Commit Graph

525 Commits

Author SHA1 Message Date
Julius Werner 834b3ecd7c cbfs: Simplify load/map API names, remove type arguments
This patch renames cbfs_boot_map_with_leak() and cbfs_boot_load_file()
to cbfs_map() and cbfs_load() respectively. This is supposed to be the
start of a new, better organized CBFS API where the most common
operations have the most simple and straight-forward names. Less
commonly used variants of these operations (e.g. cbfs_ro_load() or
cbfs_region_load()) can be introduced later. It seems unnecessary to
keep carrying around "boot" in the names of most CBFS APIs if the vast
majority of accesses go to the boot CBFS (instead, more unusual
operations should have longer names that describe how they diverge from
the common ones).

cbfs_map() is paired with a new cbfs_unmap() to allow callers to cleanly
reap mappings when desired. A few new cbfs_unmap() calls are added to
generic code where it makes sense, but it seems unnecessary to introduce
this everywhere in platform or architecture specific code where the boot
medium is known to be memory-mapped anyway. In fact, even for
non-memory-mapped platforms, sometimes leaking a mapping to the CBFS
cache is a much cleaner solution than jumping through hoops to provide
some other storage for some long-lived file object, and it shouldn't be
outright forbidden when it makes sense.

Additionally, remove the type arguments from these function signatures.
The goal is to eventually remove type arguments for lookup from the
whole CBFS API. Filenames already uniquely identify CBFS files. The type
field is just informational, and there should be APIs to allow callers
to check it when desired, but it's not clear what we gain from forcing
this as a parameter into every single CBFS access when the vast majority
of the time it provides no additional value and is just clutter.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib24325400815a9c3d25f66c61829a24a239bb88e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39304
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Mariusz Szafrański <mariuszx.szafranski@intel.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-12-02 22:13:17 +00:00
Julius Werner 0d9072b1a1 cbfs: Move more stuff into cbfs_boot_lookup()
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly
migrating all APIs to bypass it. That means common features (like
RO-fallback or measurement) need to be moved to the new
cbfs_boot_lookup().

Also export the function externally. Since it is a low-level API and
most code should use the higher-level loading or mapping functions
instead, put it into a new <cbfs_private.h> to raise the mental barrier
for using this API (this will make more sense once cbfs_boot_locate() is
removed from <cbfs.h>).

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-12-02 22:13:06 +00:00
Julius Werner 1e37c9ca46 cbfs: Add metadata cache
This patch adds a new CBFS "mcache" (metadata cache) -- a memory buffer
that stores the headers of all CBFS files. Similar to the existing FMAP
cache, this cache should reduce the amount of SPI accesses we need to do
every boot: rather than having to re-read all CBFS headers from SPI
flash every time we're looking for a file, we can just walk the same
list in this in-memory copy and finally use it to directly access the
flash at the right position for the file data.

This patch adds the code to support the cache but doesn't enable it on
any platform. The next one will turn it on by default.

Change-Id: I5b1084bfdad1c6ab0ee1b143ed8dd796827f4c65
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38423
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-11-21 10:43:53 +00:00
Joel Kitching ec6cff2f20 vboot: stop implementing VbExDisplayScreen
This function is no longer required to be implemented since
EC/AUXFW sync was decoupled from vboot UI.  (See CL:2087016.)

BUG=b:172343019
TEST=Compile locally
BRANCH=none

Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I43e8160a4766a38c4fa14bcf4495fc719fbcd6c2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/47233
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2020-11-18 05:49:46 +00:00
Elyes HAOUAS 27718ac87f src: Add missing 'include <console/console.h>'
"printk()" needs <console/console.h>.

Change-Id: Iac6b7000bcd8b1335fa3a0ba462a63aed2dc85b8
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45539
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
2020-11-17 09:01:14 +00:00
Arthur Heymans 94fe086a06 sec/intel/cbnt: Stitch in ACMs in the coreboot image
Actual support CBnT will be added later on.

Change-Id: Icc35c5e6c74d002efee43cc05ecc8023e00631e0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46456
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-11-10 06:17:24 +00:00
Martin Roth 8839b7f109 security/vboot: Add Kconfig symbol to set hashing block size
Generally, this size probably doesn't matter very much, but in the
case of picasso's psp_verstage, the hash is being calculated by
hardware using relatively expensive system calls.  By increasing the
block size, we can save roughly 140ms of boot and resume time.

