GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vboot: remove vboot1 

In preparation for moving to vboot2 for all verified
boot paths bring over Kconfig options to the common
area from vboot1. Also remove vboot1 directory entirely.

Change-Id: Iccc4b570216f834886618f0ba5f2e1dd6c01db4b
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: http://review.coreboot.org/9957
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This commit is contained in:
Aaron Durbin 2015-04-21 15:33:01 -05:00 committed by Patrick Georgi
parent 599c32d8ef
commit 6d65f796db
7 changed files with 25 additions and 797 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/vendorcode/google/chromeos/Kconfig
View File

@ -132,6 +132,14 @@ config VIRTUAL_DEV_SWITCH
help
Whether this platform has a virtual developer switch.
config VBOOT_VERIFY_FIRMWARE
bool "Verify firmware with vboot."
default n
depends on CHROMEOS
help
Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the components
of the firmware (stages, payload, etc).
# These VBOOT_X_INDEX are the position of X in FW_MAIN_A/B region. The index
# table is created by cros_bundle_firmware at build time based on the positions
# of the blobs listed in fmap.dts and stored at the top of FW_MAIN_A/B region.
@ -145,6 +153,14 @@ config VBOOT_BOOT_LOADER_INDEX
This is the index of the bootloader component in the verified
firmware block.
config VBOOT_REFCODE_INDEX
hex "Reference code firmware index"
default 1
depends on VBOOT_VERIFY_FIRMWARE
help
This is the index of the reference code component in the verified
firmware block.
config VBOOT_RAMSTAGE_INDEX
hex "Ramstage component index"
default 1
@ -153,6 +169,14 @@ config VBOOT_RAMSTAGE_INDEX
This is the index of the ramstage component in the verified
firmware block.
config VBOOT_ROMSTAGE_INDEX
hex "Romstage component index"
default 2
depends on VBOOT2_VERIFY_FIRMWARE
help
This is the index of the romstage component in the verified
firmware block.
config NO_TPM_RESUME
bool
default n
@ -175,7 +199,6 @@ config WIPEOUT_SUPPORTED
signal the application the need for factory reset (a.k.a. wipe
out) of the device
source src/vendorcode/google/chromeos/vboot1/Kconfig
source src/vendorcode/google/chromeos/vboot2/Kconfig
endif # CHROMEOS

1
src/vendorcode/google/chromeos/Makefile.inc
View File

@ -54,6 +54,5 @@ CFLAGS_common += -DMOCK_TPM=0
endif
VB_SOURCE := vboot_reference
subdirs-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot1
subdirs-$(CONFIG_VBOOT2_VERIFY_FIRMWARE) += vboot2
CPPFLAGS_common += -I$(VB_SOURCE)/firmware/include

34
src/vendorcode/google/chromeos/vboot1/Kconfig
View File

@ -1,34 +0,0 @@
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
##
config VBOOT_VERIFY_FIRMWARE
bool "Verify firmware with vboot."
default n
depends on CHROMEOS
select RELOCATABLE_MODULES
help
Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
and boot loader.
config VBOOT_REFCODE_INDEX
hex "Reference code firmware index"
default 1
depends on VBOOT_VERIFY_FIRMWARE
help
This is the index of the reference code component in the verified
firmware block.

