Age | Commit message (Collapse) | Author |
|
Enable Cr50 update in recovery mode, so that we can at least still
update the process for most cases (that an update is pending in recovery
mode is not impossible but should be unlikely in the field).
Leave manual recovery unaffected so at least that would still work even
if Cr50 wedges in a weird way that it thinks it has an update on every
boot or something.
Setting the recovery_reason to VB2_RECOVERY_TRAIN_AND_REBOOT allows the
update to be applied.
BUG=b:154071064
BRANCH=none
TEST=builds
Thanks to Julius Werner for the suggested fix.
Change-Id: Iba341a750cce8334da4dcf6353ca8cd1268d170f
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41988
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Stefan thinks they don't add value.
Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)
The exceptions are for:
- crossgcc (patch file)
- gcov (imported from gcc)
- elf.h (imported from GNU's libc)
- nvramtool (more complicated header)
The removed lines are:
- fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-# This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */
Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Done with sed and God Lines. Only done for C-like code for now.
Change-Id: I49dc615178aaef278d6445376842d45152759234
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40060
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
They're listed in AUTHORS and often incorrect anyway, for example:
- What's a "Copyright $year-present"?
- Which incarnation of Google (Inc, LLC, ...) is the current
copyright holder?
- People sometimes have their editor auto-add themselves to files even
though they only deleted stuff
- Or they let the editor automatically update the copyright year,
because why not?
- Who is the copyright holder "The coreboot project Authors"?
- Or "Generated Code"?
Sidestep all these issues by simply not putting these notices in
individual files, let's list all copyright holders in AUTHORS instead
and use the git history to deal with the rest.
Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
When coreboot checks the TPM and key-ladder state it issues a reboot of
the Cr50 with a delay parameter. Older Cr50 code doesn't support the
delay parameter and reboots immediately, which prevented coreboot from
running the mainboard specific code needed for the AP to come back up.
This change calls mainboard_prepare_cr50_reset() prior to sending the
VENDOR_CC_IMMEDIATE_RESET command.
This change also fixes a false error message from the coreboot log that
indicated "Unexpected Cr50 TPM mode 3" when the Cr50 key ladder is
disabled.
BUG=b:130830178
BRANCH=none
TEST=build coreboot on sarien and grunt platforms.
TEST=Load Cr50 v3.15, run 'gsctool -a -m disable; reboot'. Verify
corebot send the
VENDOR_CC_IMMEDIATE_RESET command and that the AP boots normally.
Verify event log shows "cr50 Reset Required"
TEST=Force Cr50 automatic update. Verify event log shows "cr50 Update
Reset".
Change-Id: Ib05c9cfde8e87daffd4233114263de5b30822872
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32365
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
|
This patch is a raw application of
find src/ -type f | xargs sed -i -e 's/IS_ENABLED\s*(CONFIG_/CONFIG(/g'
Change-Id: I6262d6d5c23cabe23c242b4f38d446b74fe16b88
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31774
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
|
|
Under some scenarios the key ladder on the Cr50 can get disabled. If
this state is detected, trigger a reboot of the Cr50 to restore full
TPM functionality.
BUG=b:121463033
BRANCH=none
TEST=Built coreboot on sarien and grunt platforms.
TEST=Ran 'gsctool -a -m disable' and reboot. Verified coreboot sends
VENDOR_CC_IMMEDIATE_RESET command to Cr50 and that the Cr50 resets and
then the platform boots normally.
TEST=Performed Cr50 rollback to 0.0.22 which does not support the
VENDOR_CC_TPM_MODE command, confirmed that platform boots normally and
the coreboot log captures the unsupported command.
Tested-by: Keith Short <keithshort@chromium.org>
Change-Id: I70e012efaf1079d43890e909bc6b5015bef6835a
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/31260
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
In order to allow the mainboard to configure the system before a
cr50 initiated update reset add a weak function that the mainboard
can override if necessary.
