/* SPDX-License-Identifier: GPL-2.0-only */ #include #include #include #include #include #include #include #include #include #include #include #include /* CSE RW version size reserved in the CSE CBFS RW binary */ #define CSE_RW_VERSION_SZ 16 /* Converts bp index to boot partition string */ #define GET_BP_STR(bp_index) (bp_index ? "RW" : "RO") /* CSE RW boot partition signature */ #define CSE_RW_SIGNATURE 0x000055aa /* CSE RW boot partition signature size */ #define CSE_RW_SIGN_SIZE sizeof(uint32_t) /* * CSE Firmware supports 3 boot partitions. For CSE Lite SKU, only 2 boot partitions are * used and 3rd boot partition is set to BP_STATUS_PARTITION_NOT_PRESENT. * CSE Lite SKU Image Layout: * ------------- ------------------- --------------------- * |CSE REGION | => | RO | RW | DATA | => | BP1 | BP2 | DATA | * ------------- ------------------- --------------------- */ #define CSE_MAX_BOOT_PARTITIONS 3 /* CSE Lite SKU's valid bootable partition identifiers */ enum boot_partition_id { /* RO(BP1) contains recovery/minimal boot firmware */ RO = 0, /* RW(BP2) contains fully functional CSE firmware */ RW = 1 }; /* CSE recovery sub-error codes */ enum csme_failure_reason { /* Unspecified error */ CSE_LITE_SKU_UNSPECIFIED = 1, /* CSE fails to boot from RW */ CSE_LITE_SKU_RW_JUMP_ERROR = 2, /* CSE RW boot partition access error */ CSE_LITE_SKU_RW_ACCESS_ERROR = 3, /* Fails to set next boot partition as RW */ CSE_LITE_SKU_RW_SWITCH_ERROR = 4, /* CSE firmware update failure */ CSE_LITE_SKU_FW_UPDATE_ERROR = 5, /* Fails to communicate with CSE */ CSE_LITE_SKU_COMMUNICATION_ERROR = 6, /* Fails to wipe CSE runtime data */ CSE_LITE_SKU_DATA_WIPE_ERROR = 7 }; /* * Boot partition status. * The status is returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd. */ enum bp_status { /* This value is returned when a partition has no errors */ BP_STATUS_SUCCESS = 0, /* * This value is returned when a partition should be present based on layout, but it is * not valid. */ BP_STATUS_GENERAL_FAILURE = 1, /* This value is returned when a partition is not present per initial image layout */ BP_STATUS_PARTITION_NOT_PRESENT = 2, }; /* * Boot Partition Info Flags * The flags are returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd. */ enum bp_info_flags { /* Redundancy Enabled: It indicates CSE supports RO(BP1) and RW(BP2) regions */ BP_INFO_REDUNDANCY_EN = 1 << 0, /* It indicates RO(BP1) supports Minimal Recovery Mode */ BP_INFO_MIN_RECOV_MODE_EN = 1 << 1, /* * Read-only Config Enabled: It indicates HW protection to CSE RO region is enabled. * The option is relevant only if the BP_INFO_MIN_RECOV_MODE_EN flag is enabled. */ BP_INFO_READ_ONLY_CFG = 1 << 2, }; /* Boot Partition FW Version */ struct fw_version { uint16_t major; uint16_t minor; uint16_t hotfix; uint16_t build; } __packed; /* CSE boot partition entry info */ struct cse_bp_entry { /* Boot partition version */ struct fw_version fw_ver; /* Boot partition status */ uint32_t status; /* Starting offset of the partition within CSE region */ uint32_t start_offset; /* Ending offset of the partition within CSE region */ uint32_t end_offset; uint8_t reserved[12]; } __packed; /* CSE boot partition info */ struct cse_bp_info { /* Number of boot partitions */ uint8_t total_number_of_bp; /* Current boot partition */ uint8_t current_bp; /* Next boot partition */ uint8_t next_bp; /* Boot Partition Info Flags */ uint8_t flags; /* Boot Partition Entry Info */ struct cse_bp_entry bp_entries[CSE_MAX_BOOT_PARTITIONS]; } __packed; struct get_bp_info_rsp { struct mkhi_hdr hdr; struct cse_bp_info bp_info; } __packed; static void