diff --git a/src/arch/x86/assembly_entry.S b/src/arch/x86/assembly_entry.S index d1f5d61ce7..56a5b630c8 100644 --- a/src/arch/x86/assembly_entry.S +++ b/src/arch/x86/assembly_entry.S @@ -21,7 +21,7 @@ * verstage runs directly after bootblock. */ #define ROMSTAGE_AFTER_VERSTAGE \ - (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE) && \ + (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) && \ IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) && ENV_ROMSTAGE) #if IS_ENABLED(CONFIG_C_ENVIRONMENT_BOOTBLOCK) || ROMSTAGE_AFTER_VERSTAGE diff --git a/src/arch/x86/bootblock_simple.c b/src/arch/x86/bootblock_simple.c index 8e44add28e..5df279c370 100644 --- a/src/arch/x86/bootblock_simple.c +++ b/src/arch/x86/bootblock_simple.c @@ -28,7 +28,7 @@ static void main(unsigned long bist) #endif } -#if CONFIG_SEPARATE_VERSTAGE +#if CONFIG_VBOOT_SEPARATE_VERSTAGE const char *target1 = "fallback/verstage"; #else const char *target1 = "fallback/romstage"; diff --git a/src/arch/x86/car.ld b/src/arch/x86/car.ld index 92360096d1..aa579c3c58 100644 --- a/src/arch/x86/car.ld +++ b/src/arch/x86/car.ld @@ -21,7 +21,7 @@ _car_region_start = . ; /* Vboot work buffer is completely volatile outside of verstage and * romstage. Appropriate code needs to handle the transition. */ -#if IS_ENABLED(CONFIG_SEPARATE_VERSTAGE) +#if IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) VBOOT2_WORK(., 16K) #endif /* Stack for CAR stages. Since it persists across all stages that diff --git a/src/ec/google/chromeec/Kconfig b/src/ec/google/chromeec/Kconfig index 76eef05dbe..3e9cb29375 100644 --- a/src/ec/google/chromeec/Kconfig +++ b/src/ec/google/chromeec/Kconfig @@ -160,7 +160,7 @@ config EC_GOOGLE_CHROMEEC_PD_FIRMWARE_FILE The path and filename of the PD firmware file to use. config EC_GOOGLE_CHROMEEC_SWITCHES - depends on EC_GOOGLE_CHROMEEC && CHROMEOS + depends on EC_GOOGLE_CHROMEEC && VBOOT bool help Enable support for Chrome OS mode switches provided by the Chrome OS diff --git a/src/ec/google/chromeec/switches.c b/src/ec/google/chromeec/switches.c index 7ed4bfd5cc..e05d37c205 100644 --- a/src/ec/google/chromeec/switches.c +++ b/src/ec/google/chromeec/switches.c @@ -20,7 +20,7 @@ #if IS_ENABLED(CONFIG_EC_GOOGLE_CHROMEEC_LPC) int get_lid_switch(void) { - if (!IS_ENABLED(CONFIG_LID_SWITCH)) + if (!IS_ENABLED(CONFIG_VBOOT_LID_SWITCH)) return -1; return !!(google_chromeec_get_switches() & EC_SWITCH_LID_OPEN); diff --git a/src/include/memlayout.h b/src/include/memlayout.h index b39a8955c9..c9c77cfa5c 100644 --- a/src/include/memlayout.h +++ b/src/include/memlayout.h @@ -154,7 +154,7 @@ INCLUDE "verstage/lib/program.ld" #define OVERLAP_VERSTAGE_ROMSTAGE(addr, size) \ - _ = ASSERT(IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) == 1, \ + _ = ASSERT(IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE) == 1, \ "Must set RETURN_FROM_VERSTAGE to overlap romstage."); \ VERSTAGE(addr, size) #else diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 1117076049..4576006cb1 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -54,11 +54,11 @@ libverstage-$(CONFIG_TPM) += tlcl.c libverstage-$(CONFIG_TPM2) += tpm2_marshaling.c libverstage-$(CONFIG_TPM2) += tpm2_tlcl.c -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) romstage-$(CONFIG_TPM) += tlcl.c romstage-$(CONFIG_TPM2) += tpm2_marshaling.c romstage-$(CONFIG_TPM2) += tpm2_tlcl.c -endif # CONFIG_SEPARATE_VERSTAGE +endif # CONFIG_VBOOT_SEPARATE_VERSTAGE verstage-$(CONFIG_GENERIC_UDELAY) += timer.c verstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c diff --git a/src/mainboard/google/auron/Kconfig b/src/mainboard/google/auron/Kconfig index 41c9a7cf1b..d911ff5461 100644 --- a/src/mainboard/google/auron/Kconfig +++ b/src/mainboard/google/auron/Kconfig @@ -16,8 +16,10 @@ if BOARD_GOOGLE_BASEBOARD_AURON config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC + +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/beltino/Kconfig b/src/mainboard/google/beltino/Kconfig index bceb8fb74b..a029fecab2 100644 --- a/src/mainboard/google/beltino/Kconfig +++ b/src/mainboard/google/beltino/Kconfig @@ -15,8 +15,8 @@ config BOARD_GOOGLE_BASEBOARD_BELTINO if BOARD_GOOGLE_BASEBOARD_BELTINO -config CHROMEOS - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/butterfly/Kconfig b/src/mainboard/google/butterfly/Kconfig index 09d2157d3a..ffd0c03cd1 100644 --- a/src/mainboard/google/butterfly/Kconfig +++ b/src/mainboard/google/butterfly/Kconfig @@ -17,7 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 select SERIRQ_CONTINUOUS_MODE # Workaround for EC/KBC IRQ1. -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/chell/Kconfig b/src/mainboard/google/chell/Kconfig index 9b88a8573d..01423a7571 100644 --- a/src/mainboard/google/chell/Kconfig +++ b/src/mainboard/google/chell/Kconfig @@ -20,9 +20,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MONOTONIC_TIMER_MSR select SOC_INTEL_SKYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/google/cosmos/Kconfig b/src/mainboard/google/cosmos/Kconfig index 62cd821009..3d8d64921c 100644 --- a/src/mainboard/google/cosmos/Kconfig +++ b/src/mainboard/google/cosmos/Kconfig @@ -26,7 +26,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH select SPI_FLASH_SPANSION -config CHROMEOS +config VBOOT select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/google/cyan/Kconfig b/src/mainboard/google/cyan/Kconfig index 424c08fa34..77d72ae55f 100644 --- a/src/mainboard/google/cyan/Kconfig +++ b/src/mainboard/google/cyan/Kconfig @@ -15,9 +15,9 @@ config BOARD_SPECIFIC_OPTIONS select HAVE_ACPI_RESUME select PCIEXP_L1_SUB_STATE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config DISPLAY_SPD_DATA diff --git a/src/mainboard/google/daisy/Kconfig b/src/mainboard/google/daisy/Kconfig index 29d6690c72..b08500de24 100644 --- a/src/mainboard/google/daisy/Kconfig +++ b/src/mainboard/google/daisy/Kconfig @@ -28,7 +28,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_NATIVE_VGA_INIT select MAINBOARD_DO_NATIVE_VGA_INIT -config CHROMEOS +config VBOOT select VBOOT_VBNV_EC config MAINBOARD_DIR diff --git a/src/mainboard/google/eve/Kconfig b/src/mainboard/google/eve/Kconfig index b4442f2f20..1d1fa7b133 100644 --- a/src/mainboard/google/eve/Kconfig +++ b/src/mainboard/google/eve/Kconfig @@ -21,10 +21,10 @@ config BOARD_SPECIFIC_OPTIONS select SOC_INTEL_KABYLAKE select TPM2 -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select HAS_RECOVERY_MRC_CACHE - select LID_SWITCH + select VBOOT_LID_SWITCH select MRC_CLEAR_NORMAL_CACHE_ON_RECOVERY_RETRAIN config DRIVER_TPM_I2C_BUS diff --git a/src/mainboard/google/fizz/Kconfig b/src/mainboard/google/fizz/Kconfig index a3be595fa7..377a13c773 100644 --- a/src/mainboard/google/fizz/Kconfig +++ b/src/mainboard/google/fizz/Kconfig @@ -14,7 +14,7 @@ config BOARD_SPECIFIC_OPTIONS select NO_FADT_8042 select SOC_INTEL_KABYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC diff --git a/src/mainboard/google/foster/Kconfig b/src/mainboard/google/foster/Kconfig index c408ca1f9d..ee22110bf3 100644 --- a/src/mainboard/google/foster/Kconfig +++ b/src/mainboard/google/foster/Kconfig @@ -26,7 +26,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select COMMON_CBFS_SPI_WRAPPER select SPI_FLASH_WINBOND -config CHROMEOS +config VBOOT select VBOOT_VBNV_FLASH config MAINBOARD_DIR @@ -84,7 +84,7 @@ config GBB_HWID depends on CHROMEOS default "FOSTER TEST 1184" -config CHROMEOS_FWID_MODEL +config VBOOT_FWID_MODEL string default "Nvidia_Foster" diff --git a/src/mainboard/google/gale/Kconfig b/src/mainboard/google/gale/Kconfig index b6639bc5d5..461ed5b76e 100644 --- a/src/mainboard/google/gale/Kconfig +++ b/src/mainboard/google/gale/Kconfig @@ -31,9 +31,9 