From 0bcee882982543bcc3212ad7cdac47403d9de9c7 Mon Sep 17 00:00:00 2001 From: Joel Kitching Date: Mon, 11 Feb 2019 15:37:49 +0800 Subject: vboot: copy data structures to CBMEM for downstream use For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot verification occurs before CBMEM is brought online. In order to make vboot data structures available downstream, copy vb2_working_data from CAR/SRAM into CBMEM when CBMEM comes online. Create VBOOT_MIGRATE_WORKING_DATA config option to toggle this functionality. BUG=b:124141368, b:124192753 TEST=Built and deployed on eve with STARTS_IN_BOOTBLOCK TEST=Built and deployed on eve with STARTS_IN_ROMSTAGE TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x BRANCH=none Change-Id: I62c11268a83927bc00ae9bd93b1b31363b38e8cf Signed-off-by: Joel Kitching Reviewed-on: https://review.coreboot.org/c/coreboot/+/31329 Tested-by: build bot (Jenkins) Reviewed-by: Julius Werner --- src/security/vboot/Kconfig | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/security/vboot/Kconfig') diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index a382e670c4..ea5f2a3c2a 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -107,6 +107,21 @@ config VBOOT_STARTS_IN_ROMSTAGE memory initialization). This implies that vboot working data is allocated in CBMEM. +config VBOOT_MIGRATE_WORKING_DATA + bool + default y if CACHE_AS_RAM + depends on !VBOOT_STARTS_IN_ROMSTAGE + help + In order to make vboot data structures available downstream, + migrate verified boot working data to CBMEM after CBMEM comes + online, when VBOOT_STARTS_IN_BOOTBLOCK is employed. This should + always be enabled on x86 architectures to migrate data from CAR + before losing access in ramstage, and should almost always be + disabled in SRAM architectures, where access to SRAM is usually + retained. Any SRAM platform where the original location of the + VBOOT_WORKBUF region becomes inaccessible in later stages should + manually select this option. + config VBOOT_MOCK_SECDATA bool "Mock secdata for firmware verification" default n -- cgit v1.2.3