74
src/vendorcode/google/chromeos/vboot1/Makefile.inc
View File

@ -1,74 +0,0 @@
##
## This file is part of the coreboot project.
##
## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; version 2 of the License.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
##
ramstage-y += ../vboot_common.c
romstage-y += vboot_loader.c ../vboot_common.c
rmodules_$(ARCH-ROMSTAGE-y)-y += vboot_wrapper.c ../vboot_common.c
ifneq ($(CONFIG_SPI_FLASH_MEMORY_MAPPED),y)
VBOOT_MAKEFLAGS = REGION_READ=1
endif
VB_LIB = $(obj)/external/vboot_reference/vboot_fw.a
# Currently, vboot comes into picture only during the romstage, thus
# is compiled for being used in romstage only. Since, we are splitting
# up all components in one of the three stages of coreboot, vboot seems
# most logical to fall under the romstage. Thus, all references to arch
# and other compiler stuff for vboot is using the romstage arch.
VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-ROMSTAGE-y))
VBOOT_STUB_ELF = $(obj)/vendorcode/google/chromeos/vboot1/vbootstub.elf
VBOOT_STUB = $(VBOOT_STUB_ELF).rmod
# Dependency for the vboot rmodules. Ordering matters.
VBOOT_STUB_DEPS += $(obj)/vendorcode/google/chromeos/vboot1/vboot_wrapper.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/lib/memcmp.rmodules_$(ARCH-ROMSTAGE-y).o
ifeq ($(CONFIG_ARCH_ROMSTAGE_X86_32),y)
VBOOT_STUB_DEPS += $(obj)/arch/x86/lib/memset.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/arch/x86/lib/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o
endif
ifeq ($(CONFIG_ARCH_ROMSTAGE_ARM),y)
VBOOT_STUB_DEPS += $(obj)/arch/arm/memset.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/arch/arm/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o
endif
ifeq ($(CONFIG_ARCH_ROMSTAGE_ARM64),y)
VBOOT_STUB_DEPS += $(obj)/lib/memset.rmodules_$(ARCH-ROMSTAGE-y).o
VBOOT_STUB_DEPS += $(obj)/lib/memcpy.rmodules_$(ARCH-ROMSTAGE-y).o
endif
VBOOT_STUB_DEPS += $(VB_LIB)
# Remove the '-include' option since that will break vboot's build and ensure
# vboot_reference can get to coreboot's include files.
VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%,$(filter-out -include $(src)/include/kconfig.h, $(CFLAGS_romstage)))
VBOOT_CFLAGS += -DVBOOT_DEBUG
VBOOT_CFLAGS += $(rmodules_$(ARCH-ROMSTAGE-y)-c-ccopts)
# Link the vbootstub module with a 64KiB-byte heap.
$(eval $(call rmodule_link,$(VBOOT_STUB_ELF), $(VBOOT_STUB_DEPS), 0x10000,$(ARCH-ROMSTAGE-y)))
# Build vboot library without the default includes from coreboot proper.
$(VB_LIB):
@printf " MAKE $(subst $(obj)/,,$(@))\n"
$(Q)FIRMWARE_ARCH=$(VB_FIRMWARE_ARCH) \
CC="$(CC_romstage)" \
CFLAGS="$(VBOOT_CFLAGS)" \
$(MAKE) -C $(VB_SOURCE) \
$(VBOOT_MAKEFLAGS) \
BUILD=$(top)/$(dir $(VB_LIB)) \
V=$(V) \
fwlib

