vboot: copy data structures to CBMEM for downstream use

For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot verification occurs before CBMEM is brought online. In order to make vboot data structures available downstream, copy vb2_working_data from CAR/SRAM into CBMEM when CBMEM comes online. Create VBOOT_MIGRATE_WORKING_DATA config option to toggle this functionality. BUG=b:124141368, b:124192753 TEST=Built and deployed on eve with STARTS_IN_BOOTBLOCK TEST=Built and deployed on eve with STARTS_IN_ROMSTAGE TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x BRANCH=none Change-Id: I62c11268a83927bc00ae9bd93b1b31363b38e8cf Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31329 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-02-11 15:37:49 +08:00
parent 6b8a29e8b9
commit 0bcee88298
7 changed files with 94 additions and 73 deletions
--- a/src/commonlib/include/commonlib/cbmem_id.h
+++ b/src/commonlib/include/commonlib/cbmem_id.h
@ -67,7 +67,7 @@
 #define CBMEM_ID_TIMESTAMP	0x54494d45
 #define CBMEM_ID_TPM2_TCG_LOG	0x54504d32
 #define CBMEM_ID_VBOOT_HANDOFF	0x780074f0
-#define CBMEM_ID_VBOOT_SEL_REG	0x780074f1
+#define CBMEM_ID_VBOOT_SEL_REG	0x780074f1  /* deprecated */
 #define CBMEM_ID_VBOOT_WORKBUF	0x78007343
 #define CBMEM_ID_VPD		0x56504420
 #define CBMEM_ID_WIFI_CALIBRATION 0x57494649
--- a/src/include/symbols.h
+++ b/src/include/symbols.h
@ -67,4 +67,11 @@ DECLARE_REGION(bl31)
 */
 #define DECLARE_OPTIONAL_REGION(name) asm (".weak _" #name ", _e" #name)
 /* Returns true when pre-RAM symbols are known to the linker.
 * (Does not necessarily mean that the memory is accessible.) */
 static inline int preram_symbols_available(void)
 {
 	return !IS_ENABLED(CONFIG_CACHE_AS_RAM) || ENV_CACHE_AS_RAM;
 }
 #endif /* __SYMBOLS_H */
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@ -107,6 +107,21 @@ config VBOOT_STARTS_IN_ROMSTAGE
 	  memory initialization). This implies that vboot working data is
 	  allocated in CBMEM.
 config VBOOT_MIGRATE_WORKING_DATA
 	bool
 	default y if CACHE_AS_RAM
 	depends on !VBOOT_STARTS_IN_ROMSTAGE
 	help
 	  In order to make vboot data structures available downstream,
 	  migrate verified boot working data to CBMEM after CBMEM comes
 	  online, when VBOOT_STARTS_IN_BOOTBLOCK is employed.  This should
 	  always be enabled on x86 architectures to migrate data from CAR
 	  before losing access in ramstage, and should almost always be
 	  disabled in SRAM architectures, where access to SRAM is usually
 	  retained.  Any SRAM platform where the original location of the
 	  VBOOT_WORKBUF region becomes inaccessible in later stages should
 	  manually select this option.
