This requires payload integration somewhere to be useful, because
without that, adding it will (hopefully) break the signature.
Change-Id: I67b8267e5040e26353df02d258e92a0610e19a52
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/13560
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
Use the flags to preset the GBB flags field. The Kconfig defaults are
chosen for a "developer" configuration.
Change-Id: Ifcc05aab10b92a2fc201b663df5ea47f92439a3f
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/13559
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
The GBB contains hardware-specific data plus some configuration. The
latter isn't supported by this change yet and will come later.
The fields that are supported (hardware ID, bmpfv, vboot keys) are
configurable through Kconfig and point to Chrome OS-style default (eg.
developer keys).
While adding vboot keys, the two keys used to sign RW regions are also
added to Kconfig, even if not yet used.
Change-Id: Icfba6061ca83182df560cd36052fbb257826d4b0
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/13558
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Just rename the two scripts that are in the src/ tree to give them
a .sh extension. Since we generally expect files in the src directory
to be source files, this allows to identify these as scripts easily.
Change-Id: I0ab20a083880370164488d37a752ba2d5a192fdc
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/13432
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This patch adds a check to the VPD parsing code to avoid reading the
whole thing if the first byte ('type' of the first VPD entry) is 0x00
or 0xff. These values match the TERMINATOR and IMPLICIT_TERMINATOR types
which should never occur as the first entry, so this usually means that
the VPD FMAP section has simply never been initialized correctly. This
early abort avoids wasting time to read the whole section from SPI flash
(which we'd otherwise have to since we're not going to find a Google VPD
2.0 header either).
BRANCH=None
BUG=None
TEST=Booted Oak, confirmed that VPD read times dropped from 100ms to
1.5ms.
Change-Id: I9fc473e06440aef4e1023238fb9e53d45097ee9d
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 20a726237e03941ad626a6146700170a45ee7720
Original-Change-Id: I09bfec3c24d24214fa4e9180878b58d00454f399
Original-Signed-off-by: Julius Werner <jwerner@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/322897
Original-Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/13467
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
This patch adds three timestamps to coreboot and the cbmem utility that
track the time required to read in the Chrome OS Vital Product Data
(VPD) blocks (RO and RW). It's useful to account for these like all
other large flash accesses, since their size is variable.
BRANCH=None
BUG=None
TEST=Booted Oak, found my weird 100ms gap at the start of ramstage
properly accounted for.
Change-Id: I2024ed4f7d5e5ae81df9ab5293547cb5a10ff5e0
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: b97288b5ac67ada56e2ee7b181b28341d54b7234
Original-Change-Id: Ie69c1a4ddb6bd3f1094b3880201d53f1b5373aef
Original-Signed-off-by: Julius Werner <jwerner@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/322831
Original-Reviewed-by: David Hendricks <dhendrix@chromium.org>
Reviewed-on: https://review.coreboot.org/13139
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
Add flag handling for CONFIG_VBOOT_EC_SLOW_UPDATE to indicate
to vboot that it should show the "critical update" screen during
software sync for EC+PD.
In order to make this work on x86 where we do not run graphics
init in the normal path add handling for CONFIG_VBOOT_OPROM_MATTERS
and indicate to vboot when the option rom has been loaded.
BUG=chrome-os-partner:49560
BRANCH=glados
TEST=Build and boot on chell in normal mode with an EC update payload
and ensure that it reboots to enable graphics, shows the "critical
update" screen, and then reboots to disable graphics init again.
Change-Id: I5ca46457798a22e9b08aa2febfec05b01aa788f9
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 6a1bb8572c3485f64b9f3e759288321b44184e66
Original-Change-Id: I9f66caaac57bb9f05bc6c405814469ef7ddf4d0a
Original-Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/322781
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/13073
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
CB used to clear recovery status towards romstage end after FSP
memory init. Later inside FSP silicon init due to HSIO CRC mismatch
it will request for an additional reset.On next boot system resume
in dev mode rather than recovery because lost its original state
due to FSP silicon init reset.
Hence an additional 1 reset require to identify original state.
With this patch, we will get future platform reset info during romstage
and restore back recovery request flag so, in next boot CB can maintain
its original status and avoid 1 extra reboot.
