vboot: reset vbnv in cmos when cmos failure occurs

There's an occasional issue on machines which use CMOS for their
vbnv storage. The machine that just powers up from complete G3
would have had their RTC rail not held up. The contents of vbnv
in CMOS could pass the crc8 though the values could be bad. In
order to fix this introduce two functions:

1. vbnv_init_cmos()
2. vbnv_cmos_failed()

At the start of vboot the CMOS is queried for failure. If there
is a failure indicated then the vbnv data is restored from flash
backup or reset to known values when there is no flash backup.

BUG=b:63054105

Change-Id: I8bd6f28f64a116b84a08ce4779cd4dc73c0f2f3d
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/21560
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>

src/vboot/vbnv.c

@@ -149,5 +149,7 @@ int vboot_wants_oprom(void)
 
 void vbnv_init(uint8_t *vbnv_copy)
 {
+	if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS))
+		vbnv_init_cmos(vbnv_copy);
 	read_vbnv(vbnv_copy);
 }

src/vboot/vbnv.h

@@ -32,6 +32,11 @@ void vbnv_init(uint8_t *vbnv_copy);
 void vbnv_reset(uint8_t *vbnv_copy);
 
 /* CMOS backend */
+/* Initialize the vbnv cmos backing store. The vbnv_copy pointer is used for
+   optional temporary storage in the init function. */
+void vbnv_init_cmos(uint8_t *vbnv_copy);
+/* Return non-zero if cmos power was lost. */
+int vbnv_cmos_failed(void);
 void read_vbnv_cmos(uint8_t *vbnv_copy);
 void save_vbnv_cmos(const uint8_t *vbnv_copy);
 

src/vboot/vbnv_cmos.c

@@ -36,6 +36,27 @@ static void clear_vbnv_battery_cutoff_flag(uint8_t *vbnv_copy)
 	}
 }
 
+/* Return non-zero if backup was used. */
+static int restore_from_backup(uint8_t *vbnv_copy)
+{
+	if (!IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH))
+		return 0;
+
+	printk(BIOS_INFO, "VBNV: CMOS invalid, restoring from flash\n");
+	read_vbnv_flash(vbnv_copy);
+
+	if (verify_vbnv(vbnv_copy)) {
+		clear_vbnv_battery_cutoff_flag(vbnv_copy);
+		save_vbnv_cmos(vbnv_copy);
+		printk(BIOS_INFO, "VBNV: Flash backup restored\n");
+		return 1;
+	}
+
+	printk(BIOS_INFO, "VBNV: Restore from flash failed\n");
+
+	return 0;
+}
+
 void read_vbnv_cmos(uint8_t *vbnv_copy)
 {
 	int i;
@@ -43,21 +64,11 @@ void read_vbnv_cmos(uint8_t *vbnv_copy)
 	for (i = 0; i < VBOOT_VBNV_BLOCK_SIZE; i++)
 		vbnv_copy[i] = cmos_read(CONFIG_VBOOT_VBNV_OFFSET + 14 + i);
 
-	if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH)) {
-		if (verify_vbnv(vbnv_copy))
-			return;
+	/* Verify contents before attempting a restore from backup storage. */
+	if (verify_vbnv(vbnv_copy))
+		return;
 
-		printk(BIOS_INFO, "VBNV: CMOS invalid, restoring from flash\n");
-		read_vbnv_flash(vbnv_copy);
-
-		if (verify_vbnv(vbnv_copy)) {
-			clear_vbnv_battery_cutoff_flag(vbnv_copy);
-			save_vbnv_cmos(vbnv_copy);
-			printk(BIOS_INFO, "VBNV: Flash backup restored\n");
-		} else {
-			printk(BIOS_INFO, "VBNV: Restore from flash failed\n");
-		}
-	}
+	restore_from_backup(vbnv_copy);
 }
 
 void save_vbnv_cmos(const uint8_t *vbnv_copy)
@@ -68,6 +79,26 @@ void save_vbnv_cmos(const uint8_t *vbnv_copy)
 		cmos_write(vbnv_copy[i], CONFIG_VBOOT_VBNV_OFFSET + 14 + i);
 }
 
+void vbnv_init_cmos(uint8_t *vbnv_copy)
+{
+	/* If no cmos failure just defer to the normal read path for checking
+	   vbnv contents' integrity. */
+	if (!vbnv_cmos_failed())
+		return;
+
+	/* In the case of cmos failure force the backup. If backup wasn't used
+	   force the vbnv cmos to be reset. */
+	if (!restore_from_backup(vbnv_copy)) {
+		vbnv_reset(vbnv_copy);
+		/* This parallels the vboot_reference implementation. */
+		vbnv_copy[HEADER_OFFSET] = HEADER_SIGNATURE |
+			HEADER_FIRMWARE_SETTINGS_RESET |
+			HEADER_KERNEL_SETTINGS_RESET;
+		regen_vbnv_crc(vbnv_copy);
+		save_vbnv_cmos(vbnv_copy);
+	}
+}
+
 #if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH)
 static void back_up_vbnv_cmos(void *unused)
 {