aboutsummaryrefslogtreecommitdiffstats
path: root/src/vendorcode/google/chromeos/vboot2
Commit message (Collapse)AuthorAgeFilesLines
* chromeos: vboot2: Add TPM PCR extension supportJulius Werner2015-04-202-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ChromeOS/vboot devices expect the TPM PCRs 0 and 1 to be extended with digests that attest the chosen boot mode (developer/recovery) and the HWID in a secure way. This patch uses the newly added vboot2 support functions to fetch these digests and store them in the TPM. CQ-DEPEND=CL:244542 BRANCH=veyron BUG=chromium:451609 TEST=Booted Jerry. Confirmed that PCR0 contains the same value as on my vboot1 Blaze and Falco (and PCR1 contains some non-zero hash). Original-Change-Id: I7037b8198c09fccee5440c4c85f0821166784cec Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/245119 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Original-Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit 8b44e13098cb7493091f2ce6c4ab423f2cbf0177) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I549de8c07353683633fbf73e4ee62ba0ed72ff89 Reviewed-on: http://review.coreboot.org/9706 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
* vboot2 workbuf alignment is now 16 bytes, not 8Bill Richardson2015-04-201-2/+5
| | | | | | | | | | | | | | | | | | | | | | BUG=chromium:452179 BRANCH=ToT CQ-DEPEND=CL:243362 TEST=manual emerge-veyron_pinky coreboot Original-Change-Id: Ibcbaea2990e5e06ea7cfaaa5412ef7c1477f5fcc Original-Signed-off-by: Bill Richardson <wfrichar@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/243380 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> (cherry picked from commit 8e5c18eeb21944bdcb064b4491c6781d16ef5608) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I26f6fb67655cb1dfbdcdc48530ef6bfeb1aa692a Reviewed-on: http://review.coreboot.org/9705 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
* vboot2: provide path for booting using alternative CBFS instancesVadim Bendebury2015-04-182-11/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | When CONFIG_MULTIPLE_CBFS_INSTANCES is enabled, the image is expected to have CBFS instances in rw-a and rw-b sections of the bootrom. This patch adds code which makes sure that CBFS header points at the proper bootrpom section as determined by vboot, and the RW stages load from that section. BRANCH=storm BUG=chrome-os-partner:34161, chromium:445938 TEST=with the rest of the patches in, STORM boots all the way into Linux login prompt. Original-Change-Id: I187e3d3e65d548c672fdf3b42419544d3bd11ea1 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/237662 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> (cherry picked from commit 71ad0bb41b183374a84a5b9fb92c3afd813ceace) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: Ia05cb713981c44da8cb379b72dfbe17fe1f6c5ff Reviewed-on: http://review.coreboot.org/9704 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* vboot2: Implement new vb2ex_hwcrypto APIJulius Werner2015-04-181-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch aligns our verstage code to the new API addition in vboot2. The hardware crypto functions are stubbed out by default and just pretend that all algorithms are unsupported, causing vboot to fall back to the normal software hashing code. These weak symbols can be overridden by individual platform code to provide actual hardware crypto engine support. CQ-DEPEND=CL:236453 BRANCH=None BUG=chrome-os-partner:32987 TEST=Booted Pinky, confirmed vboot falls back to software crypto. Original-Change-Id: Idf6a38febd163aa2bff6e9a0e207213f01ca8324 Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/236435 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> (cherry picked from commit 9b5ee7f575f1aa3b0eb6ef78947ca93a4818f57b) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I6f0e19255a9bc5c5cd1767db76f1e47897ef0798 Reviewed-on: http://review.coreboot.org/9703 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* vboot: make vboot2_verify_firmware returnDaisuke Nojiri2015-04-182-8/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | this allows each board to decide what to do after firmware verification is done. some board needs to return back to the previous stage and let the previous stage kick off the verified stage. this also makes it more visible what is going to happen in the verstage since stage_exit now resides in main(). BUG=none BRANCH=tot TEST=booted cosmos dev board. booted blaze in normal and recovery mode. built for all current boards. Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Change-Id: I3cb466cedf2a9c2b0d48fc4b0f73f76d0714c0c7 Original-Reviewed-on: https://chromium-review.googlesource.com/232517 (cherry picked from commit 495704f36aa54ba12231d396376f01289d083f58) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: Ic20dfd3fa93849befc2b37012a5e0907fe83e8e2 Reviewed-on: http://review.coreboot.org/9702 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* chromeos: Move memlayout.h/symbols.h into common directoryJulius Werner2015-04-174-84/+2
