add support for get_ec_is_trusted() with always trusted. * kunimitsu: Add support for get_ec_is_trusted() and initialize it as early GPIO. * shadowmountain: Add support for get_ec_is_trusted() and initialize it as early GPIO. * tglrvp: Add support for get_ec_is_trusted() with always trusted. For qemu-q35: Add support for get_ec_is_trusted() with always trusted. We could attempt another land. Change-Id: I66b8b99d6e6bf259b18573f9f6010f9254357bf9 Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/58253 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2021-10-15Revert "vboot_logic: Set VB2_CONTEXT_EC_TRUSTED in verstage_main"Hsuan-ting Chen
This reverts commit 6260bf712a836762b18d80082505e981e040f4bc. Reason for revert: This CL did not handle Intel GPIO correctly. We need to add GPIO_EC_IN_RW into early_gpio_table for platforms using Intel SoC. Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org> Change-Id: Iaeb1bf598047160f01e33ad0d9d004cad59e3f75 Reviewed-on: https://review.coreboot.org/c/coreboot/+/57951 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-10-07security/vboot: Remove vb2ex_hwcrypto stubsYu-Ping Wu
Now that the vb2ex_hwcrypto_* stub functions are included in vboot fwlib (CL:2353775), we can remove the same stubs from coreboot. BUG=none TEST=emerge-brya coreboot TEST=emerge-cherry coreboot BRANCH=none Change-Id: I62bdc647eb3e34c581cc1b8d15e7f271211e6156 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/58095 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2021-09-16vboot_logic: Set VB2_CONTEXT_EC_TRUSTED in verstage_mainHsuan Ting Chen
vboot_reference is introducing a new field (ctx) to store the current boot mode in crrev/c/2944250 (ctx->bootmode), which will be leveraged in both vboot flow and elog_add_boot_reason in coreboot. In current steps of deciding bootmode, a function vb2ex_ec_trusted is required. This function checks gpio EC_IN_RW pin and will return 'trusted' only if EC is not in RW. Therefore, we need to implement similar utilities in coreboot. We will deprecate vb2ex_ec_trusted and use the flag, VB2_CONTEXT_EC_TRUSTED, in vboot, vb2api_fw_phase1 and set that flag in coreboot, verstage_main. Also add a help function get_ec_is_trusted which needed to be implemented per mainboard. BUG=b:177196147, b:181931817 BRANCH=none TEST=Test on trogdor if manual recovery works Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org> Change-Id: I479c8f80e45cc524ba87db4293d19b29bdfa2192 Reviewed-on: https://review.coreboot.org/c/coreboot/+/57048 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-09-15vboot: Call check_boot_mode before vb2api_fw_phase1Daisuke Nojiri
Currently, check_boot_mode is called after vb2api_fw_phase1, which makes verstage_main exit before reaching check_boot_mode if recovery mode is manually requested. Thus, recovery mode isn't able to test whether VB2_CONTEXT_EC_TRUSTED is set or not. This patch makes verstage_main call check_boot_mode before vb2api_fw_phase1 to fix the issue. BUG=b:180927027, b:187871195 BRANCH=none TEST=build Change-Id: If8524d1513b13fd79320a116a83f6729a820f61f Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/57623 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2021-06-10vboot: Assign 2 to EC_EFS_BOOT_MODE_TRUSTED_RODaisuke Nojiri
This patch assings 2 to EC_EFS_BOOT_MODE_TRUSTED_RO to make coreboot set VB2_CONTEXT_EC_TRUSTED when the GSC reports TRUSTED_RO. Old GSC doesn't use 2. So, the new BIOS won't mistakenly set VB2_CONTEXT_EC_TRUSTED. BUG=b:180927027, b:187871195 BRANCH=none TEST=build Change-Id: I11a09d0035a4bd59f80018c647ca17e3318be81e Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55373 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-06-04vboot: Add VB2_CONTEXT_EC_TRUSTEDDaisuke Nojiri
This patch makes coreboot set VB2_CONTEXT_EC_TRUSTED based on the EC"s boot mode. Vboot will check VB2_CONTEXT_EC_TRUSTED to determine whether it can enter recovery mode or not. BUG=b:180927027, b:187871195 BRANCH=none TEST=build Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: I9fa09dd7ae5baa1efb4e1ed4f0fe9a6803167c93 Reviewed-on: https://review.coreboot.org/c/coreboot/+/54099 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-11-17src: Add missing 'include <console/console.h>'Elyes HAOUAS
"printk()" needs <console/console.h>. Change-Id: Iac6b7000bcd8b1335fa3a0ba462a63aed2dc85b8 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/45539 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2020-11-06security/vboot: Add Kconfig symbol to set hashing block sizeMartin Roth