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH_WINBOND select DRIVERS_UART -config CHROMEOS +config VBOOT select VBOOT_DISABLE_DEV_ON_RECOVERY - select WIPEOUT_SUPPORTED + select VBOOT_WIPEOUT_SUPPORTED config BOARD_VARIANT_DK01 bool "Build an image for DK01" diff --git a/src/mainboard/google/glados/Kconfig b/src/mainboard/google/glados/Kconfig index 09082945de..102a8c1e17 100644 --- a/src/mainboard/google/glados/Kconfig +++ b/src/mainboard/google/glados/Kconfig @@ -20,9 +20,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MONOTONIC_TIMER_MSR select SOC_INTEL_SKYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/google/gru/Kconfig b/src/mainboard/google/gru/Kconfig index bd19a291dc..43f671b600 100644 --- a/src/mainboard/google/gru/Kconfig +++ b/src/mainboard/google/gru/Kconfig @@ -45,7 +45,7 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select MAINBOARD_HAS_SPI_TPM_CR50 if GRU_HAS_TPM2 select SPI_TPM if GRU_HAS_TPM2 diff --git a/src/mainboard/google/jecht/Kconfig b/src/mainboard/google/jecht/Kconfig index 39cee21044..fdb5ee01ff 100644 --- a/src/mainboard/google/jecht/Kconfig +++ b/src/mainboard/google/jecht/Kconfig @@ -14,7 +14,9 @@ if BOARD_GOOGLE_BASEBOARD_JECHT config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select PHYSICAL_REC_SWITCH + +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/lars/Kconfig b/src/mainboard/google/lars/Kconfig index 73d502c313..78db8b219c 100644 --- a/src/mainboard/google/lars/Kconfig +++ b/src/mainboard/google/lars/Kconfig @@ -22,9 +22,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MONOTONIC_TIMER_MSR select SOC_INTEL_SKYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/google/link/Kconfig b/src/mainboard/google/link/Kconfig index b521f9c238..8469e86c1f 100644 --- a/src/mainboard/google/link/Kconfig +++ b/src/mainboard/google/link/Kconfig @@ -16,9 +16,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SERIRQ_CONTINUOUS_MODE select MAINBOARD_HAS_NATIVE_VGA_INIT -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/nyan/Kconfig b/src/mainboard/google/nyan/Kconfig index 7f5854ce03..d944a439b3 100644 --- a/src/mainboard/google/nyan/Kconfig +++ b/src/mainboard/google/nyan/Kconfig @@ -31,7 +31,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_EC diff --git a/src/mainboard/google/nyan_big/Kconfig b/src/mainboard/google/nyan_big/Kconfig index 602e778569..cacc301865 100644 --- a/src/mainboard/google/nyan_big/Kconfig +++ b/src/mainboard/google/nyan_big/Kconfig @@ -32,7 +32,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_EC diff --git a/src/mainboard/google/nyan_blaze/Kconfig b/src/mainboard/google/nyan_blaze/Kconfig index d64eb72c84..2264068f8c 100644 --- a/src/mainboard/google/nyan_blaze/Kconfig +++ b/src/mainboard/google/nyan_blaze/Kconfig @@ -33,7 +33,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_EC diff --git a/src/mainboard/google/oak/Kconfig b/src/mainboard/google/oak/Kconfig index 0efa478dc4..28771b8dd7 100644 --- a/src/mainboard/google/oak/Kconfig +++ b/src/mainboard/google/oak/Kconfig @@ -33,10 +33,9 @@ config BOARD_SPECIFIC_OPTIONS select RAM_CODE_SUPPORT select SPI_FLASH -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_EC_SLOW_UPDATE - select VBOOT_OPROM_MATTERS select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/google/parrot/Kconfig b/src/mainboard/google/parrot/Kconfig index 7b6b49b98a..5ce1f2492e 100644 --- a/src/mainboard/google/parrot/Kconfig +++ b/src/mainboard/google/parrot/Kconfig @@ -17,7 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy # Workaround for EC/KBC IRQ1. select SERIRQ_CONTINUOUS_MODE -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/peach_pit/Kconfig b/src/mainboard/google/peach_pit/Kconfig index be06a18d0a..640c0099cf 100644 --- a/src/mainboard/google/peach_pit/Kconfig +++ b/src/mainboard/google/peach_pit/Kconfig @@ -25,7 +25,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_DO_NATIVE_VGA_INIT select DRIVER_PARADE_PS8625 -config CHROMEOS +config VBOOT select VBOOT_VBNV_EC config MAINBOARD_DIR diff --git a/src/mainboard/google/poppy/Kconfig b/src/mainboard/google/poppy/Kconfig index 2240c2d89c..fc68edfe1a 100644 --- a/src/mainboard/google/poppy/Kconfig +++ b/src/mainboard/google/poppy/Kconfig @@ -16,9 +16,9 @@ config BOARD_SPECIFIC_OPTIONS select NO_FADT_8042 select SOC_INTEL_KABYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config GBB_HWID string diff --git a/src/mainboard/google/purin/Kconfig b/src/mainboard/google/purin/Kconfig index ca0909b25e..6e0572420c 100644 --- a/src/mainboard/google/purin/Kconfig +++ b/src/mainboard/google/purin/Kconfig @@ -27,7 +27,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_SPANSION select SPI_FLASH_STMICRO # required for the reference board BCM958305K -config CHROMEOS +config VBOOT select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/google/rambi/Kconfig b/src/mainboard/google/rambi/Kconfig index 9b25b49b45..78f077ab7b 100644 --- a/src/mainboard/google/rambi/Kconfig +++ b/src/mainboard/google/rambi/Kconfig @@ -13,9 +13,9 @@ config BOARD_GOOGLE_BASEBOARD_RAMBI if BOARD_GOOGLE_BASEBOARD_RAMBI -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/reef/Kconfig b/src/mainboard/google/reef/Kconfig index b6c3462f2d..c4bf212d02 100644 --- a/src/mainboard/google/reef/Kconfig +++ b/src/mainboard/google/reef/Kconfig @@ -37,11 +37,11 @@ config DRIVER_TPM_I2C_IRQ int default 60 # GPE0_DW1_28 -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select HAS_RECOVERY_MRC_CACHE select MRC_CLEAR_NORMAL_CACHE_ON_RECOVERY_RETRAIN - select LID_SWITCH if BASEBOARD_REEF_LAPTOP + select VBOOT_LID_SWITCH if BASEBOARD_REEF_LAPTOP config MAINBOARD_DIR string diff --git a/src/mainboard/google/rotor/Kconfig b/src/mainboard/google/rotor/Kconfig index a47a766601..437fa02c18 100644 --- a/src/mainboard/google/rotor/Kconfig +++ b/src/mainboard/google/rotor/Kconfig @@ -21,7 +21,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_CHROMEOS select BOARD_ROMSIZE_KB_4096 -config CHROMEOS +config VBOOT select VBOOT_MOCK_SECDATA config MAINBOARD_DIR @@ -37,7 +37,7 @@ config GBB_HWID depends on CHROMEOS default "ROTOR TEST 1234" -config CHROMEOS_FWID_MODEL +config VBOOT_FWID_MODEL string default "Marvell_Rotor" diff --git a/src/mainboard/google/slippy/Kconfig b/src/mainboard/google/slippy/Kconfig index a19c966e6e..1537ff11ca 100644 --- a/src/mainboard/google/slippy/Kconfig +++ b/src/mainboard/google/slippy/Kconfig @@ -21,9 +21,9 @@ config BOARD_GOOGLE_BASEBOARD_SLIPPY if BOARD_GOOGLE_BASEBOARD_SLIPPY -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select MAINBOARD_DO_NATIVE_VGA_INIT if (BOARD_GOOGLE_FALCO || BOARD_GOOGLE_PEPPY) select VBOOT_VBNV_CMOS diff --git a/src/mainboard/google/smaug/Kconfig b/src/mainboard/google/smaug/Kconfig index 52076748a5..344be282dc 100644 --- a/src/mainboard/google/smaug/Kconfig +++ b/src/mainboard/google/smaug/Kconfig @@ -32,7 +32,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_CHROMEOS select RAM_CODE_SUPPORT -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_FLASH diff --git a/src/mainboard/google/storm/Kconfig b/src/mainboard/google/storm/Kconfig index f844cf8b04..24822ab8dd 100644 --- a/src/mainboard/google/storm/Kconfig +++ b/src/mainboard/google/storm/Kconfig @@ -29,9 +29,9 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH_STMICRO select DRIVERS_UART -config CHROMEOS +config VBOOT select VBOOT_DISABLE_DEV_ON_RECOVERY - select WIPEOUT_SUPPORTED + select VBOOT_WIPEOUT_SUPPORTED config BOARD_VARIANT_AP148 bool "pick this to build an image for ap148" diff --git a/src/mainboard/google/stout/Kconfig b/src/mainboard/google/stout/Kconfig index 571cbce394..d34f595c9f 100644 --- a/src/mainboard/google/stout/Kconfig +++ b/src/mainboard/google/stout/Kconfig @@ -17,7 