TEST=Build & boot see that boot time has decreased.
BRANCH=Zork
BUG=b:169217270 - Zork: SHA calculation in vboot takes too long

Signed-off-by: Martin Roth <martinroth@chromium.org>
Change-Id: I68eecbbdfadcbf14288dc6e849397724fb66e0b2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46901
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Kangheui Won <khwon@chromium.org>
2020-11-06 17:46:13 +00:00
Angel Pons 6c49f40b6e haswell: Add Intel TXT support in romstage
Provide necessary romstage hooks to allow unblocking the memory with
SCLEAN. Note that this is slow, and took four minutes with 4 GiB of RAM.

Tested on Asrock B85M Pro4 with tboot. When Linux has tboot support
compiled in, booting as well as S3 suspend and resume are functional.
However, SINIT will TXT reset when the iGPU is enabled, and using a dGPU
will result in DMAR-related problems as soon as the IOMMU is enabled.

However, SCLEAN seems to hang sometimes. This may be because the AP
initialization that reference code does before SCLEAN is missing, but
the ACM is still able to unblock the memory. Considering that SCLEAN is
critical to recover an otherwise-bricked platform but is hardly ever
necessary, prefer having a partially-working solution over none at all.

Change-Id: I60beb7d79a30f460bbd5d94e4cba0244318c124e
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46608
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-11-04 23:53:51 +00:00
Angel Pons 5725ee4f9f sec/intel/txt: Add support for running SCLEAN in romstage
SCLEAN has specific requirements and needs to run in early romstage,
since the DRAM would be locked when SCLEAN needs to be executed.

Change-Id: I77b237342e0c98eda974f87944f1948d197714db
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46607
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-11-04 23:31:11 +00:00
Arthur Heymans 3603960d4d sec/intel/txt/Kconfig: Remove the menu for including ACMs
This is consistent with how other binaries (e.g. FSP) are added via
Kconfig. This also makes it more visible that things need to be
configured.

Change-Id: I399de6270cc4c0ab3b8c8a9543aec0d68d3cfc03
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46455
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-28 12:55:43 +00:00
Arthur Heymans ccb1119738 sec/intel/txt/Makefile.inc: Include ACMs using Kconfig variables
The Kconfig variables are used in the C code for cbfs file names but
not in the Makefiles adding them.

Change-Id: Ie35508d54ae91292f06de9827f0fb543ad81734d
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46454
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-28 12:55:29 +00:00
Andrey Pronin 441c63d5f0 security/vboot: fix policy digest for nvmem spaces
This CL fixes the policy digest that restricts deleting the nvmem spaces
to specific PCR0 states.

BRANCH=none
BUG=b:140958855
TEST=verified that nvmem spaces created with this digest can be deleted
     in the intended states, and cannot be deleted in other states
     (test details for ChromeOS - in BUG comments).

Change-Id: I3cb7d644fdebda71cec3ae36de1dc76387e61ea7
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46772
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-28 01:29:37 +00:00
Julius Werner 4a30d42c4a vboot: Disable vboot functions in SMM
SMM does not have access to CBMEM and therefore cannot access any
persistent state like the vboot context. This makes it impossible to
query vboot state like the developer mode switch or the currently active
RW CBFS. However some code (namely the PC80 option table) does CBFS
accesses in SMM. This is currently worked around by directly using
cbfs_locate_file_in_region() with the COREBOOT region. By disabling
vboot functions explicitly in SMM, we can get rid of that and use normal
CBFS APIs in this code.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4b1baa73681fc138771ad8384d12c0a04b605377
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46645
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-10-26 06:58:54 +00:00
Frans Hendriks 4622a2fe82 security/tpm/tspi/crtm: Add line break to debug messages
Add line break at debug messages.

Tested on Facebook FBG1701

Change-Id: Idbfcd6ce7139efcb79e2980b366937e9fdcb3a4e
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46659
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-26 06:47:20 +00:00
Angel Pons 8f8cb95fe9 sec/intel/txt: Split MTRR setup ASM code into a macro
If necessary, SCLEAN needs to run in early romstage, where DRAM is not
working yet. In fact, that the DRAM isn't working is the reason to run
SCLEAN in the first place. Before running GETSEC, CAR needs to be torn
down, as MTRRs have to be reprogrammed to cache the BIOS ACM. Further,
running SCLEAN leaves the system in an undefined state, where the only
sane thing to do is reset the platform. Thus, invoking SCLEAN requires
specific assembly prologue and epilogue sections before and after MTRR
setup, and neither DRAM nor CAR may be relied upon for the MTRR setup.

In order to handle this without duplicating the MTRR setup code, place
it in a macro on a separate file. This needs to be a macro because the
call and return instructions rely on the stack being usable, and it is
not the case for SCLEAN. The MTRR code clobbers many registers, but no
other choice remains when the registers cannot be saved anywhere else.

Tested on Asrock B85M Pro4, BIOS ACM can still be launched.

