sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
73d042bd90bc8877f9bfd8b846578fe3e12444c3
system76-coreboot/src/vboot/Kconfig
Julius Werner 73d042bd90 vboot: Disallow separate verstage after romstage, try to clarify logic 
No board has ever tried to combine CONFIG_SEPARATE_VERSTAGE with
CONFIG_VBOOT_STARTS_IN_ROMSTAGE. There are probably many reasons why
this wouldn't work (e.g. x86 CAR migration logic currently always
assumes verstage code to run pre-migration). It would also not really
make sense: the reason we use separate verstages is to decrease
bootblock size (mitigating the boot speed cost of slow boot ROM SPI
drivers) and to allow the SRAM-saving RETURN_FROM_VERSTAGE trick,
neither of which would apply to the after-romstage case. It is better to
just forbid that case explicitly and give programmers more guarantees
about what the verstage is (e.g. now the assumption that it runs pre-RAM
is always valid).

Since Kconfig dependencies aren't always guaranteed in the face of
'select' statements, also add some explicit compile-time assertions to
the vboot code. We can simplify some of the loader logic which now no
longer needs to provide for the forbidden case. In addition, also try to
make some of the loader logic more readable by writing it in a more
functional style that allows us to put more assertions about which cases
should be unreachable in there, which will hopefully make it more robust
and fail-fast with future changes (e.g. addition of new stages).

Change-Id: Iaf60040af4eff711d9b80ee0e5950ce05958b3aa
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/18983
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
2017-03-28 22:17:35 +02:00

148 lines
4.8 KiB
Plaintext
Raw Blame History

## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
config VBOOT_VBNV_OFFSET
hex
default 0x26
depends on PC80_SYSTEM
help
CMOS offset for VbNv data. This value must match cmos.layout
in the mainboard directory, minus 14 bytes for the RTC.
config VBOOT_VBNV_CMOS
bool "Vboot non-volatile storage in CMOS."
default n
help
VBNV is stored in CMOS
config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
bool "Back up Vboot non-volatile storage from CMOS to flash."
default n
depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
help
Vboot non-volatile storage data will be backed up from CMOS to flash
and restored from flash if the CMOS is invalid due to power loss.
config VBOOT_VBNV_EC
bool "Vboot non-volatile storage in EC."
default n
help
VBNV is stored in EC
config VBOOT_VBNV_FLASH
def_bool n
depends on BOOT_DEVICE_SUPPORTS_WRITES
help
VBNV is stored in flash storage
config VBOOT_STARTS_IN_BOOTBLOCK
bool "Vboot starts verifying in bootblock"
default n
depends on VBOOT
help
Firmware verification happens during or at the end of bootblock.
config VBOOT_STARTS_IN_ROMSTAGE
bool "Vboot starts verifying in romstage"
default n
depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK
help
Firmware verification happens during or at the end of romstage.
config VBOOT_MOCK_SECDATA
bool "Mock secdata for firmware verification"
default n
depends on VBOOT
help
Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
verification to avoid access to a secdata storage (typically TPM).
All operations for a secdata storage will be successful. This option
can be used during development when a TPM is not present or broken.
THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
config VBOOT_DISABLE_DEV_ON_RECOVERY
bool "Disable dev mode on recovery requests"
default n
depends on VBOOT
help
When this option is enabled, the Chrome OS device leaves the
developer mode as soon as recovery request is detected. This is
handy on embedded devices with limited input capabilities.
config SEPARATE_VERSTAGE
bool "Vboot verification is built into a separate stage"
default n
depends on VBOOT && VBOOT_STARTS_IN_BOOTBLOCK
help
If this option is set, vboot verification runs in a standalone stage
that is loaded from the bootblock and exits into romstage. If it is
not set, the verification code is linked directly into the bootblock
or the romstage and runs as part of that stage (cf. related options
VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and RETURN_FROM_VERSTAGE).
config RETURN_FROM_VERSTAGE
bool "The separate verification stage returns to its caller"
default n
depends on SEPARATE_VERSTAGE
help
If this is set, the verstage returns back to the calling stage instead
of exiting to the succeeding stage so that the verstage space can be
reused by the succeeding stage. This is useful if a RAM space is too
small to fit both the verstage and the succeeding stage.
config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
bool
default n
depends on VBOOT
help
This option ensures that the recovery request is not lost because of
reboots caused after vboot verification is run. e.g. reboots caused by
FSP components on Intel platforms.
config VBOOT_OPROM_MATTERS
bool "Video option ROM matters (= can skip display init)"
default n
depends on VBOOT
help
Set this option to indicate to vboot that this platform will skip its
display initialization on a normal (non-recovery, non-developer) boot.
Vboot calls this "oprom matters" because on x86 devices this
traditionally meant that the video option ROM will not be loaded, but
it works functionally the same for other platforms that can skip their
native display initialization code instead.
config VBOOT_HAS_REC_HASH_SPACE
bool
default n
depends on VBOOT
help
Set this option to indicate to vboot that recovery data hash space
is present in TPM.
config VBOOT_SOFT_REBOOT_WORKAROUND
bool
default n
config VBOOT
bool "Verify firmware with vboot."
default n
select TPM if !MAINBOARD_HAS_TPM2
select TPM2 if MAINBOARD_HAS_TPM2
select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
depends on HAVE_HARD_RESET
help
Enabling VBOOT will use vboot to verify the components of the firmware
(stages, payload, etc).
Reference in New Issue View Git Blame Copy Permalink