summaryrefslogtreecommitdiff
path: root/src/vboot/Kconfig
AgeCommit message (Collapse)Author
2017-10-22security/vboot: Move vboot2 to security kconfig sectionPhilipp Deppenwiese
This commit just moves the vboot sources into the security directory and fixes kconfig/makefile paths. Fix vboot2 headers Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22074 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martinroth@google.com>
2017-10-12vboot: Exclude platform specific files from RW cbfsMartin Roth
Add a Kconfig option to allow platforms to exclude specific files from being copied from RO into RW sections. BUG=b:65484600 TEST=Exclude apu/amdfw from the RW cbfs sections Change-Id: I7723b63392c1620b75ceb6d8e25fe1ce2c75cf18 Signed-off-by: Martin Roth <martinroth@google.com> Reviewed-on: https://review.coreboot.org/21899 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-09-13vboot: Add config to enable EC EFS supportDaisuke Nojiri
This patch makes coreboot set VBSD_EC_EFS flag if CONFIG_VBOOT_EC_EFS is set. Depthcharge/Vboot uses this flag to determine whether it can update EC when it's already running a RW copy. BUG=b:65028930 BRANCH=none TEST=Verify soft sync runs successfully on Fizz. Change-Id: Ic51ddd4819262162a8d8519461c4ace57ee01cb5 Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://review.coreboot.org/21489 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2017-09-10vboot: Use "Google_" as VBOOT_FWID_MODEL prefix if CHROMEOS is setFurquan Shaikh
CONFIG_MAINBOARD_VENDOR is customizable by OEM for Chrome OS devices. However, VBOOT_FWID_MODEL indicates the firmware vendor and hence if CHROMEOS is selected, then VBOOT_FWID_MODEL should always prefix "Google_" instead of CONFIG_MAINBOARD_VENDOR. BUG=b:65493192 Change-Id: I0a2280bfd6d535586bc14d9a3c4a8198287f08bc Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/21458 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2017-04-29vboot: Separate board name and version number in FWID with a dotJulius Werner
It's standard practice in vboot that the FWID consists of <board_name>.<version_number> (e.g. Google_Kevin.8785.57.0). In fact, some tools rely on this and cut the string at the first dot to separate the two. The current Kconfig default in coreboot instead leads to ugly, parser-breaking FWIDs like Google_Kevin4.5-1234-5678abcd. This patch fixes that. Change-Id: I65cd5285c69e2e485d55a41a65d735f6a2291c16 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/19487 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2017-04-28vboot: Select CONFIG_{TPM,TPM2} only if MOCK_SECDATA is not selectedFurquan Shaikh
1. Select CONFIG_{TPM,TPM2} only when MOCK_SECDATA is not selected. 2. Provide tlcl_lib_init for mock TPM case. BUG=b:37682566 TEST=Verified that when mock TPM is used, CONFIG_TPM is not set anymore in coreboot config. Change-Id: If3bdd1528e153b164e9d62ee9cbcc4c3666b8b66 Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/19456 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2017-03-28vboot: Move remaining features out of vendorcode/google/chromeosJulius Werner
This patch attempts to finish the separation between CONFIG_VBOOT and CONFIG_CHROMEOS by moving the remaining options and code (including image generation code for things like FWID and GBB flags, which are intrinsic to vboot itself) from src/vendorcode/google/chromeos to src/vboot. Also taking this opportunity to namespace all VBOOT Kconfig options, and clean up menuconfig visibility for them (i.e. some options were visible even though they were tied to the hardware while others were invisible even though it might make sense to change them). CQ-DEPEND=CL:459088 Change-Id: I3e2e31150ebf5a96b6fe507ebeb53a41ecf88122 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/18984 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-03-28vboot: Disallow separate verstage after romstage, try to clarify logicJulius Werner
No board has ever tried to combine CONFIG_SEPARATE_VERSTAGE with CONFIG_VBOOT_STARTS_IN_ROMSTAGE. There are probably many reasons why this wouldn't work (e.g. x86 CAR migration logic currently always assumes verstage code to run pre-migration). It would also not really make sense: the reason we use separate verstages is to decrease bootblock size (mitigating the boot speed cost of slow boot ROM SPI drivers) and to allow the SRAM-saving RETURN_FROM_VERSTAGE trick, neither of which would apply to the after-romstage case. It is better to just forbid that case explicitly and give programmers more guarantees about what the verstage is (e.g. now the assumption that it runs pre-RAM is always valid). Since Kconfig dependencies aren't always guaranteed in the face of 'select' statements, also add some explicit compile-time assertions to the vboot code. We can simplify some of the loader logic which now no longer needs to provide for the forbidden case. In addition, also try to make some of the loader logic more readable by writing it in a more functional style that allows us to put more assertions about which cases should be unreachable in there, which will hopefully make it more robust and fail-fast with future changes (e.g. addition of new stages). Change-Id: Iaf60040af4eff711d9b80ee0e5950ce05958b3aa Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/18983 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