Change-Id: I2f5e82f57b458ca1637790ddc1ddc14bba68ac49
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46603
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22 20:06:54 +00:00
Angel Pons 01490258bb sec/intel/txt: Add `enable_getsec_or_reset` function
This can be used to enable GETSEC/SMX in the IA32_FEATURE_CONTROL MSR,
and will be put to use on Haswell in subsequent commits.

Change-Id: I5a82e515c6352b6ebbc361c6a53ff528c4b6cdba
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46606
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 20:06:26 +00:00
Angel Pons 7b4d67cf42 sec/intel/txt: Extract BIOS ACM loading into a function
Tested on Asrock B85M Pro4, still boots with TXT enabled.

Change-Id: I0b04955b341848ea8627a9c3ffd6a68cd49c3858
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46593
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 20:05:38 +00:00
Angel Pons 6c4028dd3d sec/intel/txt: Only run LockConfig for LT-SX
LockConfig only exists on Intel TXT for Servers. Check whether this is
supported using GETSEC[PARAMETERS]. This eliminates a spurious error for
Client TXT platforms such as Haswell, and is a no-op on TXT for Servers.

Change-Id: Ibb7b0eeba1489dc522d06ab27eafcaa0248b7083
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46498
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 20:05:01 +00:00
Angel Pons e70a3f8822 sec/intel/txt: Always run SCHECK on regular boots
When Boot Guard is disabled or not available, the IBB might not even
exist. This is the case on traditional (non-ULT) Haswell, for example.

Leave the S3 resume check as-is for now. Skylake and newer may need to
run SCHECK on resume as well, but I lack the hardware to test this on.

Change-Id: I70231f60d4d4c5bc8ee0fcbb0651896256fdd391
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46497
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 20:04:30 +00:00
Angel Pons 8a285fd8a5 sec/intel/txt: Allow skipping ACM NOP function
This is merely used to test whether the BIOS ACM calling code is working
properly. There's no need to do this on production platforms. Testing on
Haswell showed that running this NOP function breaks S3 resume with TXT.
Add a Kconfig bool to control whether the NOP function is to be invoked.

Change-Id: Ibf461c18a96f1add7867e1320726fadec65b7184
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46496
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 20:03:18 +00:00
Angel Pons c037695c19 sec/intel/txt/ramstage.c: Do not init the heap on S3 resume
It causes problems on Haswell: SINIT detects that the heap tables differ
in size, and then issues a Class Code 9, Major Error Code 1 TXT reset.

Change-Id: I26f3d291abc7b2263e0b115e94426ac6ec8e5c48
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46495
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 20:02:58 +00:00
Angel Pons 8f7e2a3add sec/intel/txt/ramstage.c: Extract heap init into a function
Heap initialization is self-contained, so place it into a separate
function. Also, do it after the MSEG registers have been written, so
that all register writes are grouped together. This has no impact.

Change-Id: Id108f4cfcd2896d881d9ba267888f7ed5dd984fa
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46494
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 20:01:54 +00:00
Angel Pons 08de7d6bbd sec/intel/txt: Add and fill in BIOS Specification info
This is not critical to function, but is nice to have.

Change-Id: Ieb5f41f3e4c5644a31606434916c35542d35617a
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46493
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22 20:01:35 +00:00
Angel Pons 28d0408409 sec/intel/txt/common.c: Only log ACM error on failure
The TXT_BIOSACM_ERRORCODE register is only valid if TXT_SPAD bit 62 is
set, or if CBnT is supported and bit 61 is set. Moreover, this is only
applicable to LT-SX (i.e. platforms supporting Intel TXT for Servers).

This allows TXT to work on client platforms, where these registers are
regular scratchpads and are not necessarily written to by the BIOS ACM.

Change-Id: If047ad79f12de5e0f34227198ee742b9e2b5eb54
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46492
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-22 20:00:19 +00:00
Angel Pons 5a6daa6b72 sec/intel/txt: Move DPR size to Kconfig
Instead of hardcoding the size in code, expose it as a Kconfig symbol.
This allows platform code to program the size in the MCH DPR register.

Change-Id: I9b9bcfc7ceefea6882f8133a6c3755da2e64a80c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46491
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-22 19:59:53 +00:00
Shelley Chen 17df7d634d security/vboot: Remove all tpm 1.2 functions for mrc hash in the tpm
Since MRC_SAVE_HASH_IN_TPM depends on TPM2, we can now remove the tpm
1.2 versions of functions that deal with mrc hash in the tpm as it
will not be used by tpm 1.2 boards.  Also move all antirollback
functions that deal with mrc hash in the tpm under CONFIG(TPM2).