412
src/vendorcode/google/chromeos/vboot1/vboot_loader.c
View File

@ -1,412 +0,0 @@
/*
* This file is part of the coreboot project.
*
* Copyright (C) 2013 Google, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <arch/stages.h>
#include <stdint.h>
#include <stddef.h>
#include <string.h>
#include <cbfs.h>
#include <cbmem.h>
#include <console/console.h>
#include <console/vtxprintf.h>
#include <program_loading.h>
#include <tpm.h>
#include <reset.h>
#include <romstage_handoff.h>
#include <rmodule.h>
#include <string.h>
#include <stdlib.h>
#include <timestamp.h>
#include "../chromeos.h"
#include "../vboot_context.h"
#include "../vboot_handoff.h"
#define TEMP_CBMEM_ID_VBOOT 0xffffffff
#define TEMP_CBMEM_ID_VBLOCKS 0xfffffffe
static void vboot_run_stub(struct vboot_context *context)
{
struct rmod_stage_load rmod_stage = {
.cbmem_id = TEMP_CBMEM_ID_VBOOT,
.name = CONFIG_CBFS_PREFIX "/vboot",
};
void (*entry)(struct vboot_context *context);
if (rmodule_stage_load_from_cbfs(&rmod_stage)) {
printk(BIOS_DEBUG, "Could not load vboot stub.\n");
goto out;
}
entry = rmod_stage.entry;
/* Call stub. */
entry(context);
out:
/* Tear down the region no longer needed. */
if (rmod_stage.cbmem_entry != NULL)
cbmem_entry_remove(rmod_stage.cbmem_entry);
}
/* Helper routines for the vboot stub. */
static void log_msg(const char *fmt, va_list args)
{
do_vtxprintf(fmt, args);
}
static void fatal_error(void)
{
printk(BIOS_ERR, "vboot encountered fatal error. Resetting.\n");
vboot_reboot();
}
static int fw_region_size(struct vboot_region *r)
{
struct vboot_components *fw_info;
int32_t size;
int i;
fw_info = vboot_locate_components(r);
if (fw_info == NULL)
return -1;
if (fw_info->num_components > MAX_PARSED_FW_COMPONENTS)
return -1;
size = sizeof(*fw_info);
size += sizeof(struct vboot_component_entry) * fw_info->num_components;
for (i = 0; i < fw_info->num_components; i++)
size += ALIGN(fw_info->entries[i].size, sizeof(uint32_t));
/* Check that size of comopnents does not exceed the region's size. */
if (size > r->size)
return -1;
/* Update region with the correct size. */
r->size = size;
return 0;
}
static int vboot_fill_params(struct vboot_context *ctx)
{
VbCommonParams *cparams;
VbSelectFirmwareParams *fparams;
if (fw_region_size(&ctx->fw_a))
return -1;
if (fw_region_size(&ctx->fw_b))
return -1;
cparams = ctx->cparams;
fparams = ctx->fparams;
cparams->gbb_size = ctx->gbb.size;
fparams->verification_size_A = ctx->vblock_a.size;
fparams->verification_size_B = ctx->vblock_b.size;
if (IS_ENABLED(CONFIG_SPI_FLASH_MEMORY_MAPPED)) {
/* Get memory-mapped pointers to the regions. */
cparams->gbb_data = vboot_get_region(ctx->gbb.offset_addr,
ctx->gbb.size, NULL);
fparams->verification_block_A =
vboot_get_region(ctx->vblock_a.offset_addr,
ctx->vblock_a.size, NULL);
fparams->verification_block_B =
vboot_get_region(ctx->vblock_b.offset_addr,
ctx->vblock_b.size, NULL);
} else {
/*
* Copy the vblock info into a buffer in cbmem. The gbb will
* be read using VbExRegionRead().
*/
char *dest;
size_t vblck_sz;
vblck_sz = ctx->vblock_a.size + ctx->vblock_b.size;
ctx->vblocks = cbmem_entry_add(TEMP_CBMEM_ID_VBLOCKS, vblck_sz);
if (ctx->vblocks == NULL)
return -1;
dest = cbmem_entry_start(ctx->vblocks);
if (vboot_get_region(ctx->vblock_a.offset_addr,
ctx->vblock_a.size, dest) == NULL)
return -1;
fparams->verification_block_A = (void *)dest;
dest += ctx->vblock_a.size;
