sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vboot: remove vboot1

Browse Source 
In preparation for moving to vboot2 for all verified
boot paths bring over Kconfig options to the common
area from vboot1. Also remove vboot1 directory entirely.

Change-Id: Iccc4b570216f834886618f0ba5f2e1dd6c01db4b
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/9957
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This commit is contained in:
Aaron Durbin
2015-04-21 15:33:01 -05:00
committed by Patrick Georgi
parent 599c32d8ef
commit 6d65f796db
7 changed files with 25 additions and 797 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/vendorcode/google/chromeos/Kconfig
View File

@ -132,6 +132,14 @@ config VIRTUAL_DEV_SWITCH
help help
Whether this platform has a virtual developer switch. Whether this platform has a virtual developer switch.
config VBOOT_VERIFY_FIRMWARE
bool "Verify firmware with vboot."
default n
depends on CHROMEOS
help
Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the components
of the firmware (stages, payload, etc).
# These VBOOT_X_INDEX are the position of X in FW_MAIN_A/B region. The index # These VBOOT_X_INDEX are the position of X in FW_MAIN_A/B region. The index
# table is created by cros_bundle_firmware at build time based on the positions # table is created by cros_bundle_firmware at build time based on the positions
# of the blobs listed in fmap.dts and stored at the top of FW_MAIN_A/B region. # of the blobs listed in fmap.dts and stored at the top of FW_MAIN_A/B region.
@ -145,6 +153,14 @@ config VBOOT_BOOT_LOADER_INDEX
This is the index of the bootloader component in the verified This is the index of the bootloader component in the verified
firmware block. firmware block.
config VBOOT_REFCODE_INDEX
hex "Reference code firmware index"
default 1
depends on VBOOT_VERIFY_FIRMWARE
help
This is the index of the reference code component in the verified
firmware block.
config VBOOT_RAMSTAGE_INDEX config VBOOT_RAMSTAGE_INDEX
hex "Ramstage component index" hex "Ramstage component index"
default 1 default 1
@ -153,6 +169,14 @@ config VBOOT_RAMSTAGE_INDEX
This is the index of the ramstage component in the verified This is the index of the ramstage component in the verified
firmware block. firmware block.
config VBOOT_ROMSTAGE_INDEX
hex "Romstage component index"
default 2
depends on VBOOT2_VERIFY_FIRMWARE
help
This is the index of the romstage component in the verified
firmware block.
config NO_TPM_RESUME config NO_TPM_RESUME
bool bool
default n default n
@ -175,7 +199,6 @@ config WIPEOUT_SUPPORTED
signal the application the need for factory reset (a.k.a. wipe signal the application the need for factory reset (a.k.a. wipe
out) of the device out) of the device
source src/vendorcode/google/chromeos/vboot1/Kconfig
source src/vendorcode/google/chromeos/vboot2/Kconfig source src/vendorcode/google/chromeos/vboot2/Kconfig
endif # CHROMEOS endif # CHROMEOS

1
src/vendorcode/google/chromeos/Makefile.inc
View File

@ -54,6 +54,5 @@ CFLAGS_common += -DMOCK_TPM=0
endif endif
VB_SOURCE := vboot_reference VB_SOURCE := vboot_reference
subdirs-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot1
subdirs-$(CONFIG_VBOOT2_VERIFY_FIRMWARE) += vboot2 subdirs-$(CONFIG_VBOOT2_VERIFY_FIRMWARE) += vboot2
CPPFLAGS_common += -I$(VB_SOURCE)/firmware/include CPPFLAGS_common += -I$(VB_SOURCE)/firmware/include

34
src/vendorcode/google/chromeos/vboot1/Kconfig
View File

@ -1,34 +0,0 @@
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
##
config VBOOT_VERIFY_FIRMWARE
bool "Verify firmware with vboot."
default n
depends on CHROMEOS
select RELOCATABLE_MODULES
help
Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
and boot loader.
config VBOOT_REFCODE_INDEX
hex "Reference code firmware index"
default 1
depends on VBOOT_VERIFY_FIRMWARE
help
This is the index of the reference code component in the verified
firmware block.