| | | | | | | | | | | | | | | | | | | | | Turns out there are uses for memlayout regions not specific to vboot2. Rather than add yet another set of headers for a single region, let's make the vboot2 one common for chromeos. BRANCH=veyron BUG=chrome-os-partner:35705 TEST=Booted Jerry, compiled Blaze, Cosmos, Ryu and Storm. Change-Id: I228e0ffce1ccc792e7f5f5be6facaaca2650d818 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: c6d7aab9f4e6d0cfa12aa0478288e54ec3096d9b Original-Change-Id: I1dd7d9c4b6ab24de695d42a38913b6d9b952d49b Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/242630 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/9748 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* timestamps: You can never have enough of them!Julius Werner2015-04-143-16/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we have timestamps in pre-RAM stages, let's actually make use of them. This patch adds several timestamps to both the bootblock and especially the verstage to allow more fine-grained boot time tracking. Some of the introduced timestamps can appear more than once per boot. This doesn't seem to be a problem for both coreboot and the cbmem utility, and the context makes it clear which operation was timestamped at what point. Also simplifies cbmem's timestamp printing routine a bit, fixing a display bug when a timestamp had a section of exactly ",000," in it (e.g. 1,000,185). BRANCH=None BUG=None TEST=Booted Pinky, Blaze and Falco, confirmed that all timestamps show up and contained sane values. Booted Storm (no timestamps here since it doesn't support pre-RAM timestamps yet). Change-Id: I7f4d6aba3ebe3db0d003c7bcb2954431b74961b3 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 7a2ce81722aba85beefcc6c81f9908422b8da8fa Original-Change-Id: I5979bfa9445a9e0aba98ffdf8006c21096743456 Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/234063 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/9608 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* rk3288: Add CBMEM console support and fix RETURN_FROM_VERSTAGEJulius Werner2015-04-141-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we can now reduce our vboot2 work buffer by 4K, we can use all that hard-earned space for the CBMEM console instead (and 4K are unfortunately barely enough for all the stuff we dump with vboot2). Also add console_init() and exception_init() to the verstage for CONFIG_RETURN_FROM_VERSTAGE, which was overlooked before (our model requires those functions to be called again at the beginning of every stage... even though some consoles like UARTs might not need it, others like the CBMEM console do). In the !RETURN_FROM_VERSTAGE case, this is expected to be done by the platform-specific verstage entry wrapper, and already in place for the only implementation we have for now (tegra124). (Technically, there is still a bug in the case where EARLY_CONSOLE is set but BOOTBLOCK_CONSOLE isn't, since both verstage and romstage would run init_console_ptr() as if they were there first, so the romstage overwrites the verstage's output. I don't think it's worth fixing that now, since EARLY_CONSOLE && !BOOTBLOCK_CONSOLE is a pretty pointless use-case and I think we should probably just get rid of the CONFIG_BOOTBLOCK_CONSOLE option eventually.) BRANCH=None BUG=None TEST=Booted Pinky. Change-Id: I87914df3c72f0262eb89f337454009377a985497 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 85486928abf364c5d5d1cf69f7668005ddac023c Original-Change-Id: Id666cb7a194d32cfe688861ab17c5e908bc7760d Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/232614 Reviewed-on: http://review.coreboot.org/9607 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