BUG=b:150502246
BRANCH=None
TEST=make sure boards are still compiling on coreboot Jenkins

Change-Id: I446dde36ce2233fc40687892da1fb515ce35b82b
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46615
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-10-22 06:53:26 +00:00
Shelley Chen c1040f3ef4 mrc_cache: Add tpm_hash_index field to cache_region struct
Pull selection of tpm hash index logic into cache_region struct.  This
CL also enables the storing of the MRC hash into the TPM NVRAM space
for both recovery and non-recovery cases.  This will affect all
platforms with TPM2 enabled and use the MRC_CACHE driver.

BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami and lazor

Change-Id: I1a744d6f40f062ca3aab6157b3747e6c1f6977f9
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46514
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-10-20 23:26:01 +00:00
Shelley Chen df0481e9e1 security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX
Add new index for MRC_CACHE data in RW.  Also update antirollback
functions to handle this new index where necessary.

BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami

Change-Id: I2de3c23aa56d3b576ca54dbd85c75e5b80199560
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46511
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-10-20 23:25:50 +00:00
Shelley Chen a79803cf29 security/vboot: Make mrc_cache hash functions generic
We need to extend the functionality of the mrc_cache hash functions to
work for both recovery and normal mrc_cache data.  Updating the API of
these functions to pass in an index to identify the hash indices for
recovery and normal mode.

BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami

Change-Id: I9c0bb25eafc731ca9c7a95113ab940f55997fc0f
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46432
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-10-20 23:25:39 +00:00
Shelley Chen 1fed53f08a mrc_cache: Move mrc_cache_*_hash functions into mrc_cache driver
This CL would remove these calls from fsp 2.0.  Platforms that select
MRC_STASH_TO_CBMEM, updating the TPM NVRAM space is moved from
romstage (when data stashed to CBMEM) to ramstage (when data is
written back to SPI flash.

BUG=b:150502246
BRANCH=None
TEST=make sure memory training still works on nami

Change-Id: I3088ca6927c7dbc65386c13e868afa0462086937
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46510
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-10-20 23:25:31 +00:00
Shelley Chen 9f8ac64bae mrc_cache: Add config MRC_SAVE_HASH_IN_TPM
Use this config to specify whether we want to save a hash of the
MRC_CACHE in the TPM NVRAM space.  Replace all uses of
FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the
FSP2_0_USES_TPM_MRC_HASH config.  Note that TPM1 platforms will not
select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have
recovery MRC_CACHE.

BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage

Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-10-20 23:20:30 +00:00
Shelley Chen d5faa90df5 security/vboot: Rename mem_init.h to mrc_cache_hash_tpm.h
As ongoing work for generalizing mrc_cache to be used by all
platforms, we are pulling it out from fsp 2.0 and renaming it as
mrc_cache_hash_tpm.h in security/vboot.

BUG=b:150502246
BRANCH=None
TEST=emerge-nami coreboot chromeos-bootimage

Change-Id: I5a204bc3342a3462f177c3ed6b8443e31816091c
Signed-off-by: Shelley Chen <shchen@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46508
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-10-19 07:01:04 +00:00
Angel Pons ffbb4b2b11 intel/txt: Add `txt_get_chipset_dpr` function
Due to platform-specific constraints, it is not possible to enable DPR
by programming the MCH's DPR register in ramstage. Instead, assume it
has been programmed earlier and check that its value is valid. If it is,
then simply configure DPR in TXT public base with the same parameters.
Note that some bits only exist on MCH DPR, and thus need to be cleared.

Implement this function on most client platforms. For Skylake and newer,
place it in common System Agent code. Also implement it for Haswell, for
which the rest of Intel TXT support will be added in subsequent commits.

Do not error out if DPR is larger than expected. On some platforms, such
as Haswell, MRC decides the size of DPR, and cannot be changed easily.
Reimplementing MRC is easier than working around its limitations anyway.

Change-Id: I391383fb03bd6636063964ff249c75028e0644cf
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46490
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-17 09:34:35 +00:00
Angel Pons 578a4d2b6a security/intel/txt: Improve MTRR setup for GETSEC[ENTERACCS]
The BIOS ACM will check that enabled variable MTRRs do not cover more
than the ACM's size, rounded up to 4 KiB. If that is not the case,
launching the ACM will result in a lovely TXT reset. How boring.

The new algorithm simply performs a reverse bit scan in a loop, and
allocates one MTRR for each set bit in the rounded-up size to cache.
Before allocating anything, it checks if there are enough variable
MTRRs; if not, it will refuse to cache anything. This will result in
another TXT reset, initiated by the processor, with error type 5:

   Load memory type error in Authenticated Code Execution Area.

