From 6b0d0851645cf369e2fd08a2d11ffc441df7f7aa Mon Sep 17 00:00:00 2001 From: Yu-Ping Wu Date: Wed, 8 Jun 2022 10:23:32 +0800 Subject: [PATCH] security/vboot: Deprecate VBOOT_VBNV_EC Boards using VBOOT_VBNV_EC (nyan, daisy, veyron, peach_pit) are all ChromeOS devices and they've reached the end of life since Feb 2022. Therefore, remove VBOOT_VBNV_EC for them, each with different replacement. - nyan (nyan, nyan_big, nyan_blaze): Add RW_NVRAM to their FMAP (by reducing the size of RW_VPD), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. - veyron: Add RW_NVRAM to their FMAP (by reducing the size of SHARED_DATA), and replace VBOOT_VBNV_EC with VBOOT_VBNV_FLASH. Also enlarge the OVERLAP_VERSTAGE_ROMSTAGE section for rk3288 (by reducing the size of PRERAM_CBMEM_CONSOLE), so that verstage won't exceed its allotted size. - daisy: Because BOOT_DEVICE_SPI_FLASH is not set, which is required for VBOOT_VBNV_FLASH, disable MAINBOARD_HAS_CHROMEOS and VBOOT configs. - peach_pit: As VBOOT is not set, simply remove the unused VBOOT_VBNV_EC option. Remove the VBOOT_VBNV_EC Kconfig option as well as related code, leaving VBOOT_VBNV_FLASH and VBOOT_VBNV_CMOS as the only two backend options for vboot nvdata (VBNV). Also add a check in read_vbnv() and save_vbnv() for VBNV options. BUG=b:178689388 TEST=util/abuild/abuild -t GOOGLE_NYAN -x -a TEST=util/abuild/abuild -t GOOGLE_VEYRON_JAQ -x -a TEST=util/abuild/abuild -t GOOGLE_DAISY -a TEST=util/abuild/abuild -t GOOGLE_PEACH_PIT -a BRANCH=none Change-Id: Ic67d69e694cff3176dbee12d4c6311bc85295863 Signed-off-by: Yu-Ping Wu Reviewed-on: https://review.coreboot.org/c/coreboot/+/65012 Tested-by: build bot (Jenkins) Reviewed-by: Julius Werner --- Documentation/security/vboot/index.md | 1 - src/mainboard/google/daisy/Kconfig | 4 ---- src/mainboard/google/nyan/Kconfig | 2 +- src/mainboard/google/nyan/chromeos.fmd | 3 ++- src/mainboard/google/nyan_big/Kconfig | 2 +- src/mainboard/google/nyan_big/chromeos.fmd | 3 ++- src/mainboard/google/nyan_blaze/Kconfig | 2 +- src/mainboard/google/nyan_blaze/chromeos.fmd | 3 ++- src/mainboard/google/peach_pit/Kconfig | 3 --- src/mainboard/google/veyron/Kconfig | 2 +- src/mainboard/google/veyron/chromeos.fmd | 5 +++-- src/security/vboot/Kconfig | 6 ------ src/security/vboot/Makefile.inc | 5 ----- src/security/vboot/vbnv.c | 9 +++++---- src/security/vboot/vbnv_ec.c | 17 ----------------- src/soc/rockchip/rk3288/memlayout.ld | 6 +++--- 16 files changed, 21 insertions(+), 52 deletions(-) delete mode 100644 src/security/vboot/vbnv_ec.c diff --git a/Documentation/security/vboot/index.md b/Documentation/security/vboot/index.md index b82e3ab801..5ee0492486 100644 --- a/Documentation/security/vboot/index.md +++ b/Documentation/security/vboot/index.md @@ -176,7 +176,6 @@ CMOS, the EC, or in a read/write area of the SPI flash device. Select one of the following: * `VBOOT_VBNV_CMOS` -* `VBOOT_VBNV_EC` * `VBOOT_VBNV_FLASH` More non-volatile storage features may be found in `security/vboot/Kconfig`. diff --git a/src/mainboard/google/daisy/Kconfig b/src/mainboard/google/daisy/Kconfig index d4117d84ac..1ccc61f2de 100644 --- a/src/mainboard/google/daisy/Kconfig +++ b/src/mainboard/google/daisy/Kconfig @@ -10,7 +10,6 @@ config BOARD_SPECIFIC_OPTIONS select EC_GOOGLE_CHROMEEC_I2C select BOARD_ROMSIZE_KB_4096 select DRIVER_MAXIM_MAX77686 - select MAINBOARD_HAS_CHROMEOS select DRIVER_TI_TPS65090 select MAINBOARD_HAS_NATIVE_VGA_INIT select MAINBOARD_FORCE_NATIVE_VGA_INIT @@ -18,9 +17,6 @@ config BOARD_SPECIFIC_OPTIONS select I2C_TPM select MAINBOARD_HAS_TPM1 -config VBOOT - select VBOOT_VBNV_EC - config MAINBOARD_DIR default "google/daisy" diff --git a/src/mainboard/google/nyan/Kconfig b/src/mainboard/google/nyan/Kconfig index 62976767f3..0690f01eb9 100644 --- a/src/mainboard/google/nyan/Kconfig +++ b/src/mainboard/google/nyan/Kconfig @@ -18,7 +18,7 @@ config BOARD_SPECIFIC_OPTIONS config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select VBOOT_VBNV_EC + select VBOOT_VBNV_FLASH config MAINBOARD_DIR default "google/nyan" diff --git a/src/mainboard/google/nyan/chromeos.fmd b/src/mainboard/google/nyan/chromeos.fmd index ebc6eb137b..bca13463cb 100644 --- a/src/mainboard/google/nyan/chromeos.fmd +++ b/src/mainboard/google/nyan/chromeos.fmd @@ -23,6 +23,7 @@ FLASH@0x0 0x400000 { FW_MAIN_B(CBFS)@0x2000 0x75f00 RW_FWID_B@0x77f00 0x100 } - RW_VPD(PRESERVE)@0x2f8000 0x8000 + RW_VPD(PRESERVE)@0x2f8000 0x4000 + RW_NVRAM(PRESERVE)@0x2fc000 0x4000 RW_LEGACY(CBFS)@0x300000 0x100000 } diff --git a/src/mainboard/google/nyan_big/Kconfig b/src/mainboard/google/nyan_big/Kconfig index 5c253c9bc9..04acaedd50 100644 --- a/src/mainboard/google/nyan_big/Kconfig +++ b/src/mainboard/google/nyan_big/Kconfig @@ -20,7 +20,7 @@ config BOARD_SPECIFIC_OPTIONS config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select VBOOT_VBNV_EC + select VBOOT_VBNV_FLASH config MAINBOARD_DIR default "google/nyan_big" diff --git a/src/mainboard/google/nyan_big/chromeos.fmd b/src/mainboard/google/nyan_big/chromeos.fmd index ebc6eb137b..bca13463cb 100644 --- a/src/mainboard/google/nyan_big/chromeos.fmd +++ b/src/mainboard/google/nyan_big/chromeos.fmd @@ -23,6 +23,7 @@ FLASH@0x0 0x400000 { FW_MAIN_B(CBFS)@0x2000 0x75f00 RW_FWID_B@0x77f00 0x100 } - RW_VPD(PRESERVE)@0x2f8000 0x8000 + RW_VPD(PRESERVE)@0x2f8000 0x4000 + RW_NVRAM(PRESERVE)@0x2fc000 0x4000 RW_LEGACY(CBFS)@0x300000 0x100000 } diff --git a/src/mainboard/google/nyan_blaze/Kconfig b/src/mainboard/google/nyan_blaze/Kconfig index e687129617..9f4edacd61 100644 --- a/src/mainboard/google/nyan_blaze/Kconfig +++ b/src/mainboard/google/nyan_blaze/Kconfig @@ -20,7 +20,7 @@ config BOARD_SPECIFIC_OPTIONS config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select VBOOT_VBNV_EC + select VBOOT_VBNV_FLASH config MAINBOARD_DIR default "google/nyan_blaze" diff --git a/src/mainboard/google/nyan_blaze/chromeos.fmd b/src/mainboard/google/nyan_blaze/chromeos.fmd index ebc6eb137b..bca13463cb 100644 --- a/src/mainboard/google/nyan_blaze/chromeos.fmd +++ b/src/mainboard/google/nyan_blaze/chromeos.fmd @@ -23,6 +23,7 @@ FLASH@0x0 0x400000 { FW_MAIN_B(CBFS)@0x2000 0x75f00 RW_FWID_B@0x77f00 0x100 } - RW_VPD(PRESERVE)@0x2f8000 0x8000 + RW_VPD(PRESERVE)@0x2f8000 0x4000 + RW_NVRAM(PRESERVE)@0x2fc000 0x4000 RW_LEGACY(CBFS)@0x300000 0x100000 } diff --git a/src/mainboard/google/peach_pit/Kconfig b/src/mainboard/google/peach_pit/Kconfig index 780a00e567..64abb7c0e7 100644 --- a/src/mainboard/google/peach_pit/Kconfig +++ b/src/mainboard/google/peach_pit/Kconfig @@ -17,9 +17,6 @@ config BOARD_SPECIFIC_OPTIONS select MAINBOARD_HAS_TPM1 select MISSING_BOARD_RESET -config VBOOT - select VBOOT_VBNV_EC - config MAINBOARD_DIR default "google/peach_pit" diff --git a/src/mainboard/google/veyron/Kconfig b/src/mainboard/google/veyron/Kconfig index 0847c410ff..dbd2b8733c 100644 --- a/src/mainboard/google/veyron/Kconfig +++ b/src/mainboard/google/veyron/Kconfig @@ -30,7 +30,7 @@ config BOARD_SPECIFIC_OPTIONS select MAINBOARD_HAS_TPM1 config VBOOT - select VBOOT_VBNV_EC + select VBOOT_VBNV_FLASH config MAINBOARD_DIR default "google/veyron" diff --git a/src/mainboard/google/veyron/chromeos.fmd