 config VBOOT_MOCK_SECDATA
 	bool "Mock secdata for firmware verification"
 	default n
--- a/src/security/vboot/common.c
+++ b/src/security/vboot/common.c
@ -15,8 +15,11 @@
 #include <assert.h>
 #include <cbmem.h>
 #include <console/console.h>
 #include <reset.h>
 #include <stdint.h>
 #include <string.h>
 #include <symbols.h>
 #include <vb2_api.h>
 #include <security/vboot/misc.h>
 #include <security/vboot/symbols.h>
@ -40,82 +43,77 @@ struct vb2_working_data {
 	uint32_t buffer_size;
 };
-static const size_t vb_work_buf_size = 16 * KiB;
+/* TODO(kitching): Use VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE instead. */
 static struct vb2_working_data * const vboot_get_working_data(void)
 {
 	if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
 		/* cbmem_add() does a cbmem_find() first. */
 		return cbmem_add(CBMEM_ID_VBOOT_WORKBUF, vb_work_buf_size);
 	else
 		return (struct vb2_working_data *)_vboot2_work;
 }
 static size_t vb2_working_data_size(void)
 {
 	if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
-		return vb_work_buf_size;
+		return 12 * KiB;
-	else
+
 	else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) &&
 		 preram_symbols_available())
 		return REGION_SIZE(vboot2_work);
 	die("impossible!");
 }
-static struct selected_region *vb2_selected_region(void)
+static struct vb2_working_data * const vb2_get_working_data(void)
 {
-	struct selected_region *sel_reg = NULL;
+	struct vb2_working_data *wd = NULL;
-	/* Ramstage and postcar always uses cbmem as a source of truth. */
+	if (cbmem_possibly_online())
-	if (ENV_RAMSTAGE || ENV_POSTCAR)
+		wd = cbmem_find(CBMEM_ID_VBOOT_WORKBUF);
 		sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG);
 	else if (ENV_ROMSTAGE) {
 		/* Try cbmem first. Fall back on working data if not found. */
 		sel_reg = cbmem_find(CBMEM_ID_VBOOT_SEL_REG);
-		if (sel_reg == NULL) {
+	if (wd == NULL && CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) &&
-			struct vb2_working_data *wd = vboot_get_working_data();
+	    preram_symbols_available())
-			sel_reg = &wd->selected_region;
+		wd = (struct vb2_working_data *)_vboot2_work;
 		}
 	} else {
 		/* Stages such as bootblock and verstage use working data. */
 		struct vb2_working_data *wd = vboot_get_working_data();
 		sel_reg = &wd->selected_region;
 	}
-	return sel_reg;
+	assert(wd != NULL);
 	return wd;
 }
 void vb2_init_work_context(struct vb2_context *ctx)
 {
 	struct vb2_working_data *wd;
 	size_t work_size;
-	/* First initialize the working data region. */
+	/* First initialize the working data struct. */
-	work_size = vb2_working_data_size();
+	wd = vb2_get_working_data();
-	wd = vboot_get_working_data();
+	memset(wd, 0, sizeof(struct vb2_working_data));
 	memset(wd, 0, work_size);
 	/*
 	 * vboot prefers 16-byte alignment. This takes away 16 bytes
 	 * from the VBOOT2_WORK region, but the vboot devs said that's okay.
 	 */
 	wd->buffer_offset = ALIGN_UP(sizeof(*wd), 16);
-	wd->buffer_size = work_size - wd->buffer_offset;
+	wd->buffer_size = vb2_working_data_size() - wd->buffer_offset;
 	/* Initialize the vb2_context. */
 	memset(ctx, 0, sizeof(*ctx));
 	ctx->workbuf = (void *)vb2_get_shared_data();
 	ctx->workbuf_size = wd->buffer_size;
 }
 void vb2_finalize_work_context(struct vb2_context *ctx)
 {
 	/*
 	 * Shrink buffer_size so that vb2_migrate_cbmem knows how much
 	 * of vb2_working_data needs to be copied into CBMEM (if applicable),
 	 * and so that downstream users know how much of the workbuf is
 	 * currently used.
 	 */
 	vb2_get_working_data()->buffer_size = ctx->workbuf_used;
 }
 struct vb2_shared_data *vb2_get_shared_data(void)
 {
-	struct vb2_working_data *wd = vboot_get_working_data();
+	struct vb2_working_data *wd = vb2_get_working_data();
 	return (void *)((uintptr_t)wd + wd->buffer_offset);
 }
 int vb2_get_selected_region(struct region *region)
 {
-	const struct selected_region *reg = vb2_selected_region();
+	const struct selected_region *reg =
 		&vb2_get_working_data()->selected_region;
 	if (reg == NULL)
 		return -1;
@ -131,7 +129,7 @@ int vb2_get_selected_region(struct region *region)
 void vb2_set_selected_region(const struct region *region)
 {
-	struct selected_region *reg = vb2_selected_region();
+	struct selected_region *reg = &vb2_get_working_data()->selected_region;
 	assert(reg != NULL);
@ -141,40 +139,41 @@ void vb2_set_selected_region(const struct region *region)
 int vb2_is_slot_selected(void)
 {
-	const struct selected_region *reg = vb2_selected_region();
+	struct selected_region *reg = &vb2_get_working_data()->selected_region;
 	assert(reg != NULL);
 	return reg->size > 0;
 }
-void vb2_store_selected_region(void)
+#if CONFIG(VBOOT_MIGRATE_WORKING_DATA)
 {
 	const struct vb2_working_data *wd;
 	struct selected_region *sel_reg;
 	/* Always use the working data in this path since it's the object
 	 * which has the result.. */
 	wd = vboot_get_working_data();
 	sel_reg = cbmem_add(CBMEM_ID_VBOOT_SEL_REG, sizeof(*sel_reg));
 	assert(sel_reg != NULL);
 	sel_reg->offset = wd->selected_region.offset;
 	sel_reg->size = wd->selected_region.size;
 }
 /*
- * For platforms that employ VBOOT_STARTS_IN_ROMSTAGE, the vboot
+ * For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot
- * verification doesn't happen until after cbmem is brought online.