74
src/vendorcode/google/chromeos/vboot1/Makefile.inc
View File

@ -1,74 +0,0 @@
##
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
##
ramstage-y += ../vboot_common.c
romstage-y += vboot_loader.c ../vboot_common.c
rmodules_$(ARCH-ROMSTAGE-y)-y += vboot_wrapper.c ../vboot_common.c
ifneq ($(CONFIG_SPI_FLASH_MEMORY_MAPPED),y)
VBOOT_MAKEFLAGS = REGION_READ=1
endif
VB_LIB = $(obj)/external/vboot_reference/vboot_fw.a
# Currently, vboot comes into picture only during the romstage, thus
# is compiled for being used in romstage only. Since, we are splitting
# up all components in one of the three stages of coreboot, vboot seems
# most logical to fall under the romstage. Thus, all references to arch
# and other compiler stuff for vboot is using the romstage arch.
VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-ROMSTAGE-y))
VBOOT_STUB_ELF = $(obj)/vendorcode/google/chromeos/vboot1/vbootstub.elf
VBOOT_STUB = $(VBOOT_STUB_ELF).rmod
# Dependency for the vboot rmodules. Ordering matters.
VBOOT_STUB_DEPS += $(obj)/vendorcode/google/chromeos/vboot1/vboot_wrapper.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/lib/memcmp.rmodules_$(ARCH-ROMSTAGE-y).o
ifeq ($(CONFIG_ARCH_ROMSTAGE_X86_32),y)
VBOOT_STUB_DEPS += $(obj)/arch/x86/lib/memset.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/arch/x86/lib/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o
endif
ifeq ($(CONFIG_ARCH_ROMSTAGE_ARM),y)
VBOOT_STUB_DEPS += $(obj)/arch/arm/memset.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/arch/arm/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o
endif
ifeq ($(CONFIG_ARCH_ROMSTAGE_ARM64),y)
VBOOT_STUB_DEPS += $(obj)/lib/memset.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/lib/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o
endif
VBOOT_STUB_DEPS += $(VB_LIB)
# Remove the '-include' option since that will break vboot's build and ensure
# vboot_reference can get to coreboot's include files.
VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%,$(filter-out -include $(src)/include/kconfig.h, $(CFLAGS_romstage)))
VBOOT_CFLAGS += -DVBOOT_DEBUG
VBOOT_CFLAGS += $(rmodules_$(ARCH-ROMSTAGE-y)-c-ccopts)
# Link the vbootstub module with a 64KiB-byte heap.
$(eval $(call rmodule_link,$(VBOOT_STUB_ELF), $(VBOOT_STUB_DEPS), 0x10000,$(ARCH-ROMSTAGE-y)))
# Build vboot library without the default includes from coreboot proper.
$(VB_LIB):
@printf " MAKE $(subst $(obj)/,,$(@))\n"
$(Q)FIRMWARE_ARCH=$(VB_FIRMWARE_ARCH) \
CC="$(CC_romstage)" \
CFLAGS="$(VBOOT_CFLAGS)" \
$(MAKE) -C $(VB_SOURCE) \
$(VBOOT_MAKEFLAGS) \
BUILD=$(top)/$(dir $(VB_LIB)) \
V=$(V) \
fwlib