This will allow a board that would otherwise be configured to
stay off after an EC reset to instead power up after the reset and
not end up in a shut down state after a cr50 update.
BUG=b:121380403
TEST=update cr50 firmware on sarien and reboot
Change-Id: I11f9e8c9bfe810f69b4eaa2c633252c25004cbd0
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/31057
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
More platforms are not able to hibernate under certain circumstances,
such as when AC is plugged. This original path was conservatively put in
to prevent potential damage when cr50-update-caused asynchronous resets
occur. Julius' compelling argument that async resets from recovery mode
requests should have enough coverage of the design over the course of
project development. Remove the hibernate path and assume all is well
going forward.
Change-Id: I37121e75ff4e6abcb41d8534a1eccf0788ce2ea2
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/29076
Reviewed-by: Justin TerAvest <teravest@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
This patch allows boards to disable turning off EC on cr50 update.
If CR50 resets the whole system, an EC reset is not required.
BUG=b:112604277
BRANCH=none
TEST=gsctool -a -u /media/removable/cr50.bin && reboot
Verify EC reboots. AP prints 'Waiting for CR50 reset to pick up update'
then reboots.
Change-Id: I60a7aa50a549e7a5a1a114245fbf7b9646d813bb
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/28110
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
* Rename tlcl* to tss* as tpm software stack layer.
* Fix inconsistent naming.
Change-Id: I206dd6a32dbd303a6d4d987e424407ebf5c518fa
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22104
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
* Move code from src/lib and src/include into src/security/tpm
* Split TPM TSS 1.2 and 2.0
* Fix header includes
* Add a new directory structure with kconfig and makefile includes
Change-Id: Id15a9aa6bd367560318dfcfd450bf5626ea0ec2b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22103
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
|
|
This patch makes AP send EC_REBOOT_HIBERNATE_CLEAR_AP_OFF, which makes
EC clear AP_OFF flag then hibernate.
This is needed to make Chromebox boot when cr50 toggles the EC's reset
line after TURN_UPDATE_ON command.
BUG=b:69721737
BRANCH=none
CQ-DEPEND=CL:802632
TEST=Verify Fizz reboot after cr50 update.
Change-Id: I5f590286393ac21382cab64afdccae92d3fc14ba
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/22657
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
794d222886 "cr50_enable_update: Add printk before EC hibernate"
inserted printk and kicked out google_chromeec_reboot from the
if-clause. This patch fixes it.
BUG=none
BRANCH=none
TEST=none
Change-Id: I058e929e2acd883d2265b2ab019743e3849cb3af
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/22668
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
|
This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.
Fix vboot2 headers
Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
|
|
Add printout before EC hibernates during a cr50 update to clarify that
failure is due to EC rather than cr50. Ran into a situation where DUT
shut down during cr50 update and the EC was the culprit.
BUG=None
BRANCH=None
TEST=None
Change-Id: I54813fec123de69604d1da4dfc65eaeb77d1662e
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://review.coreboot.org/22120
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
|
|
The AP sends the Cr50 a request to enable the new firmware image. If
the new Cr50 image was found and enabled, the AP expects the Cr50 to
reset the device in 1 second.
While waiting for the Cr50 to reset, the AP logs a newly defined event
and optionally shuts down the system. By default the x86 systems power
off as shutting those systems down is not board specific.
BRANCH=gru,reef
BUG=b:35580805
TEST=built a reef image, observed that in case cr50 image is updated,
after the next reboot the AP stops booting before loading depthcharge,
reports upcoming reset and waits for it.
Once the system is booted after that, the new event can be found
in the log:
localhost ~ # mosys eventlog list
...
7 | 2017-03-23 18:42:12 | Chrome OS Developer Mode
8 | 2017-03-23 18:42:13 | Unknown | 0xac
9 | 2017-03-23 18:42:21 | System boot | 46
...
Change-Id: I45fd6058c03f32ff8edccd56ca2aa5359d9b21b1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/18946
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
|