BUG=chrome-os-partner:43517
BRANCH=none
TEST= build and booted Kunimitsu and tested RO mode
Change-Id: Ibf86ff2b140cd9ad259eb39987d78177535cd975
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 40ddc21a97b318510116b7d5c4314380778a40f7
Original-Change-Id: Ia52835f87ef580317e91931aee5dd0119dea8111
Original-Signed-off-by: Subrata Banik <subrata.banik@intel.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/302257
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/12975
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Provide a common routine to hash the contents of a cbfs
region. The cbfs region is hashed in the following order:
1. potential cbfs header at offset 0
2. potential cbfs header retlative offset at cbfs size - 4
3. For each file the metadata of the file.
4. For each non-empty file the data of the file.
BUG=chrome-os-partner:48412
BUG=chromium:445938
BRANCH=None
TEST=Utilized in chromeos cros_bundle_firmware as well as at
runtime during vboot verification on glados.
Change-Id: Ie1e5db5b8a80d9465e88d3f69f5367d887bdf73f
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/12786
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins)
This file became obsolete when FMAP code moved to src/lib/ and is no
longer built by any Makefile. Let's remove it to avoid confusing people.
Change-Id: I55639af28f9f3d4c4cb0429b805e3f120ecc374e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/12753
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
Now that only CBFS access is supported for finding resources
within the boot media the assets infrastructure can be removed.
Remove it.
BUG=chromium:445938
BRANCH=None
TEST=Built and ran on glados.
Change-Id: I383fd6579280cf9cfe5a18c2851baf74cad004e9
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/12690
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
The Chrome OS verified boot path supported multiple CBFS
instances in the boot media as well as stand-alone assets
sitting in each vboot RW slot. Remove the support for the
stand-alone assets and always use CBFS accesses as the
way to retrieve data.
This is implemented by adding a cbfs_locator object which
is queried for locating the current CBFS. Additionally, it
is also signalled prior to when a program is about to be
loaded by coreboot for the subsequent stage/payload. This
provides the same opportunity as previous for vboot to
hook in and perform its logic.
BUG=chromium:445938
BRANCH=None
TEST=Built and ran on glados.
CQ-DEPEND=CL:307121,CL:31691,CL:31690
Change-Id: I6a3a15feb6edd355d6ec252c36b6f7885b383099
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/12689
Tested-by: build bot (Jenkins)
Tested-by: Raptor Engineering Automated Test Stand <noreply@raptorengineeringinc.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
ELOG requires SPI_FLASH, so don't bother selecting if if SPI_FLASH isn't
available.
Change-Id: I080ac47e74aba820c94409d4913647abee215076
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/12661
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Put dependecies on CHROMEOS's selection of the Kconfig symbols
TPM_INIT_FAILURE_IS_FATAL and SKIP_TPM_STARTUP_ON_NORMAL_BOOT to match
the dependencies on those symbols where they are defined in
src/drivers/pc80/tpm/Kconfig
The file that uses these only gets built in if CONFIG_LPC_TPM is
selected selected.
The warnings were:
warning: (CHROMEOS) selects TPM_INIT_FAILURE_IS_FATAL which has unmet
direct dependencies (PC80_SYSTEM && LPC_TPM)
warning: (CHROMEOS) selects SKIP_TPM_STARTUP_ON_NORMAL_BOOT which has
unmet direct dependencies (PC80_SYSTEM && LPC_TPM)
Change-Id: I7af00c79050bf511758bf29e3d57f6ff34d2a296
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: http://review.coreboot.org/12497
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
There are few drawbacks reading VPD from SPI flash in user land, including
"lack of firmware level authority" and "slow reading speed".
Since for many platforms we are already reading VPD in firmware (for
example MAC and serial number), caching the VPD data in CBMEM should
will speed up and simplify user land VPD processing without adding
performance cost.
A new CBMEM ID is added: CBMEM_ID_VPD, referring to a structure containing
raw Google VPD 2.0 structure and can be found by the new LB_TAG_VPD in
Coreboot tables.
BRANCH=smaug
BUG=chrome-os-partner:39945
TEST=emerge-smaug coreboot chromeos-bootimage # and boots successfully.