412
src/vendorcode/google/chromeos/vboot1/vboot_loader.c
View File

@ -1,412 +0,0 @@
/*
* This file is part of the coreboot project.
*
* Copyright (C) 2013 Google, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <arch/stages.h>
#include <stdint.h>
#include <stddef.h>
#include <string.h>
#include <cbfs.h>
#include <cbmem.h>
#include <console/console.h>
#include <console/vtxprintf.h>
#include <program_loading.h>
#include <tpm.h>
#include <reset.h>
#include <romstage_handoff.h>
#include <rmodule.h>
#include <string.h>
#include <stdlib.h>
#include <timestamp.h>
#include "../chromeos.h"
#include "../vboot_context.h"
#include "../vboot_handoff.h"
#define TEMP_CBMEM_ID_VBOOT 0xffffffff
#define TEMP_CBMEM_ID_VBLOCKS 0xfffffffe
static void vboot_run_stub(struct vboot_context *context)
{
struct rmod_stage_load rmod_stage = {
.cbmem_id = TEMP_CBMEM_ID_VBOOT,
.name = CONFIG_CBFS_PREFIX "/vboot",
};
void (*entry)(struct vboot_context *context);
if (rmodule_stage_load_from_cbfs(&rmod_stage)) {
printk(BIOS_DEBUG, "Could not load vboot stub.\n");
goto out;
}
entry = rmod_stage.entry;
/* Call stub. */
entry(context);
out:
/* Tear down the region no longer needed. */
if (rmod_stage.cbmem_entry != NULL)
cbmem_entry_remove(rmod_stage.cbmem_entry);
}
/* Helper routines for the vboot stub. */
static void log_msg(const char *fmt, va_list args)
{
do_vtxprintf(fmt, args);
}
static void fatal_error(void)
{
printk(BIOS_ERR, "vboot encountered fatal error. Resetting.\n");
vboot_reboot();
}
static int fw_region_size(struct vboot_region *r)
{
struct vboot_components *fw_info;
int32_t size;
int i;
fw_info = vboot_locate_components(r);
if (fw_info == NULL)
return -1;
if (fw_info->num_components > MAX_PARSED_FW_COMPONENTS)
return -1;
size = sizeof(*fw_info);
size += sizeof(struct vboot_component_entry) * fw_info->num_components;
for (i = 0; i < fw_info->num_components; i++)
size += ALIGN(fw_info->entries[i].size, sizeof(uint32_t));
/* Check that size of comopnents does not exceed the region's size. */
if (size > r->size)
return -1;
/* Update region with the correct size. */
r->size = size;
return 0;
}
static int vboot_fill_params(struct vboot_context *ctx)
{
VbCommonParams *cparams;
VbSelectFirmwareParams *fparams;
if (fw_region_size(&ctx->fw_a))
return -1;
if (fw_region_size(&ctx->fw_b))
return -1;
cparams = ctx->cparams;
fparams = ctx->fparams;
cparams->gbb_size = ctx->gbb.size;
fparams->verification_size_A = ctx->vblock_a.size;
fparams->verification_size_B = ctx->vblock_b.size;
if (IS_ENABLED(CONFIG_SPI_FLASH_MEMORY_MAPPED)) {
/* Get memory-mapped pointers to the regions. */
cparams->gbb_data = vboot_get_region(ctx->gbb.offset_addr,
ctx->gbb.size, NULL);
fparams->verification_block_A =
vboot_get_region(ctx->vblock_a.offset_addr,
ctx->vblock_a.size, NULL);
fparams->verification_block_B =
vboot_get_region(ctx->vblock_b.offset_addr,
ctx->vblock_b.size, NULL);
} else {
/*
* Copy the vblock info into a buffer in cbmem. The gbb will
* be read using VbExRegionRead().
*/
char *dest;
size_t vblck_sz;
vblck_sz = ctx->vblock_a.size + ctx->vblock_b.size;
ctx->vblocks = cbmem_entry_add(TEMP_CBMEM_ID_VBLOCKS, vblck_sz);
if (ctx->vblocks == NULL)
return -1;
dest = cbmem_entry_start(ctx->vblocks);
if (vboot_get_region(ctx->vblock_a.offset_addr,
ctx->vblock_a.size, dest) == NULL)
return -1;
fparams->verification_block_A = (void *)dest;
dest += ctx->vblock_a.size;
