* chromeos: vboot2: Add TPM PCR extension supportJulius Werner2015-04-201-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ChromeOS/vboot devices expect the TPM PCRs 0 and 1 to be extended with digests that attest the chosen boot mode (developer/recovery) and the HWID in a secure way. This patch uses the newly added vboot2 support functions to fetch these digests and store them in the TPM. CQ-DEPEND=CL:244542 BRANCH=veyron BUG=chromium:451609 TEST=Booted Jerry. Confirmed that PCR0 contains the same value as on my vboot1 Blaze and Falco (and PCR1 contains some non-zero hash). Original-Change-Id: I7037b8198c09fccee5440c4c85f0821166784cec Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/245119 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit 8b44e13098cb7493091f2ce6c4ab423f2cbf0177) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I549de8c07353683633fbf73e4ee62ba0ed72ff89 Reviewed-on: http://review.coreboot.org/9706 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
* vboot2: Implement new vb2ex_hwcrypto APIJulius Werner2015-04-181-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch aligns our verstage code to the new API addition in vboot2. The hardware crypto functions are stubbed out by default and just pretend that all algorithms are unsupported, causing vboot to fall back to the normal software hashing code. These weak symbols can be overridden by individual platform code to provide actual hardware crypto engine support. CQ-DEPEND=CL:236453 BRANCH=None BUG=chrome-os-partner:32987 TEST=Booted Pinky, confirmed vboot falls back to software crypto. Original-Change-Id: Idf6a38febd163aa2bff6e9a0e207213f01ca8324 Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/236435 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> (cherry picked from commit 9b5ee7f575f1aa3b0eb6ef78947ca93a4818f57b) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I6f0e19255a9bc5c5cd1767db76f1e47897ef0798 Reviewed-on: http://review.coreboot.org/9703 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* timestamps: You can never have enough of them!Julius Werner2015-04-141-4/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we have timestamps in pre-RAM stages, let's actually make use of them. This patch adds several timestamps to both the bootblock and especially the verstage to allow more fine-grained boot time tracking. Some of the introduced timestamps can appear more than once per boot. This doesn't seem to be a problem for both coreboot and the cbmem utility, and the context makes it clear which operation was timestamped at what point. Also simplifies cbmem's timestamp printing routine a bit, fixing a display bug when a timestamp had a section of exactly ",000," in it (e.g. 1,000,185). BRANCH=None BUG=None TEST=Booted Pinky, Blaze and Falco, confirmed that all timestamps show up and contained sane values. Booted Storm (no timestamps here since it doesn't support pre-RAM timestamps yet). Change-Id: I7f4d6aba3ebe3db0d003c7bcb2954431b74961b3 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 7a2ce81722aba85beefcc6c81f9908422b8da8fa Original-Change-Id: I5979bfa9445a9e0aba98ffdf8006c21096743456 Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/234063 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/9608 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* rk3288: Add CBMEM console support and fix RETURN_FROM_VERSTAGEJulius Werner2015-04-141-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we can now reduce our vboot2 work buffer by 4K, we can use all that hard-earned space for the CBMEM console instead (and 4K are unfortunately barely enough for all the stuff we dump with vboot2). Also add console_init() and exception_init() to the verstage for CONFIG_RETURN_FROM_VERSTAGE, which was overlooked before (our model requires those functions to be called again at the beginning of every stage... even though some consoles like UARTs might not need it, others like the CBMEM console do). In the !RETURN_FROM_VERSTAGE case, this is expected to be done by the platform-specific verstage entry wrapper, and already in place for the only implementation we have for now (tegra124). (Technically, there is still a bug in the case where EARLY_CONSOLE is set but BOOTBLOCK_CONSOLE isn't, since both verstage and romstage would run init_console_ptr() as if they were there first, so the romstage overwrites the verstage's output. I don't think it's worth fixing that now, since EARLY_CONSOLE && !BOOTBLOCK_CONSOLE is a pretty pointless use-case and I think we should probably just get rid of the CONFIG_BOOTBLOCK_CONSOLE option eventually.) BRANCH=None BUG=None TEST=Booted Pinky. Change-Id: I87914df3c72f0262eb89f337454009377a985497 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 85486928abf364c5d5d1cf69f7668005ddac023c Original-Change-Id: Id666cb7a194d32cfe688861ab17c5e908bc7760d Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/232614 Reviewed-on: http://review.coreboot.org/9607 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* vboot2: use offset to vboot2 work buffer instead of absolute addressDaisuke Nojiri2015-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | this change makes vb2_working_data struct point to the vboot work buffer by the offset instead of by the absolute address, which can be different depending on the context (e.g. subprocessor v.s. main cpu). BUG=none BRANCH=tot TEST=booted veyron pinky Change-Id: I2191ca756c4f49441b3a357338f9c84564b58918 Signed-off-by: Stefan Reinauer <reinauer@chromium.org> Original-Commit-Id: 93f8b1da2b2c81aa3a33892987a71e9e1e7a8eff Original-Change-Id: I4e4c12613304586b7395c5173cf08b8093f59521 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/236583 Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: http://review.coreboot.org/9588 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
* vboot: Include vb2_api.h, instead of lower-level vboot2 header filesRandall Spangler2015-04-101-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | This will allow vboot2 to continue refactoring without breaking coreboot, since there's now only a single file which needs to stay in sync. BUG=chromium:423882 BRANCH=none TEST=emerge-veyron_pinky coreboot CQ-DEPEND=CL:233050 Original-Change-Id: I74cae5f0badfb2d795eb5420354b9e6d0b4710f7 Original-Signed-off-by: Randall Spangler <rspangler@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/233051 Original-Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit df55e0365de8da85844f7e7b057ca5d2a9694a8b) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I999af95ccf8c326f2fd2de0f7da50515e02ad904 Reviewed-on: http://review.coreboot.org/9446 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
* vboot: move vboot files to designated directoryDaisuke Nojiri2015-04-101-0/+252
This moves vboot1 and vboot2 files to their designated directory. Common code stays in vendorcode/google/chromeos. BUG=none BRANCH=none TEST=built cosmos, veyron_pinky, rush_ryu, nyan_blaze, samus, parrot, lumpy, daisy_spring, and storm. Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Change-Id: Ia9fb41ba30930b79b222269acfade7ef44b23626 Original-Reviewed-on: https://chromium-review.googlesource.com/222874 Original-Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Original-Tested-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit cbfef9ad40776d890e2149b9db788fe0b387d210) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: Ia73696accfd93cc14ca83516fa77f87331faef51 Reviewed-on: http://review.coreboot.org/9433 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>