if (vboot_get_region(ctx->vblock_b.offset_addr,
ctx->vblock_b.size, dest) == NULL)
return -1;
fparams->verification_block_B = (void *)dest;
}
return 0;
}
static void fill_handoff(struct vboot_context *context)
{
struct vboot_components *fw_info;
struct vboot_region *region;
int i;
/* Fix up the handoff structure. */
context->handoff->selected_firmware =
context->fparams->selected_firmware;
/* Parse out the components for downstream consumption. */
if (context->handoff->selected_firmware == VB_SELECT_FIRMWARE_A)
region = &context->fw_a;
else if (context->handoff->selected_firmware == VB_SELECT_FIRMWARE_B)
region = &context->fw_b;
else
return;
fw_info = vboot_locate_components(region);
if (fw_info == NULL)
return;
for (i = 0; i < fw_info->num_components; i++) {
context->handoff->components[i].address =
region->offset_addr + fw_info->entries[i].offset;
context->handoff->components[i].size = fw_info->entries[i].size;
}
}
static void vboot_clean_up(struct vboot_context *context)
{
if (context->vblocks != NULL)
cbmem_entry_remove(context->vblocks);
}
static void vboot_invoke_wrapper(struct vboot_handoff *vboot_handoff)
{
VbCommonParams cparams;
VbSelectFirmwareParams fparams;
struct vboot_context context;
uint32_t *iflags;
vboot_handoff->selected_firmware = VB_SELECT_FIRMWARE_READONLY;
memset(&cparams, 0, sizeof(cparams));
memset(&fparams, 0, sizeof(fparams));
memset(&context, 0, sizeof(context));
iflags = &vboot_handoff->init_params.flags;
if (get_developer_mode_switch())
*iflags |= VB_INIT_FLAG_DEV_SWITCH_ON;
if (get_recovery_mode_switch()) {
clear_recovery_mode_switch();
*iflags |= VB_INIT_FLAG_REC_BUTTON_PRESSED;
}
if (get_write_protect_state())
*iflags |= VB_INIT_FLAG_WP_ENABLED;
if (vboot_get_sw_write_protect())
*iflags |= VB_INIT_FLAG_SW_WP_ENABLED;
if (CONFIG_VIRTUAL_DEV_SWITCH)
*iflags |= VB_INIT_FLAG_VIRTUAL_DEV_SWITCH;
if (CONFIG_EC_SOFTWARE_SYNC)
*iflags |= VB_INIT_FLAG_EC_SOFTWARE_SYNC;
if (!CONFIG_PHYSICAL_REC_SWITCH)
*iflags |= VB_INIT_FLAG_VIRTUAL_REC_SWITCH;
if (CONFIG_VBOOT_EC_SLOW_UPDATE)
*iflags |= VB_INIT_FLAG_EC_SLOW_UPDATE;
if (CONFIG_VBOOT_OPROM_MATTERS) {
*iflags |= VB_INIT_FLAG_OPROM_MATTERS;
*iflags |= VB_INIT_FLAG_BEFORE_OPROM_LOAD;
/* Will load VGA option rom during this boot */
if (developer_mode_enabled() || recovery_mode_enabled() ||
vboot_wants_oprom()) {
*iflags |= VB_INIT_FLAG_OPROM_LOADED;
}
}
context.handoff = vboot_handoff;
context.cparams = &cparams;
context.fparams = &fparams;
cparams.shared_data_blob = &vboot_handoff->shared_data[0];
cparams.shared_data_size = VB_SHARED_DATA_MIN_SIZE;
cparams.caller_context = &context;
vboot_locate_region("GBB", &context.gbb);
vboot_locate_region("VBLOCK_A", &context.vblock_a);
vboot_locate_region("VBLOCK_B", &context.vblock_b);
vboot_locate_region("FW_MAIN_A", &context.fw_a);
vboot_locate_region("FW_MAIN_B", &context.fw_b);
/* Check all fmap entries. */
if (context.fw_a.size < 0 || context.fw_b.size < 0 ||
context.vblock_a.size < 0 || context.vblock_b.size < 0 ||
context.gbb.size < 0) {
printk(BIOS_DEBUG, "Not all fmap entries found for vboot.\n");
return;
}
/* Fill in vboot parameters. */
if (vboot_fill_params(&context)) {
vboot_clean_up(&context);
return;
}
/* Initialize callbacks. */
context.read_vbnv = &read_vbnv;
context.save_vbnv = &save_vbnv;
context.tis_init = &tis_init;
context.tis_open = &tis_open;
context.tis_close = &tis_close;
context.tis_sendrecv = &tis_sendrecv;