2017-03-28vboot: Remove VBOOT_DYNAMIC_WORK_BUFFER Kconfig optionJulius Werner
VBOOT_DYNAMIC_WORK_BUFFER and VBOOT_STARTS_IN_ROMSTAGE are equivalent in practice. We can't have a dynamic work buffer unless we start in/after romstage, and there'd be no reason to go with a static buffer if we do. Let's get rid of one extra option and merge the two. Change-Id: I3f953c8d2a8dcb3f65b07f548184d6dd0eb688fe Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/18979 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-03-28vboot: Remove CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL Kconfig optionJulius Werner
CHIPSET_PROVIDES_VERSTAGE_MAIN_SYMBOL allows the SoC directory to provide its own main() symbol that can execute code before the generic verstage code runs. We have now established in other places (e.g. T210 ramstage) a sort of convention that SoCs which need to run code in any stage before main() should just override stage_entry() instead. This patch aligns the verstage with that model and gets rid of the extra Kconfig option. This also removes the need for aliasing between main() and verstage(). Like other stages the main verstage code is now just in main() and can be called from stage_entry(). Change-Id: If42c9c4fbab51fbd474e1530023a30b69495d1d6 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/18978 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
2017-03-14vboot: Allow other platforms to use soft reboot workaroundLee Leahy
Add a Kconfig value to enable other platforms to use the soft reboot workaround. TEST=Build and run on Galileo Gen2 Change-Id: I5a7ebd200229654128d367ecb50647ff69bb5258 Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com> Reviewed-on: https://review.coreboot.org/18798 Tested-by: Martin Roth <martinroth@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-11-10vboot: Add support for recovery hash space in TPMFurquan Shaikh
1. Add a new index for recovery hash space in TPM - 0x100b 2. Add helper functions to read/write/lock recovery hash space in TPM 3. Add Kconfig option that can be selected by mainboards that want to define this space. 4. Lock this new space while jumping from RO to RW. BUG=chrome-os-partner:59355 BRANCH=None TEST=Verified use of recovery hash space on reef. Change-Id: I1cacd54f0a896d0f2af32d4b7c9ae581a918f9bb Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17273 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-08-19vboot/vbnv_flash: make I/O connection agnosticAaron Durbin
There's no need to be SPI specific w.r.t. how the flash is connected. Therefore, use the RW boot device to write the contents of VBNV. The erasable check was dropped because that information isn't available. All regions should be aligned accordingly on the platform for the underlying hardware implementation. And once the VBNV region fills the erase will fail. BUG=chrome-os-partner:56151 Change-Id: I07fdc8613e0b3884e132a2f158ffeabeaa6da6ce Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16206 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-08-16vboot: Move TPM-related Kconfig selects from CHROMEOS to VBOOTJulius Werner
CONFIG_VBOOT was recently moved to be independent from CONFIG_CHROMEOS. However, the latter still has some 'select' clauses to ensure that required TPM libraries are built. The TPM is an essential part of vboot, and without these libraries the vboot code cannot compile... therefore, they should be moved under CONFIG_VBOOT. Change-Id: I0145558e5127c65c6a82d62f25b5a39e24cb8726 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/16229 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-07-31src/vboot: Capitalize RAM and CPUElyes HAOUAS
Change-Id: Iff6b1b08b8159588b964d9637b16e1e0bfcca940 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/15986 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Martin Roth <martinroth@google.com>
2016-07-31Remove extra newlines from the end of all coreboot files.Martin Roth
This removes the newlines from all files found by the new int-015-final-newlines script. Change-Id: I65b6d5b403fe3fa30b7ac11958cc0f9880704ed7 Signed-off-by: Martin Roth <martinroth@google.com> Reviewed-on: https://review.coreboot.org/15975 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2016-07-28vboot: Separate vboot from chromeosFurquan Shaikh
VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>