Generally, this size probably doesn't matter very much, but in the case of picasso's psp_verstage, the hash is being calculated by hardware using relatively expensive system calls. By increasing the block size, we can save roughly 140ms of boot and resume time. TEST=Build & boot see that boot time has decreased. BRANCH=Zork BUG=b:169217270 - Zork: SHA calculation in vboot takes too long Signed-off-by: Martin Roth <martinroth@chromium.org> Change-Id: I68eecbbdfadcbf14288dc6e849397724fb66e0b2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/46901 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Kangheui Won <khwon@chromium.org>
2020-10-20security/vboot: Make mrc_cache hash functions genericShelley Chen
We need to extend the functionality of the mrc_cache hash functions to work for both recovery and normal mrc_cache data. Updating the API of these functions to pass in an index to identify the hash indices for recovery and normal mode. BUG=b:150502246 BRANCH=None TEST=make sure memory training still works on nami Change-Id: I9c0bb25eafc731ca9c7a95113ab940f55997fc0f Signed-off-by: Shelley Chen <shchen@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/46432 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-09-21src/security: Drop unneeded empty linesElyes HAOUAS
Change-Id: Icb6057ac73fcc038981ef95a648420ac00b3c106 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2020-07-26src: Remove unused 'include <cbmem.h>'Elyes HAOUAS
Change-Id: Ib41341b42904dc3050a97b70966dde7e46057d6b Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/43362 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-04security/vboot: Limit vboot verification code access to only verstageSridhar Siricilla
Make vboot verification code accessible in only verstage. Vboot verification code in vboot_logic.c is being used in verstage. Due to support function vboot_save_data(), so core functionality in vboot_logic.c is made available in romstage. The patch decouples the support function frm vboot_logic.c to limit itself to verstage. BUG=b:155544643 TEST=Verified on hatch Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Change-Id: Id1ede45c4dffe90afcef210eabaa657cf92a9335 Reviewed-on: https://review.coreboot.org/c/coreboot/+/40562 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
2020-04-28security/lockdown: Write-protect WP_ROPatrick Rudolph
Allow to write protect only the WP_RO region in case of enabled VBOOT. One can either lock the boot device in VERSTAGE early if VBOOT is enabled, or late in RAMSTAGE. Both options have their downsides as explained below. Lock early if you don't trust the code that's stored in the writeable flash partition. This prevents write-protecting the MRC cache, which is written in ramstage. In case the contents of the MRC cache are corrupted this can lead to system instability or trigger unwanted code flows inside the firmware. Lock late if you trust the code that's stored in the writeable flash partition. This allows write-protecting the MRC cache, but if a vulnerability is found in the code of the writeable partition an attacker might be able to overwrite the whole flash as it hasn't been locked yet. Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32705 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-04-17ec_sync: Run EFS2 in romstagednojiri
EFS2 allows EC RO to enable PD for special cases. When doing so, it sets NO_BOOT flag to avoid booting the OS. AP needs to get NO_BOOT flag from Cr50 and enforce that. This patch makes verstage get a boot mode and a mirrored hash stored in kernel secdata from Cr50. This patch also makes romstage write an expected EC hash (a.k.a. Hexp) to Cr50 (if there is an update). BUG=b:147298634, chromium:1045217, b:148259137 BRANCH=none TEST=Verify software sync succeeds on Puff. Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: I1f387b6e920205b9cc4c8536561f2a279c36413d Reviewed-on: https://review.coreboot.org/c/coreboot/+/40389 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-04src/security: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-03-31security/vboot: relocate and rename vboot_platform_is_resuming()Bill XIE
