From 5d302c75d84ee71f1e4b7b36a7d67f96b74ee096 Mon Sep 17 00:00:00 2001 From: Daisuke Nojiri Date: Thu, 9 Apr 2015 08:18:22 -0700 Subject: vboot: add mocked secdata This patch allows a board without a secdata storage (typically TPM) to pass the verification stage if recovery path is taken. It's useful for bringup when the actual board is not ready. BUG=none BRANCH=none TEST=booted the kernel from a usb stick on a cygnus reference board Change-Id: I5ab97d1198057d102a1708338d71c606fe106c75 Signed-off-by: Patrick Georgi Original-Commit-Id: 5d45acee31fd5b7bfe7444f12e3622bae49fc329 Original-Signed-off-by: Daisuke Nojiri Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212418 Original-Reviewed-by: Daisuke Nojiri Original-Commit-Queue: Daisuke Nojiri Original-Tested-by: Daisuke Nojiri Original-Change-Id: Iddd9af19a2b6428704254af0c17b642e7a976fb8 Original-Reviewed-on: https://chromium-review.googlesource.com/265046 Reviewed-on: http://review.coreboot.org/9919 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer --- src/vendorcode/google/chromeos/vboot2/Kconfig | 11 +++++ src/vendorcode/google/chromeos/vboot2/Makefile.inc | 7 +++- .../google/chromeos/vboot2/secdata_mock.c | 48 ++++++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 src/vendorcode/google/chromeos/vboot2/secdata_mock.c (limited to 'src/vendorcode') diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig index 7ea53fda29..16b811069e 100644 --- a/src/vendorcode/google/chromeos/vboot2/Kconfig +++ b/src/vendorcode/google/chromeos/vboot2/Kconfig @@ -24,6 +24,17 @@ config VBOOT2_VERIFY_FIRMWARE Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage and boot loader. +config VBOOT2_MOCK_SECDATA + bool "Mock secdata for firmware verification" + default n + depends on VBOOT2_VERIFY_FIRMWARE + help + Enabling VBOOT2_MOCK_SECDATA will mock secdata for the firmware + verification to avoid access to a secdata storage (typically TPM). + All operations for a secdata storage will be successful. This option + can be used during development when a TPM is not present or broken. + THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES. + config RETURN_FROM_VERSTAGE bool "return from verstage" default n diff --git a/src/vendorcode/google/chromeos/vboot2/Makefile.inc b/src/vendorcode/google/chromeos/vboot2/Makefile.inc index 12404d967f..e1598aa078 100644 --- a/src/vendorcode/google/chromeos/vboot2/Makefile.inc +++ b/src/vendorcode/google/chromeos/vboot2/Makefile.inc @@ -28,7 +28,12 @@ bootblock-y += verstub.c verstage-y += verstub.c bootblock-y += common.c verstage-y += verstage.c -verstage-y += antirollback.c common.c +verstage-y += common.c +ifeq (${CONFIG_VBOOT2_MOCK_SECDATA},y) +verstage-y += secdata_mock.c +else +verstage-y += antirollback.c +endif romstage-y += vboot_handoff.c common.c verstage-y += verstage.ld diff --git a/src/vendorcode/google/chromeos/vboot2/secdata_mock.c b/src/vendorcode/google/chromeos/vboot2/secdata_mock.c new file mode 100644 index 0000000000..3bd4b17311 --- /dev/null +++ b/src/vendorcode/google/chromeos/vboot2/secdata_mock.c @@ -0,0 +1,48 @@ +/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Functions for querying, manipulating and locking rollback indices + * stored in the TPM NVRAM. + */ + +#include +#include +#include + +uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr, + enum vb2_pcr_digest which_digest) +{ + return TPM_SUCCESS; +} + +uint32_t tpm_clear_and_reenable(void) +{ + return TPM_SUCCESS; +} + +uint32_t safe_write(uint32_t index, const void *data, uint32_t length) +{ + return TPM_SUCCESS; +} + +uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size) +{ + return TPM_SUCCESS; +} + +uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) +{ + vb2api_secdata_create(ctx); + return TPM_SUCCESS; +} + +uint32_t antirollback_write_space_firmware(struct vb2_context *ctx) +{ + return TPM_SUCCESS; +} + +uint32_t antirollback_lock_space_firmware() +{ + return TPM_SUCCESS; +} -- cgit v1.2.3