* vboot2: Fill vboot1 handoff with correct TPM firmware versionJulius Werner2015-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | sd->fw_version represents the version of the *current* firmware, which is not necessarily the same as the one stored in the TPM (and may be 0 in recovery mode). Use the newly added sd->fw_version_secdata instead which contains a more correct value. CQ-DEPEND=CL:244601 BRANCH=veyron BUG=chrome-os-partner:35941 TEST=Booted Jerry in recovery mode, confirmed crossystem tpm_fwver was corrent (and not 0). Change-Id: I30f5998da5ac518d6fcb7a651eba4e1fabc14478 Signed-off-by: Stefan Reinauer <reinauer@chromium.org> Original-Commit-Id: eb8142f69cea34e11f9081caafcaae7a15cc3801 Original-Change-Id: Id95bd8c6412f2e8b2ae643c3b5a3dee13d0d47be Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/244591 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: http://review.coreboot.org/9565 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
* The vboot_reference fwlib2 target has changed to fwlib20Bill Richardson2015-04-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are multiple vboot APIs (1.0, 2.0, 2.1). We have to be explicit about which library we want to link with. When building firmware, the vboot_reference Makefile should be invoked in one of three ways: TARGET OUTPUT VERSION fwlib vboot_fw.a 1.0 fwlib20 vboot_fw20.a 2.0 fwlib21 vboot_fw21.a 2.1 BUG=chromium:228932 BRANCH=ToT CQ-DEPEND=CL:243980 TEST=manual emerge-veyron_pinky vboot_reference coreboot emerge-samus vboot_reference coreboot emerge-daisy_spring vboot_reference chromeos-u-boot Change-Id: I7dde513c49b8148bf46e8768ae438e1a85af4243 Signed-off-by: Stefan Reinauer <reinauer@chromium.org> Original-Commit-Id: 5e339cadad4815f061d4e5e20a9c9733f64cc90b Original-Change-Id: I850646117211930d9215693c48f2c30d55a984d3 Original-Signed-off-by: Bill Richardson <wfrichar@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/243981 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: http://review.coreboot.org/9564 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
* vboot2: use offset to vboot2 work buffer instead of absolute addressDaisuke Nojiri2015-04-135-7/+13
| | | | | | | | | | | | | | | | | | | | | this change makes vb2_working_data struct point to the vboot work buffer by the offset instead of by the absolute address, which can be different depending on the context (e.g. subprocessor v.s. main cpu). BUG=none BRANCH=tot TEST=booted veyron pinky Change-Id: I2191ca756c4f49441b3a357338f9c84564b58918 Signed-off-by: Stefan Reinauer <reinauer@chromium.org> Original-Commit-Id: 93f8b1da2b2c81aa3a33892987a71e9e1e7a8eff Original-Change-Id: I4e4c12613304586b7395c5173cf08b8093f59521 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/236583 Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: http://review.coreboot.org/9588 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
* vboot: Include vb2_api.h, instead of lower-level vboot2 header filesRandall Spangler2015-04-103-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | This will allow vboot2 to continue refactoring without breaking coreboot, since there's now only a single file which needs to stay in sync. BUG=chromium:423882 BRANCH=none TEST=emerge-veyron_pinky coreboot CQ-DEPEND=CL:233050 Original-Change-Id: I74cae5f0badfb2d795eb5420354b9e6d0b4710f7 Original-Signed-off-by: Randall Spangler <rspangler@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/233051 Original-Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit df55e0365de8da85844f7e7b057ca5d2a9694a8b) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I999af95ccf8c326f2fd2de0f7da50515e02ad904 Reviewed-on: http://review.coreboot.org/9446 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
* vboot2: Reduce minimum required work buffer sizeJulius Werner2015-04-101-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apparently our initial submission of 16K was a little too generous for the vboot2 work buffer, and I hear that we should also be well within bounds for 12K. This patch reduces the minimum asserted by memlayout so some of our low-mem boards can get a few more kilobytes back for discretionary spending. Also changes the required minimum alignment to 8 since that's what the current vboot code aligns it to anyway, and add a warning comment to make it clearer that this is a dangerous number people should not be playing with lightly. BRANCH=None BUG=None TEST=Built and booted on Pinky. Original-Change-Id: Iae9c74050500a315c90f5d5517427d755ac1dfea Original-Signed-off-by: Julius Werner <jwerner@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/232613 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> (cherry picked from commit 64e972f10363451cd544fdf8642bd484463703bc) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I362b8c33cf79534bb76bd7acda44d467563fe133 Reviewed-on: http://review.coreboot.org/9445 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