+ * verification occurs before CBMEM is brought online, using pre-RAM.
- * Therefore, the selected region contents would not be initialized
+ * In order to make vboot data structures available downstream, copy
- * so don't automatically add results when cbmem comes online.
+ * vb2_working_data from SRAM/CAR into CBMEM on platforms where this
 * memory later becomes unavailable.
 */
-#if !CONFIG(VBOOT_STARTS_IN_ROMSTAGE)
+static void vb2_migrate_cbmem(int unused)
 static void vb2_store_selected_region_cbmem(int unused)
 {
-	vb2_store_selected_region();
+	const struct vb2_working_data *wd_preram =
 		(struct vb2_working_data *)_vboot2_work;
 	size_t cbmem_size = wd_preram->buffer_offset + wd_preram->buffer_size;
 	struct vb2_working_data *wd_cbmem =
 		cbmem_add(CBMEM_ID_VBOOT_WORKBUF, cbmem_size);
 	printk(BIOS_DEBUG,
 	       "VBOOT: copying vb2_working_data (%zu bytes) to CBMEM...\n",
 	       cbmem_size);
 	memcpy(wd_cbmem, wd_preram, cbmem_size);
 	assert(wd_cbmem != NULL);
 }
-ROMSTAGE_CBMEM_INIT_HOOK(vb2_store_selected_region_cbmem)
+ROMSTAGE_CBMEM_INIT_HOOK(vb2_migrate_cbmem)
 #elif CONFIG(VBOOT_STARTS_IN_ROMSTAGE)
 static void vb2_setup_cbmem(int unused)
 {
 	struct vb2_working_data *wd_cbmem =
 		cbmem_add(CBMEM_ID_VBOOT_WORKBUF, vb2_working_data_size());
 	assert(wd_cbmem != NULL);
 }
 ROMSTAGE_CBMEM_INIT_HOOK(vb2_setup_cbmem)
 #endif
--- a/src/security/vboot/misc.h
+++ b/src/security/vboot/misc.h
@ -24,6 +24,7 @@ struct vb2_shared_data;
 void vboot_fill_handoff(void);
 void vb2_init_work_context(struct vb2_context *ctx);
 void vb2_finalize_work_context(struct vb2_context *ctx);
 struct vb2_shared_data *vb2_get_shared_data(void);
 /* Returns 0 on success. < 0 on failure. */
@ -32,9 +33,6 @@ void vb2_set_selected_region(const struct region *region);
 int vb2_is_slot_selected(void);
 int vb2_logic_executed(void);
 /* Store the selected region in cbmem for later use. */
 void vb2_store_selected_region(void);
 void vb2_save_recovery_reason_vbnv(void);
 #endif /* __VBOOT_MISC_H__ */
--- a/src/security/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@ -27,6 +27,9 @@
 _Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) +
 	       CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1,
 	       "vboot must either start in bootblock or romstage (not both!)");
 _Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) ||
 	       !CONFIG(VBOOT_MIGRATE_WORKING_DATA),
 	       "no need to migrate working data after CBMEM is already up!");
 _Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) ||
 	       CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
 	       "stand-alone verstage must start in (i.e. after) bootblock");
@ -126,10 +129,8 @@ static void vboot_prepare(void)
 	 * other platforms the vboot cbmem objects are initialized when
 	 * cbmem comes online.
 	 */
-	if (ENV_ROMSTAGE && CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
+	if (ENV_ROMSTAGE && CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
 		vb2_store_selected_region();
 		vboot_fill_handoff();
 	}
 }
 static int vboot_locate(struct cbfs_props *props)
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@ -438,5 +438,6 @@ void verstage_main(void)
 	printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B');
 	vb2_set_selected_region(region_device_region(&fw_main));
 	vb2_finalize_work_context(&ctx);
 	timestamp_add_now(TS_END_VBOOT);
 }