summaryrefslogtreecommitdiff
path: root/src/security
AgeCommit message (Collapse)Author
2023-12-27vboot: add VBOOT_X86_RSA_ACCELERATION configJeremy Compostella
Add `VBOOT_X86_RSA_ACCELERATION' Kconfig option to enable SSE2 instruction set implementation of modulus exponentiation which is part of the RSA signature verification process. BUG=b:312709384 TEST=Able to use SSE2 accelerated implementation on rex0 Change-Id: Ib6e39eb9f592f36ad3dca76c8eaf2fe334704265 Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79289 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-20treewide: Use show_notices target for warningsMartin Roth
This updates all warnings currently being printed under the files_added and build_complete targets to the show_notices target. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: Ia14d790dd377f2892f047059b6d24e5b5c5ea823 Reviewed-on: https://review.coreboot.org/c/coreboot/+/79423 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-08Makefile: Make vboot_fw.a a .PHONY targetJulius Werner
vboot_fw.a is built via a sub-invocation of make, but make is not able to track dependencies between different invocations. That means the toplevel make assumes that the vboot_fw.a target depends only on the dependencies explicitly listed in coreboot's Makefile (only config.h in this case), and thus assumes that if config.h didn't change it does not need to rebuild the library. This breaks incremental builds when files inside the vboot repository change. This patch marks the target as .PHONY so that it will always be rebuilt. The vboot Makefile's own dependency tracking will then ensure that on an incremental build we only rebuild the vboot sources that actually changed, so if nothing changed this will just add a simple and quick $(AR) call. Change-Id: I8bdd4e1589124914ba1e877e04b40ee709ea4140 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/79375 Reviewed-by: Patrick Georgi <patrick@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-12-04security/vboot: Add Kconfig option to clear recovery requestMichał Żygowski
For ChromeOS platform the recovery reason is cleared in vb2api_kernel_phase2 which is probably not called by any non-ChromeOS system. It results in the platform being stuck in recovery mode, e.g. when RW firmware verification fails. Even if the RW partition is flashed with correctly signed image, the persistent non-zero recovery reason will prevent vboot from attempting the RW partition check. Use the newly exposed vb2api_clear_recovery and VBOOT_CLEAR_RECOVERY_IN_RAMSTAGE Kconfig option to clear the recovery reason and save it immediately to the VBNV. The idea is to let non-ChromeOS coreboot platform to clear the recovery reason when needed. TEST=Clear the recovery reason in mainboard_final function right before payload jump when RW partition is corrupted and RW partition is valid. In case it is corrupted, the platform stays in recovery mode, when valid the platform boots from RW partition. Tested on MSI PRO Z690-A DDR4. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I7ffaf3e8f61a28a68c9802c184961b1b9bf9d617 Reviewed-on: https://review.coreboot.org/c/coreboot/+/74343 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-11-22vboot: Add catchall recovery reason for unspecified phase 4 errorsJulius Werner
The code for "phase 4" of firmware verification currently only sets a recovery reason when there's an actual hash mismatch detected in vb2api_check_hash_get_digest(). This is the most likely way how this section of code can fail but not the only one. If any other unexpected issue occurs, we should still set a recovery reason rather than just reboot and risk an infinite boot loop. This patch adds a catchall recovery reason for any error code that falls out of this block of code. If a more specific recovery reason had already been set beforehand, we'll continue to use that -- if not, we'll set VB2_RECOVERY_FW_GET_FW_BODY. Change-Id: If00f00f00f00aa113e0325aad58d367f244aca49 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78866 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-11-13security/vboot: Die if vb2api_reinit() failedYu-Ping Wu
In vboot_get_context(), vb2api_reinit() is called to restore the vboot context from the previous stage. We use assert() for the return value of vb2api_reinit() because there shouldn't be runtime errors, except for one edge case: vb2_shared_data struct version mismatch. More precisely, when RW firmware's VB2_SHARED_DATA_VERSION_MINOR is greater than RO's, vb2api_reinit() will return VB2_ERROR_SHARED_DATA_VERSION. To avoid using an invalid vb2_context pointer (when FATAL_ASSERTS is disabled), change assert() to die() on vb2api_reinit() failure. For the vb2api_init() case the assertion is unchanged because there shouldn't be any runtime error for that. Also move the vb2api_init() call outside the assert() argument, as assert() may be a no-op macro depending on the implementation. Change-Id: I4ff5ef1202bba2384c71634ec5ba12db1b784607 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-11-13security/tpm/: turn tis_{init,open} into tis_probeSergii Dmytruk
init() was always followed by open() and after successful initialization we only need send-receive function which is now returned by tis_probe() on success, thus further reducing number of functions to export from drivers. This also removes check for opening TIS twice that seems to have no value. Change-Id: I52ad8d69d50d449f031c36b15bf70ef07986946c Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76954 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-11-09Allow to build romstage sources inside the bootblockArthur Heymans
Having a separate romstage is only desirable: - with advanced setups like vboot or normal/fallback - boot medium is slow at startup (some ARM SOCs) - bootblock is limited in size (Intel APL 32K) When this is not the case there is no need for the extra complexity that romstage brings. Including the romstage sources inside the bootblock substantially reduces the total code footprint. Often the resulting code is 10-20k smaller. This is controlled via a Kconfig option. TESTED: works on qemu x86, arm and aarch64 with and without VBOOT. Change-Id: Id68390edc1ba228b121cca89b80c64a92553e284 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55068 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2023-11-01Revert "vboot: Add catchall recovery reason for unspecified phase 4 errors"Martin L Roth
This reverts commit 7499d9610016c4a89b722498885f196ed6d217aa. Reason for revert: coreboot build fails Change-Id: I8ef853d81ee9b1f18d36dfd82cdf687381ece2c6 Signed-off-by: Martin Roth <gaumless@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78845 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Matt DeVillier <matt.devillier@gmail.com>
2023-10-31vboot: Add catchall recovery reason for unspecified phase 4 errorsJulius Werner
