From 1fa3da4d9b30ad7e63b79b6966794ee179dc6501 Mon Sep 17 00:00:00 2001 From: Jakub Czapiga Date: Mon, 6 Dec 2021 09:01:50 +0000 Subject: libpayload: Enable vboot integration This patch introduces building and linking of 3rdparty/vboot with libpayload. VBoot can be enabled by setting CONFIG_LP_VBOOT_LIB. Moreover it can be configured to use either TPM or TPM 2.0 mode, and whether to use SHA256 processor extension instructions on x86. Change-Id: I2d9d766a461edaa0081041c020ecf580fd2ca64e Signed-off-by: Jakub Czapiga Reviewed-on: https://review.coreboot.org/c/coreboot/+/60080 Tested-by: build bot (Jenkins) Reviewed-by: Julius Werner --- payloads/libpayload/Kconfig | 3 +++ payloads/libpayload/Makefile | 4 +-- payloads/libpayload/Makefile.inc | 9 +++++-- payloads/libpayload/vboot/Kconfig | 25 ++++++++++++++++++ payloads/libpayload/vboot/Makefile.inc | 48 ++++++++++++++++++++++++++++++++++ 5 files changed, 85 insertions(+), 4 deletions(-) create mode 100644 payloads/libpayload/vboot/Kconfig create mode 100644 payloads/libpayload/vboot/Makefile.inc (limited to 'payloads') diff --git a/payloads/libpayload/Kconfig b/payloads/libpayload/Kconfig index 382f5af751..f24778880a 100644 --- a/payloads/libpayload/Kconfig +++ b/payloads/libpayload/Kconfig @@ -227,6 +227,9 @@ config LZ4 help Decoder implementation for the LZ4 compression algorithm. Adds standalone functions (CBFS support coming soon). + +source "vboot/Kconfig" + endmenu menu "Console Options" diff --git a/payloads/libpayload/Makefile b/payloads/libpayload/Makefile index 3ad313f3af..2014cd4ec9 100644 --- a/payloads/libpayload/Makefile +++ b/payloads/libpayload/Makefile @@ -326,7 +326,7 @@ src-to-obj=\ $(basename \ $(addprefix $(obj)/,\ $(subst $(coreboottop)/,coreboot/,$(2))))) -$(foreach class,$(classes),$(eval $(class)-objs:=$(call src-to-obj,$(class),$($(class)-srcs)))) +$(foreach class,$(classes),$(eval $(class)-objs+=$(call src-to-obj,$(class),$($(class)-srcs)))) allsrcs:=$(foreach var, $(addsuffix -srcs,$(classes)), $($(var))) allobjs:=$(foreach var, $(addsuffix -objs,$(classes)), $($(var))) @@ -355,7 +355,7 @@ $(foreach class,$(classes), \ foreach-src=$(foreach file,$($(1)-srcs),$(eval $(call $(1)-objs_$(subst .,,$(suffix $(file)))_template,$(basename $(file))))) $(eval $(foreach class,$(classes),$(call foreach-src,$(class)))) -DEPENDENCIES = $(allobjs:.o=.d) +DEPENDENCIES = $($(filter %.o,%(allobjs)):.o=.d) -include $(DEPENDENCIES) printall: diff --git a/payloads/libpayload/Makefile.inc b/payloads/libpayload/Makefile.inc index 0e903643fc..77eab60c6b 100644 --- a/payloads/libpayload/Makefile.inc +++ b/payloads/libpayload/Makefile.inc @@ -46,6 +46,8 @@ classes-$(CONFIG_LP_CBFS) += libcbfs classes-$(CONFIG_LP_LZMA) += liblzma classes-$(CONFIG_LP_LZ4) += liblz4 classes-$(CONFIG_LP_REMOTEGDB) += libgdb +classes-$(CONFIG_LP_VBOOT_LIB) += vboot_fw +classes-$(CONFIG_LP_VBOOT_LIB) += tlcl libraries := $(classes-y) classes-y += head.o @@ -55,6 +57,7 @@ subdirs-$(CONFIG_LP_CURSES) += curses subdirs-$(CONFIG_LP_CBFS) += libcbfs subdirs-$(CONFIG_LP_LZMA) += liblzma subdirs-$(CONFIG_LP_LZ4) += liblz4 +subdirs-$(CONFIG_LP_VBOOT_LIB) += vboot INCLUDES := -Iinclude -Iinclude/$(ARCHDIR-y) -I$(obj) INCLUDES += -include include/kconfig.h -include include/compiler.h @@ -91,11 +94,13 @@ includes-handler= \ $(obj)/libpayload.a: $(foreach class,$(libraries),$$($(class)-objs)) printf " AR $(subst $(CURDIR)/,,$(@))\n" - $(AR) rc $@ $^ + $(AR) rc $@ $(filter-out %.a,$^) + printf "open $@\n$(foreach lib,$(filter %.a,$^),addlib $(lib)\n)save\nend\n" | $(AR) -M $(obj)/%.a: $$(%-objs) printf " AR $(subst $(CURDIR)/,,$(@))\n" - $(AR) rc $@ $^ + $(AR) rc $@ $(filter-out %.a,$^) + printf "open $@\n$(foreach lib,$(filter %.a,$^),addlib $(lib)\n)save\nend\n" | $(AR) -M $(obj)/head.o: $(obj)/arch/$(ARCHDIR-y)/head.head.o.o printf " CP $(subst $(CURDIR)/,,$(@))\n" diff --git a/payloads/libpayload/vboot/Kconfig b/payloads/libpayload/vboot/Kconfig new file mode 100644 index 0000000000..4d5d8818e0 --- /dev/null +++ b/payloads/libpayload/vboot/Kconfig @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: BSD-3-Clause + +config VBOOT_LIB + bool "Compile verified boot (vboot) library" + default n + help + This option enables compiling and building vboot libraries vboot_fw and tlcl. + +if VBOOT_LIB + +config VBOOT_TPM2_MODE + bool "TPM2 Mode" + default y + help + This option enables TPM 2.0 support in vboot. Disabling it allows using TPM 1.2. + +config VBOOT_X86_SHA_EXT + bool "x86 SHA Extension" + default n + depends on ARCH_X86 + help + This option enables SHA256 implementation using x86 SHA processor extension + instructions: sha256msg1, sha256msg2, sha256rnds2. + +endif diff --git a/payloads/libpayload/vboot/Makefile.inc b/payloads/libpayload/vboot/Makefile.inc new file mode 100644 index 0000000000..8289f63945 --- /dev/null +++ b/payloads/libpayload/vboot/Makefile.inc @@ -0,0 +1,48 @@ +# SPDX-License-Identifier: BSD-3-Clause + +VBOOT_SOURCE ?= $(coreboottop)/3rdparty/vboot + +VBOOT_BUILD_DIR ?= $(abspath $(obj)/external/vboot) +VBOOT_FW_LIB = $(VBOOT_BUILD_DIR)/vboot_fw.a +TLCL_LIB = $(VBOOT_BUILD_DIR)/tlcl.a + +vboot_fw-objs += $(VBOOT_FW_LIB) +tlcl-objs += $(TLCL_LIB) + +kconfig-to-binary=$(if $(1),1,0) +vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\ + $(patsubst include/%.h,$(top)/include/%.h,\ + $(filter-out -I$(obj),$(1)))) + +ifeq ($(CONFIG_LP_ARCH_MOCK),) +VBOOT_CFLAGS += $(call vboot-fixup-includes,$(CFLAGS)) +VBOOT_CFLAGS += -I$(abspath $(obj)) +endif + +# Enable vboot debug by default +VBOOT_CFLAGS += -DVBOOT_DEBUG + +VBOOT_FIRMWARE_ARCH-$(CONFIG_LP_ARCH_ARM) := arm +VBOOT_FIRMWARE_ARCH-$(CONFIG_LP_ARCH_X86) := x86 +VBOOT_FIRMWARE_ARCH-$(CONFIG_LP_ARCH_ARM64) := arm64 + +ifeq ($(CONFIG_LP_ARCH_MOCK)$(VBOOT_FIRMWARE_ARCH-y),) +$(error vboot requires architecture to be set in the configuration) +endif + +$(VBOOT_FW_LIB): $(obj)/libpayload-config.h + @printf " MAKE $(subst $(obj)/,,$(@))\n" + +$(Q) FIRMWARE_ARCH=$(VBOOT_FIRMWARE_ARCH-y) \ + CC=$(CC) \ + CFLAGS="$(VBOOT_CFLAGS)" \ + $(MAKE) -C "$(VBOOT_SOURCE)" \ + TPM2_MODE=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_TPM2_MODE)) \ + X86_SHA_EXT=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_X86_SHA_EXT)) \ + UNROLL_LOOPS=1 \ + BUILD=$(VBOOT_BUILD_DIR) \ + V=$(V) \ + $(VBOOT_BUILD_DIR)/vboot_fw.a tlcl + +$(TLCL_LIB): $(VBOOT_FW_LIB) + +.PHONY: $(VBOOT_FW_LIB) $(TLCL_LIB) -- cgit v1.2.3