From 6d65f796db04927bfc8324f50ad0816cec9673b6 Mon Sep 17 00:00:00 2001 From: Aaron Durbin Date: Tue, 21 Apr 2015 15:33:01 -0500 Subject: vboot: remove vboot1 In preparation for moving to vboot2 for all verified boot paths bring over Kconfig options to the common area from vboot1. Also remove vboot1 directory entirely. Change-Id: Iccc4b570216f834886618f0ba5f2e1dd6c01db4b Signed-off-by: Aaron Durbin Reviewed-on: http://review.coreboot.org/9957 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi --- src/vendorcode/google/chromeos/Kconfig | 25 +- src/vendorcode/google/chromeos/Makefile.inc | 1 - src/vendorcode/google/chromeos/vboot1/Kconfig | 34 -- src/vendorcode/google/chromeos/vboot1/Makefile.inc | 74 ---- .../google/chromeos/vboot1/vboot_loader.c | 412 --------------------- .../google/chromeos/vboot1/vboot_wrapper.c | 266 ------------- src/vendorcode/google/chromeos/vboot2/Kconfig | 10 +- 7 files changed, 25 insertions(+), 797 deletions(-) delete mode 100644 src/vendorcode/google/chromeos/vboot1/Kconfig delete mode 100644 src/vendorcode/google/chromeos/vboot1/Makefile.inc delete mode 100644 src/vendorcode/google/chromeos/vboot1/vboot_loader.c delete mode 100644 src/vendorcode/google/chromeos/vboot1/vboot_wrapper.c (limited to 'src/vendorcode') diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 9a45efad31..cf3bd0729b 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -132,6 +132,14 @@ config VIRTUAL_DEV_SWITCH help Whether this platform has a virtual developer switch. +config VBOOT_VERIFY_FIRMWARE + bool "Verify firmware with vboot." + default n + depends on CHROMEOS + help + Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the components + of the firmware (stages, payload, etc). + # These VBOOT_X_INDEX are the position of X in FW_MAIN_A/B region. The index # table is created by cros_bundle_firmware at build time based on the positions # of the blobs listed in fmap.dts and stored at the top of FW_MAIN_A/B region. @@ -145,6 +153,14 @@ config VBOOT_BOOT_LOADER_INDEX This is the index of the bootloader component in the verified firmware block. +config VBOOT_REFCODE_INDEX + hex "Reference code firmware index" + default 1 + depends on VBOOT_VERIFY_FIRMWARE + help + This is the index of the reference code component in the verified + firmware block. + config VBOOT_RAMSTAGE_INDEX hex "Ramstage component index" default 1 @@ -153,6 +169,14 @@ config VBOOT_RAMSTAGE_INDEX This is the index of the ramstage component in the verified firmware block. +config VBOOT_ROMSTAGE_INDEX + hex "Romstage component index" + default 2 + depends on VBOOT2_VERIFY_FIRMWARE + help + This is the index of the romstage component in the verified + firmware block. + config NO_TPM_RESUME bool default n @@ -175,7 +199,6 @@ config WIPEOUT_SUPPORTED signal the application the need for factory reset (a.k.a. wipe out) of the device -source src/vendorcode/google/chromeos/vboot1/Kconfig source src/vendorcode/google/chromeos/vboot2/Kconfig endif # CHROMEOS diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 0c669856e5..873b81f24f 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -54,6 +54,5 @@ CFLAGS_common += -DMOCK_TPM=0 endif VB_SOURCE := vboot_reference -subdirs-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot1 subdirs-$(CONFIG_VBOOT2_VERIFY_FIRMWARE) += vboot2 CPPFLAGS_common += -I$(VB_SOURCE)/firmware/include diff --git a/src/vendorcode/google/chromeos/vboot1/Kconfig b/src/vendorcode/google/chromeos/vboot1/Kconfig deleted file mode 100644 index 0102869797..0000000000 --- a/src/vendorcode/google/chromeos/vboot1/Kconfig +++ /dev/null @@ -1,34 +0,0 @@ -## This file is part of the