After measured boot is decoupled from verified boot in CB:35077, vboot_platform_is_resuming() is never vboot-specific, thus it is renamed to platform_is_resuming() and declared in bootmode.h. Change-Id: I29b5b88af0576c34c10cfbd99659a5cdc0c75842 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39103 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31security/vboot: Decouple measured boot from verified bootBill XIE
Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-03-17src (minus soc and mainboard): Remove copyright noticesPatrick Georgi
They're listed in AUTHORS and often incorrect anyway, for example: - What's a "Copyright $year-present"? - Which incarnation of Google (Inc, LLC, ...) is the current copyright holder? - People sometimes have their editor auto-add themselves to files even though they only deleted stuff - Or they let the editor automatically update the copyright year, because why not? - Who is the copyright holder "The coreboot project Authors"? - Or "Generated Code"? Sidestep all these issues by simply not putting these notices in individual files, let's list all copyright holders in AUTHORS instead and use the git history to deal with the rest. Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: David Hendricks <david.hendricks@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-17vboot: remove VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT optionJoel Kitching
With CL:1940398, this option is no longer needed. Recovery requests are not cleared until kernel verification stage is reached. If the FSP triggers any reboots, recovery requests will be preserved. In particular: - Manual requests will be preserved via recovery switch state, whose behaviour is modified in CB:38779. - Other recovery requests will remain in nvdata across reboot. These functions now only work after verstage has run: int vboot_check_recovery_request(void) int vboot_recovery_mode_enabled(void) int vboot_developer_mode_enabled(void) BUG=b:124141368, b:35576380 TEST=make clean && make test-abuild BRANCH=none Change-Id: I52d17a3c6730be5c04c3c0ae020368d11db6ca3c Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38780 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-17vboot: push clear recovery mode switch until BS_WRITE_TABLESJoel Kitching
Serves two purposes: (1) On some platforms, FSP initialization may cause a reboot. Push clearing the recovery mode switch until after FSP code runs, so that a manual recovery request (three-finger salute) will function correctly under this condition. (2) The recovery mode switch value is needed at BS_WRITE_TABLES for adding an event to elog. (Previously this was done by stashing the value in CBMEM_ID_EC_HOSTEVENT.) BUG=b:124141368, b:35576380 TEST=make clean && make test-abuild BRANCH=none Change-Id: I30c02787c620b937e5a50a5ed94ac906e3112dad Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38779 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-07security/vboot: relocate vb2ex_abort and vb2ex_printfJoel Kitching
Enabling an assertion in vb2_member_of() results in coreboot linking vb2ex_abort() and vb2ex_printf() in ramstage. Move these two functions from vboot_logic.c to vboot_lib.c, which is should be enabled in all stages if CONFIG_VBOOT_LIB is enabled. Note that CONFIG_VBOOT_LIB is implied by CONFIG_VBOOT. Relevant vboot_reference commit: CL:2037263. BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38706 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>
2019-12-13security/vboot: Ensure firmware body size is respected againJulius Werner
CB:36845 simplified how coreboot finds the RW CBFS after vboot has and eliminated a layer of caching. Unfortunately, we missed the fact that the former cached value didn't exactly match the FMAP section... it was in fact truncated to the data actually used by vboot. That patch unintentionally broke this truncation which leads to performance regressions on certain CBFS accesses. This patch makes use of a new API function added to vboot (CL:1965920) which we can use to retrieve the real firmware body length as before. (Also stop making all the vb2_context pointers const. vboot generally never marks context pointers as const in its API functions, even when the function doesn't modify the context. Therefore constifying it inside coreboot just makes things weird because it prevents you from calling random API functions for no reason. If we really want const context pointers, that's a refactoring that would have to start inside vboot first.) This patch brings in upstream vboot commit 4b0408d2: 2019-12-12 Julius Werner 2lib: Move firmware body size reporting to separate function Change-Id: I167cd40cb435dbae7f09d6069c9f1ffc1d99fe13 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37680 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Mathew King <mathewk@chromium.org>