[pg: lots of changes to make it work with what happened in upstream
since 2013]
Change-Id: If8629ac002d52abed7b480d3d06298665613edbf
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 117a9e88912860a22d250ff0e53a7d40237ddd45
Original-Change-Id: Ic79f424a6e3edfb6c5d168b9661d61a56fab295f
Original-Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/285031
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/12453
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
It encourages users from writing to the FSF without giving an address.
Linux also prefers to drop that and their checkpatch.pl (that we
imported) looks out for that.
This is the result of util/scripts/no-fsf-addresses.sh with no further
editing.
Change-Id: Ie96faea295fe001911d77dbc51e9a6789558fbd6
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/11888
Tested-by: build bot (Jenkins)
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Ronald G. Minnich <rminnich@gmail.com>
While migrating from vboot1 to vboot2, the tpm_init was moved out of
vboot library and implemented in coreboot. However, while doing this,
the initial factory flow was missed.
We need to ensure following flow for tpm_init:
1. Perform tpm_init
2. If tpm_init fails, set secdata_context flag to indicate to vboot
that tpm needs reboot.
3. Call vb2_api_phase1
4. If vb2_api_phase1 returns error code saying boot into recovery,
continue booting into recovery. For all other error codes, save
context if required and reboot.
[pg: everything but step 2 was already done, so this upstream commit is
quite minimal]
CQ-DEPEND=CL:300572
BUG=chrome-os-partner:45462
BRANCH=None
TEST=Verified behavior on smaug. Steps to test:
1. Reboot into recovery
2. tpmc clear
3. Reboot device
Expected Behavior: Device should reboot after Enabling TPM. Should not
enter recovery
Confirmed that the device behaves as expected.
Change-Id: I72f08d583b744bd77accadd06958c61ade298dfb
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 85ac93137f3cfb28668dcfa18dfc773bf910d44e
Original-Change-Id: I38ab9b9d6c2a718ccc8641377508ffc93fef2ba1
Original-Signed-off-by: Furquan Shaikh <furquan@google.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/300570
Original-Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Original-Tested-by: Furquan Shaikh <furquan@chromium.org>
Original-Reviewed-by: Randall Spangler <rspangler@chromium.org>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: http://review.coreboot.org/12205
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
vboot handoff should look at flags in struct vb2_shared_data when
translating flags to VBSD_BOOT_REC_SWITCH_ON because
VBSD_BOOT_REC_SWITCH_ON is supposed to indicate whether manual recovery was
triggered or not while vb2_sd->recovery_reason will be able to provide
that information only in some cases after CL:307586 is checked in.
For example, this fixes a recovery loop problem: Without this fix,
vb2_sd->recovery_reason won't be set to VB2_RECOVERY_RO_MANUAL when user
hits esc+refresh+power at 'broken' screen. In the next boot,
recovery_reason will be set to whatever reason which caused 'broken'
screen. So, if we check recovery_reason == VB2_RECOVERY_RO_MANUAL, we
won't set vb_sd->flags to VBSD_BOOT_REC_SWITCH_ON. That'll cause a
recovery loop because VbBootRecovery traps us again in the 'broken'
screen after not seeing VBSD_BOOT_REC_SWITCH_ON.
BUG=chromium:501060
BRANCH=tot
TEST=test_that -b veyron_jerry suite:faft_bios
Change-Id: I69a50c71d93ab311c1f7d4cfcd7d454ca1189586
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: d9679b02f6d21ed903bb02e107badb0fbf7da46c
Original-Change-Id: I3da642ff2d05c097d10db303fc8ab3358e10a5c7
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/307946
Original-Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: http://review.coreboot.org/12199
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
We need to special-case filling out the vboot structures when
we use CBFS instead of vboot's custom indexed format, otherwise
(due to the way the CBFS header looks), it will try to write several
million entries.