coreboot project. -## -## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. -## -## This program is free software; you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation; version 2 of the License. -## -## This program is distributed in the hope that it will be useful, -## but WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -## GNU General Public License for more details. -## -## You should have received a copy of the GNU General Public License -## along with this program; if not, write to the Free Software -## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -## - -config VBOOT_VERIFY_FIRMWARE - bool "Verify firmware with vboot." - default n - depends on CHROMEOS - select RELOCATABLE_MODULES - help - Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage - and boot loader. - -config VBOOT_REFCODE_INDEX - hex "Reference code firmware index" - default 1 - depends on VBOOT_VERIFY_FIRMWARE - help - This is the index of the reference code component in the verified - firmware block. diff --git a/src/vendorcode/google/chromeos/vboot1/Makefile.inc b/src/vendorcode/google/chromeos/vboot1/Makefile.inc deleted file mode 100644 index 4f7de9017c..0000000000 --- a/src/vendorcode/google/chromeos/vboot1/Makefile.inc +++ /dev/null @@ -1,74 +0,0 @@ -## -## This file is part of the coreboot project. -## -## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved. -## -## This program is free software; you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation; version 2 of the License. -## -## This program is distributed in the hope that it will be useful, -## but WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -## GNU General Public License for more details. -## -## You should have received a copy of the GNU General Public License -## along with this program; if not, write to the Free Software -## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -## - -ramstage-y += ../vboot_common.c -romstage-y += vboot_loader.c ../vboot_common.c -rmodules_$(ARCH-ROMSTAGE-y)-y += vboot_wrapper.c ../vboot_common.c - -ifneq ($(CONFIG_SPI_FLASH_MEMORY_MAPPED),y) -VBOOT_MAKEFLAGS = REGION_READ=1 -endif - -VB_LIB = $(obj)/external/vboot_reference/vboot_fw.a -# Currently, vboot comes into picture only during the romstage, thus -# is compiled for being used in romstage only. Since, we are splitting -# up all components in one of the three stages of coreboot, vboot seems -# most logical to fall under the romstage. Thus, all references to arch -# and other compiler stuff for vboot is using the romstage arch. -VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-ROMSTAGE-y)) - -VBOOT_STUB_ELF = $(obj)/vendorcode/google/chromeos/vboot1/vbootstub.elf -VBOOT_STUB = $(VBOOT_STUB_ELF).rmod - -# Dependency for the vboot rmodules. Ordering matters. -VBOOT_STUB_DEPS += $(obj)/vendorcode/google/chromeos/vboot1/vboot_wrapper.rmodules_$(ARCH-ROMSTAGE-y).o -VBOOT_STUB_DEPS += $(obj)/lib/memcmp.rmodules_$(ARCH-ROMSTAGE-y).o -ifeq ($(CONFIG_ARCH_ROMSTAGE_X86_32),y) -VBOOT_STUB_DEPS += $(obj)/arch/x86/lib/memset.rmodules_$(ARCH-ROMSTAGE-y).o -VBOOT_STUB_DEPS += $(obj)/arch/x86/lib/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o -endif -ifeq ($(CONFIG_ARCH_ROMSTAGE_ARM),y) -VBOOT_STUB_DEPS += $(obj)/arch/arm/memset.rmodules_$(ARCH-ROMSTAGE-y).o -VBOOT_STUB_DEPS += $(obj)/arch/arm/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o -endif -ifeq ($(CONFIG_ARCH_ROMSTAGE_ARM64),y) -VBOOT_STUB_DEPS += $(obj)/lib/memset.rmodules_$(ARCH-ROMSTAGE-y).o -VBOOT_STUB_DEPS += $(obj)/lib/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o -endif -VBOOT_STUB_DEPS += $(VB_LIB) -# Remove the '-include' option since that will break vboot's build and ensure -# vboot_reference can get to coreboot's include files. -VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%,$(filter-out -include $(src)/include/kconfig.h, $(CFLAGS_romstage))) -VBOOT_CFLAGS += -DVBOOT_DEBUG -VBOOT_CFLAGS += $(rmodules_$(ARCH-ROMSTAGE-y)-c-ccopts) - -# Link the vbootstub module with a 64KiB-byte heap. -$(eval $(call rmodule_link,$(VBOOT_STUB_ELF), $(VBOOT_STUB_DEPS), 0x10000,$(ARCH-ROMSTAGE-y))) - -# Build vboot library without the default includes from coreboot proper. -$(VB_LIB): - @printf " MAKE $(subst $(obj)/,,$(@))\n" - $(Q)FIRMWARE_ARCH=$(VB_FIRMWARE_ARCH) \ - CC="$(CC_romstage)" \ - CFLAGS="$(VBOOT_CFLAGS)" \ - $(MAKE) -C $(VB_SOURCE) \ - $(VBOOT_MAKEFLAGS) \ - BUILD=$(top)/$(dir $(VB_LIB)) \ - V=$(V) \ - fwlib diff --git a/src/vendorcode/google/chromeos/vboot1/vboot_loader.c b/src/vendorcode/google/chromeos/vboot1/vboot_loader.c deleted file mode 100644 index dd6c7de180..0000000000 --- a/src/vendorcode/google/chromeos/vboot1/vboot_loader.c +++ /dev/null @@ -1,412 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2013 Google, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "../chromeos.h" -#include "../vboot_context.h" -#include "../vboot_handoff.h" - -#define TEMP_CBMEM_ID_VBOOT 0xffffffff -#define TEMP_CBMEM_ID_VBLOCKS 0xfffffffe - -static void vboot_run_stub(struct vboot_context *context) -{ - struct rmod_stage_load rmod_stage = { - .cbmem_id = TEMP_CBMEM_ID_VBOOT, - .name = CONFIG_CBFS_PREFIX "/vboot", - }; - void (*entry)(struct vboot_context *context); - - if (rmodule_stage_load_from_cbfs(&rmod_stage)) { - printk(BIOS_DEBUG, "Could not load vboot stub.\n"); - goto out; - } - - entry = rmod_stage.entry; - - /* Call stub. */ - entry(context); - -out: - /* Tear down the region no longer needed. */ - if (rmod_stage.cbmem_entry != NULL) - cbmem_entry_remove(rmod_stage.cbmem_entry); -} - -/* Helper routines for the vboot stub. */ -static void log_msg(const char *fmt, va_list args) -{ - do_vtxprintf(fmt, args); -} - -static void fatal_error(void) -{ - printk(BIOS_ERR, "vboot encountered fatal error. Resetting.\n"); - vboot_reboot(); -} - -static int fw_region_size(struct vboot_region *r) -{ - struct vboot_components *fw_info; - int32_t size; - int i; - - fw_info = vboot_locate_components(r); - if (fw_info == NULL) - return -1; - - if (fw_info->num_components > MAX_PARSED_FW_COMPONENTS) - return -1; - - size = sizeof(*fw_info); - size += sizeof(struct vboot_component_entry) * fw_info->num_components; - - for (i = 0; i < fw_info->num_components; i++) - size += ALIGN(fw_info->entries[i].size, sizeof(uint32_t)); - - /* Check that size of comopnents does not exceed the region's size. */ - if (size > r->size) - return -1; - - /* Update region with the correct size. */ - r->size = size; - - return 0; -} - -static int vboot_fill_params(struct vboot_context *ctx) -{ - VbCommonParams *cparams; - VbSelectFirmwareParams *fparams; - - if (fw_region_size(&ctx->fw_a)) - return -1; - - if (fw_region_size(&ctx->fw_b)) - return -1; - - cparams = ctx->cparams; - fparams = ctx->fparams; - - cparams->gbb_size = ctx->gbb.size; - fparams->verification_size_A = ctx->vblock_a.size; - fparams->verification_size_B = ctx->vblock_b.size; - - if (IS_ENABLED(CONFIG_SPI_FLASH_MEMORY_MAPPED)) { - /* Get memory-mapped pointers to the regions. */ - cparams->gbb_data = vboot_get_region(ctx->gbb.offset_addr, - ctx->gbb.size, NULL); - fparams->verification_block_A = - vboot_get_region(ctx->vblock_a.offset_addr, - ctx->vblock_a.size, NULL); - fparams->verification_block_B = - vboot_get_region(ctx->vblock_b.offset_addr, - ctx->vblock_b.size, NULL); - } else { - /* - * Copy the vblock info into a buffer in cbmem. The gbb will - * be read using VbExRegionRead(). - */ - char *dest; - size_t vblck_sz; - - vblck_sz = ctx->vblock_a.size + ctx->vblock_b.size; - ctx->vblocks = cbmem_entry_add(TEMP_CBMEM_ID_VBLOCKS, vblck_sz); - if (ctx->vblocks == NULL) - return -1; - dest = cbmem_entry_start(ctx->vblocks); - if (vboot_get_region(ctx->vblock_a.offset_addr, - ctx->vblock_a.size, dest) == NULL) - return -1; - fparams->verification_block_A = (void *)dest; - dest += ctx->vblock_a.size; - if (vboot_get_region(ctx->vblock_b.offset_addr, - ctx->vblock_b.size, dest) == NULL) - return -1; - fparams->verification_block_B = (void *)dest; - } - - return 0; -} - -static void fill_handoff(struct vboot_context *context) -{ - struct vboot_components *fw_info; - struct vboot_region *region; - int i; - - /* Fix up the handoff structure. */ - context->handoff->selected_firmware = - context->fparams->selected_firmware; - - /* Parse out the components for downstream consumption. */ - if (context->handoff->selected_firmware == VB_SELECT_FIRMWARE_A) - region = &context->fw_a; - else if (context->handoff->selected_firmware == VB_SELECT_FIRMWARE_B) - region = &context->fw_b; - else - return; - - fw_info = vboot_locate_components(region); - if (fw_info == NULL) - return; - - for (i = 0; i < fw_info->num_components; i++) { - context->handoff->components[i].address = - region->offset_addr + fw_info->entries[i].offset; - context->handoff->components[i].size = fw_info->entries[i].size; - } -} - -static void vboot_clean_up(struct vboot_context *context) -{ - if (context->vblocks != NULL) - cbmem_entry_remove(context->vblocks); -} - -static void vboot_invoke_wrapper(struct vboot_handoff *vboot_handoff) -{ - VbCommonParams cparams; - VbSelectFirmwareParams fparams; - struct vboot_context context; - uint32_t *iflags; - - vboot_handoff->selected_firmware = VB_SELECT_FIRMWARE_READONLY; - - memset(&cparams, 0, sizeof(cparams)); - memset(&fparams, 0, sizeof(fparams)); - memset(&context, 0, sizeof(context)); - - iflags = &vboot_handoff->init_params.flags; - if (get_developer_mode_switch()) - *iflags |= VB_INIT_FLAG_DEV_SWITCH_ON; - if (get_recovery_mode_switch()) { - clear_recovery_mode_switch(); - *iflags |= VB_INIT_FLAG_REC_BUTTON_PRESSED; - } - if (get_write_protect_state()) - *iflags |= VB_INIT_FLAG_WP_ENABLED; - if (vboot_get_sw_write_protect()) - *iflags |= VB_INIT_FLAG_SW_WP_ENABLED; - if (CONFIG_VIRTUAL_DEV_SWITCH) - *iflags |= VB_INIT_FLAG_VIRTUAL_DEV_SWITCH; - if (CONFIG_EC_SOFTWARE_SYNC) - *iflags |= VB_INIT_FLAG_EC_SOFTWARE_SYNC; - if (!CONFIG_PHYSICAL_REC_SWITCH) - *iflags |= VB_INIT_FLAG_VIRTUAL_REC_SWITCH; - if (CONFIG_VBOOT_EC_SLOW_UPDATE) - *iflags |= VB_INIT_FLAG_EC_SLOW_UPDATE; - if (CONFIG_VBOOT_OPROM_MATTERS) { - *iflags |= VB_INIT_FLAG_OPROM_MATTERS; - *iflags |= VB_INIT_FLAG_BEFORE_OPROM_LOAD; - /* Will load VGA option rom during this boot */ - if (developer_mode_enabled() || recovery_mode_enabled() || - vboot_wants_oprom()) { - *iflags |= VB_INIT_FLAG_OPROM_LOADED; - } - } - - context.handoff = vboot_handoff; - context.cparams = &cparams; - context.fparams = &fparams; - - cparams.shared_data_blob = &vboot_handoff->shared_data[0]; - cparams.shared_data_size = VB_SHARED_DATA_MIN_SIZE; - cparams.caller_context = &context; - - vboot_locate_region("GBB", &context.gbb); - vboot_locate_region("VBLOCK_A", &context.vblock_a); - vboot_locate_region("VBLOCK_B", &context.vblock_b); - vboot_locate_region("FW_MAIN_A", &context.fw_a); - vboot_locate_region("FW_MAIN_B", &context.fw_b); - - /* Check all fmap entries. */ - if (context.fw_a.size < 0 || context.fw_b.size < 0 || - context.vblock_a.size < 0 || context.vblock_b.size < 0 || - context.gbb.size < 0) { - printk(BIOS_DEBUG, "Not all fmap entries found for vboot.