The code for "phase 4" of firmware verification currently only sets a recovery reason when there's an actual hash mismatch detected in vb2api_check_hash_get_digest(). This is the most likely way how this section of code can fail but not the only one. If any other unexpected issue occurs, we should still set a recovery reason rather than just reboot and risk an infinite boot loop. This patch adds a catchall recovery reason for any error code that falls out of this block of code. If a more specific recovery reason had already been set beforehand, we'll continue to use that -- if not, we'll set VB2_RECOVERY_FW_GET_FW_BODY. Change-Id: If00f8f8a5d17aa113e0325aad58d367f244aca49 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78821 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-10-27security/intel/stm: Remove check that can never be trueMartin Roth
STM_RSC_MEM_DESC defines rws_attributes as 3 bits, which can't be greater than 7. Found-by: Coverity Scan #1430578 Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I1efd007e96abd6d5d36f314752abfadffb0024d1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/78619 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <ericllai@google.com>
2023-10-25cbmem.h: Drop cbmem_possible_online in favor of ENV_HAS_CBMEMArthur Heymans
The macro ENV_HAS_CBMEM achieves the same as this inline function. Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Change-Id: I6d65ca51c863abe2106f794398ddd7d7d9ac4b5e Reviewed-on: https://review.coreboot.org/c/coreboot/+/77166 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <czapiga@google.com>
2023-10-02security/tpm: Enable Hibernate on setup failureJon Murphy
Set default to enabled for hibernate on setup failure for all devices using a Google EC. This will have no impact on devices that don't bring the GSC down on hibernate, but will provide a recovery path for all devices that do. BUG=b:296439237 TEST=Force error on Skyrim with custom build, boot normally with normal build Change-Id: I2d9e8f75b25fb6c530a333024c342bea871eb85d Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78098 Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28drivers/tpm: Add tpm failure handlingJon Murphy
Add additional failure mode logic for the TPM to enable an automated recovery mode for GSC hangs. BUG=b:296439237 TEST=Force the error by hard coding the return code and observe the device entering hibernate. BRANCH=None Change-Id: Ieec7e9227d538130354dea8b772d0306cdda1237 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77667 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to tpm_result_tJon Murphy
Convert TPM functions to return TPM error codes(referred to as tpm_result_t) values to match the TCG standard. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-28treewide: convert to %#x hex printsJon Murphy
Convert hex print values to use the %#x qualifier to print 0x{value}. BUG=b:296439237 TEST=build and boot to Skyrim BRANCH=None Change-Id: I0d1ac4b920530635fb758c5165a6a99c11b414c8 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78183 Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-25treewide: Adopt TCG standard namingJon Murphy
Adopt TCG standard naming and definitions for TPM Return codes. BUG=b:296439237 TEST=Build and boot to OS on skyrim BRANCH=None Change-Id: I60755723262ec205a4c134948b0250aac4974d35 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77665 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-23vboot: Remove the unnecessary PCR digest checkYi Chou
This PCR digest length check is no longer necessary. Signed-off-by: Yi Chou <yich@google.com> Change-Id: I256938c69be7787f5c8fca3e633ac93a69368452 Reviewed-on: https://review.coreboot.org/c/coreboot/+/78084 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-09-22security/tpm: Remove unnecessary tss_common.hJon Murphy
Remove the unnecessary tss_common.h header from the repo. tss_errors.h is a more appropriate place for the TPM_SUCCESS value, and the other define is only used by tpm_common.c and can be placed there. BUG=b:296439237 TEST=Builds Change-Id: I99cf90f244a75c1eeab5e9e1500e05c24ae0a8e5 Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/78033 Reviewed-by: Tim Van Patten <timvp@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-09-18drivers/tpm: Make temp test value naming consistentJon Murphy
Make naming convention consistent across all functions return values. BUG=b:296439237 TEST=Boot to OS on Skyrim BRANCH=None Change-Id: If86805b39048800276ab90b7687644ec2a0d4bee Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77536 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-09-18security/vboot: Add tpm return code to vboot fail callJon Murphy
Add the TPM return code to the vboot fail call to provide additional context. BUG=None TEST=builds Change-Id: Ib855c92d460d1e728718b688ff71cdc6e1d9a84a Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77944 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tim Van Patten <timvp@google.com>
2023-09-18security/vboot: Fix return type of extend_pcrs()Yu-Ping Wu
Since vboot_extend_pcr() returns vb2_error_t, the return type of extend_pcrs() should be vb2_error_t too. Also fix an assignment for vboot_locate_firmware(), which returns int instead of vb2_error_t. Change-Id: I1a2a2a66f3e594aba64d33cfc532d1bd88fa305e Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77869 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yidi Lin <yidilin@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-09-18security/vboot: Update vboot context with slot B absenceMichał Żygowski
coreboot offers two vboot schemes VBOOT_SLOTS_RW_A and VBOOT_SLOTS_RW_AB. When VBOOT_SLOTS_RW_AB is not selected then the resulting image is rather not expected to have the FW_MAIN_B FMAP region. When only RW_A region is used, vboot does additional full_reset cycles to try RW_B, even though it does not exist / the build was not configured for two RW partitions. To avoid it, a new vboot context flag has been introduced, VB2_CONTEXT_SLOT_A_ONLY, which can be set right after context initialization to inform vboot about absence of slot B. This will result in less full_reset cycles when vboot runs out of available slots and cause vboot to switch to recovery mode faster. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: Ie123881a2f9f766ae65e4ac7c36bc2a8fce8d100 Reviewed-on: https://review.coreboot.org/c/coreboot/+/75462 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-09-14x86: Add .data section support for pre-memory stagesJeremy Compostella
x86 pre-memory stages do not support the `.data` section and as a result developers are required to include runtime initialization code instead of relying on C global variable definition. To illustrate the impact of this lack of `.data` section support, here are two limitations I personally ran into: 1. The inclusion of libgfxinit in romstage for Raptor Lake has required some changes in libgfxinit to ensure data is initialized at runtime. In addition, we had to manually map some `.data` symbols in the `_bss` region. 2. CBFS cache is currently not supported in pre-memory stages and enabling it would require to add an initialization function and find a generic spot to call it. Other platforms do not have that limitation. Hence, resolving it would help to align code and reduce compilation based restriction (cf. the use of `ENV_HAS_DATA_SECTION` compilation flag in various places of coreboot code). We identified three cases to consider: 1. eXecute-In-Place pre-memory stages - code is in SPINOR - data is also stored in SPINOR but must be linked in Cache-As-RAM and copied there at runtime 2. `bootblock` stage is a bit different as it uses Cache-As-Ram but the memory mapping and its entry code different 3. pre-memory stages loaded in and executed from Cache-As-RAM (cf. `CONFIG_NO_XIP_EARLY_STAGES`). eXecute-In-Place pre-memory stages (#1) require the creation of a new ELF segment as the code segment Virtual Memory Address and Load Memory Address are identical but the data needs to be linked in cache-As-RAM (VMA) but to be stored right after the code (LMA). Here is the output `readelf --segments` on a `romstage.debug` ELF binary. Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x000080 0x02000000 0x02000000 0x21960 0x21960 R E 0x20 LOAD 0x0219e0 0xfefb1640 0x02021960 0x00018 0x00018 RW 0x4 Section to Segment mapping: Segment Sections... 00 .text 01 .data Segment 0 `VirtAddr` and `PhysAddr` are at the same address while they are totally different for the Segment 1 holding the `.data` section. Since we need the data section `VirtAddr` to be in the Cache-As-Ram and its `PhysAddr` right after the `.text` section, the use of a new segment is mandatory. `bootblock` (#2) also uses this new segment to store the data right after the code and load it to Cache-As-RAM at runtime. However, the code involved is different. Not eXecute-In-Place pre-memory stages (#3) do not really need any special work other than enabling a data section as the code and data VMA / LMA translation vector is the same. TEST=#1 and #2 verified on rex and qemu 32 and 64 bits: - The `bootblock.debug`, `romstage.debug` and `verstage.debug` all have data stored at the end of the `.text` section and code to copy the data content to the Cache-As-RAM. - The CBFS stages included in the final image has not improperly relocated any of the `.data` section symbol. - Test purposes global data symbols we added in bootblock, romstage and verstage are properly accessible at runtime #3: for "Intel Apollolake DDR3 RVP1" board, we verified that the generated romstage ELF includes a .data section similarly to a regular memory enabled stage. Change-Id: I030407fcc72776e59def476daa5b86ad0495debe Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77289 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-09-14vc/google/chromeos: Move clear_ec_ap_idle() to common codeDerek Huang
Previously the clear_ec_ap_idle() is implemented in cr50_enable_update.c and be called in the file. Move it to common code so that it can be called in cse_board_reset.c TEST=emerge-brask coreboot Change-Id: I2dbe41b01e70f7259f75d967e6df694a3e0fac23 Signed-off-by: Derek Huang <derekhuang@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77631 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Reka Norman <rekanorman@chromium.org>
2023-09-09security/intel/stm: Remove __attribute__(())Elyes Haouas
Change-Id: Id35a0a589128ea2dfb2f0e5873d4fa087b0886a9 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77717 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-09-07security/intel: Remove unnecessary blank line after '{'Elyes Haouas
Change-Id: I0d2a9c30d332b16efd548433a54f974067bd281e Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77705 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-08-14commonlib,console,nb,sb,security: Add SPDX licenses to MakefilesMartin Roth
To help identify the licenses of the various files contained in the coreboot source, we've added SPDX headers to the top of all of the .c and .h files. This extends that practice to Makefiles. Any file in the coreboot project without a specific license is bound to the license of the overall coreboot project, GPL Version 2. This patch adds the GPL V2 license identifier to the top of all makefiles in the commonlib, console, northbridge, security, and southbridge directories that don't already have an SPDX license line at the top. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I02804a10d0b0355e41271a035613d9f3dfb122f8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/68985 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
2023-08-10security/vboot: Rename Cr50 to GSC when applicableYu-Ping Wu
Recent ChromeOS devices use Ti50 instead of Cr50. Therefore, some strings or comments are not accurate anymore. When applicable, rename Cr50 to GSC (Google security chip). BUG=b:275544927 TEST=./util/abuild/abuild -x -t GOOGLE_TOMATO -a BRANCH=none Cq-Depend: chromium:4756700 Change-Id: Ie5b9267191a5588830ed99a8382ba1a01933028f Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/77100 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yidi Lin <yidilin@google.com>
2023-08-01security/intel/stm/StmApi.h: Use C99 flexible arraysElyes Haouas
Use C99 flexible arrays instead of older style of one-element or zero-length arrays. It allows the compiler to generate errors when the flexible array does not occur at the end in the structure. Change-Id: I3ab3538b276fee5ed135bb4e88d9ef2cd6a00bb9 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76843 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-08-01security/tpm/tpm{1,2}_log_serialized.h: Use C99 flexible arraysElyes Haouas
Use C99 flexible arrays instead of older style of one-element or zero-length arrays. It allows the compiler to generate errors when the flexible array does not occur at the end in the structure. Change-Id: I79e4b34fe682f5f21415cb93cf65394881173b34 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76842 Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-07-18security/tpm: Respect CBMEM TPM log sizeJeremy Soller
The preram TPM log was being copied to the end of the CBMEM TPM log no matter what the size of the CBMEM TPM log was. Eventually, it would overwrite anything else in CBMEM beyond the TPM log. This can currently be reproduced by enabling TPM_MEASURED_BOOT and performing multiple S3 suspends, as coreboot is incorrectly performing TPM measurements on S3 resume. Change-Id: If76299e68eb5ed2ed20c947be35cea46c51fcdec Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Tim Crawford <tcrawford@system76.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/73297 Reviewed-by: Martin L Roth <gaumless@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-07-12security/vboot/secdata_tpm: Simplify antirollback_read_space_firmware()Yu-Ping Wu
The static function read_space_firmware() is used only once, so merge it into antirollback_read_space_firmware(). Also change a debug log to error. BUG=none TEST=emerge-geralt coreboot BRANCH=none Change-Id: I8abcb8b90e82c3e1b01a2144070a5fde6fe7157f Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76330 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yidi Lin <yidilin@google.com>
2023-07-06drivers/tpm: Move tis_plat_irq_status to cr50 driverGrzegorz Bernacki
tis_plat_irq_status() function is used only by Google TPM. It should be moved to drivers/tpm/cr50.c. The name of the function was changed to cr50_plat_irq_status(). BUG=b:277787305 TEST=Build all affected platforms Change-Id: I78dc39f2c7b44232b06947d3dfe6afa52807ced8 Signed-off-by: Grzegorz Bernacki <bernacki@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75917 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2023-06-23Makefile.inc: don't add fmap_config.h dependency twiceFelix Held
