GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/vboot/Kconfig

142 lines
4.4 KiB
Text
Raw Normal View History

vboot: move vboot files to designated directory This moves vboot1 and vboot2 files to their designated directory. Common code stays in vendorcode/google/chromeos. BUG=none BRANCH=none TEST=built cosmos, veyron_pinky, rush_ryu, nyan_blaze, samus, parrot, lumpy, daisy_spring, and storm. Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Change-Id: Ia9fb41ba30930b79b222269acfade7ef44b23626 Original-Reviewed-on: https://chromium-review.googlesource.com/222874 Original-Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Original-Tested-by: Daisuke Nojiri <dnojiri@chromium.org> (cherry picked from commit cbfef9ad40776d890e2149b9db788fe0b387d210) Signed-off-by: Aaron Durbin <adurbin@chromium.org> Change-Id: Ia73696accfd93cc14ca83516fa77f87331faef51 Reviewed-on: http://review.coreboot.org/9433 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2014-10-10 19:51:06 +02:00
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
config VBOOT_VBNV_OFFSET
hex
default 0x26
depends on PC80_SYSTEM
help
CMOS offset for VbNv data. This value must match cmos.layout
in the mainboard directory, minus 14 bytes for the RTC.
config VBOOT_VBNV_CMOS
bool "Vboot non-volatile storage in CMOS."
default n
help
VBNV is stored in CMOS
config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
bool "Back up Vboot non-volatile storage from CMOS to flash."
default n
vboot/vbnv_flash: make I/O connection agnostic There's no need to be SPI specific w.r.t. how the flash is connected. Therefore, use the RW boot device to write the contents of VBNV. The erasable check was dropped because that information isn't available. All regions should be aligned accordingly on the platform for the underlying hardware implementation. And once the VBNV region fills the erase will fail. BUG=chrome-os-partner:56151 Change-Id: I07fdc8613e0b3884e132a2f158ffeabeaa6da6ce Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16206 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-08-12 19:48:58 +02:00
depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
help
Vboot non-volatile storage data will be backed up from CMOS to flash
and restored from flash if the CMOS is invalid due to power loss.
config VBOOT_VBNV_EC
bool "Vboot non-volatile storage in EC."
default n
help
VBNV is stored in EC
config VBOOT_VBNV_FLASH
def_bool n
vboot/vbnv_flash: make I/O connection agnostic There's no need to be SPI specific w.r.t. how the flash is connected. Therefore, use the RW boot device to write the contents of VBNV. The erasable check was dropped because that information isn't available. All regions should be aligned accordingly on the platform for the underlying hardware implementation. And once the VBNV region fills the erase will fail. BUG=chrome-os-partner:56151 Change-Id: I07fdc8613e0b3884e132a2f158ffeabeaa6da6ce Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: https://review.coreboot.org/16206 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Furquan Shaikh <furquan@google.com>
2016-08-12 19:48:58 +02:00
depends on BOOT_DEVICE_SUPPORTS_WRITES
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
help
VBNV is stored in flash storage
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
config VBOOT_STARTS_IN_BOOTBLOCK
vboot: allow options to be selected from .config In order to allow easier setting of variables without changing mainboards and/or chipset Kconfig files allow the vboot options to be selected by the user. Change-Id: I6e995eb209b4cd63c73ef679d0c5699759d129f5 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10153 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-05-08 23:01:31 +02:00
bool "Vboot starts verifying in bootblock"
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
default n
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
depends on VBOOT
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
help
Firmware verification happens during or at the end of bootblock.
config VBOOT_STARTS_IN_ROMSTAGE
vboot: allow options to be selected from .config In order to allow easier setting of variables without changing mainboards and/or chipset Kconfig files allow the vboot options to be selected by the user. Change-Id: I6e995eb209b4cd63c73ef679d0c5699759d129f5 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10153 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-05-08 23:01:31 +02:00
bool "Vboot starts verifying in romstage"
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
default n
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
help
Firmware verification happens during or at the end of romstage.
