security/vboot: Deprecate VBOOT_VBNV_EC

Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all
ChromeOS devices and they've reached the end of life since Feb 2022.
Therefore, remove VBOOT_VBNV_EC for them, each with different
replacement.

- nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by
  reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with
  VBOOT_VBNV_FLASH.
- veyron: Add RW_NVRAM to their FMAP (by reducing the size of
  SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also
  enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing
  the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its
  allotted size.
- daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for
  VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs.
- peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC
  option.

Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving
VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for
vboot nvdata (VBNV).

Also add a check in read_vbnv() and save_vbnv() for VBNV options.

BUG=b:178689388
TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a
TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a
TEST=util/abuild/abuild -t GOOGLE_DAISY -a
TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a
BRANCH=none

Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>

Documentation/security/vboot/index.md

@@ -176,7 +176,6 @@ CMOS, the EC, or in a read/write area of the SPI flash device.
 Select one of the following:
 
 * `VBOOT_VBNV_CMOS`
-* `VBOOT_VBNV_EC`
 * `VBOOT_VBNV_FLASH`
 
 More non-volatile storage features may be found in `security/vboot/Kconfig`.

src/mainboard/google/daisy/Kconfig

@@ -10,7 +10,6 @@ config BOARD_SPECIFIC_OPTIONS
 	select EC_GOOGLE_CHROMEEC_I2C
 	select BOARD_ROMSIZE_KB_4096
 	select DRIVER_MAXIM_MAX77686
-	select MAINBOARD_HAS_CHROMEOS
 	select DRIVER_TI_TPS65090
 	select MAINBOARD_HAS_NATIVE_VGA_INIT
 	select MAINBOARD_FORCE_NATIVE_VGA_INIT
@@ -18,9 +17,6 @@ config BOARD_SPECIFIC_OPTIONS
 	select I2C_TPM
 	select MAINBOARD_HAS_TPM1
 
-config VBOOT
-	select VBOOT_VBNV_EC
-
 config MAINBOARD_DIR
 	default "google/daisy"
 

src/mainboard/google/nyan/Kconfig

@@ -18,7 +18,7 @@ config BOARD_SPECIFIC_OPTIONS
 
 config VBOOT
 	select EC_GOOGLE_CHROMEEC_SWITCHES
-	select VBOOT_VBNV_EC
+	select VBOOT_VBNV_FLASH
 
 config MAINBOARD_DIR
 	default "google/nyan"

src/mainboard/google/nyan/chromeos.fmd

@@ -23,6 +23,7 @@ FLASH@0x0 0x400000 {
 		FW_MAIN_B(CBFS)@0x2000 0x75f00
 		RW_FWID_B@0x77f00 0x100
 	}
-	RW_VPD(PRESERVE)@0x2f8000 0x8000
+	RW_VPD(PRESERVE)@0x2f8000 0x4000
+	RW_NVRAM(PRESERVE)@0x2fc000 0x4000
 	RW_LEGACY(CBFS)@0x300000 0x100000
 }

src/mainboard/google/nyan_big/Kconfig

@@ -20,7 +20,7 @@ config BOARD_SPECIFIC_OPTIONS
 
 config VBOOT
 	select EC_GOOGLE_CHROMEEC_SWITCHES
-	select VBOOT_VBNV_EC
+	select VBOOT_VBNV_FLASH
 
 config MAINBOARD_DIR
 	default "google/nyan_big"

src/mainboard/google/nyan_big/chromeos.fmd

@@ -23,6 +23,7 @@ FLASH@0x0 0x400000 {
 		FW_MAIN_B(CBFS)@0x2000 0x75f00
 		RW_FWID_B@0x77f00 0x100
 	}
-	RW_VPD(PRESERVE)@0x2f8000 0x8000
+	RW_VPD(PRESERVE)@0x2f8000 0x4000
+	RW_NVRAM(PRESERVE)@0x2fc000 0x4000
 	RW_LEGACY(CBFS)@0x300000 0x100000
 }

src/mainboard/google/nyan_blaze/Kconfig

@@ -20,7 +20,7 @@ config BOARD_SPECIFIC_OPTIONS
 
 config VBOOT
 	select EC_GOOGLE_CHROMEEC_SWITCHES
-	select VBOOT_VBNV_EC
+	select VBOOT_VBNV_FLASH
 
 config MAINBOARD_DIR
 	default "google/nyan_blaze"

src/mainboard/google/nyan_blaze/chromeos.fmd

@@ -23,6 +23,7 @@ FLASH@0x0 0x400000 {
 		FW_MAIN_B(CBFS)@0x2000 0x75f00
 		RW_FWID_B@0x77f00 0x100
 	}
-	RW_VPD(PRESERVE)@0x2f8000 0x8000
+	RW_VPD(PRESERVE)@0x2f8000 0x4000
+	RW_NVRAM(PRESERVE)@0x2fc000 0x4000
 	RW_LEGACY(CBFS)@0x300000 0x100000
 }

src/mainboard/google/peach_pit/Kconfig

@@ -17,9 +17,6 @@ config BOARD_SPECIFIC_OPTIONS
 	select MAINBOARD_HAS_TPM1
 	select MISSING_BOARD_RESET
 