Change-Id: Ie1289d4a19060bac48089ff70e5cfc04a2de373f
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: http://review.coreboot.org/11914
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
To support x86 verstage one needs a working buffer for
vboot. That buffer resides in the cache-as-ram region
which persists across verstage and romstage. The current
assumption is that verstage brings cache-as-ram up
and romstage tears cache-as-ram down. The timestamp,
cbmem console, and the vboot work buffer are persistent
through in both romstage and verstage. The vboot
work buffer as well as the cbmem console are permanently
destroyed once cache-as-ram is torn down. The timestamp
region is migrated. When verstage is enabled the assumption
is that _start is the romstage entry point. It's currently
expected that the chipset provides the entry point to
romstage when verstage is employed. Also, the car_var_*()
APIs use direct access when in verstage since its expected
verstage does not tear down cache-as-ram. Lastly, supporting
files were added to verstage-y such that an x86 verstage
will build and link.
BUG=chrome-os-partner:44827
BRANCH=None
TEST=Built and booted glados using separate verstage.
Change-Id: I097aa0b92f3bb95275205a3fd8b21362c67b97aa
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11822
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
When a separate verstage is employed the verstage file
was just being added through the cbfs-files mechanism.
However, that doesn't allow one to specify other flags
that aren't supported that an architecture may require.
The x86 architecture is one of those entities in that
it needs its verstage to be XIP. To that end provide
a mechanism for adding verstage with options.
BUG=chrome-os-partner:44827
BRANCH=None
TEST=Built and booted glados using his mechansim on x86.
Change-Id: Iaba053a55a4d84d8455026e7d6fa548744edaa28
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11819
Tested-by: build bot (Jenkins)
Reviewed-by: Duncan Laurie <dlaurie@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
In order to support x86 verstage proper the work buffer
needs to live in cache-as-ram. However, after cache-as-ram
is torn down one still needs the verification results to
know which slot was selected. Though the platforms with
a dedicated SRAM can just use the work buffer in SRAM, the
x86 cache-as-ram platforms need a place to stash the
results. For that situation cbmem is employed. This works
because when cbmem is initialized cache-as-ram is still
enabled. The VBOOT_DYNAMIC_WORK_BUFFER case assumes
verified boot doesn't start until after cbmem is up. That
doesn't change, but it's a goal to get rid of that option
entirely once all other x86 platforms are moved over to
pre-romstage vboot.
BUG=chrome-os-partner:44827
BRANCH=None
TEST=Built and booted glados with pre-romstage verification
as well as VBOOT_DYNAMIC_WORK_BUFFER case.
Change-Id: I7eacd0edb2b6ca52b59b74075d17c00b50676d4c
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11821
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
For the purpose of isolating the work buffer logic
the surface area of the API was slimmed down. The
vb2_working_data structure is no longer exposed,
and the function signatures are updated accordingly.
BUG=chrome-os-partner:44827
BRANCH=None
TEST=Built and booted glados.
Change-Id: If64184a79e9571ee8ef9822cfce1eda20fceee00
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11818
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Now that cbfs is adding more metadata in the cbfs file
header one needs to access that metadata. Therefore,
add struct cbfsf which tracks the metadata and data
of the file separately. Note that stage and payload
metadata specific to itself is still contained within
the 'data' portion of a cbfs file. Update the cbfs
API to use struct cbfsf. Additionally, remove struct
cbfsd as there's nothing else associated with a cbfs
region aside from offset and size which tracked
by a region_device (thanks, CBFS_ALIGNMENT!).
BUG=None
BRANCH=None
TEST=Built and booted through end of ramstage on qemu armv7.
Built and booted glados using Chrome OS.
Change-Id: I05486c6cf6cfcafa5c64b36324833b2374f763c2
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11679
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Up to now, the multi-CBFS code path merely looked up files in the "boot
ro" image (ie. the default), disregarding the specified fmap region to
use for CBFS.
The code still relies on the master header being around, which on the
upside allows it to skip an offset at the beginning of the region (eg.
for ARM bootblocks).
This will change later (both the reliance on the master header and the
presence of the bootblock like this).
Change-Id: Ib2fc03eac8add59fc90b4e601f6dfa488257b326
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: http://review.coreboot.org/11805
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Certain chipsets provide their own main symbol for verstage.
Therefore, it's necessary to know this so that those chipsets
can leverage the common verstage flow.
BUG=chrome-os-partner:44827
BRANCH=None
TEST=Built nyan using this option.
Change-Id: If80784aa47b27f0ad286babcf0f42ce198b929e9
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11777
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
vboot_handoff_flag was duplicating the logic to grab the handoff info, that is
already made available with vboot_get_handoff_info.