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
config VBOOT_MOCK_SECDATA
vboot: add mocked secdata This patch allows a board without a secdata storage (typically TPM) to pass the verification stage if recovery path is taken. It's useful for bringup when the actual board is not ready. BUG=none BRANCH=none TEST=booted the kernel from a usb stick on a cygnus reference board Change-Id: I5ab97d1198057d102a1708338d71c606fe106c75 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 5d45acee31fd5b7bfe7444f12e3622bae49fc329 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212418 Original-Reviewed-by: Daisuke Nojiri <dnojiri@google.com> Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Original-Tested-by: Daisuke Nojiri <dnojiri@google.com> Original-Change-Id: Iddd9af19a2b6428704254af0c17b642e7a976fb8 Original-Reviewed-on: https://chromium-review.googlesource.com/265046 Reviewed-on: http://review.coreboot.org/9919 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-09 17:18:22 +02:00
bool "Mock secdata for firmware verification"
default n
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
depends on VBOOT
vboot: add mocked secdata This patch allows a board without a secdata storage (typically TPM) to pass the verification stage if recovery path is taken. It's useful for bringup when the actual board is not ready. BUG=none BRANCH=none TEST=booted the kernel from a usb stick on a cygnus reference board Change-Id: I5ab97d1198057d102a1708338d71c606fe106c75 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 5d45acee31fd5b7bfe7444f12e3622bae49fc329 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212418 Original-Reviewed-by: Daisuke Nojiri <dnojiri@google.com> Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Original-Tested-by: Daisuke Nojiri <dnojiri@google.com> Original-Change-Id: Iddd9af19a2b6428704254af0c17b642e7a976fb8 Original-Reviewed-on: https://chromium-review.googlesource.com/265046 Reviewed-on: http://review.coreboot.org/9919 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-09 17:18:22 +02:00
help
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware
vboot: add mocked secdata This patch allows a board without a secdata storage (typically TPM) to pass the verification stage if recovery path is taken. It's useful for bringup when the actual board is not ready. BUG=none BRANCH=none TEST=booted the kernel from a usb stick on a cygnus reference board Change-Id: I5ab97d1198057d102a1708338d71c606fe106c75 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 5d45acee31fd5b7bfe7444f12e3622bae49fc329 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212418 Original-Reviewed-by: Daisuke Nojiri <dnojiri@google.com> Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Original-Tested-by: Daisuke Nojiri <dnojiri@google.com> Original-Change-Id: Iddd9af19a2b6428704254af0c17b642e7a976fb8 Original-Reviewed-on: https://chromium-review.googlesource.com/265046 Reviewed-on: http://review.coreboot.org/9919 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-09 17:18:22 +02:00
verification to avoid access to a secdata storage (typically TPM).
All operations for a secdata storage will be successful. This option
can be used during development when a TPM is not present or broken.
THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
vboot2: provide config option to clear dev mode state on recovery On embedded devices with limited input capabilities it is necessary to clear the developer mode condition when entering recovery. The new configuration option will enable such behavior using the new vboot2 flag. CQ-DEPEND=CL:261630 BRANCH=storm BUG=chrome-os-partner:36059 TEST=with the rest of the patches applies observed desired behavior on SP5 Change-Id: I99c3d1330bea9980a2af3b9fd99e29ab96f2cf07 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 4c0a6315d6b4ede8d43e736ee6c82f1023f4716d Original-Change-Id: I8e4a521e574b53a670daf692f7b45dc21635f272 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/261620 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/9878 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-03-21 00:11:13 +01:00
config VBOOT_DISABLE_DEV_ON_RECOVERY
bool "Disable dev mode on recovery requests"
default n
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
depends on VBOOT
vboot2: provide config option to clear dev mode state on recovery On embedded devices with limited input capabilities it is necessary to clear the developer mode condition when entering recovery. The new configuration option will enable such behavior using the new vboot2 flag. CQ-DEPEND=CL:261630 BRANCH=storm BUG=chrome-os-partner:36059 TEST=with the rest of the patches applies observed desired behavior on SP5 Change-Id: I99c3d1330bea9980a2af3b9fd99e29ab96f2cf07 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 4c0a6315d6b4ede8d43e736ee6c82f1023f4716d Original-Change-Id: I8e4a521e574b53a670daf692f7b45dc21635f272 Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Original-Reviewed-on: https://chromium-review.googlesource.com/261620 Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/9878 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-03-21 00:11:13 +01:00
help
When this option is enabled, the Chrome OS device leaves the
developer mode as soon as recovery request is detected. This is
handy on embedded devices with limited input capabilities.
