2016-07-22 17:28:57 +02:00
|
|
|
/*
|
|
|
|
|
* This file is part of the coreboot project.
|
|
|
|
|
*
|
|
|
|
|
* Copyright 2016 Google Inc.
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; version 2 of the License.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-04-25 11:10:52 +02:00
|
|
|
#define NEED_VB20_INTERNALS /* Peeking into vb2_shared_data */
|
|
|
|
|
|
2016-07-22 17:28:57 +02:00
|
|
|
#include <assert.h>
|
2016-07-25 20:48:03 +02:00
|
|
|
#include <bootmode.h>
|
2016-07-22 17:56:43 +02:00
|
|
|
#include <bootstate.h>
|
2016-12-14 21:40:43 +01:00
|
|
|
#include <cbmem.h>
|
2016-07-22 17:28:57 +02:00
|
|
|
#include <vb2_api.h>
|
2017-10-17 17:02:29 +02:00
|
|
|
#include <security/vboot/misc.h>
|
|
|
|
|
#include <security/vboot/vbnv.h>
|
|
|
|
|
#include <security/vboot/vboot_common.h>
|
2016-07-22 17:28:57 +02:00
|
|
|
|
2019-03-13 15:38:07 +01:00
|
|
|
static int vboot_get_recovery_reason_shared_data(void)
|
2016-07-22 17:28:57 +02:00
|
|
|
{
|
2019-03-13 15:38:07 +01:00
|
|
|
struct vb2_shared_data *sd = vboot_get_shared_data();
|
2016-07-22 17:28:57 +02:00
|
|
|
assert(sd);
|
|
|
|
|
return sd->recovery_reason;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-13 15:38:07 +01:00
|
|
|
void vboot_save_recovery_reason_vbnv(void)
|
2016-07-22 17:56:43 +02:00
|
|
|
{
|
2019-03-06 01:53:33 +01:00
|
|
|
if (!CONFIG(VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
|
2016-07-22 17:56:43 +02:00
|
|
|
return;
|
|
|
|
|
|
2019-03-13 15:38:07 +01:00
|
|
|
int reason = vboot_get_recovery_reason_shared_data();
|
2016-07-22 17:56:43 +02:00
|
|
|
if (!reason)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
set_recovery_mode_into_vbnv(reason);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void vb2_clear_recovery_reason_vbnv(void *unused)
|
|
|
|
|
{
|
2019-03-06 01:53:33 +01:00
|
|
|
if (!CONFIG(VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
|
2016-07-22 17:56:43 +02:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
set_recovery_mode_into_vbnv(0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Recovery reason stored in VBNV needs to be cleared before the state of VBNV
|
|
|
|
|
* is backed-up anywhere or jumping to the payload (whichever occurs
|
|
|
|
|
* first). Currently, vbnv_cmos.c backs up VBNV on POST_DEVICE. Thus, we need to
|
|
|
|
|
* make sure that the stored recovery reason is cleared off before that
|
|
|
|
|
* happens.
|
|
|
|
|
* IMPORTANT: Any reboot occurring after BS_DEV_INIT state will cause loss of
|
2018-08-07 12:15:54 +02:00
|
|
|
* recovery reason on reboot. Until now, we have seen reboots occurring on x86
|
2016-07-22 17:56:43 +02:00
|
|
|
* only in FSP stages which run before BS_DEV_INIT.
|
|
|
|
|
*/
|
|
|
|
|
BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT,
|
|
|
|
|
vb2_clear_recovery_reason_vbnv, NULL);
|
|
|
|
|
|
2016-07-22 17:28:57 +02:00
|
|
|
/*
|
|
|
|
|
* Returns 1 if vboot is being used and currently in a stage which might have
|
|
|
|
|
* already executed vboot verification.
|
|
|
|
|
*/
|
|
|
|
|
static int vboot_possibly_executed(void)
|
|
|
|
|
{
|
2019-03-06 01:53:33 +01:00
|
|
|
if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) {
|
|
|
|
|
if (ENV_BOOTBLOCK && CONFIG(VBOOT_SEPARATE_VERSTAGE))
|
2016-07-22 17:28:57 +02:00
|
|
|
return 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-06 01:53:33 +01:00
|
|
|
if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
|
2016-07-22 17:28:57 +02:00
|
|
|
if (ENV_BOOTBLOCK)
|
|
|
|
|
return 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* vb2_check_recovery_request looks up different components to identify if there
|
|
|
|
|
* is a recovery request and returns appropriate reason code:
|
|
|
|
|
* 1. Checks if recovery mode is initiated by EC. If yes, returns
|
|
|
|
|
* VB2_RECOVERY_RO_MANUAL.