cse_log_status_registers(void) { printk(BIOS_DEBUG, "cse_lite: CSE status registers: HFSTS1: 0x%x, HFSTS2: 0x%x " "HFSTS3: 0x%x\n", me_read_config32(PCI_ME_HFSTS1), me_read_config32(PCI_ME_HFSTS2), me_read_config32(PCI_ME_HFSTS3)); } static void cse_trigger_recovery(uint8_t rec_sub_code) { /* Log CSE Firmware Status Registers to help debugging */ cse_log_status_registers(); if (CONFIG(VBOOT)) { struct vb2_context *ctx; ctx = vboot_get_context(); vb2api_fail(ctx, VB2_RECOVERY_INTEL_CSE_LITE_SKU, rec_sub_code); vboot_save_data(ctx); vboot_reboot(); } die("cse_lite: Failed to trigger recovery mode(recovery subcode:%d)\n", rec_sub_code); } static uint8_t cse_get_current_bp(const struct cse_bp_info *cse_bp_info) { return cse_bp_info->current_bp; } static const struct cse_bp_entry *cse_get_bp_entry(enum boot_partition_id bp, const struct cse_bp_info *cse_bp_info) { return &cse_bp_info->bp_entries[bp]; } static void cse_get_bp_entry_range(const struct cse_bp_info *cse_bp_info, enum boot_partition_id bp, uint32_t *start_offset, uint32_t *end_offset) { const struct cse_bp_entry *cse_bp; cse_bp = cse_get_bp_entry(bp, cse_bp_info); if (start_offset) *start_offset = cse_bp->start_offset; if (end_offset) *end_offset = cse_bp->end_offset; } static const struct fw_version *cse_get_bp_entry_version(enum boot_partition_id bp, const struct cse_bp_info *bp_info) { const struct cse_bp_entry *cse_bp; cse_bp = cse_get_bp_entry(bp, bp_info); return &cse_bp->fw_ver; } static const struct fw_version *cse_get_rw_version(const struct cse_bp_info *cse_bp_info) { return cse_get_bp_entry_version(RW, cse_bp_info); } static bool cse_is_rw_bp_status_valid(const struct cse_bp_info *cse_bp_info) { const struct cse_bp_entry *rw_bp; rw_bp = cse_get_bp_entry(RW, cse_bp_info); if (rw_bp->status == BP_STATUS_PARTITION_NOT_PRESENT || rw_bp->status == BP_STATUS_GENERAL_FAILURE) { printk(BIOS_ERR, "cse_lite: RW BP (status:%u) is not valid\n", rw_bp->status); return false; } return true; } static void cse_print_boot_partition_info(const struct cse_bp_info *cse_bp_info) { const struct cse_bp_entry *cse_bp; printk(BIOS_DEBUG, "cse_lite: Number of partitions = %d\n", cse_bp_info->total_number_of_bp); printk(BIOS_DEBUG, "cse_lite: Current partition = %s\n", GET_BP_STR(cse_bp_info->current_bp)); printk(BIOS_DEBUG, "cse_lite: Next partition = %s\n", GET_BP_STR(cse_bp_info->next_bp)); printk(BIOS_DEBUG, "cse_lite: Flags = 0x%x\n", cse_bp_info->flags); /* Log version info of RO & RW partitions */ cse_bp = cse_get_bp_entry(RO, cse_bp_info); printk(BIOS_DEBUG, "cse_lite: %s version = %d.%d.%d.%d (Status=0x%x, Start=0x%x, End=0x%x)\n", GET_BP_STR(RO), cse_bp->fw_ver.major, cse_bp->fw_ver.minor, cse_bp->fw_ver.hotfix, cse_bp->fw_ver.build, cse_bp->status, cse_bp->start_offset, cse_bp->end_offset); cse_bp = cse_get_bp_entry(RW, cse_bp_info); printk(BIOS_DEBUG, "cse_lite: %s version = %d.%d.%d.%d (Status=0x%x, Start=0x%x, End=0x%x)\n", GET_BP_STR(RW), cse_bp->fw_ver.major, cse_bp->fw_ver.minor, cse_bp->fw_ver.hotfix, cse_bp->fw_ver.build, cse_bp->status, cse_bp->start_offset, cse_bp->end_offset); } /* * Checks prerequisites for MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO and * MKHI_BUP_COMMON_SET_BOOT_PARTITION_INFO HECI commands. * It allows execution of the Boot Partition commands in below scenarios: * - When CSE boots from RW partition (COM: Normal and CWS: Normal) * - When CSE boots from RO partition (COM: Soft Temp Disable and CWS: Normal) * - After HMRFPO_ENABLE command is issued to CSE (COM: SECOVER_MEI_MSG and CWS: Normal) * The prerequisite check should be handled in cse_get_bp_info() and * cse_set_next_boot_partition() since the