This can only happen if the ACM has specific caching requirements that
the current code does not know about, or something has been compromised.
Therefore, causing a TXT reset should be a reasonable enough approach.

Also, disable all MTRRs before clearing the variable MTRRs and only
enable them again once they have been set up with the new values.

Tested on Asrock B85M Pro4 with a BIOS ACM whose size is 101504 bytes.
Without this patch, launching the ACM would result in a TXT reset. This
no longer happens when this patch is applied.

Change-Id: I8d411f6450928357544be20250262c2005d1e75d
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44880
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-17 09:32:47 +00:00
Angel Pons 038cef9dff sec/intel/txt: Bail if var MTRRs cannot snugly cache the BIOS ACM
When caching the BIOS ACM, one must cache less than a page (4 KiB) of
unused memory past the end of the BIOS ACM. Failure to do so on Haswell
will result in a lovely TXT reset with Class Code 5, Major Error Code 2.

The current approach uses a single variable MTRR to cache the whole BIOS
ACM. Before fighting with the variable MTRRs in assembly code, ensure
that enough variable MTRRs exist to cache the BIOS ACM's size. Since the
code checks that the ACM base is aligned to its size, each `one` bit in
the ACM size will require one variable MTRR to properly cache the ACM.

One of the several BIOS ACMs for Haswell has a size of 101504 bytes.
This is 0x18c80 in hexadecimal, and 0001 1000 1100 1000 0000 in binary.

After aligning up the BIOS ACM size to a page boundary, the resulting
size is 0x19000 in hexadecimal, and 0001 1001 0000 0000 0000 in binary.

To successfully invoke said ACM, its base must be a multiple of 0x20000
and three variable MTRRs must be used to cache the ACM. The MTRR ranges
must be contiguous and cover 0x10000, 0x8000, 0x1000 bytes, in order.

The assembly code is updated in a follow-up, and relies on these checks.

Change-Id: I480dc3e4a9e4a59fbb73d571fd62b0257abc65b3
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46422
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-17 09:32:25 +00:00
Arthur Heymans 7af8aca246 sec/intel/txt/getsec_enteraccs.S: Save and restore MTRR_DEF_TYPE
This needs to be saved and restored, otherwise the BSP might have an
inconsistent MTRR setup with regards to the AP's which results in
weird errors and slowdowns in the operating system.

TESTED: Fixes booting OCP/Deltalake with Linux 5.8.

Change-Id: Iace636ec6fca3b4d7b2856f0f054947c5b3bc8de
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46375
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-15 08:33:23 +00:00
Angel Pons 11334729c9 security/intel/txt: Use `smm_region()` to get TSEG base
This function is available for all TXT-capable platforms. Use it.
As it also provides the size of TSEG, display it when logging is on.

Change-Id: I4b3dcbc61854fbdd42275bf9456eaa5ce783e8aa
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46055
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
2020-10-15 08:31:48 +00:00
Angel Pons 463e44bedb security/intel/txt: Add and use DPR register layout
This simplifies operations with this register's bitfields, and can also
be used by TXT-enabled platforms on the register in PCI config space.

Change-Id: I10a26bc8f4457158dd09e91d666fb29ad16a2087
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46050
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-10-12 08:52:58 +00:00
Angel Pons 52082be9d6 security/intel/txt: Clean up includes
Sort them alphabetically, and use <types.h> everywhere.
Drop unused <intelblocks/systemagent.h> header, too.

Change-Id: Ib8f3339e5969cf8552984164fa7e08e070987a24
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46049
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2020-10-12 08:52:51 +00:00
Eugene Myers 7979bf5d0d security/intel/stm: Add options for STM build
This patch adds options that support building the STM as a
part of the coreboot build.  The option defaults assume that
these configuration options are set as follows:

      IED_REGION_SIZE   = 0x400000
      SMM_RESERVED_SIZE = 0x200000
      SMM_TSEG_SIZE     = 0x800000

Change-Id: I80ed7cbcb93468c5ff93d089d77742ce7b671a37
Signed-off-by: Eugene Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44686
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ron minnich <rminnich@gmail.com>
2020-10-12 08:49:57 +00:00
Christian Walter 6e536bcca8 security/intel/txt: Print chipset as hex value
Print chipset as hex value in order to make it more readable.

Change-Id: Ifafbe0a1161e9fe6e790692002375f45d813b723
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45867
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-10-08 15:38:19 +00:00
Felix Held bbbdba1e50 security/intel/stm: Fix size_t printf format error
This sort-of reverts commit 075df92298 and
fixes the underlying issue. The printf format string type/length
specifier for a size_t type is z.