context.log_msg = &log_msg;
context.fatal_error = &fatal_error;
context.get_region = &vboot_get_region;
context.reset = &vboot_reboot;
vboot_run_stub(&context);
fill_handoff(&context);
vboot_clean_up(&context);
}
#if CONFIG_RELOCATABLE_RAMSTAGE
static void *vboot_load_ramstage(uint32_t cbmem_id, const char *name,
const struct cbmem_entry **cbmem_entry)
{
struct vboot_handoff *vboot_handoff;
struct cbfs_stage *stage;
const struct firmware_component *fwc;
struct rmod_stage_load rmod_load = {
.cbmem_id = cbmem_id,
.name = name,
};
timestamp_add_now(TS_START_VBOOT);
vboot_handoff = cbmem_add(CBMEM_ID_VBOOT_HANDOFF,
sizeof(*vboot_handoff));
if (vboot_handoff == NULL) {
printk(BIOS_DEBUG, "Could not add vboot_handoff structure.\n");
return NULL;
}
memset(vboot_handoff, 0, sizeof(*vboot_handoff));
vboot_invoke_wrapper(vboot_handoff);
timestamp_add_now(TS_END_VBOOT);
/* Take RO firmware path since no RW area was selected. */
if (vboot_handoff->selected_firmware != VB_SELECT_FIRMWARE_A &&
vboot_handoff->selected_firmware != VB_SELECT_FIRMWARE_B) {
printk(BIOS_DEBUG, "No RW firmware selected: 0x%08x\n",
vboot_handoff->selected_firmware);
return NULL;
}
if (CONFIG_VBOOT_RAMSTAGE_INDEX >= MAX_PARSED_FW_COMPONENTS) {
printk(BIOS_ERR, "Invalid ramstage index: %d\n",
CONFIG_VBOOT_RAMSTAGE_INDEX);
return NULL;
}
/* Check for invalid address. */
fwc = &vboot_handoff->components[CONFIG_VBOOT_RAMSTAGE_INDEX];
if (fwc->address == 0) {
printk(BIOS_DEBUG, "RW ramstage image address invalid.\n");
return NULL;
}
printk(BIOS_DEBUG, "RW ramstage image at 0x%08x, 0x%08x bytes.\n",
fwc->address, fwc->size);
stage = (void *)fwc->address;
if (rmodule_stage_load(&rmod_load, stage)) {
vboot_handoff->selected_firmware = VB_SELECT_FIRMWARE_READONLY;
printk(BIOS_DEBUG, "Could not load ramstage region.\n");
return NULL;
}
*cbmem_entry = rmod_load.cbmem_entry;
return rmod_load.entry;
}
#else /* CONFIG_RELOCATABLE_RAMSTAGE */
static void vboot_load_ramstage(struct vboot_handoff *vboot_handoff,
struct romstage_handoff *handoff)
{
struct cbfs_stage *stage;
const struct firmware_component *fwc;
if (CONFIG_VBOOT_RAMSTAGE_INDEX >= MAX_PARSED_FW_COMPONENTS) {
printk(BIOS_ERR, "Invalid ramstage index: %d\n",
CONFIG_VBOOT_RAMSTAGE_INDEX);
return;
}
/* Check for invalid address. */
fwc = &vboot_handoff->components[CONFIG_VBOOT_RAMSTAGE_INDEX];
if (fwc->address == 0) {
printk(BIOS_DEBUG, "RW ramstage image address invalid.\n");
return;
}
printk(BIOS_DEBUG, "RW ramstage image at 0x%08x, 0x%08x bytes.\n",
fwc->address, fwc->size);
/* This will leak a mapping. */
stage = vboot_get_region(fwc->address, fwc->size, NULL);
if (stage == NULL) {
printk(BIOS_DEBUG, "Unable to get RW ramstage region.\n");
return;
}
timestamp_add_now(TS_START_COPYRAM);
/* Stages rely the below clearing so that the bss is initialized. */
memset((void *) (uintptr_t) stage->load, 0, stage->memlen);
if (cbfs_decompress(stage->compression,
((unsigned char *) stage) +
sizeof(struct cbfs_stage),
(void *) (uintptr_t) stage->load,
stage->len))
return;
timestamp_add_now(TS_END_COPYRAM);
#if CONFIG_ARCH_X86
__asm__ volatile (
"movl $0, %%ebp\n"
"jmp *%%edi\n"
:: "D"(stage->entry)
);
#elif CONFIG_ARCH_ARM
stage_exit((void *)(uintptr_t)stage->entry);
#endif
}
#endif /* CONFIG_RELOCATABLE_RAMSTAGE */
const struct ramstage_loader_ops vboot_ramstage_loader = {
.name = "VBOOT",
.load = vboot_load_ramstage,
};