Commit d054bbd4f1ba ("Makefile.inc: fix multiple jobs build issue") added a dependency on $(obj)/fmap_config.h to all .c source files in all stages, so it's not needed any more to add it as a dependency to files that include fmap_config.h. Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: I7b62917f32ae9f51f079b243a606e5db07ca9099 Reviewed-on: https://review.coreboot.org/c/coreboot/+/76002 Reviewed-by: Nico Huber <nico.h@gmx.de> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Fred Reitberger <reitbergerfred@gmail.com>
2023-06-23commonlib/console/post_code.h: Change post code prefix to POSTCODElilacious
The prefix POSTCODE makes it clear that the macro is a post code. Hence, replace related macros starting with POST to POSTCODE and also replace every instance the macros are invoked with the new name. The files was changed by running the following bash script from the top level directory. sed -i'' '30,${s/#define POST/#define POSTCODE/g;}' \ src/commonlib/include/commonlib/console/post_codes.h; myArray=`grep -e "^#define POSTCODE_" \ src/commonlib/include/commonlib/console/post_codes.h | \ grep -v "POST_CODES_H" | tr '\t' ' ' | cut -d ' ' -f 2`; for str in ${myArray[@]}; do splitstr=`echo $str | cut -d '_' -f2-` grep -r POST_$splitstr src | \ cut -d ':' -f 1 | xargs sed -i'' -e "s/POST_$splitstr/$str/g"; grep -r "POST_$splitstr" util/cbfstool | \ cut -d ':' -f 1 | xargs sed -i'' -e "s/POST_$splitstr/$str/g"; done Change-Id: I25db79fa15f032c08678f66d86c10c928b7de9b8 Signed-off-by: lilacious <yuchenhe126@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/76043 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subratabanik@google.com>
2023-06-15security/intel/cbnt/Makefile: Fix invalid char '*'Elyes Haouas
It seems that using a wildcard (*) in the import path is not supported in the context of the Makefile. This to fix this error: malformed import path "cmd/cbnt-prov/*.go": invalid char '*' Change-Id: I953e06f1ff70a2b61bc5f505f7df9936b7f9b55b Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75638 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de>
2023-06-07mb/google/nissa/var/joxer: Remove VBOOT_GSC_BOARD_ID configReka Norman
Board IDs are now filled in as part of the signing process, so we don't need to set them in coreboot. BUG=b:240620735 TEST=Build and check VBOOT_GSC_BOARD_ID is set to ZZCR. Change-Id: I7dda8ad59046a1dd9a28595e037eda86e91c98df Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75641 Reviewed-by: Himanshu Sahdev <himanshu.sahdev@intel.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-06-07security/intel/cbnt: Remove unneeded go stepsArthur Heymans
This updates the go modules in the intel-sec-tools git submodule. This is not needed. Change-Id: I2012d519b07321317fef415df892bbb966512ee2 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/55845 Reviewed-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-06-06vboot: Drop argument to select slot from `vb2ex_ec_protect()`Subrata Banik
vboot code changes have eliminated the redundant call to WP the EC-RO region as protecting RW flash implies protecting both RO and RW flash, so the call to protect RO is redundant. google/rex currently takes about 17 ms to lock down the EC. Along with vboot changes, this patch drops argument to choose between RO and RW slot to protect while calling into `vb2ex_ec_protect()`. It ensures vb2ex_ec_protect() is explicitly meant for protecting RW regions. w/o this patch: 517:waiting for EC to allow higher power draw 846,196 (17,297) w/ this patch: 517:waiting for EC to allow higher power draw 838,258 (9,719) Additionally, update vboot submodule to upstream main to avoid the compilation error. Updating from commit id 35f50c3154e5: Fix build error when compiling without -DNDEBUG to commit id 034907b279c9db: vboot_reference: eliminate redundant call to write protect EC-RO Change-Id: I2974f0cb43ba800c2aaeac4876ebaa052b5ee793 Signed-off-by: Subrata Banik <subratabanik@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/75521 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Himanshu Sahdev <himanshu.sahdev@intel.com> Reviewed-by: Harsha B R <harsha.b.r@intel.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-04-10security/tpm: make usage of PCRs configurable via KconfigSergii Dmytruk
At this moment, only GBB flags are moved from PCR-0 to PCR-1 when vboot-compatibility is not enabled. Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Ticket: https://ticket.coreboot.org/issues/424 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2023-04-06security/vboot: Don't add RO pagetables to RW_A/BArthur Heymans
Currently this is only used in bootblock and expects a fixed offset. Change-Id: I3c4db6fffe3343f12383fe9585620ffefb01cf81 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/74218 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com>
2023-03-22security/tpm/tspi: Fix preram TPM log max entriesJeremy Soller
Pre-RAM TPM logs use a separate define for the max number of logs. This one fits into the 2 KiB region assigned to TPM_LOG in the CAR linker script. Change-Id: Idda08a33c4a29fcb50085ca93487585dedf11012 Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Tim Crawford <tcrawford@system76.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/73296 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Matt DeVillier <matt.devillier@gmail.com> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2023-03-04security/tpm: add TPM log format as per 2.0 specSergii Dmytruk
Used by default for all boards with TPM2 which don't specify log format explicitly. Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1 Ticket: https://ticket.coreboot.org/issues/422 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68748 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-03-04security/tpm: add TPM log format as per 1.2 specSergii Dmytruk
Used by default for all boards with TPM1 which don't specify log format explicitly. Ticket: https://ticket.coreboot.org/issues/423 Change-Id: I89720615a75573d44dd0a39ad3d7faa78f125843 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68747 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-02-21vboot: Fix reboot loop in recovery with VBOOT_CBFS_INTEGRATIONJakub Czapiga
After first recovery request coreboot would get stuck in bootloop with VB2_RECOVERY_PREAMBLE as recovery reason due to not checking whether coreboot is alread in recovery mode, and calling failing code. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Idc947a1d150ff6487cf973b36bf4f0af41daa220 Reviewed-on: https://review.coreboot.org/c/coreboot/+/73091 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-02-16vboot: Add VBOOT_ARMV8_CE_SHA256_ACCELERATION configYidi Lin
Add Kconfig option for VBOOT_ARMV8_CE_SHA256_ACCELERATION, which will use ARMv8 Crypto Extension for SHA256[1] instead of software implementation. This will speed up firmware verification in verstage. [1] https://crrev.com/c/4170144 BUG=b:263514393 BRANCH=corsola TEST='calculating body hash (SHA2)' get 13 msecs improvement on Tentacruel. Before: 509:finished calculating body hash (SHA2) 161,548 (14,490) After: 509:finished calculating body hash (SHA2) 155,101 (1,187) Change-Id: I02671338fd9e0deb5294dbb7c03528061edc18c4 Signed-off-by: Yidi Lin <yidilin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72711 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-02-13security/vboot: Add store/validate methods for AMD VBIOS FMAP cacheMatt DeVillier