Change-Id: I897380060f7ea09700f77beb81d52c18a45326ad
Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-10-01 18:59:18 +00:00
Eugene D Myers 075df92298 security/intel/stm: Fix size_t printf format error
Size_t seems to have a compiler dependency.  When building on the
Purism librem 15v4, size_t is 'unsigned long'.  In this instance,
the compiler is the coreboot configured cross-compiler.  In another
instance, size_t is defined as 'unsigned short'.  To get around
the formatting conflict caused by this, The variable of type
size_t was cast as 'unsigned int' in the format.

Change-Id: Id51730c883d8fb9e87183121deb49f5fdda0114e
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: ron minnich <rminnich@gmail.com>
2020-09-30 10:17:19 +00:00
Elyes HAOUAS f91bcb310b src/security: Drop unneeded empty lines
Change-Id: Icb6057ac73fcc038981ef95a648420ac00b3c106
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2020-09-21 16:26:17 +00:00
Caveh Jalali c07fb75c90 security/tpm/tss/tcg-2.0: add const to marshalling functions
This adds the const qualifier to inputs of marshalling functions as
they are intended to be read-only.

Change-Id: I099bf46c928733aff2c1d1c134deec35da6309ba
Signed-off-by: Caveh Jalali <caveh@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/45409
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-09-21 08:09:28 +00:00
Angel Pons 803bd3c682 security/intel/txt/getsec.c: Do not check lock bit
This allows calling GETSEC[CAPABILITIES] during early init, when the MSR
isn't locked yet.

Change-Id: I2253b5f2c8401c9aed8e32671eef1727363d00cc
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44883
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
2020-08-30 19:26:48 +00:00
Angel Pons 7fdd1faf2d security/intel/txt: Add missing definitions
Change-Id: I3ca585429df318c31c2ffd484ec91a7971f18f27
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44882
Reviewed-by: Michael Niewöhner
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-08-30 19:25:55 +00:00
Jes Klinke dcae8074bf drivers/spi/tpm: Enable long cr50 ready pulses for Tiger Lake systems
For Volteer (and future Tiger Lake boards) we can enable mode S0i3.4
only if we know that the Cr50 is generating 100us interrupt pulses.
We have to do so, because the SoC is not guaranteed to detect pulses
shorter than 100us in S0i3.4 substate.

A new Kconfig setting CR50_USE_LONG_INTERRUPT_PULSES controls new code
running in verstage, which will program a new Cr50 register, provided that
Cr50 firmware is new enough to support the register.

BUG=b:154333137
TEST=util/abuild/abuild -t GOOGLE_VOLTEER -c max -x

Signed-off-by: Jes Bodi Klinke <jbk@chromium.org>
Change-Id: If83188fd09fe69c2cda4ce1a8bf5b2efe1ca86da
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43741
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-08-20 19:34:46 +00:00
Elyes HAOUAS ec17902485 src: Remove unused 'include <lib.h>'
Change-Id: Ic09fc4ff4ee5524d89366e28d1d22900dd0c5b4d
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44100
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2020-08-18 12:18:18 +00:00
Elyes HAOUAS abfacd863d src: Remove unused 'include <boot_device.h>'
Change-Id: I5589fdeade7f69995adf1c983ced13773472be74
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42349
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-08-18 12:15:10 +00:00
Sridhar Siricilla 77025b3f56 security/vboot/Makefile.inc: Update regions-for-file function
This patch updates regions-for-file function in the
security/vboot/Makefile.inc to support adding a CBFS file into
required FMAP REGIONs in a flexible manner. The file that needs to be
added to specific REGIONs, those regions list should be specified in the
regions-for-file-{CBFS_FILE_TO_BE_ADDED} variable.

For example, if a file foo.bin needs to be added in FW_MAIN_B and COREBOOT,
then below code needs to be added in a Makefile.inc.
	regions-for-file-foo := FW_MAIN_B,COREBOOT
	cbfs-file-y := foo
	foo-file := foo.bin
	foo-type := raw

TEST=Verified on hatch

Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: I1f5c22b3d9558ee3c5daa2781a115964f8d2d83b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43766
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2020-08-13 05:43:53 +00:00
Angel Pons 2f1739ada8 security/intel/txt: Fix variable MTRR handling
The MSR macros were treated as memory addresses and the loops had
off-by-one errors. This resulted in a CPU exception before GETSEC, and
another exception after GETSEC (once the first exception was fixed).

Tested on Asrock B85M Pro4, ACM complains about the missing TPM and
resets the platform. When the `getsec` instruction is commented-out, the
board is able to boot normally, without any exceptions nor corruption.