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 select SANDYBRIDGE_IVYBRIDGE_LVDS -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/veyron/Kconfig b/src/mainboard/google/veyron/Kconfig index 3eb32525a1..5fb340bcfc 100644 --- a/src/mainboard/google/veyron/Kconfig +++ b/src/mainboard/google/veyron/Kconfig @@ -45,7 +45,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS +config VBOOT select VBOOT_VBNV_EC config MAINBOARD_DIR @@ -54,6 +54,11 @@ config MAINBOARD_DIR config MAINBOARD_PART_NUMBER string + default "Veyron_Jaq" if BOARD_GOOGLE_VEYRON_JAQ + default "Veyron_Jerry" if BOARD_GOOGLE_VEYRON_JERRY + default "Veyron_Mighty" if BOARD_GOOGLE_VEYRON_MIGHTY + default "Veyron_Minnie" if BOARD_GOOGLE_VEYRON_MINNIE + default "Veyron_Speedy" if BOARD_GOOGLE_VEYRON_SPEEDY default "Veyron" config MAINBOARD_VENDOR @@ -112,12 +117,4 @@ config GBB_HWID default "MINNIE TEST A-A 5151" if BOARD_GOOGLE_VEYRON_MINNIE default "SPEEDY TEST A-A 8421" if BOARD_GOOGLE_VEYRON_SPEEDY -config CHROMEOS_FWID_MODEL - string - default "Google_Veyron_Jaq" if BOARD_GOOGLE_VEYRON_JAQ - default "Google_Veyron_Jerry" if BOARD_GOOGLE_VEYRON_JERRY - default "Google_Veyron_Mighty" if BOARD_GOOGLE_VEYRON_MIGHTY - default "Google_Veyron_Minnie" if BOARD_GOOGLE_VEYRON_MINNIE - default "Google_Veyron_Speedy" if BOARD_GOOGLE_VEYRON_SPEEDY - endif # BOARD_GOOGLE_VEYRON diff --git a/src/mainboard/google/veyron_mickey/Kconfig b/src/mainboard/google/veyron_mickey/Kconfig index 24d7921bc9..1f66ff035e 100644 --- a/src/mainboard/google/veyron_mickey/Kconfig +++ b/src/mainboard/google/veyron_mickey/Kconfig @@ -30,8 +30,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_FLASH config MAINBOARD_DIR @@ -40,7 +40,7 @@ config MAINBOARD_DIR config MAINBOARD_PART_NUMBER string - default "Veyron_mickey" + default "Veyron_Mickey" config MAINBOARD_VENDOR string @@ -72,8 +72,4 @@ config GBB_HWID depends on CHROMEOS default "MICKEY TEST A-A 0352" -config CHROMEOS_FWID_MODEL - string - default "Google_Veyron_Mickey" - endif # BOARD_GOOGLE_VEYRON_MICKEY diff --git a/src/mainboard/google/veyron_rialto/Kconfig b/src/mainboard/google/veyron_rialto/Kconfig index bbd6ffddfb..cc6a4a6058 100644 --- a/src/mainboard/google/veyron_rialto/Kconfig +++ b/src/mainboard/google/veyron_rialto/Kconfig @@ -30,8 +30,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/intel/baskingridge/Kconfig b/src/mainboard/intel/baskingridge/Kconfig index df5d312127..445dbcbf22 100644 --- a/src/mainboard/intel/baskingridge/Kconfig +++ b/src/mainboard/intel/baskingridge/Kconfig @@ -14,7 +14,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/intel/emeraldlake2/Kconfig b/src/mainboard/intel/emeraldlake2/Kconfig index 9ee41e8198..7b5528ab8f 100644 --- a/src/mainboard/intel/emeraldlake2/Kconfig +++ b/src/mainboard/intel/emeraldlake2/Kconfig @@ -13,7 +13,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 #select MAINBOARD_HAS_CHROMEOS -config CHROMEOS +config VBOOT #select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/intel/galileo/Kconfig b/src/mainboard/intel/galileo/Kconfig index f31ca5e9f7..0ab682c827 100644 --- a/src/mainboard/intel/galileo/Kconfig +++ b/src/mainboard/intel/galileo/Kconfig @@ -153,7 +153,7 @@ config VBOOT_WITH_CRYPTO_SHIELD select COLLECT_TIMESTAMPS select I2C_TPM select MAINBOARD_HAS_I2C_TPM_ATMEL - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE select VBOOT select VBOOT_STARTS_IN_BOOTBLOCK select VBOOT_SOFT_REBOOT_WORKAROUND diff --git a/src/mainboard/intel/kblrvp/Kconfig b/src/mainboard/intel/kblrvp/Kconfig index 296b9225c5..6aa4ad5bdf 100644 --- a/src/mainboard/intel/kblrvp/Kconfig +++ b/src/mainboard/intel/kblrvp/Kconfig @@ -14,8 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_CHROMEOS select GENERIC_SPD_BIN -config CHROMEOS - select LID_SWITCH +config VBOOT + select VBOOT_LID_SWITCH choice prompt "TPM to USE" diff --git a/src/mainboard/intel/kunimitsu/Kconfig b/src/mainboard/intel/kunimitsu/Kconfig index 64a360f9f5..aec394bf86 100644 --- a/src/mainboard/intel/kunimitsu/Kconfig +++ b/src/mainboard/intel/kunimitsu/Kconfig @@ -34,9 +34,9 @@ config KUNIMITSU_USES_FSP2_0 endchoice -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/intel/strago/Kconfig b/src/mainboard/intel/strago/Kconfig index c7221e915d..f568891756 100644 --- a/src/mainboard/intel/strago/Kconfig +++ b/src/mainboard/intel/strago/Kconfig @@ -15,9 +15,9 @@ config BOARD_SPECIFIC_OPTIONS select SOC_INTEL_BRASWELL select PCIEXP_L1_SUB_STATE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config DYNAMIC_VNN_SUPPORT diff --git a/src/mainboard/intel/wtm2/Kconfig b/src/mainboard/intel/wtm2/Kconfig index f57cb2338b..76ed4bfaf2 100644 --- a/src/mainboard/intel/wtm2/Kconfig +++ b/src/mainboard/intel/wtm2/Kconfig @@ -15,6 +15,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC + +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/samsung/lumpy/Kconfig b/src/mainboard/samsung/lumpy/Kconfig index db1debb0ee..bd7078dd53 100644 --- a/src/mainboard/samsung/lumpy/Kconfig +++ b/src/mainboard/samsung/lumpy/Kconfig @@ -20,9 +20,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select DRIVERS_GENERIC_IOAPIC select INTEL_INT15 -config CHROMEOS - select PHYSICAL_DEV_SWITCH - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_DEV_SWITCH + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/samsung/stumpy/Kconfig b/src/mainboard/samsung/stumpy/Kconfig index f8e9b99b01..4f3d1e9f09 100644 --- a/src/mainboard/samsung/stumpy/Kconfig +++ b/src/mainboard/samsung/stumpy/Kconfig @@ -17,9 +17,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SUPERIO_SMSC_LPC47N207 select INTEL_INT15 -config CHROMEOS - select PHYSICAL_DEV_SWITCH - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_DEV_SWITCH + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/soc/broadcom/cygnus/Kconfig b/src/soc/broadcom/cygnus/Kconfig index e5849f020a..e2f97e4ab2 100644 --- a/src/soc/broadcom/cygnus/Kconfig +++ b/src/soc/broadcom/cygnus/Kconfig @@ -28,10 +28,10 @@ config SOC_BROADCOM_CYGNUS if SOC_BROADCOM_CYGNUS -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE - select RETURN_FROM_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE config CONSOLE_SERIAL_UART_ADDRESS hex diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig index 234e2900b9..ca8f5d0829 100644 --- a/src/soc/intel/apollolake/Kconfig +++ b/src/soc/intel/apollolake/Kconfig @@ -70,7 +70,9 @@ config CPU_SPECIFIC_OPTIONS config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select SEPARATE_VERSTAGE + +config VBOOT + select VBOOT_SEPARATE_VERSTAGE select VBOOT_OPROM_MATTERS select VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT select VBOOT_STARTS_IN_BOOTBLOCK diff --git a/src/soc/intel/quark/romstage/fsp1_1.c b/src/soc/intel/quark/romstage/fsp1_1.c index f715f43425..6ce2079256 100644 --- a/src/soc/intel/quark/romstage/fsp1_1.c +++ b/src/soc/intel/quark/romstage/fsp1_1.c @@ -119,7 +119,7 @@ void soc_memory_init_params(struct romstage_params *params, printk(BIOS_SPEW, "| coreboot stack |\n"); printk(BIOS_SPEW, "+-------------------+ 0x%p", _car_stack_start); - if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) { + if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) { printk(BIOS_SPEW, "\n"); printk(BIOS_SPEW, "| vboot data |\n"); printk(BIOS_SPEW, "+-------------------+ 0x%08x", diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index b7c5552a7a..8ac7263c89 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -87,8 +87,10 @@ config USE_FSP1_1_DRIVER config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select SEPARATE_VERSTAGE - select VBOOT_EC_SLOW_UPDATE if EC_GOOGLE_CHROMEEC + +config VBOOT + select VBOOT_EC_SLOW_UPDATE if VBOOT_EC_SOFTWARE_SYNC + select VBOOT_SEPARATE_VERSTAGE select