Add methods to store and retrieve the hash of the data stored in the VBIOS cache FMAP region. Add a dedicated index in TPM NVRAM to store the hash, and methods to calculate/read/write it. Modeled after mrc_cache_hash_tpm.{c,h} BUG=b:255812886 TEST=tested with rest of patch train Change-Id: I030017d3bf956b8593bc09073ad6545b80a5b52b Signed-off-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72401 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <gaumless@gmail.com>
2023-02-05security/vboot: Don't build with flashrom supportBrian Norris
We don't need flashrom support just for vboot payloads. The current default (USE_FLASHROM=1) is mostly harmless, especially if libflashrom is not present (the autodetection in vboot_reference just spits out a pkg-config error but doesn't actually fail the build), but it's better to be clear we don't need it. BUG=b:172225709 TEST=build Change-Id: I53bcc2d1e7666646ddad58ba3717cfdd321014e8 Signed-off-by: Brian Norris <briannorris@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/72716 Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-01-13security/vboot: Check RW_NVRAM at buildtimeArthur Heymans
This avoids runtime failures of lacking a RW_NVRAM section in fmap or one having a size too small. Change-Id: I3415bd719428a23b21210eb2176dbe15fa44eb9c Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71868 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2023-01-11security/tpm/tspi/log.c: fix strncpy() usageSergii Dmytruk
Change-Id: Ib24129829bef3764a8ba1e2c0d92bc42c5cfbc8d Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69708 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11security/tpm: make tspi/crtm.c agnostic to log formatSergii Dmytruk
Change-Id: I3013bd5f29f1412fbe646dc74d8946704b750a66 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69445 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-11treewide: stop calling custom TPM log "TCPA"Sergii Dmytruk
TCPA usually refers to log described by TPM 1.2 specification. Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022 Ticket: https://ticket.coreboot.org/issues/423 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69444 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2023-01-10chromeos/cr50_enable_update.c: Clear EC AP_IDLE flagDerek Huang
When AP boots up after Cr50 firmware update and reboot, AP finds that Cr50 reset is required for Cr50 to pick the new firmware so it trigger Cr50 reset and power off the system, AP expects system will power on automatically after Cr50 reset. However this is not the case for Chromebox, Chromebox EC set AP_IDLE flag when system is shutting down, when AP_IDLE flag is set in EC, the system stays at S5/G3 and wait for power button presssend. It cause an issue in factory that the operator needs to press power button to power on the DUT after Cr50 firmware update. This patch sends EC command to direct EC to clear AP_IDLE flag after AP shutdown so AP can boot up when Cr50 reset. BUG=b:261119366 BRANCH=firmware-brya-14505.B TEST=DUT boots up after Cr50 firmware update in factory test flow Change-Id: If97ffbe65f4783f17f4747a87b0bf89a2b021a3b Signed-off-by: Derek Huang <derekhuang@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70773 Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2023-01-09security/intel/txt: Add helper function to disable TXTSubrata Banik
Add a function to disable TXT as per TXT BIOS spec Section 6.2.5. AP firmware can disable TXT if TXT fails or TPM is already enabled. On platforms with TXT disabled, the memory can be unlocked using MSR 0x2e6. TEST=Able to perform disable_txt on SoC SKUs with TXT enabled. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: I27f613428e82a1dd924172eab853d2ce9c32b473 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71574 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2023-01-08security/intel/txt: Create Intel TXT lib with helper functionsSubrata Banik
This patch decouples useful TXT related operations from the romstage.c file alone and moves them into a helper txtlib.c. This effort will be helpful for SoC users to perform TXT related operations (like Disabling TXT) even without selecting INTEL_TXT config. At present, those helper functions are only available upon selecting INTEL_TXT which is not getting enabled for most of the SoC platform in the scope of the Chromebooks. TEST=Able to access functions from txtlib.c even without selecting INTEL_TXT config. Signed-off-by: Subrata Banik <subratabanik@google.com> Change-Id: Iff5b4e705e18cbaf181b4c71bfed368c3ed047ed Reviewed-on: https://review.coreboot.org/c/coreboot/+/71573 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
2022-12-31security/intel/stm/StmPlatformResource.c: Fix typo on "threads"Elyes HAOUAS
Change-Id: Id57a9c689d5fa35cf1b4df9c37b12dd95cb9ef23 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/61123 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-12-28src/security/vboot: Fix wrong CONFIG nameMaximilian Brune
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: I2af3bc9bf9eaf258b9180da5fc5494b21764f379 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71518 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-23Revert "security/tpm/: turn tis_{init,open} into tis_probe"Sergii Dmytruk
This reverts commit d43154486d27323f64334203e9bc8baf08af6845. From CB:68991: This causes CraterLake boot up process to die. Investigation in progress. Change-Id: I4a6c11b0e638a891108fe230bdaea92d5fbca020 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71205 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Tested-by: siemens-bot Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-12-21treewide: Remove duplicated includesElyes Haouas
<types.h> provides <commonlib/bsd/cb_err.h>, <stdint.h> and <stddef.h>. Change-Id: I966303336e604b1b945df77e5d4c3cccbf045c56 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/71149 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Tarun Tuli <taruntuli@google.com> Reviewed-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
2022-12-21security/vboot: Drop assert call from vbnv_udc_enable_flag()Sridhar Siricilla
It's true that vbnv_udc_enable_flag() is called after vbnv_init() (that's why the assertion was added). However, the former is called in the ramstage, while the latter in verstage. This means that vbnv_initialized will be false in ramstage, which leads to the assertion failure: [EMERG] ASSERTION ERROR: file 'src/security/vboot/vbnv.c', line 88 Since the ctx->nvdata will be restored in ramstage (by vb2api_reinit()), simply remove the assertion. So, the patch drops assert call from vbnv_udc_enable_flag() function. TEST=Verify Rex system boots to OS without assert error. Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com> Change-Id: I49022155239febd5c5be5cf2c5eca2019ca61c12 Reviewed-on: https://review.coreboot.org/c/coreboot/+/71097 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
2022-12-21security/tpm/: turn tis_{init,open} into tis_probeSergii Dmytruk
Init was always followed by open and after successful initialization we need only send-receive function, which is now returned by tis_probe on success further reducing number of functions to export from drivers. Change-Id: Ib4ce35ada24e3959ea1a518c29d431b4ae123809 Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68991 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-16security/vboot: Update vbnv_init signatureKarthikeyan Ramasubramanian