if (vboot_get_region(ctx->vblock_b.offset_addr,
ctx->vblock_b.size, dest) == NULL)
return -1;
fparams->verification_block_B = (void *)dest;
}
return 0;
}
static void fill_handoff(struct vboot_context *context)
{
struct vboot_components *fw_info;
struct vboot_region *region;
int i;
/* Fix up the handoff structure. */
context->handoff->selected_firmware =
context->fparams->selected_firmware;
/* Parse out the components for downstream consumption. */
if (context->handoff->selected_firmware == VB_SELECT_FIRMWARE_A)
region = &context->fw_a;
else if (context->handoff->selected_firmware == VB_SELECT_FIRMWARE_B)
region = &context->fw_b;
else
return;
fw_info = vboot_locate_components(region);
if (fw_info == NULL)
return;
for (i = 0; i < fw_info->num_components; i++) {
context->handoff->components[i].address =
region->offset_addr + fw_info->entries[i].offset;
context->handoff->components[i].size = fw_info->entries[i].size;
}
}
static void vboot_clean_up(struct vboot_context *context)
{
if (context->vblocks != NULL)
cbmem_entry_remove(context->vblocks);
}
static void vboot_invoke_wrapper(struct vboot_handoff *vboot_handoff)
{
VbCommonParams cparams;
VbSelectFirmwareParams fparams;
struct vboot_context context;
uint32_t *iflags;
vboot_handoff->selected_firmware = VB_SELECT_FIRMWARE_READONLY;
memset(&cparams, 0, sizeof(cparams));
memset(&fparams, 0, sizeof(fparams));
memset(&context, 0, sizeof(context));
iflags = &vboot_handoff->init_params.flags;
if (get_developer_mode_switch())
*iflags |= VB_INIT_FLAG_DEV_SWITCH_ON;
if (get_recovery_mode_switch()) {
clear_recovery_mode_switch();
*iflags |= VB_INIT_FLAG_REC_BUTTON_PRESSED;
}
if (get_write_protect_state())
*iflags |= VB_INIT_FLAG_WP_ENABLED;
if (vboot_get_sw_write_protect())
*iflags |= VB_INIT_FLAG_SW_WP_ENABLED;
if (CONFIG_VIRTUAL_DEV_SWITCH)
*iflags |= VB_INIT_FLAG_VIRTUAL_DEV_SWITCH;
if (CONFIG_EC_SOFTWARE_SYNC)
*iflags |= VB_INIT_FLAG_EC_SOFTWARE_SYNC;
if (!CONFIG_PHYSICAL_REC_SWITCH)
*iflags |= VB_INIT_FLAG_VIRTUAL_REC_SWITCH;
if (CONFIG_VBOOT_EC_SLOW_UPDATE)
*iflags |= VB_INIT_FLAG_EC_SLOW_UPDATE;
if (CONFIG_VBOOT_OPROM_MATTERS) {
*iflags |= VB_INIT_FLAG_OPROM_MATTERS;
*iflags |= VB_INIT_FLAG_BEFORE_OPROM_LOAD;
/* Will load VGA option rom during this boot */
if (developer_mode_enabled() || recovery_mode_enabled() ||
vboot_wants_oprom()) {
*iflags |= VB_INIT_FLAG_OPROM_LOADED;
}
}
context.handoff = vboot_handoff;
context.cparams = &cparams;
context.fparams = &fparams;
cparams.shared_data_blob = &vboot_handoff->shared_data[0];
cparams.shared_data_size = VB_SHARED_DATA_MIN_SIZE;
cparams.caller_context = &context;
vboot_locate_region("GBB", &context.gbb);
vboot_locate_region("VBLOCK_A", &context.vblock_a);
vboot_locate_region("VBLOCK_B", &context.vblock_b);
vboot_locate_region("FW_MAIN_A", &context.fw_a);
vboot_locate_region("FW_MAIN_B", &context.fw_b);
/* Check all fmap entries. */
if (context.fw_a.size < 0 || context.fw_b.size < 0 ||
context.vblock_a.size < 0 || context.vblock_b.size < 0 ||
context.gbb.size < 0) {
printk(BIOS_DEBUG, "Not all fmap entries found for vboot.\n");
return;
}
/* Fill in vboot parameters. */
if (vboot_fill_params(&context)) {
vboot_clean_up(&context);
return;
}
/* Initialize callbacks. */
context.read_vbnv = &read_vbnv;
context.save_vbnv = &save_vbnv;
context.tis_init = &tis_init;
context.tis_open = &tis_open;
context.tis_close = &tis_close;
context.tis_sendrecv = &tis_sendrecv;