Change-Id: Ib5d23cf9885401f3ec69b0f14cea7bad77eee19a
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44183
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-08-07 11:56:29 +00:00
Angel Pons 1fc43aa6f2 security/intel/txt: Allow using CF9 reset, too
Soften the hard dependency on SOC_INTEL_COMMON_BLOCK_SA by allowing CF9
resets to be used in place of global resets. If both types of reset are
available, prefer a global reset. This preserves current behavior, and
allows more platforms to use the TXT support code, such as Haswell.

Change-Id: I034fa0b342135e7101c21646be8fd6b5d3252d9e
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-08-07 10:13:06 +00:00
John Zhao 536e9651ed security/intel/txt: Avoid shifting by a negative value
Coverity detects an integer handling issue with BAD_SHIFT. The inline
function log2_ceil(u32 x) { return (x == 0) ? -1 : log2(x * 2 - 1); }
could return -1, which causes shifting by a negative amount value and
has undefined behavior. Add sanity check for the acm_header->size to
avoid shifting negative value.

Found-by: Coverity CID 1431124
TEST=None

Signed-off-by: John Zhao <john.zhao@intel.com>
Change-Id: Ic687349b14917e39d2a8186968037ca2521c7cdc
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44186
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-08-06 11:52:21 +00:00
Philipp Deppenwiese 5f9f77672d security/intel/txt: Add Intel TXT support
Add TXT ramstage driver:
 * Show startup errors
 * Check for TXT reset
 * Check for Secrets-in-memory
 * Add assembly for GETSEC instruction
 * Check platform state if GETSEC instruction is supported
 * Configure TXT memory regions
 * Lock TXT
 * Protect TSEG using DMA protected regions
 * Place SINIT ACM
 * Print information about ACMs

Extend the `security_clear_dram_request()` function:
 * Clear all DRAM if secrets are in memory

Add a config so that the code gets build-tested. Since BIOS and SINIT
ACM binaries are not available, use the STM binary as a placeholder.

Tested on OCP Wedge100s and Facebook Watson
 * Able to enter a Measured Launch Environment using SINIT ACM and TBOOT
 * Secrets in Memory bit is set on ungraceful shutdown
 * Memory is cleared after ungraceful shutdown

Change-Id: Iaf4be7f016cc12d3971e1e1fe171e6665e44c284
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37016
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2020-07-31 16:02:54 +00:00
Martin Roth f48acbda7b src: Change BOOL CONFIG_ to CONFIG() in comments & strings
The Kconfig lint tool checks for cases of the code using BOOL type
Kconfig options directly instead of with CONFIG() and will print out
warnings about it.  It gets confused by these references in comments
and strings.  To fix it so that it can find the real issues, just
update these as we would with real issues.

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I5c37f0ee103721c97483d07a368c0b813e3f25c0
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43824
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-07-26 21:20:30 +00:00
Elyes HAOUAS 8dcccea8e4 src: Remove unused 'include <cbmem.h>'
Change-Id: Ib41341b42904dc3050a97b70966dde7e46057d6b
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43362
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-07-26 20:59:44 +00:00
Angel Pons 002e5e057c security/intel/stm: Add missing <stdbool.h>
Jenkins does not build `config.stm` because the file name lacks the
mainboard name. So, the code was not being build-tested, and it does not
build because several files lacked the definition for `bool`.

Add the missing #include directives. Renaming the config file so that
Jenkins build-tests it is done in a follow-up.

Change-Id: Idf012b7ace0648027ef6e901d821ca6682cee198
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43622
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Eugene Myers <cedarhouse1@comcast.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-21 20:04:12 +00:00
Jett Rink 3f5de1c8f4 security/vboot: ensure that NVMEM is saved on every kernel space write
If the AP actually needs to write to the TPM, then it is important and
the TPM should commit those changes to NVMEM immediately in case there
is an unexpected power loss (e.g. from a USB-C port partner reset upon
cold reboot request).

BRANCH=none
BUG=b:160913048
TEST=Verify that puff will no longer reboot loop when coreboot writes a
new Hmir (Hash mirror) in the TPM

