vboot: add mocked secdata

This patch allows a board without a secdata storage (typically TPM) to pass
the verification stage if recovery path is taken. It's useful for bringup
when the actual board is not ready.

BUG=none
BRANCH=none
TEST=booted the kernel from a usb stick on a cygnus reference board

Change-Id: I5ab97d1198057d102a1708338d71c606fe106c75
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 5d45acee31fd5b7bfe7444f12e3622bae49fc329
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212418
Original-Reviewed-by: Daisuke Nojiri <dnojiri@google.com>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iddd9af19a2b6428704254af0c17b642e7a976fb8
Original-Reviewed-on: https://chromium-review.googlesource.com/265046
Reviewed-on: http://review.coreboot.org/9919
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>

src/vendorcode/google/chromeos/vboot2/Kconfig

@@ -24,6 +24,17 @@ config VBOOT2_VERIFY_FIRMWARE
 	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
 	  and boot loader.
 
+config VBOOT2_MOCK_SECDATA
+	bool "Mock secdata for firmware verification"
+	default n
+	depends on VBOOT2_VERIFY_FIRMWARE
+	help
+	  Enabling VBOOT2_MOCK_SECDATA will mock secdata for the firmware
+	  verification to avoid access to a secdata storage (typically TPM).
+	  All operations for a secdata storage will be successful. This option
+	  can be used during development when a TPM is not present or broken.
+	  THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
+
 config RETURN_FROM_VERSTAGE
 	bool "return from verstage"
 	default n

src/vendorcode/google/chromeos/vboot2/Makefile.inc

@@ -28,7 +28,12 @@ bootblock-y += verstub.c
 verstage-y += verstub.c
 bootblock-y += common.c
 verstage-y += verstage.c
-verstage-y += antirollback.c common.c
+verstage-y += common.c
+ifeq (${CONFIG_VBOOT2_MOCK_SECDATA},y)
+verstage-y += secdata_mock.c
+else
+verstage-y += antirollback.c
+endif
 romstage-y += vboot_handoff.c common.c
 
 verstage-y += verstage.ld

src/vendorcode/google/chromeos/vboot2/secdata_mock.c

@@ -0,0 +1,48 @@
+/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Functions for querying, manipulating and locking rollback indices
+ * stored in the TPM NVRAM.
+ */
+
+#include <antirollback.h>
+#include <stdlib.h>
+#include <vb2_api.h>
+
+uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
+			enum vb2_pcr_digest which_digest)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t tpm_clear_and_reenable(void)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
+{
+	vb2api_secdata_create(ctx);
+	return TPM_SUCCESS;
+}
+
+uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t antirollback_lock_space_firmware()
+{
+	return TPM_SUCCESS;
+}