diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c index c557f25c14..8ecb5d81eb 100644 --- a/src/security/vboot/vboot_common.c +++ b/src/security/vboot/vboot_common.c @@ -64,3 +64,18 @@ void vboot_reboot(void) vboot_platform_prepare_reboot(); board_reset(); } + +void vboot_save_and_reboot(struct vb2_context *ctx, uint8_t subcode) +{ + printk(BIOS_INFO, "vboot: reboot requested (%#x)\n", subcode); + vboot_save_data(ctx); + vboot_reboot(); +} + +void vboot_fail_and_reboot(struct vb2_context *ctx, uint8_t reason, uint8_t subcode) +{ + if (reason) + vb2api_fail(ctx, reason, subcode); + + vboot_save_and_reboot(ctx, subcode); +} diff --git a/src/security/vboot/vboot_common.h b/src/security/vboot/vboot_common.h index 512da0e91f..2399bf30ce 100644 --- a/src/security/vboot/vboot_common.h +++ b/src/security/vboot/vboot_common.h @@ -20,6 +20,16 @@ int vboot_check_recovery_request(void); */ void vboot_reboot(void); +/* + * Save vboot data and reboot device. Subcode will only be printed. To store + * failure reason and subcode vb2api_fail() should be called before this + * function or vboot_fail_and_reboot() should be used instead. + */ +void vboot_save_and_reboot(struct vb2_context *ctx, uint8_t subcode); + +/* Call vb2api_fail() with reason and subcode, save vboot data and reboot. */ +void vboot_fail_and_reboot(struct vb2_context *ctx, uint8_t reason, uint8_t subcode); + /* Allow the platform to do any clean up work when vboot requests a reboot. */ void vboot_platform_prepare_reboot(void); diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 2230b5ab57..660b7da1be 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -327,30 +327,22 @@ void verstage_main(void) goto verstage_main_exit; } - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_save_data(ctx); - vboot_reboot(); + vboot_save_and_reboot(ctx, rv); } /* Determine which firmware slot to boot (based on NVRAM) */ printk(BIOS_INFO, "Phase 2\n"); rv = vb2api_fw_phase2(ctx); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_save_data(ctx); - vboot_reboot(); - } + if (rv) + vboot_save_and_reboot(ctx, rv); /* Try that slot (verify its keyblock and preamble) */ printk(BIOS_INFO, "Phase 3\n"); timestamp_add_now(TS_VERIFY_SLOT_START); rv = vb2api_fw_phase3(ctx); timestamp_add_now(TS_VERIFY_SLOT_END); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_save_data(ctx); - vboot_reboot(); - } + if (rv) + vboot_save_and_reboot(ctx, rv); printk(BIOS_INFO, "Phase 4\n"); rv = vboot_locate_firmware(ctx, &fw_body); @@ -359,22 +351,17 @@ void verstage_main(void) "Failed to read FMAP to locate firmware"); rv = hash_body(ctx, &fw_body); + if (rv) + vboot_save_and_reboot(ctx, rv); vboot_save_data(ctx); - if (rv) { - printk(BIOS_INFO, "Reboot requested (%x)\n", rv); - vboot_reboot(); - } /* Only extend PCRs once on boot. */ if (!(ctx->flags & VB2_CONTEXT_S3_RESUME)) { timestamp_add_now(TS_TPMPCR_START); rv = extend_pcrs(ctx); if (rv) { - printk(BIOS_WARNING, - "Failed to extend TPM PCRs (%#x)\n", rv); - vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); - vboot_save_data(ctx); - vboot_reboot(); + printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); } timestamp_add_now(TS_TPMPCR_END); } @@ -385,9 +372,7 @@ void verstage_main(void) rv = antirollback_lock_space_firmware(); if (rv) { printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv); - vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0); - vboot_save_data(ctx); - vboot_reboot(); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0); } timestamp_add_now(TS_TPMLOCK_END); @@ -395,12 +380,8 @@ void verstage_main(void) if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) { rv = antirollback_lock_space_mrc_hash(MRC_REC_HASH_NV_INDEX); if (rv) { - printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n", - rv); - vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR, - 0); - vboot_save_data(ctx); - vboot_reboot(); + printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n", rv); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR, 0); } } diff --git a/src/soc/amd/common/psp_verstage/psp_verstage.c b/src/soc/amd/common/psp_verstage/psp_verstage.c index 0dc3314ca5..4e2832444e 100644 --- a/src/soc/amd/common/psp_verstage/psp_verstage.c +++ b/src/soc/amd/common/psp_verstage/psp_verstage.c @@ -42,11 +42,8 @@ static void reboot_into_recovery(struct vb2_context *ctx, uint32_t subcode) return; } - vb2api_fail(ctx, VB2_RECOVERY_RO_UNSPECIFIED, (int)subcode); - vboot_save_data(ctx); - svc_debug_print("Rebooting into recovery\n"); - vboot_reboot(); + vboot_fail_and_reboot(ctx, VB2_RECOVERY_RO_UNSPECIFIED, (int)subcode); } static uint32_t check_cmos_recovery(void) diff --git a/src/soc/intel/common/block/cse/cse.c b/src/soc/intel/common/block/cse/cse.c index c2c94ec3cb..ceb75e2984 100644 --- a/src/soc/intel/common/block/cse/cse.c +++ b/src/soc/intel/common/block/cse/cse.c @@ -931,15 +931,10 @@ void cse_trigger_vboot_recovery(enum csme_failure_reason reason) "HFSTS3: 0x%x\n", me_read_config32(PCI_ME_HFSTS1), me_read_config32(PCI_ME_HFSTS2), me_read_config32(PCI_ME_HFSTS3)); - if (CONFIG(VBOOT)) { - struct vb2_context *ctx = vboot_get_context(); - if (ctx == NULL) - goto failure; - vb2api_fail(ctx, VB2_RECOVERY_INTEL_CSE_LITE_SKU, reason); - vboot_save_data(ctx); - vboot_reboot(); - } -failure: + if (CONFIG(VBOOT)) + vboot_fail_and_reboot(vboot_get_context(), VB2_RECOVERY_INTEL_CSE_LITE_SKU, + reason); + die("cse: Failed to trigger recovery mode(recovery subcode:%d)\n", reason); }