VBOOT_OPROM_MATTERS select VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT select VBOOT_STARTS_IN_BOOTBLOCK diff --git a/src/soc/marvell/armada38x/Kconfig b/src/soc/marvell/armada38x/Kconfig index ed8cbe8100..20f9d09c89 100644 --- a/src/soc/marvell/armada38x/Kconfig +++ b/src/soc/marvell/armada38x/Kconfig @@ -7,13 +7,15 @@ config SOC_MARVELL_ARMADA38X select ARCH_RAMSTAGE_ARMV7 select HAVE_UART_SPECIAL select BOOTBLOCK_CONSOLE - select RETURN_FROM_VERSTAGE select BOOTBLOCK_CUSTOM select GENERIC_UDELAY select UART_OVERRIDE_REFCLK if SOC_MARVELL_ARMADA38X +config VBOOT + select VBOOT_RETURN_FROM_VERSTAGE + config BOOTBLOCK_CPU_INIT string default "soc/marvell/armada38x/bootblock.c" diff --git a/src/soc/marvell/bg4cd/Kconfig b/src/soc/marvell/bg4cd/Kconfig index cdd8597de8..6f9b6aab32 100644 --- a/src/soc/marvell/bg4cd/Kconfig +++ b/src/soc/marvell/bg4cd/Kconfig @@ -28,7 +28,7 @@ config SOC_MARVELL_BG4CD if SOC_MARVELL_BG4CD -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK endif diff --git a/src/soc/marvell/mvmap2315/Kconfig b/src/soc/marvell/mvmap2315/Kconfig index 45e03c1e77..072f4eee01 100644 --- a/src/soc/marvell/mvmap2315/Kconfig +++ b/src/soc/marvell/mvmap2315/Kconfig @@ -31,8 +31,7 @@ config SOC_MARVELL_MVMAP2315 if SOC_MARVELL_MVMAP2315 -config CHROMEOS - select VBOOT +config VBOOT select VBOOT_STARTS_IN_ROMSTAGE config CONSOLE_SERIAL_MVMAP2315_UART_ADDRESS diff --git a/src/soc/mediatek/mt8173/Kconfig b/src/soc/mediatek/mt8173/Kconfig index 7558ad18d2..a367470ed6 100644 --- a/src/soc/mediatek/mt8173/Kconfig +++ b/src/soc/mediatek/mt8173/Kconfig @@ -17,10 +17,10 @@ config SOC_MEDIATEK_MT8173 if SOC_MEDIATEK_MT8173 -config CHROMEOS +config VBOOT select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE config MEMORY_TEST bool diff --git a/src/soc/nvidia/tegra124/Kconfig b/src/soc/nvidia/tegra124/Kconfig index fdbbc7fc6c..cd753f42ae 100644 --- a/src/soc/nvidia/tegra124/Kconfig +++ b/src/soc/nvidia/tegra124/Kconfig @@ -16,10 +16,10 @@ config SOC_NVIDIA_TEGRA124 if SOC_NVIDIA_TEGRA124 -config CHROMEOS +config VBOOT select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE config TEGRA124_MODEL_TD570D bool "TD570D" diff --git a/src/soc/nvidia/tegra210/Kconfig b/src/soc/nvidia/tegra210/Kconfig index 880f1996f0..30a23ef394 100644 --- a/src/soc/nvidia/tegra210/Kconfig +++ b/src/soc/nvidia/tegra210/Kconfig @@ -17,9 +17,9 @@ config SOC_NVIDIA_TEGRA210 if SOC_NVIDIA_TEGRA210 -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE select VBOOT_OPROM_MATTERS config MAINBOARD_DO_DSI_INIT diff --git a/src/soc/qualcomm/ipq40xx/Kconfig b/src/soc/qualcomm/ipq40xx/Kconfig index d0c1fbd4f0..b0d3f07ad2 100644 --- a/src/soc/qualcomm/ipq40xx/Kconfig +++ b/src/soc/qualcomm/ipq40xx/Kconfig @@ -12,10 +12,10 @@ config SOC_QC_IPQ40XX if SOC_QC_IPQ40XX -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK - select RETURN_FROM_VERSTAGE - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE select VBOOT_VBNV_FLASH config IPQ_QFN_PART diff --git a/src/soc/qualcomm/ipq806x/Kconfig b/src/soc/qualcomm/ipq806x/Kconfig index 13977e5cba..54300ebf2b 100644 --- a/src/soc/qualcomm/ipq806x/Kconfig +++ b/src/soc/qualcomm/ipq806x/Kconfig @@ -11,11 +11,11 @@ config SOC_QC_IPQ806X if SOC_QC_IPQ806X -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK select VBOOT_VBNV_FLASH - select SEPARATE_VERSTAGE - select RETURN_FROM_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE config MBN_ENCAPSULATION depends on USE_BLOBS diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig index ea34bb9130..19e52b64d9 100644 --- a/src/soc/rockchip/rk3288/Kconfig +++ b/src/soc/rockchip/rk3288/Kconfig @@ -31,11 +31,11 @@ config SOC_ROCKCHIP_RK3288 if SOC_ROCKCHIP_RK3288 -config CHROMEOS +config VBOOT select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE - select RETURN_FROM_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE config PMIC_BUS int diff --git a/src/soc/rockchip/rk3399/Kconfig b/src/soc/rockchip/rk3399/Kconfig index b4017c8856..65b31d523e 100644 --- a/src/soc/rockchip/rk3399/Kconfig +++ b/src/soc/rockchip/rk3399/Kconfig @@ -14,9 +14,9 @@ config SOC_ROCKCHIP_RK3399 if SOC_ROCKCHIP_RK3399 -config CHROMEOS - select RETURN_FROM_VERSTAGE - select SEPARATE_VERSTAGE +config VBOOT + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK diff --git a/src/vboot/Kconfig b/src/vboot/Kconfig index a92a2fa5e1..c5173239ef 100644 --- a/src/vboot/Kconfig +++ b/src/vboot/Kconfig @@ -12,127 +12,7 @@ ## GNU General Public License for more details. ## -config VBOOT_VBNV_OFFSET - hex - default 0x26 - depends on PC80_SYSTEM - help - CMOS offset for VbNv data. This value must match cmos.layout - in the mainboard directory, minus 14 bytes for the RTC. - -config VBOOT_VBNV_CMOS - bool "Vboot non-volatile storage in CMOS." - default n - help - VBNV is stored in CMOS - -config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH - bool "Back up Vboot non-volatile storage from CMOS to flash." - default n - depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES - help - Vboot non-volatile storage data will be backed up from CMOS to flash - and restored from flash if the CMOS is invalid due to power loss. - -config VBOOT_VBNV_EC - bool "Vboot non-volatile storage in EC." - default n - help - VBNV is stored in EC - -config VBOOT_VBNV_FLASH - def_bool n - depends on BOOT_DEVICE_SUPPORTS_WRITES - help - VBNV is stored in flash storage - -config VBOOT_STARTS_IN_BOOTBLOCK - bool "Vboot starts verifying in bootblock" - default n - depends on VBOOT - help - Firmware verification happens during or at the end of bootblock. - -config VBOOT_STARTS_IN_ROMSTAGE - bool "Vboot starts verifying in romstage" - default n - depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK - help - Firmware verification happens during or at the end of romstage. - -config VBOOT_MOCK_SECDATA - bool "Mock secdata for firmware verification" - default n - depends on VBOOT - help - Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware - verification to avoid access to a secdata storage (typically TPM). - All operations for a secdata storage will be successful. This option - can be used during development when a TPM is not present or broken. - THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES. - -config VBOOT_DISABLE_DEV_ON_RECOVERY - bool "Disable dev mode on recovery requests" - default n - depends on VBOOT - help - When this option is enabled, the Chrome OS device leaves the - developer mode as soon as recovery request is detected. This is - handy on embedded devices with limited input capabilities. - -config SEPARATE_VERSTAGE - bool "Vboot verification is built into a separate stage" - default n - depends on VBOOT && VBOOT_STARTS_IN_BOOTBLOCK - help - If this option is set, vboot verification runs in a standalone stage - that is loaded from the bootblock and exits into romstage. If it is - not set, the verification code is linked directly into the bootblock - or the romstage and runs as part of that stage (cf. related options - VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and RETURN_FROM_VERSTAGE). - -config RETURN_FROM_VERSTAGE - bool "The separate verification stage returns to its caller" - default n - depends on SEPARATE_VERSTAGE - help - If this is set, the verstage returns back to the calling stage instead - of exiting to the succeeding stage so that the verstage space can be - reused by the succeeding stage. This is useful if a RAM space is too - small to fit both the verstage and the succeeding stage. - -config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT - bool - default n - depends on VBOOT - help - This option ensures that the recovery request is not lost because of - reboots caused after