b/src/mainboard/google/veyron/chromeos.fmd index ebc6eb137b..df35976d00 100644 --- a/src/mainboard/google/veyron/chromeos.fmd +++ b/src/mainboard/google/veyron/chromeos.fmd @@ -14,9 +14,10 @@ FLASH@0x0 0x400000 { FW_MAIN_A(CBFS)@0x2000 0x75f00 RW_FWID_A@0x77f00 0x100 } - RW_SHARED@0x278000 0x4000 { - SHARED_DATA@0x0 0x4000 + RW_SHARED@0x278000 0x2000 { + SHARED_DATA@0x0 0x2000 } + RW_NVRAM(PRESERVE)@0x27a000 0x2000 RW_ELOG(PRESERVE)@0x27c000 0x4000 RW_SECTION_B@0x280000 0x78000 { VBLOCK_B@0x0 0x2000 diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 04770c94eb..06f9e93485 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -58,12 +58,6 @@ config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH Vboot non-volatile storage data will be backed up from CMOS to flash and restored from flash if the CMOS is invalid due to power loss. -config VBOOT_VBNV_EC - bool - default n - help - VBNV is stored in EC - config VBOOT_VBNV_FLASH bool default n diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index 52f374ec82..2caeb17434 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -72,11 +72,6 @@ verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c -bootblock-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c -verstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c -romstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c -ramstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c - bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c diff --git a/src/security/vboot/vbnv.c b/src/security/vboot/vbnv.c index 7e92401e55..26946fd335 100644 --- a/src/security/vboot/vbnv.c +++ b/src/security/vboot/vbnv.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ +#include #include #include #include @@ -61,10 +62,10 @@ void read_vbnv(uint8_t *vbnv_copy) { if (CONFIG(VBOOT_VBNV_CMOS)) read_vbnv_cmos(vbnv_copy); - else if (CONFIG(VBOOT_VBNV_EC)) - read_vbnv_ec(vbnv_copy); else if (CONFIG(VBOOT_VBNV_FLASH)) read_vbnv_flash(vbnv_copy); + else + dead_code(); /* Check data for consistency */ if (!verify_vbnv(vbnv_copy)) @@ -79,10 +80,10 @@ void save_vbnv(const uint8_t *vbnv_copy) { if (CONFIG(VBOOT_VBNV_CMOS)) save_vbnv_cmos(vbnv_copy); - else if (CONFIG(VBOOT_VBNV_EC)) - save_vbnv_ec(vbnv_copy); else if (CONFIG(VBOOT_VBNV_FLASH)) save_vbnv_flash(vbnv_copy); + else + dead_code(); /* Clear initialized flag to force cached data to be updated */ vbnv_initialized = 0; diff --git a/src/security/vboot/vbnv_ec.c b/src/security/vboot/vbnv_ec.c deleted file mode 100644 index fcae37a910..0000000000 --- a/src/security/vboot/vbnv_ec.c +++ /dev/null @@ -1,17 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ - -#include -#include -#include -#include - -void read_vbnv_ec(uint8_t *vbnv_copy) -{ - google_chromeec_vbnv_context(1, vbnv_copy, VBOOT_VBNV_BLOCK_SIZE); -} - -void save_vbnv_ec(const uint8_t *vbnv_copy) -{ - google_chromeec_vbnv_context(0, (uint8_t *)vbnv_copy, - VBOOT_VBNV_BLOCK_SIZE); -} diff --git a/src/soc/rockchip/rk3288/memlayout.ld b/src/soc/rockchip/rk3288/memlayout.ld index 32962257b2..5e35a064b9 100644 --- a/src/soc/rockchip/rk3288/memlayout.ld +++ b/src/soc/rockchip/rk3288/memlayout.ld @@ -18,9 +18,9 @@ SECTIONS SRAM_START(0xFF700000) TTB(0xFF700000, 16K) BOOTBLOCK(0xFF704004, 16K - 4) - PRERAM_CBMEM_CONSOLE(0xFF708000, 2K) - VBOOT2_WORK(0xFF708800, 12K) - OVERLAP_VERSTAGE_ROMSTAGE(0xFF70B800, 46K + 768) + PRERAM_CBMEM_CONSOLE(0xFF708000, 1K) + VBOOT2_WORK(0xFF708400, 12K) + OVERLAP_VERSTAGE_ROMSTAGE(0xFF70B400, 47K + 768) PRERAM_CBFS_CACHE(0xFF717300, 256) TIMESTAMP(0xFF717400, 0x180) STACK(0xFF717580, 3K - 0x180)