security/vboot: Removed vboot_prepare from vboot_locator

When prog_locate() is called in the stage VBOOT is starting from and the image to be loaded is not the target image vboot_prepare() may be called too early. To prevent this vboot_prepare() is removed from the vboot_locator structure. This allows more control over the start of the vboot logic. To clarify the change the vboot_prepare() has been renamed to vboot_run_logic() and calls to initialize vboot have been added at the following places: postcar_loader: when VBOOT starts in ROMSTAGE romstage_loader: when VBOOT starts in BOOTBLOCK ramstage_loader: when VBOOT starts in ROMSTAGE BUG=N/A TEST=tested on facebook fbg1701 Change-Id: Id5e8fd78458c09dd3896bfd142bd49c2c3d686df Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36543 Reviewed-by: Frans Hendriks <fhendriks@eltan.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-01 10:22:22 +01:00 · 2019-11-01 10:22:22 +01:00 · 1058dd84f0
commit 1058dd84f0
parent 397ce3c45f
4 changed files with 11 additions and 2 deletions
--- a/src/arch/x86/postcar_loader.c
+++ b/src/arch/x86/postcar_loader.c
@ -23,6 +23,7 @@
 #include <romstage_handoff.h>
 #include <stage_cache.h>
 #include <timestamp.h>
 #include <security/vboot/vboot_common.h>
 static inline void stack_push(struct postcar_frame *pcf, uint32_t val)
 {
@ -171,6 +172,8 @@ static void load_postcar_cbfs(struct prog *prog, struct postcar_frame *pcf)
 		.prog = prog,
 	};
 	vboot_run_logic();
 	if (prog_locate(prog))
 		die_with_post_code(POST_INVALID_ROM,
 				   "Failed to locate after CAR program.\n");
--- a/src/lib/prog_loaders.c
+++ b/src/lib/prog_loaders.c
@ -30,6 +30,7 @@
 #include <symbols.h>
 #include <timestamp.h>
 #include <fit_payload.h>
 #include <security/vboot/vboot_common.h>
 /* Only can represent up to 1 byte less than size_t. */
 const struct mem_region_device addrspace_32bit =
@ -59,6 +60,8 @@ void run_romstage(void)
 	struct prog romstage =
 		PROG_INIT(PROG_ROMSTAGE, CONFIG_CBFS_PREFIX "/romstage");
 	vboot_run_logic();
 	if (prog_locate(&romstage))
 		goto fail;
@ -135,6 +138,8 @@ void run_ramstage(void)
 	    !CONFIG(NO_STAGE_CACHE))
 		run_ramstage_from_resume(&ramstage);
 	vboot_run_logic();
 	if (prog_locate(&ramstage))
 		goto fail;
--- a/src/security/vboot/vboot_common.h
+++ b/src/security/vboot/vboot_common.h
@ -76,12 +76,14 @@ int vboot_developer_mode_enabled(void);
 int vboot_recovery_mode_enabled(void);
 int vboot_recovery_mode_memory_retrain(void);
 int vboot_can_enable_udc(void);
 void vboot_run_logic(void);
 #else /* !CONFIG_VBOOT */
 static inline int vboot_developer_mode_enabled(void) { return 0; }
 static inline int vboot_recovery_mode_enabled(void) { return 0; }
 static inline int vboot_recovery_mode_memory_retrain(void) { return 0; }
 /* If VBOOT is not enabled, we are okay enabling USB device controller (UDC). */
 static inline int vboot_can_enable_udc(void) { return 1; }
 static inline void vboot_run_logic(void) {}
 #endif
 #endif /* __VBOOT_VBOOT_COMMON_H__ */
--- a/src/security/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@ -35,7 +35,7 @@ _Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) ||
 int vboot_executed CAR_GLOBAL;
-static void vboot_prepare(void)
+void vboot_run_logic(void)
 {
 	if (verification_should_run()) {
 		/* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */
@ -90,6 +90,5 @@ static int vboot_locate(struct cbfs_props *props)
 const struct cbfs_locator vboot_locator = {
 	.name = "VBOOT",
 	.prepare = vboot_prepare,
 	.locate = vboot_locate,
 };