vboot verification is run. e.g. reboots caused by - FSP components on Intel platforms. - -config VBOOT_OPROM_MATTERS - bool "Video option ROM matters (= can skip display init)" - default n - depends on VBOOT - help - Set this option to indicate to vboot that this platform will skip its - display initialization on a normal (non-recovery, non-developer) boot. - Vboot calls this "oprom matters" because on x86 devices this - traditionally meant that the video option ROM will not be loaded, but - it works functionally the same for other platforms that can skip their - native display initialization code instead. - -config VBOOT_HAS_REC_HASH_SPACE - bool - default n - depends on VBOOT - help - Set this option to indicate to vboot that recovery data hash space - is present in TPM. - -config VBOOT_SOFT_REBOOT_WORKAROUND - bool - default n +menu "Verified Boot (vboot)" config VBOOT bool "Verify firmware with vboot." @@ -145,3 +25,293 @@ config VBOOT help Enabling VBOOT will use vboot to verify the components of the firmware (stages, payload, etc). + +if VBOOT + +config VBOOT_VBNV_CMOS + bool + default n + depends on PC80_SYSTEM + help + VBNV is stored in CMOS + +config VBOOT_VBNV_OFFSET + hex + default 0x26 + depends on VBOOT_VBNV_CMOS + help + CMOS offset for VbNv data. This value must match cmos.layout + in the mainboard directory, minus 14 bytes for the RTC. + +config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH + bool + default n + depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES + help + Vboot non-volatile storage data will be backed up from CMOS to flash + and restored from flash if the CMOS is invalid due to power loss. + +config VBOOT_VBNV_EC + bool + default n + help + VBNV is stored in EC + +config VBOOT_VBNV_FLASH + bool + default n + depends on BOOT_DEVICE_SUPPORTS_WRITES + help + VBNV is stored in flash storage + +config VBOOT_STARTS_IN_BOOTBLOCK + bool + default n + help + Firmware verification happens during the end of or right after the + bootblock. This implies that a static VBOOT2_WORK() buffer must be + allocated in memlayout. + +config VBOOT_STARTS_IN_ROMSTAGE + bool + default n + depends on !VBOOT_STARTS_IN_BOOTBLOCK + help + Firmware verification happens during the end of romstage (after + memory initialization). This implies that vboot working data is + allocated in CBMEM. + +config VBOOT_MOCK_SECDATA + bool "Mock secdata for firmware verification" + default n + help + Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware + verification to avoid access to a secdata storage (typically TPM). + All operations for a secdata storage will be successful. This option + can be used during development when a TPM is not present or broken. + THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES. + +config VBOOT_DISABLE_DEV_ON_RECOVERY + bool + default n + help + When this option is enabled, the Chrome OS device leaves the + developer mode as soon as recovery request is detected. This is + handy on embedded devices with limited input capabilities. + +config VBOOT_SEPARATE_VERSTAGE + bool + default n + depends on VBOOT_STARTS_IN_BOOTBLOCK + help + If this option is set, vboot verification runs in a standalone stage + that is loaded from the bootblock and exits into romstage. If it is + not set, the verification code is linked directly into the bootblock + or the romstage and runs as part of that stage (cf. related options + VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE). + +config VBOOT_RETURN_FROM_VERSTAGE + bool + default n + depends on VBOOT_SEPARATE_VERSTAGE + help + If this is set, the verstage returns back to the calling stage instead + of exiting to the succeeding stage so that the verstage space can be + reused by the succeeding stage. This is useful if a RAM space is too + small to fit both the verstage and the succeeding stage. + +config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT + bool + default n + help + This option ensures that the recovery request is not lost because of + reboots caused after vboot verification is run. e.g. reboots caused by + FSP components on Intel platforms. + +config VBOOT_OPROM_MATTERS + bool + default n + help + Set this option to indicate to vboot that this platform will skip its + display initialization on a normal (non-recovery, non-developer) boot. + Vboot calls this "oprom matters" because on x86 devices this + traditionally meant that the video option ROM will not be loaded, but + it works functionally the same for other platforms that can skip their + native display initialization code instead. + +config VBOOT_HAS_REC_HASH_SPACE + bool + default n + help + Set this option to indicate to vboot that recovery data hash space + is present in TPM. + +config VBOOT_SOFT_REBOOT_WORKAROUND + bool + default n + +config VBOOT_EC_SOFTWARE_SYNC + bool "Enable EC software sync" + default y if EC_GOOGLE_CHROMEEC + default n + help + EC software sync is a mechanism where the AP helps the EC verify its + firmware similar to how vboot verifies the main system firmware. This + option selects whether vboot should support EC software sync. + +config VBOOT_EC_SLOW_UPDATE + bool + default n + depends on VBOOT_EC_SOFTWARE_SYNC + help + Whether the EC (or PD) is slow to update and needs to display a + screen that informs the user the update is happening. + +config VBOOT_PHYSICAL_DEV_SWITCH + bool + default n + help + Whether this platform has a physical developer switch. Note that this + disables virtual dev switch functionality (through secdata). Operation + where both a physical pin and the virtual switch get sampled is not + supported by coreboot. + +config VBOOT_PHYSICAL_REC_SWITCH + bool + default n + help + Whether this platform has a physical recovery switch. + +config VBOOT_LID_SWITCH + bool + default n + help + Whether this platform has a lid switch. If it does, vboot will not + decrement try counters for boot failures if the lid is closed. + +config VBOOT_WIPEOUT_SUPPORTED + bool + default n + help + When this option is enabled, the firmware provides the ability to + signal the application the need for factory reset (a.k.a. wipe + out) of the device + +config VBOOT_FWID_MODEL + string "Firmware ID model" + default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" + help + This is the first part of the FWID written to various regions of a + vboot firmware image to identify its version. + +config VBOOT_FWID_VERSION + string "Firmware ID version" + default "$(KERNELVERSION)" + help + This is the second part of the FWID written to various regions of a + vboot firmware image to identify its version. + +menu "GBB configuration" + +config GBB_HWID + string "Hardware ID" + default "NOCONF HWID" + +config GBB_BMPFV_FILE + string "Path to bmpfv image" + default "" + +config GBB_FLAG_DEV_SCREEN_SHORT_DELAY + bool "Reduce dev screen delay" + default n + +config GBB_FLAG_LOAD_OPTION_ROMS + bool "Load option ROMs" + default n + +config GBB_FLAG_ENABLE_ALTERNATE_OS + bool "Allow booting a non-Chrome OS kernel if dev switch is on" + default n + +config GBB_FLAG_FORCE_DEV_SWITCH_ON + bool "Force dev switch on" + default n + +config GBB_FLAG_FORCE_DEV_BOOT_USB + bool "Allow booting from USB in dev mode even if dev_boot_usb=0" + default y + +config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK + bool "Disable firmware rollback protection" + default y + +config GBB_FLAG_ENTER_TRIGGERS_TONORM + bool "Return to normal boot with Enter" + default n + +config GBB_FLAG_FORCE_DEV_BOOT_LEGACY + bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0" + default n + +config GBB_FLAG_FAFT_KEY_OVERIDE + bool "Allow booting using alternative keys for FAFT servo testing" + default n + +config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC + bool "Disable EC software sync" + default n + +config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY + bool "Default to booting to legacy in dev mode" + default n + +config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC + bool "Disable PD software sync" + default n + +config GBB_FLAG_DISABLE_LID_SHUTDOWN + bool "Disable shutdown on closed lid" + default n + +config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP + bool "Allow fastboot even if dev_boot_fastboot_full_cap=0" + default n + +config GBB_FLAG_ENABLE_SERIAL + bool "Tell vboot to enable serial console" + default n + +endmenu # GBB + +menu "Vboot Keys" +config VBOOT_ROOT_KEY + string "Root key (public)" + default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" + +config VBOOT_RECOVERY_KEY + string "Recovery key (public)" + default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" + +config VBOOT_FIRMWARE_PRIVKEY + string "Firmware key (private)" + default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" + +config VBOOT_KERNEL_KEY + string "Kernel subkey (public)" + default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" + +config VBOOT_KEYBLOCK + string "Keyblock to use for the RW regions" + default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" + +config VBOOT_KEYBLOCK_VERSION + int "Keyblock version number" + default 1 + +config VBOOT_KEYBLOCK_PREAMBLE_FLAGS + hex "Keyblock preamble flags" + default 0x0 + +endmenu # Keys +endif # VBOOT +endmenu # Verified Boot (vboot) diff --git a/src/vboot/Makefile.inc b/src/vboot/Makefile.inc index a09811b52c..56a3bacb72 100644 --- a/src/vboot/Makefile.inc +++ b/src/vboot/Makefile.inc @@ -67,17 +67,17 @@ verstage-y += common.c verstage-y += verstage.c ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y) libverstage-y += secdata_mock.c -romstage-$(CONFIG_SEPARATE_VERSTAGE) += secdata_mock.c +romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_mock.c else libverstage-y += secdata_tpm.c -romstage-$(CONFIG_SEPARATE_VERSTAGE) += secdata_tpm.c +romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c endif romstage-y += vboot_handoff.c common.c ramstage-y += common.c postcar-y += common.c -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-verstage-y)) else ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) @@ -85,7 +85,7 @@ VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-bootblock-y)) else VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-romstage-y)) endif -endif # CONFIG_SEPARATE_VERSTAGE +endif # CONFIG_VBOOT_SEPARATE_VERSTAGE VB2_LIB = $(obj)/external/vboot_reference/vboot_fw20.a VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%, $(filter-out -I$(obj), $(filter-out -include $(src)/include/kconfig.h, $(CPPFLAGS_libverstage)))) @@ -106,7 +106,7 @@ $(VB2_LIB): $(obj)/config.h libverstage-srcs += $(VB2_LIB) -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) # This works under the assumption that romstage and verstage use the same # architecture and thus CC_verstage is the same as CC_romstage. If this is not @@ -115,7 +115,7 @@ ifeq ($(CONFIG_VBOOT_HAS_REC_HASH_SPACE),y) romstage-srcs += $(VB2_LIB) endif -cbfs-files-$(CONFIG_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage +cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage $(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf $(CONFIG_CBFS_PREFIX)/verstage-type := stage $(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG) @@ -137,7 +137,7 @@ bootblock-srcs += $(objgenerated)/libverstage.a else romstage-srcs += $(objgenerated)/libverstage.a endif -endif # CONFIG_SEPARATE_VERSTAGE +endif # CONFIG_VBOOT_SEPARATE_VERSTAGE # Define a list of files that need to be in RO only. # All other files will be installed into RO and RW regions @@ -155,4 +155,115 @@ regions-for-file = $(subst $(spc),$(comma),$(sort \ rmu.bin \ ,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B))) +CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) +CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) +CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK)) +CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)) +CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY)) +CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL)) +CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION)) + +# bool-to-mask(var, value) +# return "value" if var is "y", 0 otherwise +bool-to-mask = $(if $(filter y,$(1)),$(2),0) + +GBB_FLAGS := $(call int-add, \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_LEGACY),0x80) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FAFT_KEY_OVERIDE),0x100) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY),0x400) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP),0x2000) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_SERIAL),0x4000) \ + ) + +ifneq ($(CONFIG_GBB_BMPFV_FILE),) +$(obj)/gbb.sizetmp: $(obj)/coreboot.rom + $(CBFSTOOL) $< read -r GBB -f $@ + +$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp + @printf " CREATE GBB (with BMPFV)\n" + $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp + mv $@.tmp $@ +else +$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) + @printf " CREATE GBB (without BMPFV)\n" + $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp + mv $@.tmp $@ +endif + +$(obj)/gbb.region: $(obj)/gbb.stub + @printf " SETUP GBB\n" + cp $< $@.tmp + $(FUTILITY) gbb_utility -s \ + --hwid="$(CONFIG_GBB_HWID)" \ + --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \ + --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \ + --flags=$(GBB_FLAGS) \ + $@.tmp +ifneq ($(CONFIG_GBB_BMPFV_FILE),) + $(FUTILITY) gbb_utility -s \ + --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \ + $@.tmp +endif + mv $@.tmp $@ + +$(obj)/fwid.region: + printf "$(CONFIG_VBOOT_FWID_MODEL)$(CONFIG_VBOOT_FWID_VERSION)\0" > $@ + +build_complete:: $(obj)/gbb.region $(obj)/fwid.region + @printf " WRITE GBB\n" + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region + +ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),) +build_complete:: + printf "\0" > $(obj)/shared_data.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region +endif + +# Extract FW_MAIN_? region and minimize it if the last file is empty, so it +# doesn't contain this empty file (that can have a significant size), +# improving a lot on hash times due to a smaller amount of data loaded from +# firmware storage. +# When passing the minimized image to vbutil_firmware, its length is recorded +# in the keyblock, and coreboot's vboot code clips the region_device to match, +# which prevents any potential extension attacks. +$(obj)/FW_MAIN_%.bin: $(obj)/coreboot.rom + $(CBFSTOOL) $< read -r $(basename $(notdir $@)) -f $@.tmp + $(CBFSTOOL) $(obj)/coreboot.rom print -k -r $(basename $(notdir $@)) | \ + tail -1 | \ + sed "s,^(empty)[[:space:]]\(0x[0-9a-f]*\)\tnull\t.