CSE's current operation mode is changed between these * cmd handler calls. */ static bool cse_is_bp_cmd_info_possible(void) { if (cse_is_hfs1_cws_normal()) { if (cse_is_hfs1_com_normal()) return true; if (cse_is_hfs1_com_secover_mei_msg()) return true; if (cse_is_hfs1_com_soft_temp_disable()) return true; } return false; } static bool cse_get_bp_info(struct get_bp_info_rsp *bp_info_rsp) { struct get_bp_info_req { struct mkhi_hdr hdr; uint8_t reserved[4]; } __packed; struct get_bp_info_req info_req = { .hdr.group_id = MKHI_GROUP_ID_BUP_COMMON, .hdr.command = MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO, .reserved = {0}, }; if (!cse_is_bp_cmd_info_possible()) { printk(BIOS_ERR, "cse_lite: CSE does not meet prerequisites\n"); return false; } size_t resp_size = sizeof(struct get_bp_info_rsp); if (!heci_send_receive(&info_req, sizeof(info_req), bp_info_rsp, &resp_size)) { printk(BIOS_ERR, "cse_lite: Could not get partition info\n"); return false; } if (bp_info_rsp->hdr.result) { printk(BIOS_ERR, "cse_lite: Get partition info resp failed: %d\n", bp_info_rsp->hdr.result); return false; } cse_print_boot_partition_info(&bp_info_rsp->bp_info); return true; } /* * It sends HECI command to notify CSE about its next boot partition. When coreboot wants * CSE to boot from certain partition (BP1 or BP2 ), then this command can be used. * The CSE's valid bootable partitions are BP1(RO) and BP2(RW). * This function must be used before EOP. * Returns false on failure and true on success. */ static bool cse_set_next_boot_partition(enum boot_partition_id bp) { struct set_boot_partition_info_req { struct mkhi_hdr hdr; uint8_t next_bp; uint8_t reserved[3]; } __packed; struct set_boot_partition_info_req switch_req = { .hdr.group_id = MKHI_GROUP_ID_BUP_COMMON, .hdr.command = MKHI_BUP_COMMON_SET_BOOT_PARTITION_INFO, .next_bp = bp, .reserved = {0}, }; if (bp != RO && bp != RW) { printk(BIOS_ERR, "cse_lite: Incorrect partition id(%d) is provided", bp); return false; } printk(BIOS_INFO, "cse_lite: Set Boot Partition Info Command (%s)\n", GET_BP_STR(bp)); if (!cse_is_bp_cmd_info_possible()) { printk(BIOS_ERR, "cse_lite: CSE does not meet prerequisites\n"); return false; } struct mkhi_hdr switch_resp; size_t sw_resp_sz = sizeof(struct mkhi_hdr); if (!heci_send_receive(&switch_req, sizeof(switch_req), &switch_resp, &sw_resp_sz)) return false; if (switch_resp.result) { printk(BIOS_ERR, "cse_lite: Set Boot Partition Info Response Failed: %d\n", switch_resp.result); return false; } return true; } __weak void cse_board_reset(void) { /* Default weak implementation, does nothing. */ } /* Set the CSE's next boot partition and issues system reset */ static bool cse_set_and_boot_from_next_bp(enum boot_partition_id bp) { if (!cse_set_next_boot_partition(bp)) return false; /* Allow the board to perform a reset for CSE RO<->RW jump */ cse_board_reset(); /* If board does not perform the reset, then perform global_reset */ do_global_reset(); die("cse_lite: Failed to reset the system\n"); /* Control never reaches here */ return false; } static bool cse_boot_to_rw(const struct cse_bp_info *cse_bp_info) { if (cse_get_current_bp(cse_bp_info) == RW) return true; return cse_set_and_boot_from_next_bp(RW); } static bool cse_boot_to_ro(const struct cse_bp_info *cse_bp_info) { if (cse_get_current_bp(cse_bp_info) == RO) return true; return cse_set_and_boot_from_next_bp(RO); } static bool cse_get_rw_rdev(struct region_device *rdev) { if (fmap_locate_area_as_rdev_rw(CONFIG_SOC_INTEL_CSE_FMAP_NAME, rdev) < 0) { printk(BIOS_ERR, "cse_lite: Failed to locate %s in FMAP\n", CONFIG_SOC_INTEL_CSE_FMAP_NAME); return false; } return