This uses vboot_get_handoff_info in vboot_handoff_flag instead.
Change-Id: I28f1decce98f988f90c446a3a0dbe7409d714527
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Reviewed-on: http://review.coreboot.org/11498
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The vboot verification in a stage proper is unified
replacing duplicate code in the tegra SoC code. The
original verstage.c file is renamed to reflect its
real purpose. The support for a single verstage flow
is added to the vboot2 directory proper.
BUG=chrome-os-partner:44827
BRANCH=None
TEST=Built glados.
Change-Id: I14593e1fc69a1654fa27b512eb4b612395b94ce5
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11744
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This moves a few vboot-prefixed functions that were defined in chromeos.c to
vboot_common.c, since those are only relevant to vboot and depend on the vboot
handoff data. This allows more separation between CONFIG_CHROMEOS and what
CONFIG_CHROMEOS selects, so that each separate option (such as
CONFIG_VBOOT_VERIFY_FIRMWARE) can be enabled separately.
Thus, the actual definitions of these functions will only be declared when
CONFIG_VBOOT_VERIFY_FIRMWARE is set, so the check before calling
vboot_skip_display_init in bootmode was also adapted.
Change-Id: I52f8a408645566dac0a2100e819c8ed5d3d88ea5
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Reviewed-on: http://review.coreboot.org/11497
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
This removes the dependency on chromeos and vboot for the sw write protect state
function: vboot_get_sw_write_protect, renamed to get_sw_write_protect_state to
both reflect this change and become consistent with the definition of
get_write_protect_state that is already in use.
Change-Id: I47ce31530a03f6749e0f370e5d868466318b3bb6
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Reviewed-on: http://review.coreboot.org/11496
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Instead of reaching into src/include and re-writing code
allow for cleaner code sharing within coreboot and its
utilities. The additional thing needed at this point is
for the utilities to provide a printk() declaration within
a <console/console.h> file. That way code which uses printk()
can than be mapped properly to verbosity of utility parameters.
Change-Id: I9e46a279569733336bc0a018aed96bc924c07cdd
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/11592
Tested-by: build bot (Jenkins)
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Currently, erase operation only works if the region is sector-aligned.
These asserts ensure we can erase the region when it's all used up.
Erase operation can be updated to handle unaligned erases by read,
update, write-back cycle. However, these asserts will still remain useful
in case the adjacent region contains critical data and mis-updating it
can cause a critical failure.
Additionaly we should write a FAFT test but it's more reliable to catch
it here since FAFT can fail in many ways.
BUG=none
BRANCH=master
TEST=tested on samus using misaligned nvram region
Change-Id: I3add4671ed354d9763e21bf96616c8aeca0cb777
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: fc001a4d3446cf96b76367dde492c3453aa948c6
Original-Change-Id: Ib4df8f620bf7531b345364fa4c3e274aba09f677
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/297801
Reviewed-on: http://review.coreboot.org/11654
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
There's no reason to have a separate verstage.ld now
that there is a unified stage linking strategy. Moreover
verstage support is throughout the code base as it is
so bring in those link script macros into the common
memlayout.h as that removes one more specific thing a
board/chipset needs to do in order to turn on verstage.
BUG=chrome-os-partner:44827
BRANCH=None
TEST=None
Change-Id: I1195e06e06c1f81a758f68a026167689c19589dd
Signed-off-by: Aaron Durbin <adubin@chromium.org>
Reviewed-on: http://review.coreboot.org/11516
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
With VIRTUAL_DEV_SWITCH moved under 'config CHROMEOS' in all of the
mainboards, this is no longer needed.
Change-Id: I5fbea17969f6b0c3b8a5dcd519ab9d36eb2ad6f1
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: http://review.coreboot.org/11337
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
One may prefer to include vboot from another directory than 3rdparty for
convenience. This is especially the case in Libreboot, where 3rdparty is not
checked out at all.
Change-Id: I13167eb604a777a2ba87c3567f134ef3ff9610e4
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Reviewed-on: http://review.coreboot.org/11116
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
$(obj) might be defined either as a relative or an absolute path. Thus, it has
to be filtered out before adding $(top) to it (in case of an absolute path) when
building vboot. It is then provided separately in CFLAGS (as an absolute path).