\n"); - return; - } - - /* Fill in vboot parameters. */ - if (vboot_fill_params(&context)) { - vboot_clean_up(&context); - return; - } - - /* Initialize callbacks. */ - context.read_vbnv = &read_vbnv; - context.save_vbnv = &save_vbnv; - context.tis_init = &tis_init; - context.tis_open = &tis_open; - context.tis_close = &tis_close; - context.tis_sendrecv = &tis_sendrecv; - context.log_msg = &log_msg; - context.fatal_error = &fatal_error; - context.get_region = &vboot_get_region; - context.reset = &vboot_reboot; - - vboot_run_stub(&context); - - fill_handoff(&context); - - vboot_clean_up(&context); -} - -#if CONFIG_RELOCATABLE_RAMSTAGE -static void *vboot_load_ramstage(uint32_t cbmem_id, const char *name, - const struct cbmem_entry **cbmem_entry) -{ - struct vboot_handoff *vboot_handoff; - struct cbfs_stage *stage; - const struct firmware_component *fwc; - struct rmod_stage_load rmod_load = { - .cbmem_id = cbmem_id, - .name = name, - }; - - timestamp_add_now(TS_START_VBOOT); - - vboot_handoff = cbmem_add(CBMEM_ID_VBOOT_HANDOFF, - sizeof(*vboot_handoff)); - - if (vboot_handoff == NULL) { - printk(BIOS_DEBUG, "Could not add vboot_handoff structure.\n"); - return NULL; - } - - memset(vboot_handoff, 0, sizeof(*vboot_handoff)); - - vboot_invoke_wrapper(vboot_handoff); - - timestamp_add_now(TS_END_VBOOT); - - /* Take RO firmware path since no RW area was selected. */ - if (vboot_handoff->selected_firmware != VB_SELECT_FIRMWARE_A && - vboot_handoff->selected_firmware != VB_SELECT_FIRMWARE_B) { - printk(BIOS_DEBUG, "No RW firmware selected: 0x%08x\n", - vboot_handoff->selected_firmware); - return NULL; - } - - if (CONFIG_VBOOT_RAMSTAGE_INDEX >= MAX_PARSED_FW_COMPONENTS) { - printk(BIOS_ERR, "Invalid ramstage index: %d\n", - CONFIG_VBOOT_RAMSTAGE_INDEX); - return NULL; - } - - /* Check for invalid address. */ - fwc = &vboot_handoff->components[CONFIG_VBOOT_RAMSTAGE_INDEX]; - if (fwc->address == 0) { - printk(BIOS_DEBUG, "RW ramstage image address invalid.\n"); - return NULL; - } - - printk(BIOS_DEBUG, "RW ramstage image at 0x%08x, 0x%08x bytes.\n", - fwc->address, fwc->size); - - stage = (void *)fwc->address; - - if (rmodule_stage_load(&rmod_load, stage)) { - vboot_handoff->selected_firmware = VB_SELECT_FIRMWARE_READONLY; - printk(BIOS_DEBUG, "Could not load ramstage region.\n"); - return NULL; - } - - *cbmem_entry = rmod_load.cbmem_entry; - - return rmod_load.entry; -} -#else /* CONFIG_RELOCATABLE_RAMSTAGE */ -static void vboot_load_ramstage(struct vboot_handoff *vboot_handoff, - struct romstage_handoff *handoff) -{ - struct cbfs_stage *stage; - const struct firmware_component *fwc; - - if (CONFIG_VBOOT_RAMSTAGE_INDEX >= MAX_PARSED_FW_COMPONENTS) { - printk(BIOS_ERR, "Invalid ramstage index: %d\n", - CONFIG_VBOOT_RAMSTAGE_INDEX); - return; - } - - /* Check for invalid address. */ - fwc = &vboot_handoff->components[CONFIG_VBOOT_RAMSTAGE_INDEX]; - if (fwc->address == 0) { - printk(BIOS_DEBUG, "RW ramstage image address invalid.\n"); - return; - } - - printk(BIOS_DEBUG, "RW ramstage image at 0x%08x, 0x%08x bytes.\n", - fwc->address, fwc->size); - - /* This will leak a mapping. */ - stage = vboot_get_region(fwc->address, fwc->size, NULL); - - if (stage == NULL) { - printk(BIOS_DEBUG, "Unable to get RW ramstage region.