-config VBOOT
-	select VBOOT_VBNV_EC
-
 config MAINBOARD_DIR
 	default "google/peach_pit"
 

src/mainboard/google/veyron/Kconfig

@@ -30,7 +30,7 @@ config BOARD_SPECIFIC_OPTIONS
 	select MAINBOARD_HAS_TPM1
 
 config VBOOT
-	select VBOOT_VBNV_EC
+	select VBOOT_VBNV_FLASH
 
 config MAINBOARD_DIR
 	default "google/veyron"

src/mainboard/google/veyron/chromeos.fmd

@@ -14,9 +14,10 @@ FLASH@0x0 0x400000 {
 		FW_MAIN_A(CBFS)@0x2000 0x75f00
 		RW_FWID_A@0x77f00 0x100
 	}
-	RW_SHARED@0x278000 0x4000 {
-		SHARED_DATA@0x0 0x4000
+	RW_SHARED@0x278000 0x2000 {
+		SHARED_DATA@0x0 0x2000
 	}
+	RW_NVRAM(PRESERVE)@0x27a000 0x2000
 	RW_ELOG(PRESERVE)@0x27c000 0x4000
 	RW_SECTION_B@0x280000 0x78000 {
 		VBLOCK_B@0x0 0x2000

src/security/vboot/Kconfig

@@ -58,12 +58,6 @@ config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH
 	  Vboot non-volatile storage data will be backed up from CMOS to flash
 	  and restored from flash if the CMOS is invalid due to power loss.
 
-config VBOOT_VBNV_EC
-	bool
-	default n
-	help
-	  VBNV is stored in EC
-
 config VBOOT_VBNV_FLASH
 	bool
 	default n

src/security/vboot/Makefile.inc

@@ -72,11 +72,6 @@ verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
 romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
 ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
 
-bootblock-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
-verstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
-romstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
-ramstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
-
 bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
 verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
 romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c

src/security/vboot/vbnv.c

@@ -1,5 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
 
+#include <assert.h>
 #include <string.h>
 #include <types.h>
 #include <security/vboot/vbnv.h>
@@ -61,10 +62,10 @@ void read_vbnv(uint8_t *vbnv_copy)
 {
 	if (CONFIG(VBOOT_VBNV_CMOS))
 		read_vbnv_cmos(vbnv_copy);
-	else if (CONFIG(VBOOT_VBNV_EC))
-		read_vbnv_ec(vbnv_copy);
 	else if (CONFIG(VBOOT_VBNV_FLASH))
 		read_vbnv_flash(vbnv_copy);
+	else
+		dead_code();
 
 	/* Check data for consistency */
 	if (!verify_vbnv(vbnv_copy))
@@ -79,10 +80,10 @@ void save_vbnv(const uint8_t *vbnv_copy)
 {
 	if (CONFIG(VBOOT_VBNV_CMOS))
 		save_vbnv_cmos(vbnv_copy);
-	else if (CONFIG(VBOOT_VBNV_EC))
-		save_vbnv_ec(vbnv_copy);
 	else if (CONFIG(VBOOT_VBNV_FLASH))
 		save_vbnv_flash(vbnv_copy);
+	else
+		dead_code();
 
 	/* Clear initialized flag to force cached data to be updated */
 	vbnv_initialized = 0;

src/security/vboot/vbnv_ec.c

@@ -1,17 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-
-#include <types.h>
-#include <ec/google/chromeec/ec.h>
-#include <security/vboot/vbnv.h>
-#include <security/vboot/vbnv_layout.h>
-
-void read_vbnv_ec(uint8_t *vbnv_copy)
-{
-	google_chromeec_vbnv_context(1, vbnv_copy, VBOOT_VBNV_BLOCK_SIZE);
-}
-
-void save_vbnv_ec(const uint8_t *vbnv_copy)
-{
-	google_chromeec_vbnv_context(0, (uint8_t *)vbnv_copy,
-				     VBOOT_VBNV_BLOCK_SIZE);
-}

src/soc/rockchip/rk3288/memlayout.ld

@@ -18,9 +18,9 @@ SECTIONS
 	SRAM_START(0xFF700000)
 	TTB(0xFF700000, 16K)
 	BOOTBLOCK(0xFF704004, 16K - 4)
-	PRERAM_CBMEM_CONSOLE(0xFF708000, 2K)
-	VBOOT2_WORK(0xFF708800, 12K)
-	OVERLAP_VERSTAGE_ROMSTAGE(0xFF70B800, 46K + 768)
+	PRERAM_CBMEM_CONSOLE(0xFF708000, 1K)
+	VBOOT2_WORK(0xFF708400, 12K)
+	OVERLAP_VERSTAGE_ROMSTAGE(0xFF70B400, 47K + 768)
 	PRERAM_CBFS_CACHE(0xFF717300, 256)
 	TIMESTAMP(0xFF717400, 0x180)
 	STACK(0xFF717580, 3K - 0x180)