If the temporary nvdata storage inside the vboot context is already initialized then return immediately without reinitializing from the backup NV storage. This allows vbnv_init to be called more than once. Also the check to enable USB Device Controller (UDC) happens after NVdata is initialized. Hence the nvdata in vboot context can be used instead of reading from the backup storage again. BUG=b:242825052 TEST=Build Skyrim BIOS image and boot to OS in Skyrim. Change-Id: Id72709e2fc3fe6a12ee96df8df25e55cf11e50a7 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70380 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-12-10treewide: Include <device/mmio.h> instead of <arch/mmio.h>Elyes Haouas
<device/mmio.h>` chain-include `<arch/mmio.h>: https://doc.coreboot.org/contributing/coding_style.html#headers-and-includes Also sort includes while on it. Change-Id: Ie62e4295ce735a6ca74fbe2499b41aab2e76d506 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/70291 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-12-07vboot: Force config file inclusion with CBFS integrationJulius Werner
CONFIG_VBOOT_CBFS_INTEGRATION images are signed differently than normal images. futility needs to be able to tell this difference, and it parses the `config` file included in CBFS to do this. This change codifies that dependency in Kconfig so that nobody can accidentally break this by turning off config file inclusion. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I2b2d245b850bc65abb4e72f20b4e360312c828f7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/70157 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Jakub Czapiga <jacz@semihalf.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-12-05security/tpm: remove tis_close()Sergii Dmytruk
This function was never called from outside of drivers and src/drivers/pc80/tpm/tis.c was the only one doing it in a questionable way. tpm_vendor_cleanup() also isn't needed as one of tis_close() functions was its only caller. Change-Id: I9df76adfc21fca9fa1d1af7c40635ec0684ceb0f Ticket: https://ticket.coreboot.org/issues/433 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68989 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-12-01vboot: Allow for comparison of hash without zero-paddingJakub Czapiga
Adjust asserts to allow to store and compare (at S3 resume) hashes without padding to maximum hash length / slot size. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: If6d46e0b58dbca86af56221b7ff2606ab2d1799a Reviewed-on: https://review.coreboot.org/c/coreboot/+/69762 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
2022-12-01vboot/vboot_common: Fix vboot_save_data() code exclusion guardJakub Czapiga
Compilers are not optimizing-out code correctly. This patch fixes incorrect behavior by splitting if statement and extracting code to another function, this allowing for better code size optimization and reduction of undefined references. Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Ia5330efeeb4cfd7477cf8f7f64c6abed68281e30 Reviewed-on: https://review.coreboot.org/c/coreboot/+/69761 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-11-30/: Remove extra space after commaElyes Haouas
Change-Id: Ic64625bdaf8c4e9f8a5c1c22cece7f4070012da7 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69903 Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-22security: Remove unnecessary space after castsElyes Haouas
Change-Id: Ibd41382d0e0ef58498ac925dc9e10b54a76a798a Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69800 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-19security/tpm: make log format configurable via KconfigSergii Dmytruk
This commit doesn't add any new format options, just makes selecting existing format explicit. Ticket: https://ticket.coreboot.org/issues/422 Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2022-11-12security/tpm: improve tlcl_extend() signatureSergii Dmytruk
Until now tcg-2.0/tss.c was just assuming certain buffer size and hash algorithm. Change it to accept digest type, which the call sites know. Also drop `uint8_t *out_digest` parameter which was always `NULL` and was handled only by tcg-1.2 code. Change-Id: I944302b502e3424c5041b17c713a867b0fc535c4 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68745 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2022-11-12ec/google/chromeec: Deprecate dev_index from google_chromeec_rebootCaveh Jalali
This removes the dev_index argument from the google_chromeec_reboot API. It's always set to 0, so don't bother passing it. BUG=b:258126464 BRANCH=none TEST=none Change-Id: Iadc3d7c6c1e048e4b1ab8f8cec3cb8eb8db38e6a Signed-off-by: Caveh Jalali <caveh@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69373 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Add VBOOT_CBFS_INTEGRATION supportJakub Czapiga
This patch introduces support signing and verification of firmware slots using CBFS metadata hash verification method for faster initial verification. To have complete verification, CBFS_VERIFICATION should also be enabled, as metadata hash covers only files metadata, not their contents. This patch also adapts mainboards and SoCs to new vboot reset requirements. TEST=Google Volteer/Voxel boots with VBOOT_CBFS_INTEGRATION enabled Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I40ae01c477c4e4f7a1c90e4026a8a868ae64b5ca Reviewed-on: https://review.coreboot.org/c/coreboot/+/66909 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-11-08vboot: Introduce handy vboot reboot functionsJakub Czapiga
This patch groups vboot context, recovery reason and subcode saving, and reboot calls into two handy functions: - vboot_save_and_reboot() - save context and reboot - vboot_fail_and_reboot() - store recovery reason and call function above Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: Ie29410e8985e7cf19bd8d4cccc393b050ca1f1c5 Reviewed-on: https://review.coreboot.org/c/coreboot/+/69208 Reviewed-by: Angel Pons <th3fanbus@gmail.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-11-07security/vboot: Update build rules using x86 SHA extensionKarthikeyan Ramasubramanian
Currently build rules allow using x86 SHA extensions for all coreboot stages when enabled. On some SoCs where verstage can run in non-x86 environment, x86 SHA extension cannot be used. Update build rules accordingly such that x86 SHA extensions can be used in AMD SoCs. This is particularly useful when CBFS verificiation is enabled which verifies the hash of the CBFS file being loaded. BUG=b:227809919 TEST=Build and boot to OS in Skyrim. Observe that hardware acceleration is used when a CBFS file is loaded and observe an overall improvement of 10 ms. Change-Id: I4f388e963eb82990cda41d3880e66ad937334908 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68953 Reviewed-by: Raul Rangel <rrangel@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kangheui Won <khwon@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-11-07cpu/x86: Drop !CPU_INFO_V2 codeArthur Heymans
Now that all platforms use parallel_mp this is the only codepath used for cpu_info() local thread storage. Change-Id: I119214e703aea8a4fe93f83b784159cf86d859d3 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/69122 Reviewed-by: Elyes Haouas <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2022-10-06security/memory/memory.h: Add <stdbool.h>Elyes Haouas
Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I908445b9f87b3db90527955116db22bbee674e1f Reviewed-on: https://review.coreboot.org/c/coreboot/+/68046 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-09-30drivers/crb: Add SMBIOS hook to generate type 43 TPM DeviceMichał Żygowski
Example for Alder Lake PTT: Handle 0x004C, DMI type 43, 31 bytes TPM Device Vendor ID: INTC Specification Version: 2.0 Firmware Revision: 600.18 Description: Intel iTPM Characteristics: TPM Device characteristics not supported OEM-specific Information: 0x00000000 TEST=Execute dmidecode and see the type 43 is populated with PTT on MSI PRO Z690-A WIFI DDR4 Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I05289f98969bd431017aff1aa77be5806d6f1838 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64049 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Christian Walter <christian.walter@9elements.com>
2022-09-17security/vboot: Add rollback NVRAM space for TPM 2Miriam Polzer
Create an NVRAM space in TPM 2.0 that survives owner clear and can be read and written without authorization. This space allows to seal data with the TPM that can only be unsealed before the space was cleared. It will be used during ChromeOS enterprise rollback to securely carry data across a TPM clear. Public documentation on the rollback feature: https://source.chromium.org/chromium/chromiumos/platform2/+/main:oobe_config/README.md BUG=b/233746744 Signed-off-by: Miriam Polzer <mpolzer@google.com> Change-Id: I59ca0783b41a6f9ecd5b72f07de6fb403baf2820 Reviewed-on: https://review.coreboot.org/c/coreboot/+/66623 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-09-15src/security: Use "if (!ptr)" in preference to "if (ptr == NULL)"Elyes Haouas
Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Change-Id: I3def65c016015d8213824e6b8561d8a67b6d5cf0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/67579 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-14timer: Change timer util functions to 64-bitRob Barnes
Since mono_time is now 64-bit, the utility functions interfacing with mono_time should also be 64-bit so precision isn't lost. Fixed build errors related to printing the now int64_t result of stopwatch_duration_[m|u]secs in various places. BUG=b:237082996 BRANCH=All TEST=Boot dewatt Change-Id: I169588f5e14285557f2d03270f58f4c07c0154d5 Signed-off-by: Rob Barnes <robbarnes@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66170 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-by: Raul Rangel <rrangel@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-09-12drivers/intel/ptt: Use the correct detection methodMichał Żygowski
On some platforms the HFSTS4 bit 19 does not indicate active PTT. Instead of ME HFSTS4, use TXT FTIF register to check active TPM for the current boot. Discrete TPM shall be deactivated when PTT is enabled so this always should return true value of PTT state. Leave the old method for backwards compatibility if TXT FTIF would not be applicable for older microarchitectures. Based on DOC #560297. TEST=Check if PTT is detected as active on MSI PRO Z690-A DDR4 WIFI Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Change-Id: I3a55c9f38f5bb94fb1186592446a28e675c1207c Reviewed-on: https://review.coreboot.org/c/coreboot/+/63956 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2022-09-04security/vboot/tpm: Avoid duplicate vb2api_secdata_firmware_create callsYu-Ping Wu
For TPM2, vb2api_secdata_firmware_create() is already called from setup_firmware_space() from _factory_initialize_tpm(). Therefore move the duplicate call from factory_initialize_tpm() to TPM1's _factory_initialize_tpm(). Change-Id: I892df65c847e1aeeabef8a7578bec743b639a127 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/67219 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aseda Aboagye <aaboagye@google.com> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-09-03soc/intel: Add SI_DESC region to GSCVD rangesJulius Werner
Intel platforms have soft straps stored in the SI_DESC FMAP section which can alter boot behavior and may open up a security risk if they can be modified by an attacker. This patch adds the SI_DESC region to the list of ranges covered by GSC verification (CONFIG_VBOOT_GSCVD). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I0f1b297e207d3c6152bf99ec5a5b0983f01b2d0b Reviewed-on: https://review.coreboot.org/c/coreboot/+/66346 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-09-02cbfs/vboot: Adapt to new vb2_digest APIJulius Werner
CL:3825558 changes all vb2_digest and vb2_hash functions to take a new hwcrypto_allowed argument, to potentially let them try to call the vb2ex_hwcrypto API for hash calculation. This change will open hardware crypto acceleration up to all hash calculations in coreboot (most notably CBFS verification). As part of this change, the vb2_digest_buffer() function has been removed, so replace existing instances in coreboot with the newer vb2_hash_calculate() API. Due to the circular dependency of these changes with vboot, this patch also needs to update the vboot submodule: Updating from commit id 18cb85b5: 2load_kernel.c: Expose load kernel as vb2_api to commit id b827ddb9: tests: Ensure auxfw sync runs after EC sync This brings in 15 new commits. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I287d8dac3c49ad7ea3e18a015874ce8d610ec67e Reviewed-on: https://review.coreboot.org/c/coreboot/+/66561 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2022-08-29drivers/i2c/tpm: Remove TI50_FIRMWARE_VERSION_NOT_SUPPORTEDReka Norman
This workaround was added since reading the firmware version on Ti50 versions < 0.0.15 will cause the Ti50 to become unresponsive. No one is using Ti50 this old anymore, so remove the workaround. BUG=b:224650720,b:236911319 TEST=Boot to OS on nivviks with Ti50 0.22.4. Check the log contains the firmware version: [INFO ] Firmware version: Ti50/D3C1 RO_B:0.0.26/- RW_B:0.22.4/ti50_common:v095c Change-Id: I3628b799e436a80d0512dabd356c4b2566ed600a Signed-off-by: Reka Norman <rekanorman@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/67138 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Kangheui Won <khwon@chromium.org> Reviewed-by: Subrata Banik <subratabanik@google.com> Reviewed-by: Kapil Porwal <kapilporwal@google.com>
2022-08-22Add SBOM (Software Bill of Materials) GenerationMaximilian Brune
Firmware is typically delivered as one large binary image that gets flashed. Since this final image consists of binaries and data from a vast number of different people and companies, it's hard to determine what all the small parts included in it are. The goal of the software bill of materials (SBOM) is to take a firmware image and make it easy to find out what it consists of and where those pieces came from. Basically, this answers the question, who supplied the code that's running on my system right now? For example, buyers of a system can use an SBOM to perform an automated vulnerability check or license analysis, both of which can be used to evaluate risk in a product. Furthermore, one can quickly check to see if the firmware is subject to a new vulnerability included in one of the software parts (with the specified version) of the firmware. Further reference: https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/ - Add Makefile.inc to generate and build coswid tags - Add templates for most payloads, coreboot, intel-microcode, amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM, intel ME and compiler (gcc,clang,other) - Add Kconfig entries to optionally supply a path to CoSWID tags instead of using the default CoSWID tags - Add CBFS entry called SBOM to each build via Makefile.inc - Add goswid utility tool to generate SBOM data Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com>