\n"); - return; - } - - timestamp_add_now(TS_START_COPYRAM); - - /* Stages rely the below clearing so that the bss is initialized. */ - memset((void *) (uintptr_t) stage->load, 0, stage->memlen); - - if (cbfs_decompress(stage->compression, - ((unsigned char *) stage) + - sizeof(struct cbfs_stage), - (void *) (uintptr_t) stage->load, - stage->len)) - return; - - timestamp_add_now(TS_END_COPYRAM); - -#if CONFIG_ARCH_X86 - __asm__ volatile ( - "movl $0, %%ebp\n" - "jmp *%%edi\n" - :: "D"(stage->entry) - ); -#elif CONFIG_ARCH_ARM - stage_exit((void *)(uintptr_t)stage->entry); -#endif -} -#endif /* CONFIG_RELOCATABLE_RAMSTAGE */ - - -const struct ramstage_loader_ops vboot_ramstage_loader = { - .name = "VBOOT", - .load = vboot_load_ramstage, -}; diff --git a/src/vendorcode/google/chromeos/vboot1/vboot_wrapper.c b/src/vendorcode/google/chromeos/vboot1/vboot_wrapper.c deleted file mode 100644 index 5b9dbbbb31..0000000000 --- a/src/vendorcode/google/chromeos/vboot1/vboot_wrapper.c +++ /dev/null @@ -1,266 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2013 Google, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ -#include -#if CONFIG_ARCH_X86 -#include -#else -#include -#endif -#include -#include -#include -#include "../vboot_context.h" -#include "../vboot_handoff.h" - -/* Keep a global context pointer around for the callbacks to use. */ -static struct vboot_context *gcontext; - -static void vboot_wrapper(void *arg) -{ - VbError_t res; - struct vboot_context *context; - - context = arg; - gcontext = context; - - VbExDebug("Calling VbInit()\n"); - res = VbInit(context->cparams, &context->handoff->init_params); - VbExDebug("VbInit() returned 0x%08x\n", res); - - if (res != VBERROR_SUCCESS) { - if(res == VBERROR_TPM_REBOOT_REQUIRED) { - VbExDebug("TPM Reboot Required. Proceeding reboot.\n"); - gcontext->reset(); - } - return; - } - - VbExDebug("Calling VbSelectFirmware()\n"); - res = VbSelectFirmware(context->cparams, context->fparams); - VbExDebug("VbSelectFirmware() returned 0x%08x\n", res); - - if (res != VBERROR_SUCCESS) - return; -} - -void VbExError(const char *format, ...) -{ - va_list args; - - va_start(args, format); - gcontext->log_msg(format, args); - va_end(args); - - gcontext->fatal_error(); -} - -void VbExDebug(const char *format, ...) -{ - va_list args; - - va_start(args, format); - gcontext->log_msg(format, args); - va_end(args); -} - -uint64_t VbExGetTimer(void) -{ -#if CONFIG_ARCH_X86 - return rdtscll(); -#else - struct mono_time mt; - timer_monotonic_get(&mt); - return mt.microseconds; -#endif -} - -VbError_t VbExNvStorageRead(uint8_t *buf) -{ - gcontext->read_vbnv(buf); - return VBERROR_SUCCESS; -} - -VbError_t VbExNvStorageWrite(const uint8_t *buf) -{ - gcontext->save_vbnv(buf); - return VBERROR_SUCCESS; -} - -extern char _heap[]; -extern char _eheap[]; -static char *heap_current; -static int heap_size; - -void *VbExMalloc(size_t size) -{ - void *ptr; - - if (heap_current == NULL) { - heap_current = &_heap[0]; - heap_size = &_eheap[0] - &_heap[0]; - VbExDebug("vboot heap: %p 0x%08x bytes\n", - heap_current, heap_size); - } - - if (heap_size < size) { - VbExError("vboot heap request cannot be fulfilled. " - "0x%08x available, 0x%08x requested\n", - heap_size, size); - } - - ptr = heap_current; - heap_size -= size; - heap_current += size; - - return ptr; -} - -void VbExFree(void *ptr) -{ - /* Leak all memory. */ -} - -/* vboot doesn't expose these through the vboot_api.h, but they are needed. - * coreboot requires declarations so provide them to avoid compiler errors. */ -int Memcmp(const void *src1, const void *src2, size_t n); -void *Memcpy(void *dest, const void *src, uint64_t n); -void *Memset(void *dest, const uint8_t c, uint64_t n); - -int Memcmp(const void *src1, const void *src2, size_t