266
src/vendorcode/google/chromeos/vboot1/vboot_wrapper.c
View File

@ -1,266 +0,0 @@
/*
* This file is part of the coreboot project.
*
* Copyright (C) 2013 Google, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <console/vtxprintf.h>
#if CONFIG_ARCH_X86
#include <cpu/x86/tsc.h>
#else
#include <timer.h>
#endif
#include <rmodule.h>
#include <stdlib.h>
#include <string.h>
#include "../vboot_context.h"
#include "../vboot_handoff.h"
/* Keep a global context pointer around for the callbacks to use. */
static struct vboot_context *gcontext;
static void vboot_wrapper(void *arg)
{
VbError_t res;
struct vboot_context *context;
context = arg;
gcontext = context;
VbExDebug("Calling VbInit()\n");
res = VbInit(context->cparams, &context->handoff->init_params);
VbExDebug("VbInit() returned 0x%08x\n", res);
if (res != VBERROR_SUCCESS) {
if(res == VBERROR_TPM_REBOOT_REQUIRED) {
VbExDebug("TPM Reboot Required. Proceeding reboot.\n");
gcontext->reset();
}
return;
}
VbExDebug("Calling VbSelectFirmware()\n");
res = VbSelectFirmware(context->cparams, context->fparams);
VbExDebug("VbSelectFirmware() returned 0x%08x\n", res);
if (res != VBERROR_SUCCESS)
return;
}
void VbExError(const char *format, ...)
{
va_list args;
va_start(args, format);
gcontext->log_msg(format, args);
va_end(args);
gcontext->fatal_error();
}
void VbExDebug(const char *format, ...)
{
va_list args;
va_start(args, format);
gcontext->log_msg(format, args);
va_end(args);
}
uint64_t VbExGetTimer(void)
{
#if CONFIG_ARCH_X86
return rdtscll();
#else
struct mono_time mt;
timer_monotonic_get(&mt);
return mt.microseconds;
#endif
}
VbError_t VbExNvStorageRead(uint8_t *buf)
{
gcontext->read_vbnv(buf);
return VBERROR_SUCCESS;
}
VbError_t VbExNvStorageWrite(const uint8_t *buf)
{
gcontext->save_vbnv(buf);
return VBERROR_SUCCESS;
}
extern char _heap[];
extern char _eheap[];
static char *heap_current;
static int heap_size;
void *VbExMalloc(size_t size)
{
void *ptr;
if (heap_current == NULL) {
heap_current = &_heap[0];
heap_size = &_eheap[0] - &_heap[0];
VbExDebug("vboot heap: %p 0x%08x bytes\n",
heap_current, heap_size);
}
if (heap_size < size) {
VbExError("vboot heap request cannot be fulfilled. "
"0x%08x available, 0x%08x requested\n",
heap_size, size);
}
ptr = heap_current;
heap_size -= size;
heap_current += size;
return ptr;
}
void VbExFree(void *ptr)
{
/* Leak all memory. */
}
/* vboot doesn't expose these through the vboot_api.h, but they are needed.
* coreboot requires declarations so provide them to avoid compiler errors. */
int Memcmp(const void *src1, const void *src2, size_t n);
void *Memcpy(void *dest, const void *src, uint64_t n);
void *Memset(void *dest, const uint8_t c, uint64_t n);
int Memcmp(const void *src1, const void *src2, size_t n)
{
return memcmp(src1, src2, n);
}
void *Memcpy(void *dest, const void *src, uint64_t n)
{
return memcpy(dest, src, n);
}
void *Memset(void *dest, const uint8_t c, uint64_t n)
{
return memset(dest, c, n);
}
static inline size_t get_hash_block_size(size_t requested_size)
