vboot: copy data structures to CBMEM for downstream use

For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot verification occurs before CBMEM is brought online. In order to make vboot data structures available downstream, copy vb2_working_data from CAR/SRAM into CBMEM when CBMEM comes online. Create VBOOT_MIGRATE_WORKING_DATA config option to toggle this functionality. BUG=b:124141368, b:124192753 TEST=Built and deployed on eve with STARTS_IN_BOOTBLOCK TEST=Built and deployed on eve with STARTS_IN_ROMSTAGE TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x BRANCH=none Change-Id: I62c11268a83927bc00ae9bd93b1b31363b38e8cf Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31329 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-02-11 15:37:49 +08:00
parent 6b8a29e8b9
commit 0bcee88298
7 changed files with 94 additions and 73 deletions
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -107,6 +107,21 @@ config VBOOT_STARTS_IN_ROMSTAGE
 	  memory initialization). This implies that vboot working data is
 	  allocated in CBMEM.

+config VBOOT_MIGRATE_WORKING_DATA
+	bool
+	default y if CACHE_AS_RAM
+	depends on !VBOOT_STARTS_IN_ROMSTAGE
+	help
+	  In order to make vboot data structures available downstream,
+	  migrate verified boot working data to CBMEM after CBMEM comes
+	  online, when VBOOT_STARTS_IN_BOOTBLOCK is employed.  This should
+	  always be enabled on x86 architectures to migrate data from CAR
+	  before losing access in ramstage, and should almost always be
+	  disabled in SRAM architectures, where access to SRAM is usually
+	  retained.  Any SRAM platform where the original location of the
+	  VBOOT_WORKBUF region becomes inaccessible in later stages should
+	  manually select this option.
+
 config VBOOT_MOCK_SECDATA
 	bool "Mock secdata for firmware verification"
 	default n