n) -{ - return memcmp(src1, src2, n); -} - -void *Memcpy(void *dest, const void *src, uint64_t n) -{ - return memcpy(dest, src, n); -} - -void *Memset(void *dest, const uint8_t c, uint64_t n) -{ - return memset(dest, c, n); -} - -static inline size_t get_hash_block_size(size_t requested_size) -{ - if (!IS_ENABLED(CONFIG_SPI_FLASH_MEMORY_MAPPED)) { - const size_t block_size = 64 * 1024; - if (requested_size > block_size) - return block_size; - } - return requested_size; -} - -VbError_t VbExHashFirmwareBody(VbCommonParams *cparams, uint32_t firmware_index) -{ - uint8_t *data; - struct vboot_region *region; - struct vboot_context *ctx; - size_t data_size; - uintptr_t offset_addr; - - ctx = cparams->caller_context; - - switch (firmware_index) { - case VB_SELECT_FIRMWARE_A: - region = &ctx->fw_a; - break; - case VB_SELECT_FIRMWARE_B: - region = &ctx->fw_b; - break; - default: - return VBERROR_UNKNOWN; - } - - data_size = region->size; - offset_addr = region->offset_addr; - while (data_size) { - size_t block_size; - - block_size = get_hash_block_size(data_size); - data = ctx->get_region(offset_addr, block_size, NULL); - if (data == NULL) - return VBERROR_UNKNOWN; - VbUpdateFirmwareBodyHash(cparams, data, block_size); - - data_size -= block_size; - offset_addr += block_size; - } - - return VBERROR_SUCCESS; -} - -VbError_t VbExTpmInit(void) -{ - if (gcontext->tis_init()) - return VBERROR_UNKNOWN; - return VbExTpmOpen(); -} - -VbError_t VbExTpmClose(void) -{ - if (gcontext->tis_close()) - return VBERROR_UNKNOWN; - return VBERROR_SUCCESS; -} - -VbError_t VbExTpmOpen(void) -{ - if (gcontext->tis_open()) - return VBERROR_UNKNOWN; - return VBERROR_SUCCESS; -} - -VbError_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length, - uint8_t *response, uint32_t *response_length) -{ - size_t len = *response_length; - if (gcontext->tis_sendrecv(request, request_length, response, &len)) - return VBERROR_UNKNOWN; - /* check 64->32bit overflow and (re)check response buffer overflow */ - if (len > *response_length) - return VBERROR_UNKNOWN; - *response_length = len; - return VBERROR_SUCCESS; -} - -#if !CONFIG_SPI_FLASH_MEMORY_MAPPED -VbError_t VbExRegionRead(VbCommonParams *cparams, - enum vb_firmware_region region, uint32_t offset, - uint32_t size, void *buf) -{ - struct vboot_context *ctx; - VbExDebug("VbExRegionRead: offset=%x size=%x, buf=%p\n", - offset, size, buf); - ctx = cparams->caller_context; - - if (region == VB_REGION_GBB) { - if (offset + size > cparams->gbb_size) - return VBERROR_REGION_READ_INVALID; - offset += ctx->gbb.offset_addr; - if (ctx->get_region(offset, size, buf) == NULL) - return VBERROR_REGION_READ_INVALID; - return VBERROR_SUCCESS; - } - - return VBERROR_UNSUPPORTED_REGION; -} -#endif /* CONFIG_SPI_FLASH_MEMORY_MAPPED */ - -RMODULE_ENTRY(vboot_wrapper); diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig index 01011f81da..059100621d 100644 --- a/src/vendorcode/google/chromeos/vboot2/Kconfig +++ b/src/vendorcode/google/chromeos/vboot2/Kconfig @@ -18,7 +18,7 @@ config VBOOT2_VERIFY_FIRMWARE bool "Firmware Verification with vboot2" - default n + default y if VBOOT_VERIFY_FIRMARE depends on CHROMEOS && HAVE_HARD_RESET select COLLECT_TIMESTAMPS help @@ -46,14 +46,6 @@ config RETURN_FROM_VERSTAGE romstage. Useful if a ram space is too small to fit both the verstage and the romstage. -config VBOOT_ROMSTAGE_INDEX - hex - default 2 - depends on VBOOT2_VERIFY_FIRMWARE - help - This is the index of the romstage component in the verified - firmware block. - config VBOOT_DISABLE_DEV_ON_RECOVERY bool "Disable dev mode on recovery requests" default n -- cgit v1.2.3