2019-12-06vboot: Clear secdata change flags after factory initJulius Werner
factory_initialize_tpm() calls secdata_xxx_create() (for both firmware and kernel space) and then immediately writes those spaces out to the TPM. The create() functions make vboot think it just changed the secdata (because it reinitialized the byte arrays in the context), so we also need to clear the VB2_CONTEXT_SECDATA_xxx_CHANGED flags again, otherwise vboot thinks it still needs to flush the spaces out to the TPM even though we already did that. Also clean up some minor related stuff (VB2_CONTEXT_SECDATA_CHANGED notation is deprecated, and secdata space intialization should use the same write-and-readback function we use for updates). Change-Id: I231fadcf7b35a1aec3b39254e7e41c3d456d4911 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/37471 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-20security/vboot: Add vboot callbacks to support EC software syncTim Wawrzynczak
Use the new functions introduced into the EC driver to support performing EC software sync via vboot callbacks. NOTE: This patch assumes that the EC image is added to CBFS uncompressed. Streaming decompression of the image will be added in a future patch. Also adds a new Kconfig option VBOOT_EARLY_EC_SYNC. The new Kconfig option compiles EC software sync into romstage, dependent upon having a CrOS EC. BUG=b:112198832 BRANCH=none TEST=Successful EC software sync Change-Id: I9b1458a45ab3ed5623af50f78036c4f88461b226 Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36208 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-20security/vboot: Remove selected_region from struct vboot_working_dataYu-Ping Wu
Since we already have pre-RAM cache for FMAP (CB:36657), calling load_firmware() multiple times is no longer a problem. This patch replaces vboot_get_selected_region() usage with vboot_locate_firmware(), which locates the firmware by reading from the CBMEM cache. In addition, returning false from vboot_is_slot_selected() implies the recovery path was requested, i.e., vb2_shared_data.recovery_reason was set. Therefore, we simply remove the vboot_is_slot_selected() check from vboot_check_recovery_request(). BRANCH=none BUG=chromium:1021452 TEST=emerge-kukui coreboot Change-Id: I27cb1a2175beb189053fc3e44b17b60aba474bb0 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36845 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-19security/vboot: Remove vboot_named_region_device(_rw)Yu-Ping Wu
Remove vboot_named_region_device(_rw) and use fmap_locate_area_as_rdev(_rw) directly. BRANCH=none BUG=none TEST=emerge-kukui coreboot Change-Id: I244ac4e01ae5b80285162b3baffc0b30aa057bfb Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36922 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-16security/vboot: Add config option to always enable the displayWim Vervoorn
In order to always show the bootlogo very early in coreboot we need the option to always enable the display when VBOOT is enabled. To do this a config option is added to make sure this functionality can be provided without interfering with systems that require the standard VBOOT display handing. BUG=N/A TEST=tested on facebook fbg1701. Change-Id: I3ffaac85d2082717bb9608d536f7cec66a583789 Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-15security/vboot: Remove flags from struct vboot_working_dataYu-Ping Wu
Since now we have persistent context, the usage of the flags can be replaced with vb2_context.flags. BRANCH=none BUG=chromium:1021452 TEST=emerge-kukui coreboot Change-Id: I8e5757a8cc09712c3acde9cbaab910b7498681b4 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-15vboot: use vboot persistent contextJoel Kitching
vb2_context object is now stored on the workbuf as part of vb2_shared_data. Use vboot's new API functions vb2api_init and vb2api_relocate to create and move the workbuf. BUG=b:124141368, chromium:994060 TEST=Build locally BRANCH=none Change-Id: I051be1e47bf79b15a1689d49a5d4c031e9363dfa Signed-off-by: Joel Kitching <kitching@google.com> Also-Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/coreboot/+/1902339 Reviewed-on: https://review.coreboot.org/c/coreboot/+/36300 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Maulik V Vaghela <maulik.v.vaghela@intel.com>