* vboot: add physical recovery switch supportDaisuke Nojiri2015-04-101-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | PHYSICAL_REC_SWITCH is set n by default and y for panther and stumpy. BUG=none BRANCH=ToT TEST=Built nyan_blaze using vboot1/2. Built falco, lumpy, nyan, blaze, parrot, rambi, samus, storm, pinky with default configuration. panther and stumpy are not tested because they currently don't build on ToT. Original-Change-Id: Ic45f78708aaa7e485d2ab459fd1948524edb412f Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/227940 Original-Reviewed-on: https://chromium-review.googlesource.com/229602 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> Original-Reviewed-by: David Hendricks <dhendrix@chromium.org> (cherry picked from commit edb2ba347b48887ffe450586af0351e384faad59) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I277f665cd4f3e1c21745cdc5c7a2cfe148661abe Reviewed-on: http://review.coreboot.org/9444 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
* vboot2: update fw_version_tpm when creating vboot1 shared dataDaisuke Nojiri2015-04-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | This changes copies firmware version from vboot2 shared data to vboot1 shared data. This fixes FAFT firmware_TPMVersionCheck test. BUG=none BRANCH=ToT TEST=firmware_TPMVersionCheck passed on Nyan Kitty. Original-Change-Id: Idfd282931421dc16cd1aa82c7ccb6c6790a4d0d7 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/230186 Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> Original-Tested-by: Yen Lin <yelin@nvidia.com> (cherry picked from commit 1f590741893bee75d872184eba01c62e92455816) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I205b651976d047923815efcd45b114cc7bf866e4 Reviewed-on: http://review.coreboot.org/9443 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
* vboot: reduce references to parent's files in MakefilesDaisuke Nojiri2015-04-101-9/+6
| | | | | | | | | | | | | | | | | | | | | | this change also allows vboot1 code to use flash as nvram device. BUG=none BRANCH=ToT TEST=Built nyan_blazw using vboot1/2. Built falco, lumpy, nyan, blaze, parrot, rambi, samus, storm, pinky with default configuration. Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Change-Id: Ie97a4436d4fc10851a535adfdb45c4d499e45b5d Original-Reviewed-on: https://chromium-review.googlesource.com/229598 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> (cherry picked from commit 8ac8ff28bab1337782e8694275bb2c644b86f38a) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: Ief087fedbf29b4b82c1668ad5603c121323dcbf2 Reviewed-on: http://review.coreboot.org/9440 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
* vboot: adding VBSD_BOOT_FIRMWARE_WP_ENABLED logicGediminas Ramanauskas2015-04-101-1/+4
| | | | | | | | | | | | | | | | | | | BUG=chrome-os-partner:33395 BRANCH=none TEST=emerge and test using crossystem Original-Change-Id: I0d49f85219d45c837a7100e0195bef86da2c6cdd Original-Signed-off-by: Gediminas Ramanauskas <gedis@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/227546 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> (cherry picked from commit 5a2868e04140973691136adfd7d9e6d1aa1f6dae) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: I93c1ea9ce1270c2c143fd44ead2291dfbc114c00 Reviewed-on: http://review.coreboot.org/9437 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
* vboot: move vboot files to designated directoryDaisuke Nojiri2015-04-1011-0/+1235
This moves vboot1 and vboot2 files to their designated directory. Common code stays in vendorcode/google/chromeos. BUG=none BRANCH=none TEST=built cosmos, veyron_pinky, rush_ryu, nyan_blaze, samus, parrot, lumpy, daisy_spring, and storm. Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Change-Id: Ia9fb41ba30930b79b222269acfade7ef44b23626 Original-Reviewed-on: https://chromium-review.googlesource.com/222874 Original-Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Original-Tested-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit cbfef9ad40776d890e2149b9db788fe0b387d210) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: Ia73696accfd93cc14ca83516fa77f87331faef51 Reviewed-on: http://review.coreboot.org/9433 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>