true; } static bool cse_get_cbfs_rdev(struct region_device *source_rdev) { struct cbfsf file_desc; if (cbfs_boot_locate(&file_desc, CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME, NULL) < 0) return false; cbfs_file_data(source_rdev, &file_desc); return true; } static bool cse_is_rw_bp_sign_valid(const struct region_device *target_rdev) { uint32_t cse_bp_sign; if (rdev_readat(target_rdev, &cse_bp_sign, 0, CSE_RW_SIGN_SIZE) != CSE_RW_SIGN_SIZE) { printk(BIOS_ERR, "cse_lite: Failed to read RW boot partition signature\n"); return false; } return cse_bp_sign == CSE_RW_SIGNATURE; } static bool cse_get_target_rdev(const struct cse_bp_info *cse_bp_info, struct region_device *target_rdev) { struct region_device cse_region_rdev; size_t size; uint32_t start_offset; uint32_t end_offset; if (!cse_get_rw_rdev(&cse_region_rdev)) return false; cse_get_bp_entry_range(cse_bp_info, RW, &start_offset, &end_offset); size = end_offset + 1 - start_offset; if (rdev_chain(target_rdev, &cse_region_rdev, start_offset, size)) return false; printk(BIOS_DEBUG, "cse_lite: CSE RW partition: offset = 0x%x, size = 0x%x\n", (uint32_t)start_offset, (uint32_t) size); return true; } static bool cse_get_cbfs_rw_version(const struct region_device *source_rdev, void *cse_cbfs_rw_ver) { if (rdev_readat(source_rdev, (void *) cse_cbfs_rw_ver, 0, sizeof(struct fw_version)) != sizeof(struct fw_version)) { printk(BIOS_ERR, "cse_lite: Failed to read CSE CBFW RW version\n"); return false; } return true; } /* * Compare versions of CSE CBFS RW and CSE RW partition * If ver_cmp_status = 0, no update is required * If ver_cmp_status < 0, coreboot downgrades CSE RW region * If ver_cmp_status > 0, coreboot upgrades CSE RW region */ static int cse_check_version_mismatch(const struct cse_bp_info *cse_bp_info, const struct region_device *source_rdev) { struct fw_version cse_cbfs_rw_ver; const struct fw_version *cse_rw_ver; if (!cse_get_cbfs_rw_version(source_rdev, &cse_cbfs_rw_ver)) return false; printk(BIOS_DEBUG, "cse_lite: CSE CBFS RW version : %d.%d.%d.%d\n", cse_cbfs_rw_ver.major, cse_cbfs_rw_ver.minor, cse_cbfs_rw_ver.hotfix, cse_cbfs_rw_ver.build); cse_rw_ver = cse_get_rw_version(cse_bp_info); if (cse_cbfs_rw_ver.major != cse_rw_ver->major) return cse_cbfs_rw_ver.major - cse_rw_ver->major; else if (cse_cbfs_rw_ver.minor != cse_rw_ver->minor) return cse_cbfs_rw_ver.minor - cse_rw_ver->minor; else if (cse_cbfs_rw_ver.hotfix != cse_rw_ver->hotfix) return cse_cbfs_rw_ver.hotfix - cse_rw_ver->hotfix; else return cse_cbfs_rw_ver.build - cse_rw_ver->build; } static bool cse_erase_rw_region(const struct region_device *target_rdev) { if (rdev_eraseat(target_rdev, 0, region_device_sz(target_rdev)) < 0) { printk(BIOS_ERR, "cse_lite: CSE RW partition could not be erased\n"); return false; } return true; } static bool cse_copy_rw(const struct region_device *target_rdev, const void *buf, size_t offset, size_t size) { if (rdev_writeat(target_rdev, buf, offset, size) < 0) { printk(BIOS_ERR, "cse_lite: Failed to update CSE firmware\n"); return false; } return true; } static bool cse_is_rw_version_latest(const struct cse_bp_info *cse_bp_info, const struct region_device *source_rdev) { return !cse_check_version_mismatch(cse_bp_info, source_rdev); } static bool cse_is_update_required(const struct cse_bp_info *cse_bp_info, const struct region_device *source_rdev, struct region_device *target_rdev) { return (!cse_is_rw_bp_sign_valid(target_rdev) || !cse_is_rw_version_latest(cse_bp_info, source_rdev)); } static bool cse_write_rw_region(const struct region_device *target_rdev, const struct region_device *source_rdev) { void *cse_cbfs_rw = rdev_mmap(source_rdev, CSE_RW_VERSION_SZ, region_device_sz(source_rdev) - CSE_RW_VERSION_SZ); /* Points to CSE CBFS RW image after boot partition signature */ uint8_t *cse_cbfs_rw_wo_sign = (uint8_t *)cse_cbfs_rw + CSE_RW_SIGN_SIZE; /* Size of CSE CBFS RW image without boot partition signature */ uint32_t cse_cbfs_rw_wo_sign_sz = region_device_sz(source_rdev) - (CSE_RW_VERSION_SZ + CSE_RW_SIGN_SIZE); /* Update except CSE RW signature */ if (!cse_copy_rw(target_rdev, cse_cbfs_rw_wo_sign, CSE_RW_SIGN_SIZE, cse_cbfs_rw_wo_sign_sz)) goto exit_rw_update; /* Update CSE RW signature to indicate update is complete */ if (!cse_copy_rw(target_rdev, (void *)cse_cbfs_rw, 0, CSE_RW_SIGN_SIZE)) goto exit_rw_update; rdev_munmap(source_rdev, cse_cbfs_rw_wo_sign); return true; exit_rw_update: rdev_munmap(source_rdev, cse_cbfs_rw_wo_sign); return false; } static bool cse_update_rw(const struct cse_bp_info *cse_bp_info, const struct region_device *source_rdev, struct region_device *target_rdev) { if (!cse_erase_rw_region(target_rdev)) return false; if (!cse_write_rw_region(target_rdev, source_rdev)) return false; printk(BIOS_INFO, "cse_lite: CSE RW Update Successful\n"); return true; } static bool cse_prep_for_rw_update(const struct cse_bp_info *cse_bp_info) { /* * To set CSE's operation mode to HMRFPO mode: * 1. Ensure CSE to boot from RO(BP1) * 2. Send HMRFPO_ENABLE command to CSE */ if (!cse_boot_to_ro(cse_bp_info)) return false; return cse_hmrfpo_enable(); } static uint8_t cse_trigger_fw_update(const struct cse_bp_info *cse_bp_info, const struct region_device *source_rdev, struct region_device *target_rdev) { if (!cse_prep_for_rw_update(cse_bp_info)) return CSE_LITE_SKU_COMMUNICATION_ERROR; if (!cse_update_rw(cse_bp_info, source_rdev, target_rdev)) return CSE_LITE_SKU_FW_UPDATE_ERROR; return 0; } static uint8_t cse_fw_update(const struct cse_bp_info *cse_bp_info, const struct region_device *source_rdev) { struct region_device target_rdev; if (!cse_get_target_rdev(cse_bp_info, &target_rdev)) { printk(BIOS_ERR, "cse_lite: Failed to get CSE RW Partition\n"); return CSE_LITE_SKU_RW_ACCESS_ERROR; } if (cse_is_update_required(cse_bp_info, source_rdev, &target_rdev)) { printk(BIOS_DEBUG, "cse_lite: CSE RW update is initiated\n"); return cse_trigger_fw_update(cse_bp_info, source_rdev, &target_rdev); } if (!cse_is_rw_bp_status_valid(cse_bp_info)) return CSE_LITE_SKU_RW_JUMP_ERROR; return 0; } void cse_fw_sync(void *unused) { static struct get_bp_info_rsp cse_bp_info; if (vboot_recovery_mode_enabled()) { printk(BIOS_DEBUG, "cse_lite: Skip switching to RW in the recovery path\n"); return; } /* If CSE SKU type is not Lite, skip enabling CSE Lite SKU */ if (!cse_is_hfs3_fw_sku_lite()) { printk(BIOS_ERR, "cse_lite: Not a CSE Lite SKU\n"); return; } if (!cse_get_bp_info(&cse_bp_info)) { printk(BIOS_ERR, "cse_lite: Failed to get CSE boot partition info\n"); cse_trigger_recovery(CSE_LITE_SKU_COMMUNICATION_ERROR); } /* If RW blob is present in CBFS, then trigger CSE firmware update */ uint8_t rv; struct region_device source_rdev; if (cse_get_cbfs_rdev(&source_rdev)) { rv = cse_fw_update(&cse_bp_info.bp_info, &source_rdev); if (rv) cse_trigger_recovery(rv); } if (!cse_boot_to_rw(&cse_bp_info.bp_info)) { printk(BIOS_ERR, "cse_lite: Failed to switch to RW\n"); cse_trigger_recovery(CSE_LITE_SKU_RW_SWITCH_ERROR); } } #if CONFIG(SOC_INTEL_TIGERLAKE) /* * This needs to happen after the MRC cache write to avoid a 2nd * memory training sequence. */ BOOT_STATE_INIT_ENTRY(BS_DEV_RESOURCES, BS_ON_ENTRY, cse_fw_sync, NULL); #else BOOT_STATE_INIT_ENTRY(BS_PRE_DEVICE, BS_ON_ENTRY, cse_fw_sync, NULL); #endif