2019-10-16vboot: add new vb2ex_abort callbackJoel Kitching
Required for new VB2_ASSERT and VB2_DIE macros in vboot code. (See chromium:972956.) BUG=b:124141368, chromium:1005700 TEST=make clean && make test-abuild BRANCH=none Change-Id: I61a1036ccab80862d6eb12f9f72286f29e8478cf Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36035 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-21vboot: update vboot2 functions to use new vb2_error_tJoel Kitching
To make explicit when vboot2 error codes should be returned, use the new vb2_error_t type on all functions which return VB2_ERROR_* constants. Additionally, add required vboot submodule commit id e6700f4c: 2019-07-31 14:12:30 +0800 - (vboot: update vboot2 functions to use new vb2_error_t) NOTE: This patch was merged separately on the Chromium tree: https://chromium-review.googlesource.com/c/1728499 BUG=b:124141368, chromium:988410 TEST=make clean && make test-abuild BRANCH=none Change-Id: I804c2b407e496d0c8eb9833be629b7c40118415c Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1728292 Reviewed-on: https://review.coreboot.org/c/coreboot/+/34860 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-08vboot: fix conditional using vboot_setup_tpm return valueJoel Kitching
vboot_setup_tpm returns (TPM_SUCCESS == 0) on success. In this case, call antirollback_read_space_firmware. This regression was introduced in CB:34510. BUG=b:139101213 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ifdea1d85167a50a1ada5afe9b107408e3a2e0d6f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34790 Reviewed-by: Subrata Banik <subrata.banik@intel.com> Reviewed-by: Aamir Bohra <aamir.bohra@intel.com> Reviewed-by: Ronak Kanabar <ronak.kanabar@intel.com> Reviewed-by: V Sowmya <v.sowmya@intel.com> Reviewed-by: caveh jalali <caveh@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-06security/vboot: Add Support for Intel PTTChristian Walter
Add support for Intel PTT. For supporting Intel PTT we need to disable read and write access to the TPM NVRAM during the bootblock. TPM NVRAM will only be available once the DRAM is initialized. To circumvent this, we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is, that the iTPM only supports a stripped down instruction set while the Intel ME is not fully booted up. Details can be found in Intel document number 571993 - Paragraph 2.10. Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-23vboot: relocate call to vboot_save_recovery_reason_vbnvJoel Kitching
Relocate call to vboot_save_recovery_reason_vbnv and rename vb2_clear_recovery_reason_vbnv for consistency. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I111cc23cf3d4b16fdb058dd395ac17a97f23a53f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33551 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-06-21vboot: relocate code to log and clear recovery mode switchJoel Kitching
Logging and clearing the recovery mode switch doesn't have anything to do with vboot_handoff. Move it to the main verstage logic file. BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: I2e74f3893463e43fe5fad4a8df8036560f34e0db Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33534 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-06-12vboot: recovery path should finalize work contextJoel Kitching
Recovery path should finalize work context, and trim vboot_working_data buffer_size. Otherwise, depthcharge ingests the full 12 KB workbuf in recovery path. BUG=chromium:972528, b:134893812 TEST=Build with vboot_reference CL:1584488. Check that USB disks are properly verified in recovery path. BRANCH=none Change-Id: Icf2600d2eb5d846a26aec35a153946dd2f7f128c Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33358 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-22post_code: add post code for failure to load next stageKeith Short
Add a new post code, POST_INVALID_ROM, used when coreboot fails to locate or validate a resource that is stored in ROM. BUG=b:124401932 BRANCH=sarien TEST=build coreboot for sarien and arcada platforms Change-Id: Ie6de6590595d8fcdc57ad156237fffa03d5ead38 Signed-off-by: Keith Short <keithshort@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32770 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-22vboot: determine display init before recovery checkEric Lai