context.log_msg = &log_msg;
context.fatal_error = &fatal_error;
context.get_region = &vboot_get_region;
context.reset = &vboot_reboot;
vboot_run_stub(&context);
fill_handoff(&context);
vboot_clean_up(&context);
}
#if CONFIG_RELOCATABLE_RAMSTAGE
static void *vboot_load_ramstage(uint32_t cbmem_id, const char *name,
const struct cbmem_entry **cbmem_entry)
{
struct vboot_handoff *vboot_handoff;
struct cbfs_stage *stage;
const struct firmware_component *fwc;
struct rmod_stage_load rmod_load = {
.cbmem_id = cbmem_id,
.name = name,
};
timestamp_add_now(TS_START_VBOOT);
vboot_handoff = cbmem_add(CBMEM_ID_VBOOT_HANDOFF,
sizeof(*vboot_handoff));
if (vboot_handoff == NULL) {
printk(BIOS_DEBUG, "Could not add vboot_handoff structure.\n");
return NULL;
}
memset(vboot_handoff, 0, sizeof(*vboot_handoff));
vboot_invoke_wrapper(vboot_handoff);
timestamp_add_now(TS_END_VBOOT);
/* Take RO firmware path since no RW area was selected. */
if (vboot_handoff->selected_firmware != VB_SELECT_FIRMWARE_A &&
vboot_handoff->selected_firmware != VB_SELECT_FIRMWARE_B) {
printk(BIOS_DEBUG, "No RW firmware selected: 0x%08x\n",
vboot_handoff->selected_firmware);
return NULL;
}
if (CONFIG_VBOOT_RAMSTAGE_INDEX >= MAX_PARSED_FW_COMPONENTS) {
printk(BIOS_ERR, "Invalid ramstage index: %d\n",
CONFIG_VBOOT_RAMSTAGE_INDEX);
return NULL;
}
/* Check for invalid address. */
fwc = &vboot_handoff->components[CONFIG_VBOOT_RAMSTAGE_INDEX];
if (fwc->address == 0) {
printk(BIOS_DEBUG, "RW ramstage image address invalid.\n");
return NULL;
}
printk(BIOS_DEBUG, "RW ramstage image at 0x%08x, 0x%08x bytes.\n",
fwc->address, fwc->size);
stage = (void *)fwc->address;
if (rmodule_stage_load(&rmod_load, stage)) {
vboot_handoff->selected_firmware = VB_SELECT_FIRMWARE_READONLY;
printk(BIOS_DEBUG, "Could not load ramstage region.\n");
return NULL;
}
*cbmem_entry = rmod_load.cbmem_entry;
return rmod_load.entry;
}
#else /* CONFIG_RELOCATABLE_RAMSTAGE */
static void vboot_load_ramstage(struct vboot_handoff *vboot_handoff,
struct romstage_handoff *handoff)
{
struct cbfs_stage *stage;
const struct firmware_component *fwc;
if (CONFIG_VBOOT_RAMSTAGE_INDEX >= MAX_PARSED_FW_COMPONENTS) {
printk(BIOS_ERR, "Invalid ramstage index: %d\n",
CONFIG_VBOOT_RAMSTAGE_INDEX);
return;
}
/* Check for invalid address. */
fwc = &vboot_handoff->components[CONFIG_VBOOT_RAMSTAGE_INDEX];
if (fwc->address == 0) {
printk(BIOS_DEBUG, "RW ramstage image address invalid.\n");
return;
}
printk(BIOS_DEBUG, "RW ramstage image at 0x%08x, 0x%08x bytes.\n",
fwc->address, fwc->size);
/* This will leak a mapping. */
stage = vboot_get_region(fwc->address, fwc->size, NULL);
if (stage == NULL) {
printk(BIOS_DEBUG, "Unable to get RW ramstage region.\n");
return;
}
timestamp_add_now(TS_START_COPYRAM);
/* Stages rely the below clearing so that the bss is initialized. */
memset((void *) (uintptr_t) stage->load, 0, stage->memlen);
if (cbfs_decompress(stage->compression,
((unsigned char *) stage) +
sizeof(struct cbfs_stage),
(void *) (uintptr_t) stage->load,
stage->len))
return;
timestamp_add_now(TS_END_COPYRAM);
#if CONFIG_ARCH_X86
__asm__ volatile (
"movl $0, %%ebp\n"
"jmp *%%edi\n"
:: "D"(stage->entry)
);
#elif CONFIG_ARCH_ARM
stage_exit((void *)(uintptr_t)stage->entry);
#endif
}
#endif /* CONFIG_RELOCATABLE_RAMSTAGE */
const struct ramstage_loader_ops vboot_ramstage_loader = {
.name = "VBOOT",
.load = vboot_load_ramstage,
};