{
if (!IS_ENABLED(CONFIG_SPI_FLASH_MEMORY_MAPPED)) {
const size_t block_size = 64 * 1024;
if (requested_size > block_size)
return block_size;
}
return requested_size;
}
VbError_t VbExHashFirmwareBody(VbCommonParams *cparams, uint32_t firmware_index)
{
uint8_t *data;
struct vboot_region *region;
struct vboot_context *ctx;
size_t data_size;
uintptr_t offset_addr;
ctx = cparams->caller_context;
switch (firmware_index) {
case VB_SELECT_FIRMWARE_A:
region = &ctx->fw_a;
break;
case VB_SELECT_FIRMWARE_B:
region = &ctx->fw_b;
break;
default:
return VBERROR_UNKNOWN;
}
data_size = region->size;
offset_addr = region->offset_addr;
while (data_size) {
size_t block_size;
block_size = get_hash_block_size(data_size);
data = ctx->get_region(offset_addr, block_size, NULL);
if (data == NULL)
return VBERROR_UNKNOWN;
VbUpdateFirmwareBodyHash(cparams, data, block_size);
data_size -= block_size;
offset_addr += block_size;
}
return VBERROR_SUCCESS;
}
VbError_t VbExTpmInit(void)
{
if (gcontext->tis_init())
return VBERROR_UNKNOWN;
return VbExTpmOpen();
}
VbError_t VbExTpmClose(void)
{
if (gcontext->tis_close())
return VBERROR_UNKNOWN;
return VBERROR_SUCCESS;
}
VbError_t VbExTpmOpen(void)
{
if (gcontext->tis_open())
return VBERROR_UNKNOWN;
return VBERROR_SUCCESS;
}
VbError_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length,
uint8_t *response, uint32_t *response_length)
{
size_t len = *response_length;
if (gcontext->tis_sendrecv(request, request_length, response, &len))
return VBERROR_UNKNOWN;
/* check 64->32bit overflow and (re)check response buffer overflow */
if (len > *response_length)
return VBERROR_UNKNOWN;
*response_length = len;
return VBERROR_SUCCESS;
}
#if !CONFIG_SPI_FLASH_MEMORY_MAPPED
VbError_t VbExRegionRead(VbCommonParams *cparams,
enum vb_firmware_region region, uint32_t offset,
uint32_t size, void *buf)
{
struct vboot_context *ctx;
VbExDebug("VbExRegionRead: offset=%x size=%x, buf=%p\n",
offset, size, buf);
ctx = cparams->caller_context;
if (region == VB_REGION_GBB) {
if (offset + size > cparams->gbb_size)
return VBERROR_REGION_READ_INVALID;
offset += ctx->gbb.offset_addr;
if (ctx->get_region(offset, size, buf) == NULL)
return VBERROR_REGION_READ_INVALID;
return VBERROR_SUCCESS;
}
return VBERROR_UNSUPPORTED_REGION;
}
#endif /* CONFIG_SPI_FLASH_MEMORY_MAPPED */
RMODULE_ENTRY(vboot_wrapper);

10
src/vendorcode/google/chromeos/vboot2/Kconfig
View File

@ -18,7 +18,7 @@
config VBOOT2_VERIFY_FIRMWARE
bool "Firmware Verification with vboot2"
default n
default y if VBOOT_VERIFY_FIRMARE
depends on CHROMEOS && HAVE_HARD_RESET
select COLLECT_TIMESTAMPS
help
@ -46,14 +46,6 @@ config RETURN_FROM_VERSTAGE
romstage. Useful if a ram space is too small to fit both the verstage
and the romstage.
config VBOOT_ROMSTAGE_INDEX
hex
default 2
depends on VBOOT2_VERIFY_FIRMWARE
help
This is the index of the romstage component in the verified
firmware block.
config VBOOT_DISABLE_DEV_ON_RECOVERY
bool "Disable dev mode on recovery requests"
default n