Display is required by recovery mode. Determine display init before recovery check. BUG=b:133197727,b:133175864 TEST=enter recovery mode, checked the display shows up Signed-off-by: Eric Lai <ericr_lai@compal.corp-partner.google.com> Change-Id: Id6ac611f51241373bca3e2b394a94dcd52d3fde7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32906 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-20vboot: save whether developer mode is enabledJoel Kitching
Save whether or not vboot has selected developer mode as a flag in vboot_working_data. Other coreboot code may access this flag without needing to consult vboot_handoff (which is in the process of being deprecated). BUG=b:124141368, b:124192753 TEST=make clean && make test-abuild BRANCH=none Change-Id: Ieb6ac4937c943aea78ddc762595a05387d2b8114 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32843 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09vboot: communicate display requirements with vb2api_fw_phase1Joel Kitching
Input: tell vb2api_fw_phase1 if display unconditionally available Output: vb2api_fw_phase1 may request coreboot to initialize display, if needed based on some internal request Move setting the VBOOT_FLAG_DISPLAY_REQUESTED flag into verstage_main. BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make test-abuild BRANCH=none Change-Id: I81c82c46303564b63b8a32e7f80beb9d891a4628 Cq-Depend: chromium:1564232 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32324 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-06src: Use include <delay.h> when appropriateElyes HAOUAS
Change-Id: I23bc0191ca8fcd88364e5c08be7c90195019e399 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32012 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: David Guckian
2019-03-27vboot: deprecate physical dev switchJoel Kitching
Currently only two devices make use of physical dev switch: stumpy, lumpy Deprecate this switch. If these devices are flashed to ToT, they may still make use of virtual dev switch, activated via recovery screen. BUG=b:124141368, b:124192753, chromium:942901 TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x TEST=make clean && make test-abuild BRANCH=none Change-Id: I87ec0db6148c1727b95475d94e3e3f6e7ec83193 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31943 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-15vboot: rename symbols for better consistencyJoel Kitching
Symbols prefixed with vb2_ should be reserved for internal vboot library use. Anything outside of that may choose some other prefix. Here, we choose vboot_ instead. Also, add some documentation to security/vboot/misc.h, which provides headers for a number of different C files. BUG=b:124141368 TEST=Build and deploy to eve TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x TEST=make clean && make test-abuild BRANCH=none Change-Id: I5d9154fd2d5df25ee254bd5ce4a173afaa6588be Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31886 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-14vboot: copy data structures to CBMEM for downstream useJoel Kitching
For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot verification occurs before CBMEM is brought online. In order to make vboot data structures available downstream, copy vb2_working_data from CAR/SRAM into CBMEM when CBMEM comes online. Create VBOOT_MIGRATE_WORKING_DATA config option to toggle this functionality. BUG=b:124141368, b:124192753 TEST=Built and deployed on eve with STARTS_IN_BOOTBLOCK TEST=Built and deployed on eve with STARTS_IN_ROMSTAGE TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x BRANCH=none Change-Id: I62c11268a83927bc00ae9bd93b1b31363b38e8cf Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31329 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-03-08coreboot: Replace all IS_ENABLED(CONFIG_XXX) with CONFIG(XXX)Julius Werner
This patch is a raw application of find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g' Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-03-07vboot: rename VB2_DISABLE_DEVELOPER_MODEJoel Kitching
Rename VB2_DISABLE_DEVELOPER_MODE to VB2_CONTEXT_DISABLE_DEVELOPER_MODE. See CL in CQ-DEPEND for details. BUG=b:124141368 TEST=Build locally CQ-DEPEND=CL:1460645 BRANCH=none Change-Id: Ib9754425dc2f346e8edac584c4d076d13ae31d2d Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31298 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-02-27console: Refactor printk() varargs prototypesKyösti Mälkki