vboot2: Allow merging verstage into bootblock Change-Id: I31cd7f84db8b7176c8854f33421aab5c176cd5ce Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/10007 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-27 18:13:50 +02:00
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
config SEPARATE_VERSTAGE
vboot: allow options to be selected from .config In order to allow easier setting of variables without changing mainboards and/or chipset Kconfig files allow the vboot options to be selected by the user. Change-Id: I6e995eb209b4cd63c73ef679d0c5699759d129f5 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10153 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-05-08 23:01:31 +02:00
bool "Vboot verification is built into a separate stage"
vboot2: Allow merging verstage into bootblock Change-Id: I31cd7f84db8b7176c8854f33421aab5c176cd5ce Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/10007 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-27 18:13:50 +02:00
default n
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
depends on VBOOT
vboot2: Allow merging verstage into bootblock Change-Id: I31cd7f84db8b7176c8854f33421aab5c176cd5ce Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/10007 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-27 18:13:50 +02:00
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
config RETURN_FROM_VERSTAGE
vboot: allow options to be selected from .config In order to allow easier setting of variables without changing mainboards and/or chipset Kconfig files allow the vboot options to be selected by the user. Change-Id: I6e995eb209b4cd63c73ef679d0c5699759d129f5 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10153 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-05-08 23:01:31 +02:00
bool "The separate verification stage returns to its caller"
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
default n
depends on SEPARATE_VERSTAGE
help
If this is set, the verstage returns back to the calling stage instead
of exiting to the succeeding stage so that the verstage space can be
src/vboot: Capitalize RAM and CPU Change-Id: Iff6b1b08b8159588b964d9637b16e1e0bfcca940 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/15986 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Martin Roth <martinroth@google.com>
2016-07-30 16:18:46 +02:00
reused by the succeeding stage. This is useful if a RAM space is too
vboot: add and rejuggle Kconfig options The ChromeOS machines employing vboot verfication require different combinations of support: 1. When vboot verification starts. 2. Is the vboot code a separate stage or program? 3. If a separate stage, does the that vboot program (verstage) return to the stage that loaded the verstage? For the above, #1 is dependent on when to load/run vboot logic which is orthogonal to #2. However, #3 is dependent on #2. The logic to act on the combinations follows in subsequent patches. Change-Id: I39ef7a7c2858e7de43aa99c38121e85a57f1f2f6 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10024 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-28 23:17:25 +02:00
small to fit both the verstage and the succeeding stage.
vboot: move Kconfig options for stage indicies With vboot1 out of the way place all the associated Kconfig options in vboot2's Kconfig file (excluding main vboot verify option). More options will be added to accomodate vboot's various combinations of use cases. Change-Id: I17b06d741a36a5e2fefb2757651a61bfed61ae1e Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/10023 Reviewed-by: Patrick Georgi <pgeorgi@google.com> Tested-by: build bot (Jenkins)
2015-04-28 23:02:17 +02:00
google/chromeos: Add support for saving recovery reason across reboot On some x86 platforms (skylake, apollolake), we observe reboots at different steps during the FSP initialization. These additional reboots result in loss of recovery request because vboot_reference library clears recovery request on vbnv once verification is complete and it has made a decision about which boot path to take(normal/dev, slot-a/slot-b, recovery). Provide a way to allow mainboards/chipsets to inform recovery module in vboot2 to save recovery reason to survive unexpected reboots. The recovery reason is set in vbnv after vboot_reference library completes its verification and clears the reason in vbnv while jumping to payload. BUG=chrome-os-partner:55431 Change-Id: Ie96be9aeb42c8209d8215943409e6327d6a8bf98 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15802 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-07-22 17:56:43 +02:00
config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT
bool
default n
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
depends on VBOOT
google/chromeos: Add support for saving recovery reason across reboot On some x86 platforms (skylake, apollolake), we observe reboots at different steps during the FSP initialization. These additional reboots result in loss of recovery request because vboot_reference library clears recovery request on vbnv once verification is complete and it has made a decision about which boot path to take(normal/dev, slot-a/slot-b, recovery). Provide a way to allow mainboards/chipsets to inform recovery module in vboot2 to save recovery reason to survive unexpected reboots. The recovery reason is set in vbnv after vboot_reference library completes its verification and clears the reason in vbnv while jumping to payload. BUG=chrome-os-partner:55431 Change-Id: Ie96be9aeb42c8209d8215943409e6327d6a8bf98 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15802 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-07-22 17:56:43 +02:00
help
This option ensures that the recovery request is not lost because of
reboots caused after vboot verification is run. e.g. reboots caused by
FSP components on Intel platforms.