2022-08-21tpm: Correct TI50_FIRMWARE_VERSION_NOT_SUPPORTED help textYu-Ping Wu
Reading firmware_version register is supported on Ti50 version 0.22.4. Therefore correct the help text of the Kconfig option TI50_FIRMWARE_VERSION_NOT_SUPPORTED. Also change the message level to BIOS_WARNING. BUG=b:234533588 TEST=emerge-corsola coreboot BRANCH=none Change-Id: I66a0ef896c9dc4cd0f586555a55dbcd1cfd863f9 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/66906 Reviewed-by: Yidi Lin <yidilin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Andrey Pronin <apronin@google.com> Reviewed-by: Hung-Te Lin <hungte@chromium.org>
2022-07-30security/vboot: Simplify image signingJakub Czapiga
futility now supports image truncation and signing of whole images with a single command invocation. Use it for vboot-enabled coreboot images. TEST=Build and run coreboot on google/volteer Signed-off-by: Jakub Czapiga <jacz@semihalf.com> Change-Id: I49eb7e977b635ccb9f6c1b76e53c36e82be1d795 Reviewed-on: https://review.coreboot.org/c/coreboot/+/66127 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-07-20treewide: Remove unused <cpu/x86/msr.h>Elyes Haouas
Change-Id: I187c2482dd82c6c6d1fe1cbda71710ae1a2f54ad Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64890 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2022-07-17security/intel/txt/common.c: Remove unuseful "else" after "return"Elyes HAOUAS
"else" is unuseful after a "break" or "return". Change-Id: I7273b9af46a2310c9981ffd20afe2c8c7e061479 Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/60910 Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-07-13cpu/x86/mp_init: retype do_smm element in mp_state struct to boolFelix Held
The do_smm struct element in the mp_state struct was an int even though it only had two possible states, so change it to bool to make this more obvious. Also change the return type of is_smm_enabled from int to bool. Signed-off-by: Felix Held <felix-coreboot@felixheld.de> Change-Id: I8d2d95f0497649d67565243d14a5ab9c9cdda412 Reviewed-on: https://review.coreboot.org/c/coreboot/+/65776 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-07-04treewide: Unify Google brandingJon Murphy
Branding changes to unify and update Chrome OS to ChromeOS (removing the space). This CL also includes changing Chromium OS to ChromiumOS as well. BUG=None TEST=N/A Change-Id: I39af9f1069b62747dbfeebdd62d85fabfa655dcd Signed-off-by: Jon Murphy <jpmurphy@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/65479 Reviewed-by: Jack Rosenthal <jrosenth@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Singer <felixsinger@posteo.net>
2022-06-22security/vboot: Deprecate VBOOT_VBNV_ECYu-Ping Wu
Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all ChromeOS devices and they've reached the end of life since Feb 2022. Therefore, remove VBOOT_VBNV_EC for them, each with different replacement. - nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. - veyron: Add RW_NVRAM to their FMAP (by reducing the size of SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its allotted size. - daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs. - peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC option. Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for vboot nvdata (VBNV). Also add a check in read_vbnv() and save_vbnv() for VBNV options. BUG=b:178689388 TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a TEST=util/abuild/abuild -t GOOGLE_DAISY -a TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a BRANCH=none Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-06-21security/vboot: Add support for GSCVD (Google "RO verification")Julius Werner
This patch adds a new CONFIG_VBOOT_GSCVD option that will be enabled by default for TPM_GOOGLE_TI50 devices. It makes the build system run the `futility gscvd` command to create a GSCVD (GSC verification data) which signs the CBFS trust anchor (bootblock and GBB). In order for this to work, boards will need to have an RO_GSCVD section in their FMAP, and production boards should override the CONFIG_VBOOT_GSC_BOARD_ID option with the correct ID for each variant. BUG=b:229015103 Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cf86e90b2687e81edadcefa5a8826b02fbc8b24 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64707 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-06-08drivers/tpm/cr50: Add TPM IRQ timeout Kconfig optionYu-Ping Wu
The current 10ms timeout for SPI TPM IRQ is not enough for platforms using ti50 (such as corsola). Therefore, introduce a new Kconfig option 'GOOGLE_TPM_IRQ_TIMEOUT_MS'. For platforms using cr50, we need to support legacy pre-ready-IRQ cr50 factory images during the initial boot, so the timeout remains 100ms for I2C TPM and 10ms for SPI TPM. For all the other platforms using ti50, the default timeout is increased to 750ms, as suggested by the ti50 team (apronin@google.com). BUG=b:232327704 TEST=emerge-corsola coreboot BRANCH=none Change-Id: I8dbb919e4a421a99a994913613a33738a49f5956 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64412 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-06-01cbfs: Rename TYPE_FIT to TYPE_FIT_PAYLOADJulius Werner
There are too many "FIT" in firmware land. In order to reduce possible confusion of CBFS_TYPE_FIT with the Intel Firmware Interface Table, this patch renames it to CBFS_TYPE_FIT_PAYLOAD (including the cbfstool argument, so calling scripts will now need to replace `-t fit` with `-t fit_payload`). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I826cefce54ade06c6612c8a7bb53e02092e7b11a Reviewed-on: https://review.coreboot.org/c/coreboot/+/64735 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2022-05-24security/tpm/crtm: Add a function to measure the bootblock on SoC levelWerner Zeh
On platforms where the bootblock is not included in CBFS anymore (because it is part of another firmware section (IFWI or a different CBFS), the CRTM measurement fails. This patch adds a new function to provide a way at SoC level to measure the bootblock. Following patches will add functionality to retrieve the bootblock from the SoC related location and measure it from there. In this way the really executed code will be measured. Change-Id: I6d0da1e95a9588eb5228f63151bb04bfccfcf04b Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64492 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2022-05-24security/tpm/crtm: Use bootblock from FMAP on non x86 platformsWerner Zeh
All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a build time check for that so that all the other possibilities (CBFS or other places for the bootblock) are dropped at build time. Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206 Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>