266
src/vendorcode/google/chromeos/vboot1/vboot_wrapper.c
View File

@ -1,266 +0,0 @@
/*
* This file is part of the coreboot project.
*
* Copyright (C) 2013 Google, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <console/vtxprintf.h>
#if CONFIG_ARCH_X86
#include <cpu/x86/tsc.h>
#else
#include <timer.h>
#endif
#include <rmodule.h>
#include <stdlib.h>
#include <string.h>
#include "../vboot_context.h"
#include "../vboot_handoff.h"
/* Keep a global context pointer around for the callbacks to use. */
static struct vboot_context *gcontext;
static void vboot_wrapper(void *arg)
{
VbError_t res;
struct vboot_context *context;
context = arg;
gcontext = context;
VbExDebug("Calling VbInit()\n");
res = VbInit(context->cparams, &context->handoff->init_params);
VbExDebug("VbInit() returned 0x%08x\n", res);
if (res != VBERROR_SUCCESS) {
if(res == VBERROR_TPM_REBOOT_REQUIRED) {
VbExDebug("TPM Reboot Required. Proceeding reboot.\n");
gcontext->reset();
}
return;
}
VbExDebug("Calling VbSelectFirmware()\n");
res = VbSelectFirmware(context->cparams, context->fparams);
VbExDebug("VbSelectFirmware() returned 0x%08x\n", res);
if (res != VBERROR_SUCCESS)
return;
}
void VbExError(const char *format, ...)
{
va_list args;
va_start(args, format);
gcontext->log_msg(format, args);
va_end(args);
gcontext->fatal_error();
}
void VbExDebug(const char *format, ...)
{
va_list args;
va_start(args, format);
gcontext->log_msg(format, args);
va_end(args);
}
uint64_t VbExGetTimer(void)
{
#if CONFIG_ARCH_X86
return rdtscll();
#else
struct mono_time mt;
timer_monotonic_get(&mt);
return mt.microseconds;
#endif
}
VbError_t VbExNvStorageRead(uint8_t *buf)
{
gcontext->read_vbnv(buf);
return VBERROR_SUCCESS;
}
VbError_t VbExNvStorageWrite(const uint8_t *buf)
{
gcontext->save_vbnv(buf);
return VBERROR_SUCCESS;
}
extern char _heap[];
extern char _eheap[];
static char *heap_current;
static int heap_size;
void *VbExMalloc(size_t size)
{
void *ptr;
if (heap_current == NULL) {
heap_current = &_heap[0];
heap_size = &_eheap[0] - &_heap[0];
VbExDebug("vboot heap: %p 0x%08x bytes\n",
heap_current, heap_size);
}
if (heap_size < size) {
VbExError("vboot heap request cannot be fulfilled. "
"0x%08x available, 0x%08x requested\n",
heap_size, size);
}
ptr = heap_current;
heap_size -= size;
heap_current += size;
return ptr;
}
void VbExFree(void *ptr)
{
/* Leak all memory. */
}
/* vboot doesn't expose these through the vboot_api.h, but they are needed.
* coreboot requires declarations so provide them to avoid compiler errors. */
int Memcmp(const void *src1, const void *src2, size_t n);
void *Memcpy(void *dest, const void *src, uint64_t n);
void *Memset(void *dest, const uint8_t c, uint64_t n);
int Memcmp(const void *src1, const void *src2, size_t n)
{
return memcmp(src1, src2, n);
}
void *Memcpy(void *dest, const void *src, uint64_t n)
{
return memcpy(dest, src, n);
}
void *Memset(void *dest, const uint8_t c, uint64_t n)
{
return memset(dest, c, n);
}
static inline size_t get_hash_block_size(size_t requested_size)
{
if (!IS_ENABLED(CONFIG_SPI_FLASH_MEMORY_MAPPED)) {
const size_t block_size = 64 * 1024;
if (requested_size > block_size)
return block_size;
}