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
config VBOOT_OPROM_MATTERS
bool "Video option ROM matters (= can skip display init)"
default n
depends on VBOOT
help
Set this option to indicate to vboot that this platform will skip its
display initialization on a normal (non-recovery, non-developer) boot.
Vboot calls this "oprom matters" because on x86 devices this
traditionally meant that the video option ROM will not be loaded, but
it works functionally the same for other platforms that can skip their
native display initialization code instead.
vboot: Add support for recovery hash space in TPM 1. Add a new index for recovery hash space in TPM - 0x100b 2. Add helper functions to read/write/lock recovery hash space in TPM 3. Add Kconfig option that can be selected by mainboards that want to define this space. 4. Lock this new space while jumping from RO to RW. BUG=chrome-os-partner:59355 BRANCH=None TEST=Verified use of recovery hash space on reef. Change-Id: I1cacd54f0a896d0f2af32d4b7c9ae581a918f9bb Signed-off-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: https://review.coreboot.org/17273 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-11-08 08:47:11 +01:00
config VBOOT_HAS_REC_HASH_SPACE
bool
default n
depends on VBOOT
help
Set this option to indicate to vboot that recovery data hash space
is present in TPM.
vboot: Allow other platforms to use soft reboot workaround Add a Kconfig value to enable other platforms to use the soft reboot workaround. TEST=Build and run on Galileo Gen2 Change-Id: I5a7ebd200229654128d367ecb50647ff69bb5258 Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com> Reviewed-on: https://review.coreboot.org/18798 Tested-by: Martin Roth <martinroth@google.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2017-03-14 01:25:36 +01:00
config VBOOT_SOFT_REBOOT_WORKAROUND
bool
default n
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
config VBOOT
bool "Verify firmware with vboot."
default n
vboot: Move TPM-related Kconfig selects from CHROMEOS to VBOOT CONFIG_VBOOT was recently moved to be independent from CONFIG_CHROMEOS. However, the latter still has some 'select' clauses to ensure that required TPM libraries are built. The TPM is an essential part of vboot, and without these libraries the vboot code cannot compile... therefore, they should be moved under CONFIG_VBOOT. Change-Id: I0145558e5127c65c6a82d62f25b5a39e24cb8726 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/16229 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2016-08-16 01:10:27 +02:00
select TPM if !MAINBOARD_HAS_TPM2
select TPM2 if MAINBOARD_HAS_TPM2
select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM
select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM
vboot: Separate vboot from chromeos VBOOT_VERIFY_FIRMWARE should be independent of CHROMEOS. This allows use of verified boot library without having to stick to CHROMEOS. BUG=chrome-os-partner:55639 Change-Id: Ia2c328712caedd230ab295b8a613e3c1ed1532d9 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://review.coreboot.org/15867 Tested-by: build bot (Jenkins) Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2016-07-25 20:48:03 +02:00
depends on HAVE_HARD_RESET
help
Enabling VBOOT will use vboot to verify the components of the firmware
(stages, payload, etc).
Reference in a new issue Copy permalink