|
|
|
|
|
* 2. Checks if recovery request is present in VBNV and returns the code read
|
|
|
|
|
* from it.
|
2019-06-16 10:44:26 +02:00
|
|
|
* 3. Checks if vboot verification is done and looks up selected region
|
|
|
|
|
* to identify if vboot_reference library has requested recovery path.
|
|
|
|
|
* If yes, return the reason code from shared data.
|
|
|
|
|
* 4. If nothing applies, return 0 indicating no recovery request.
|
2016-07-22 17:28:57 +02:00
|
|
|
*/
|
|
|
|
|
int vboot_check_recovery_request(void)
|
|
|
|
|
{
|
|
|
|
|
int reason = 0;
|
|
|
|
|
|
|
|
|
|
/* EC-initiated recovery. */
|
|
|
|
|
if (get_recovery_mode_switch())
|
|
|
|
|
return VB2_RECOVERY_RO_MANUAL;
|
|
|
|
|
|
|
|
|
|
/* Recovery request in VBNV. */
|
|
|
|
|
if ((reason = get_recovery_mode_from_vbnv()) != 0)
|
|
|
|
|
return reason;
|
|
|
|
|
|
|
|
|
|
/*
|
2019-06-16 10:44:26 +02:00
|
|
|
* Identify if vboot verification is already complete and no slot
|
|
|
|
|
* was selected i.e. recovery path was requested.
|
2016-07-22 17:28:57 +02:00
|
|
|
*/
|
2019-03-13 15:38:07 +01:00
|
|
|
if (vboot_possibly_executed() && vboot_logic_executed() &&
|
|
|
|
|
!vboot_is_slot_selected())
|
|
|
|
|
return vboot_get_recovery_reason_shared_data();
|
2016-07-22 17:28:57 +02:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-07-25 22:02:36 +02:00
|
|
|
|
|
|
|
|
int vboot_recovery_mode_enabled(void)
|
|
|
|
|
{
|
|
|
|
|
return !!vboot_check_recovery_request();
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-21 22:45:32 +02:00
|
|
|
int __weak clear_recovery_mode_switch(void)
|
2017-02-14 02:53:29 +01:00
|
|
|
{
|
|
|
|
|
// Weak implementation. Nothing to do.
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-21 22:45:32 +02:00
|
|
|
void __weak log_recovery_mode_switch(void)
|
2017-02-14 02:53:29 +01:00
|
|
|
{
|
|
|
|
|
// Weak implementation. Nothing to do.
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-21 22:45:32 +02:00
|
|
|
int __weak get_recovery_mode_retrain_switch(void)
|
2016-11-06 07:52:08 +01:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int vboot_recovery_mode_memory_retrain(void)
|
|
|
|
|
{
|
|
|
|
|
return get_recovery_mode_retrain_switch();
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-25 22:02:36 +02:00
|
|
|
int vboot_developer_mode_enabled(void)
|
|
|
|
|
{
|
2019-05-17 08:26:01 +02:00
|
|
|
return cbmem_possibly_online() &&
|
|
|
|
|
vboot_get_working_data()->flags & VBOOT_WD_FLAG_DEVELOPER_MODE;
|
2016-07-25 22:02:36 +02:00
|
|
|
}
|
2017-10-18 15:29:26 +02:00
|
|
|
|
2019-03-06 01:53:33 +01:00
|
|
|
#if CONFIG(VBOOT_NO_BOARD_SUPPORT)
|
2017-10-18 15:29:26 +02:00
|
|
|
/**
|
|
|
|
|
* TODO: Create flash protection interface which implements get_write_protect_state.
|
|
|
|
|
* get_recovery_mode_switch should be implemented as default function.
|
|
|
|
|
*/
|
2018-04-21 22:45:32 +02:00
|
|
|
int __weak get_write_protect_state(void)
|
2017-10-18 15:29:26 +02:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-21 22:45:32 +02:00
|
|
|
int __weak get_recovery_mode_switch(void)
|
2017-10-18 15:29:26 +02:00
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