In addition, VB2_LIB inherits $(obj), so it might also already be an absolute
path, and prefixing $(top) to it doesn't apply. Thus, the absolute path to it
should be passed to the vboot make command.
Change-Id: I13e893ebdf22c4513ee40d9331a30ac7de8f9788
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Reviewed-on: http://review.coreboot.org/11120
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
We've seen an increasing need to reduce stack sizes more and more for
space reasons, and it's always guesswork because no one has a good idea
how little is too litte. We now have boards with 3K and 2K stacks, and
old pieces of common code often allocate large temporary buffers that
would lead to very dangerous and hard to detect bugs when someone
eventually tries to use them on one of those.
This patch tries improve this situation at least a bit by declaring 2K
as the minimum stack size all of coreboot code should work with. It
checks all function frames with -Wstack-usage=1536 to make sure we don't
allocate more than 1.5K in a single buffer. This is of course not a
perfect test, but it should catch the most common situation of declaring
a single, large buffer in some close-to-leaf function (with the
assumption that 0.5K is hopefully enough for all the "normal" functions
above that).
Change one example where we were a bit overzealous and put a 1K buffer
into BSS back to stack allocation, since it actually conforms to this
new assumption and frees up another kilobyte of that highly sought-after
verstage space. Not touching x86 with any of this since it's lack of
__PRE_RAM__ BSS often requires it to allocate way more on the stack than
would usually be considered sane.
BRANCH=veyron
BUG=None
TEST=Compiled Cosmos, Daisy, Falco, Blaze, Pit, Storm, Urara and Pinky,
made sure they still build as well as before and don't show any stack
usage warnings.
Change-Id: Idc53d33bd8487bbef49d3ecd751914b0308006ec
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 8e5931066575e256dfc2295c3dab7f0e1b65417f
Original-Change-Id: I30bd9c2c77e0e0623df89b9e5bb43ed29506be98
Original-Signed-off-by: Julius Werner <jwerner@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/236978
Original-Reviewed-by: David Hendricks <dhendrix@chromium.org>
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/9729
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
This can be a problem with freshly updated devices that are periodically
powered on while closed (as explained in the bug report).
In this case, just don't count down. In case of actual errors (where we
want the system to fall back to the old code), this now means that the
retries have to happen with the lid open.
Bump vboot's submodule revision for the vboot-side support of this.
BUG=chromium:446945
TEST=to test the OS update side, follow the test protocol in
https://code.google.com/p/chromium/issues/detail?id=446945#c43
With a servo, it can be sped up using the EC console interface to start
the closed system - no need to wait 60min and plugging in power to get
to that state.
Change-Id: I0e39aadc52195fe53ee4a29a828ed9a40d28f5e6
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10851
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
The many different places to put vboot verification in can be confusing.
Instead of using libverstage (which isn't enough since those functions are
sometimes called outside that, too), mention all stages where it can resides
explicitly.
Change-Id: I9360face822ada7018a1cfdfced8da29b347cbb4
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10722
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
That way they're available wherever the verstage code ends up, bootblock,
verstage or romstage.
Change-Id: I6e59a40761f95a98d96a9b72e3bbcc59caae9b1a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10706
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Not all devices have a lid switch, so we need to state this
somehow. Since the alternative would be to extend get_lid_switch()'s
semantics to become a tri-state (open, closed, N/A), do this
through Kconfig.
BRANCH=none
BUG=chromium:446945
TEST=none
Change-Id: Icc50f72535f256051a59925a178fb27b2e8f7e55
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: d20a1d1a22d64546a5d8761b18ab29732ec0b848
Original-Change-Id: Ie8ac401fbaad5b5a9f1dec2b67847c81f4cc94aa
Original-Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/273850
Original-Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Original-Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10692
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Instead of calling the init function to clear out vboot2 data structures in
multiple places, move the function and call close to verstage_main().
Change-Id: If42e18a8e4581f22f7a7aced70ccbe3188bb0cd5
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10701
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Otherwise it'll determine some offsets from uninitialized data and hilarity
ensues.
Change-Id: I6a671987857cfd3f3cd6078aebd13dd09fc79020
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/10660
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