return requested_size;
}
VbError_t VbExHashFirmwareBody(VbCommonParams *cparams, uint32_t firmware_index)
{
uint8_t *data;
struct vboot_region *region;
struct vboot_context *ctx;
size_t data_size;
uintptr_t offset_addr;
ctx = cparams->caller_context;
switch (firmware_index) {
case VB_SELECT_FIRMWARE_A:
region = &ctx->fw_a;
break;
case VB_SELECT_FIRMWARE_B:
region = &ctx->fw_b;
break;
default:
return VBERROR_UNKNOWN;
}
data_size = region->size;
offset_addr = region->offset_addr;
while (data_size) {
size_t block_size;
block_size = get_hash_block_size(data_size);
data = ctx->get_region(offset_addr, block_size, NULL);
if (data == NULL)
return VBERROR_UNKNOWN;
VbUpdateFirmwareBodyHash(cparams, data, block_size);
data_size -= block_size;
offset_addr += block_size;
}
return VBERROR_SUCCESS;
}
VbError_t VbExTpmInit(void)
{
if (gcontext->tis_init())
return VBERROR_UNKNOWN;
return VbExTpmOpen();
}
VbError_t VbExTpmClose(void)
{
if (gcontext->tis_close())
return VBERROR_UNKNOWN;
return VBERROR_SUCCESS;
}
VbError_t VbExTpmOpen(void)
{
if (gcontext->tis_open())
return VBERROR_UNKNOWN;
return VBERROR_SUCCESS;
}
VbError_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length,
uint8_t *response, uint32_t *response_length)
{
size_t len = *response_length;
if (gcontext->tis_sendrecv(request, request_length, response, &len))
return VBERROR_UNKNOWN;
/* check 64->32bit overflow and (re)check response buffer overflow */
if (len > *response_length)
return VBERROR_UNKNOWN;
*response_length = len;
return VBERROR_SUCCESS;
}
#if !CONFIG_SPI_FLASH_MEMORY_MAPPED
VbError_t VbExRegionRead(VbCommonParams *cparams,
enum vb_firmware_region region, uint32_t offset,
uint32_t size, void *buf)
{
struct vboot_context *ctx;
VbExDebug("VbExRegionRead: offset=%x size=%x, buf=%p\n",
offset, size, buf);
ctx = cparams->caller_context;
if (region == VB_REGION_GBB) {
if (offset + size > cparams->gbb_size)
return VBERROR_REGION_READ_INVALID;
offset += ctx->gbb.offset_addr;
if (ctx->get_region(offset, size, buf) == NULL)
return VBERROR_REGION_READ_INVALID;
return VBERROR_SUCCESS;
}
return VBERROR_UNSUPPORTED_REGION;
}
#endif /* CONFIG_SPI_FLASH_MEMORY_MAPPED */
RMODULE_ENTRY(vboot_wrapper);

10
src/vendorcode/google/chromeos/vboot2/Kconfig
View File

@ -18,7 +18,7 @@
config VBOOT2_VERIFY_FIRMWARE config VBOOT2_VERIFY_FIRMWARE
bool "Firmware Verification with vboot2" bool "Firmware Verification with vboot2"
default n default y if VBOOT_VERIFY_FIRMARE
depends on CHROMEOS && HAVE_HARD_RESET depends on CHROMEOS && HAVE_HARD_RESET
select COLLECT_TIMESTAMPS select COLLECT_TIMESTAMPS
help help
@ -46,14 +46,6 @@ config RETURN_FROM_VERSTAGE
romstage. Useful if a ram space is too small to fit both the verstage romstage. Useful if a ram space is too small to fit both the verstage
and the romstage. and the romstage.
config VBOOT_ROMSTAGE_INDEX
hex
default 2
depends on VBOOT2_VERIFY_FIRMWARE
help
This is the index of the romstage component in the verified
firmware block.
config VBOOT_DISABLE_DEV_ON_RECOVERY config VBOOT_DISABLE_DEV_ON_RECOVERY
bool "Disable dev mode on recovery requests" bool "Disable dev mode on recovery requests"
default n default n