Change-Id: I816641c2223c3079ad9c95c1380d4b250898ef93 Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com> Reviewed-on: https://review.coreboot.org/c/31491 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-02-25security/vboot: Add measured boot modePhilipp Deppenwiese
* Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-10-24vboot: fix CONFIG_RESUME_PATH_SAME_AS_BOOT S3 resume logicJoel Kitching
- should not check VBOOT_STARTS_IN_BOOTBLOCK to set context flag - implement vboot_platform_is_resuming on platforms missing it - add ACPI_INTEL_HARDWARE_SLEEP_VALUES to two intel southbridges [ originally https://review.coreboot.org/c/coreboot/+/28750 ] BUG=b:114018226 TEST=compile coreboot Change-Id: I1ef0bcdfd01746198f8140f49698b58065d820b9 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/29060 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2018-10-17vboot: do not extend PCRs on resume from S3Joel Kitching
BUG=b:114018226,chromium:873099 TEST=compile coreboot Change-Id: I6840c45604535089fa8410f03c69702bec91218f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
2018-10-08Move compiler.h to commonlibNico Huber
Its spreading copies got out of sync. And as it is not a standard header but used in commonlib code, it belongs into commonlib. While we are at it, always include it via GCC's `-include` switch. Some Windows and BSD quirk handling went into the util copies. We always guard from redefinitions now to prevent further issues. Change-Id: I850414e6db1d799dce71ff2dc044e6a000ad2552 Signed-off-by: Nico Huber <nico.h@gmx.de> Reviewed-on: https://review.coreboot.org/28927 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-07-18security/vboot: fix typoRaul E Rangel
BUG=none TEST=none Change-Id: I7027abee66ccdf9b2d37df60ca7f4dbbbae2f9e4 Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/27517 Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Furquan Shaikh <furquan@google.com> Reviewed-by: Martin Roth <martinroth@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-06-04security/tpm: Unify the coreboot TPM software stackPhilipp Deppenwiese
* Remove 2nd software stack in pc80 drivers directory. * Create TSPI interface for common usage. * Refactor TSS / TIS code base. * Add vendor tss (Cr50) directory. * Change kconfig options for TPM to TPM1. * Add user / board configuration with: * MAINBOARD_HAS_*_TPM # * BUS driver * MAINBOARD_HAS_TPM1 or MAINBOARD_HAS_TPM2 * Add kconfig TPM user selection (e.g. pluggable TPMs) * Fix existing headers and function calls. * Fix vboot for interface usage and antirollback mode. Change-Id: I7ec277e82a3c20c62a0548a1a2b013e6ce8f5b3f Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/24903 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2018-05-13timestamp: Add timestamps for TPM communicationRaul E Rangel
On grunt these operations combined take a little over 37ms. BUG=b:64549506 TEST=built on grunt 511:starting TPM PCR extend 301,268 (598) 512:finished TPM PCR extend 326,710 (25,442) 513:starting locking TPM 326,716 (6) 514:finished locking TPM 339,517 (12,801) Change-Id: I05cfb3d0f8463f073e329a035484a340546649e1 Signed-off-by: Raul E Rangel <rrangel@chromium.org> Reviewed-on: https://review.coreboot.org/26218 Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2018-04-24compiler.h: add __weak macroAaron Durbin
Instead of writing out '__attribute__((weak))' use a shorter form. Change-Id: If418a1d55052780077febd2d8f2089021f414b91 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/25767 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-by: Justin TerAvest <teravest@chromium.org>
2018-01-18security/tpm: Move tpm TSS and TSPI layer to security sectionPhilipp Deppenwiese
* Move code from src/lib and src/include into src/security/tpm * Split TPM TSS 1.2 and 2.0 * Fix header includes * Add a new directory structure with kconfig and makefile includes Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22103 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2017-10-22security/vboot: Move vboot2 to security kconfig sectionPhilipp Deppenwiese
This commit just moves the vboot sources into the security directory and fixes kconfig/makefile paths. Fix vboot2 headers Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22074 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>