*$$,\1," \ + > $@.tmp.size + if [ -n "$$(cat $@.tmp.size)" ] && [ $$( printf "%d" $$(cat $@.tmp.size)) -gt 0 ]; then \ + head -c $$( printf "%d" $$(cat $@.tmp.size)) $@.tmp > $@.tmp2 && \ + mv $@.tmp2 $@; \ + else \ + mv $@.tmp $@; \ + fi + +$(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) + $(FUTILITY) vbutil_firmware \ + --vblock $@ \ + --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \ + --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \ + --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \ + --fv $< \ + --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \ + --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) + +files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin + endif # CONFIG_VBOOT diff --git a/src/vboot/bootmode.c b/src/vboot/bootmode.c index d66911fa91..23dec13396 100644 --- a/src/vboot/bootmode.c +++ b/src/vboot/bootmode.c @@ -75,7 +75,7 @@ BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, static int vboot_possibly_executed(void) { if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) { - if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) return 0; return 1; } @@ -141,6 +141,23 @@ int vboot_recovery_mode_enabled(void) return !!vboot_check_recovery_request(); } +int __attribute__((weak)) clear_recovery_mode_switch(void) +{ + // Weak implementation. Nothing to do. + return 0; +} + +int __attribute__((weak)) get_sw_write_protect_state(void) +{ + // Can be implemented by a platform / mainboard + return 0; +} + +void __attribute__((weak)) log_recovery_mode_switch(void) +{ + // Weak implementation. Nothing to do. +} + int __attribute__((weak)) get_recovery_mode_retrain_switch(void) { return 0; diff --git a/src/vboot/vboot_handoff.c b/src/vboot/vboot_handoff.c index 85be928ae3..b3a5c19641 100644 --- a/src/vboot/vboot_handoff.c +++ b/src/vboot/vboot_handoff.c @@ -83,11 +83,11 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff, vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON; } /* TODO: Set these in depthcharge */ - if (!IS_ENABLED(CONFIG_PHYSICAL_DEV_SWITCH)) + if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH)) vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH; - if (IS_ENABLED(CONFIG_EC_SOFTWARE_SYNC)) + if (IS_ENABLED(CONFIG_VBOOT_EC_SOFTWARE_SYNC)) vb_sd->flags |= VBSD_EC_SOFTWARE_SYNC; - if (!IS_ENABLED(CONFIG_PHYSICAL_REC_SWITCH)) + if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_REC_SWITCH)) vb_sd->flags |= VBSD_BOOT_REC_SWITCH_VIRTUAL; if (IS_ENABLED(CONFIG_VBOOT_EC_SLOW_UPDATE)) vb_sd->flags |= VBSD_EC_SLOW_UPDATE; diff --git a/src/vboot/vboot_loader.c b/src/vboot/vboot_loader.c index 3629402f7e..9aab789854 100644 --- a/src/vboot/vboot_loader.c +++ b/src/vboot/vboot_loader.c @@ -29,11 +29,11 @@ _Static_assert(IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) + IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE) == 1, "vboot must either start in bootblock or romstage (not both!)"); -_Static_assert(!IS_ENABLED(CONFIG_SEPARATE_VERSTAGE) || +_Static_assert(!IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) || IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK), "stand-alone verstage must start in (i.e. after) bootblock"); -_Static_assert(!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) || - IS_ENABLED(CONFIG_SEPARATE_VERSTAGE), +_Static_assert(!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE) || + IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE), "return from verstage only makes sense for separate verstages"); /* The stage loading code is compiled and entered from multiple stages. The @@ -42,7 +42,7 @@ _Static_assert(!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) || static int verification_should_run(void) { - if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) return ENV_VERSTAGE; else if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) return ENV_ROMSTAGE; @@ -54,7 +54,7 @@ static int verification_should_run(void) static int verstage_should_load(void) { - if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) return ENV_BOOTBLOCK; else return 0; @@ -87,7 +87,7 @@ int vb2_logic_executed(void) static void vboot_prepare(void) { if (verification_should_run()) { - /* Note: this path is not used for RETURN_FROM_VERSTAGE */ + /* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */ verstage_main(); car_set_var(vboot_executed, 1); vb2_save_recovery_reason_vbnv(); @@ -130,7 +130,7 @@ static void vboot_prepare(void) /* This is not actually possible to hit this condition at * runtime, but this provides a hint to the compiler for dead * code elimination below. */ - if (!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) + if (!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)) return; car_set_var(vboot_executed, 1); diff --git a/src/vboot/vboot_logic.c b/src/vboot/vboot_logic.c index fbbe3e8be7..9145ad003e 100644 --- a/src/vboot/vboot_logic.c +++ b/src/vboot/vboot_logic.c @@ -329,7 +329,7 @@ void verstage_main(void) antirollback_read_space_firmware(&ctx); timestamp_add_now(TS_END_TPMINIT); - if (IS_ENABLED(CONFIG_PHYSICAL_DEV_SWITCH) && + if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; @@ -339,10 +339,11 @@ void verstage_main(void) ctx.flags |= VB2_DISABLE_DEVELOPER_MODE; } - if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) + if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && + get_wipeout_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE; - if (IS_ENABLED(CONFIG_LID_SWITCH) && !get_lid_switch()) + if (IS_ENABLED(CONFIG_VBOOT_LID_SWITCH) && !get_lid_switch()) ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT; /* Do early init (set up secdata and NVRAM, load GBB) */ diff --git a/src/vboot/verstage.c b/src/vboot/verstage.c index 64fadc736e..aca4ab328d 100644 --- a/src/vboot/verstage.c +++ b/src/vboot/verstage.c @@ -30,7 +30,7 @@ void main(void) exception_init(); verstage_mainboard_init(); - if (IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) { + if (IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)) { verstage_main(); } else { run_romstage(); diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 62e60d40d4..ab2478212d 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -59,24 +59,6 @@ config CHROMEOS_RAMOOPS_RAM_SIZE default 0x00100000 depends on CHROMEOS_RAMOOPS -config EC_SOFTWARE_SYNC - bool "Enable EC software sync" - default y if EC_GOOGLE_CHROMEEC - default n - depends on VBOOT - help - EC software sync is a mechanism where the AP helps the EC verify its - firmware similar to how vboot verifies the main system firmware. This - option selects whether depthcharge should support EC software sync. - -config VBOOT_EC_SLOW_UPDATE - bool "EC is slow to update" - default n - depends on EC_SOFTWARE_SYNC - help - Whether the EC (or PD) is slow to update and needs to display a - screen that informs the user the update is happening. - config NO_TPM_RESUME bool default n @@ -85,55 +67,12 @@ config NO_TPM_RESUME boards, booting Windows will break if the TPM resume command is sent during an S3 resume. -config PHYSICAL_DEV_SWITCH - bool - default n - help - Whether this platform has a physical developer switch. Note that this - disables virtual dev switch functionality (through secdata). Operation - where both a physical pin and the virtual switch get sampled is not - supported by coreboot. - -config PHYSICAL_REC_SWITCH - bool - default n - help - Whether this platform has a physical recovery switch - -config LID_SWITCH - bool "Lid switch is present" - default n - help - Whether this platform has a lid switch - -config WIPEOUT_SUPPORTED - bool "User is able to request factory reset" - default n - help - When this option is enabled, the firmware provides the ability to - signal the application the need for factory reset (a.k.a. wipe - out) of the device - config HAVE_REGULATORY_DOMAIN bool "Add regulatory domain methods" default n help This option is needed to add ACPI regulatory domain methods -config CHROMEOS_FWID_MODEL - string "Chrome OS Firmware ID model" - default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" - help - This is the first part of the FWID written to various regions of a - Chrome OS firmware image to identify its version. - -config CHROMEOS_FWID_VERSION - string "Chrome OS Firmware ID version" - default "$(KERNELVERSION)" - help - This is the second part of the FWID written to various regions of a - Chrome OS firmware image to identify its version. - config CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME bool default y @@ -148,108 +87,5 @@ config CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME on normal boot as well as resume and coreboot is only involved in the resume piece w.r.t. the platform hierarchy. -menu "GBB configuration" - -config GBB_HWID - string "Hardware ID" - default "NOCONF HWID" - -config GBB_BMPFV_FILE - string "Path to bmpfv image" - default "" - -config GBB_FLAG_DEV_SCREEN_SHORT_DELAY - bool "Reduce dev screen delay" - default n - -config GBB_FLAG_LOAD_OPTION_ROMS - bool "Load option ROMs" - default n - -config GBB_FLAG_ENABLE_ALTERNATE_OS - bool "Allow booting a non-Chrome OS kernel if dev switch is on" - default n - -config GBB_FLAG_FORCE_DEV_SWITCH_ON - bool "Force dev switch on" - default n - -config GBB_FLAG_FORCE_DEV_BOOT_USB - bool "Allow booting from USB in dev mode even if dev_boot_usb=0" - default y - -config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK - bool "Disable firmware rollback protection" - default y - -config GBB_FLAG_ENTER_TRIGGERS_TONORM - bool "Return to normal boot with Enter" - default n - -config GBB_FLAG_FORCE_DEV_BOOT_LEGACY - bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0" - default n - -config GBB_FLAG_FAFT_KEY_OVERIDE - bool "Allow booting using alternative keys for FAFT servo testing" - default n - -config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC - bool "Disable EC software sync" - default n - -config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY - bool "Default to booting to legacy in dev mode" - default n - -config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC - bool "Disable PD software sync" - default n - -config GBB_FLAG_DISABLE_LID_SHUTDOWN - bool "Disable shutdown on closed lid" - default n - -config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP - bool "Allow fastboot even if dev_boot_fastboot_full_cap=0" - default n - -config GBB_FLAG_ENABLE_SERIAL - bool "Tell vboot to enable serial console" - default n - -endmenu # GBB - -menu "Vboot Keys" -config VBOOT_ROOT_KEY - string "Root key (public)" - default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" - -config VBOOT_RECOVERY_KEY - string "Recovery key (public)" - default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" - -config VBOOT_FIRMWARE_PRIVKEY - string "Firmware key (private)" - default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" - -config VBOOT_KERNEL_KEY - string "Kernel subkey (public)" - default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" - -config VBOOT_KEYBLOCK - string "Keyblock to use for the RW regions" - default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" - -config VBOOT_KEYBLOCK_VERSION - int "Keyblock version number" - default 1 - -config VBOOT_KEYBLOCK_PREAMBLE_FLAGS - hex "Keyblock preamble flags" - default 0x0 - -endmenu # Keys - endif # CHROMEOS endmenu diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 3326ced1eb..22352ef243 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -13,11 +13,6 @@ ## GNU General Public License for more details. ## -bootblock-y += chromeos.c -verstage-y += chromeos.c -romstage-y += chromeos.c -ramstage-y += chromeos.c - ramstage-$(CONFIG_ELOG) += elog.c ramstage-$(CONFIG_HAVE_ACPI_TABLES) += gnvs.c ramstage-$(CONFIG_HAVE_ACPI_TABLES) += acpi.c @@ -31,114 +26,3 @@ ifeq ($(CONFIG_ARCH_MIPS),) bootblock-y += watchdog.c ramstage-y += watchdog.c endif - -CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) -CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) -CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK)) -CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)) -CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY)) -CONFIG_CHROMEOS_FWID_MODEL := $(call strip_quotes,$(CONFIG_CHROMEOS_FWID_MODEL)) -CONFIG_CHROMEOS_FWID_VERSION := $(call strip_quotes,$(CONFIG_CHROMEOS_FWID_VERSION)) - -# bool-to-mask(var, value) -# return "value" if var is "y", 0 otherwise -bool-to-mask = $(if $(filter y,$(1)),$(2),0) - -GBB_FLAGS := $(call int-add, \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_LEGACY),0x80) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FAFT_KEY_OVERIDE),0x100) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY),0x400) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP),0x2000) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_SERIAL),0x4000) \ - ) - -ifneq ($(CONFIG_GBB_BMPFV_FILE),) -$(obj)/gbb.sizetmp: $(obj)/coreboot.rom - $(CBFSTOOL) $< read -r GBB -f $@ - -$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp - @printf " CREATE GBB (with BMPFV)\n" - $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp - mv $@.tmp $@ -else -$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) - @printf " CREATE GBB (without BMPFV)\n" - $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp - mv $@.tmp $@ -endif - -$(obj)/gbb.region: $(obj)/gbb.stub - @printf " SETUP GBB\n" - cp $< $@.tmp - $(FUTILITY) gbb_utility -s \ - --hwid="$(CONFIG_GBB_HWID)" \ - --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \ - --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \ - --flags=$(GBB_FLAGS) \ - $@.tmp -ifneq ($(CONFIG_GBB_BMPFV_FILE),) - $(FUTILITY) gbb_utility -s \ - --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \ - $@.tmp -endif - mv $@.tmp $@ - -$(obj)/fwid.region: - printf "$(CONFIG_CHROMEOS_FWID_MODEL)$(CONFIG_CHROMEOS_FWID_VERSION)\0" > $@ - -build_complete:: $(obj)/gbb.region $(obj)/fwid.region - @printf " WRITE GBB\n" - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region - -ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),) -build_complete:: - printf "\0" > $(obj)/shared_data.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region -endif - -# Extract FW_MAIN_? region and minimize it if the last file is empty, so it -# doesn't contain this empty file (that can have a significant size), -# improving a lot on hash times due to a smaller amount of data loaded from -# firmware storage. -# When passing the minimized image to vbutil_firmware, its length is recorded -# in the keyblock, and coreboot's vboot code clips the region_device to match, -# which prevents any potential extension attacks. -$(obj)/FW_MAIN_%.bin: $(obj)/coreboot.rom - $(CBFSTOOL) $< read -r $(basename $(notdir $@)) -f $@.tmp - $(CBFSTOOL) $(obj)/coreboot.rom print -k -r $(basename $(notdir $@)) | \ - tail -1 | \ - sed "s,^(empty)[[:space:]]\(0x[0-9a-f]*\)\tnull\t.*$$,\1," \ - > $@.tmp.size - if [ -n "$$(cat $@.tmp.size)" ] && [ $$( printf "%d" $$(cat $@.tmp.size)) -gt 0 ]; then \ - head -c $$( printf "%d" $$(cat $@.tmp.size)) $@.tmp > $@.tmp2 && \ - mv $@.tmp2 $@; \ - else \ - mv $@.tmp $@; \ - fi - -$(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) - $(FUTILITY) vbutil_firmware \ - --vblock $@ \ - --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \ - --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \ - --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \ - --fv $< \ - --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \ - --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) - -files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin diff --git a/src/vendorcode/google/chromeos/chromeos.c b/src/vendorcode/google/chromeos/chromeos.c deleted file mode 100644 index 515b79f45d..0000000000 --- a/src/vendorcode/google/chromeos/chromeos.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include -#include -#include "chromeos.h" - -int __attribute__((weak)) clear_recovery_mode_switch(void) -{ - // Weak implementation. Nothing to do. - return 0; -} - -int __attribute__((weak)) get_sw_write_protect_state(void) -{ - // Can be implemented by a platform / mainboard - return 0; -} - -void __attribute__((weak)) log_recovery_mode_switch(void) -{ - // Weak implementation. Nothing to do. -}