Change-Id: I9597a55891d11bdf040d70f38b4c5a59c7888b8a
Signed-off-by: Jett Rink <jettrink@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43414
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-15 08:42:11 +00:00
Elyes HAOUAS 14aff23b92 src: Remove unused 'include <cpu/x86/msr.h>'
Found using:
diff <(git grep -l '#include <cpu/x86/msr.h>' -- src/) <(git grep -l 'IA32_EFER\|EFER_\|TSC_MSR\|IA32_\|FEATURE_CONTROL_LOCK_BIT\|FEATURE_ENABLE_VMX\|SMRR_ENABLE\|CPUID_\|SGX_GLOBAL_ENABLE\|PLATFORM_INFO_SET_TDP\|SMBASE_RO_MSR\|MCG_CTL_P\|MCA_BANKS_MASK\|FAST_STRINGS_ENABLE_BIT\|SPEED_STEP_ENABLE_BIT\|ENERGY_POLICY_\|SMRR_PHYSMASK_\|MCA_STATUS_\|VMX_BASIC_HI_DUAL_MONITOR\|MC0_ADDR\|MC0_MISC\|MC0_CTL_MASK\|msr_struct\|msrinit_struct\|soc_msr_read\|soc_msr_write\|rdmsr\|wrmsr\|mca_valid\|mca_over\|mca_uc\|mca_en\|mca_miscv\|mca_addrv\|mca_pcc\|mca_idv\|mca_cecc\|mca_uecc\|mca_defd\|mca_poison\|mca_sublink\|mca_err_code\|mca_err_extcode\|MCA_ERRCODE_\|MCA_BANK_\|MCA_ERRTYPE_\|mca_err_type\|msr_set_bit\|msr_t\|msrinit_t' -- src/) |grep '<'

Change-Id: I45a41e77e5269969280e9f95cfc0effe7f117a40
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41969
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-14 16:14:09 +00:00
Elyes HAOUAS 854782330c src: Remove unused 'include <stdint.h>
Found using:
diff <(git grep -l '#include <stdint.h>' -- src/) <(git grep -l 'int8_t\|int16_t\|int32_t\|int64_t\|intptr_t\|intmax_t\|s8\|u8\|s16\|u16\|s32\|u32\|s64\|u64\|INT8_MIN\|INT8_MAX\|INT16_MIN\|INT16_MAX\|INT32_MIN\|INT32_MAX\|INT64_MIN\|INT64_MAX\|INTMAX_MIN\|INTMAX_MAX' -- src/) |grep -v vendorcode |grep '<'

Change-Id: I5e14bf4887c7d2644a64f4d58c6d8763eb74d2ed
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41827
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-14 16:11:10 +00:00
Angel Pons 20d7bd0291 security/vboot/secdata_tpm.c: Drop dead code
This code is not even being build-tested. Drop it before it grows moss.

Change-Id: Ie01d65f80caf32a8318d5109ad48321661c5a87b
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43213
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Michael Niewöhner
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-09 21:29:27 +00:00
Angel Pons 649fc6bb8a security/tpm/tss/tcg-1.2/tss.c: Drop dead code
This code is not even being build-tested. Drop it before it grows moss.

Change-Id: Ifda2bbd87cd8ef5ec8e449d2c4d303be37b4d7c7
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43212
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Michael Niewöhner
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-09 21:29:16 +00:00
Martin Roth 6303671189 security/vboot: Allow files to go into only RW-A or RW-B region
The AMD firmware package created by amdfwtool contains pointers to the
various binaries and settings.  This means that we need different copies
of the package in each region.
This change allows for the different files in each of the 3 vboot
regions.

BUG=b:158124527
TEST=Build trembyle; see the correct versions of the files getting
built into the RW-A & RW-B regions.

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I45ff69dbc2266a67e05597bbe721fbf95cf41777
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42822
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
2020-07-08 19:36:24 +00:00
Kyösti Mälkki 18a8ba41cc arch/x86: Remove RELOCATABLE_RAMSTAGE
We always have it, no need to support opting-out.

For PLATFORM_HAS_DRAM_CLEAR there is a dependency of ramstage
located inside CBMEM, which is only true with ARCH_X86.

Change-Id: I5cbf4063c69571db92de2d321c14d30c272e8098
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43014
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-07-06 06:17:47 +00:00
Kyösti Mälkki 542cffacbb drivers/pc80/tpm: Remove LPC_TPM
Replace uses with MAINBOARD_HAS_LPC_TPM, if drivers/pc80/tpm
is present in devicetree.cb it is necessary to always include
the driver in the build.

Change-Id: I9ab921ab70f7b527a52fbf5f775aa063d9a706ce
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41872
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Michael Niewöhner
2020-07-04 11:17:44 +00:00
Daniel Gröber a890138968 lockdown: Add hint for how to check for lockdown support in boot log
Change-Id: Iaceb2e82f900e52efcce702486e18d0483665640
Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41749
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-22 12:27:18 +00:00
Daniel Gröber 16dbbeb895 lockdown: Add Kconfigs for SPI media protection mode
SPI_WRITE_PROTECTION_REBOOT seems to be a Winbond thing, other vendors
such as Macronix only support permanent protection but conditional on
the WP# pin state.

Change-Id: Iba7c1229c82c86e1303d74c7bc8f89662b5bb58c
Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41747
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-22 12:27:08 +00:00
Patrick Georgi b8fba86b14 Kconfig: Escape variable to accommodate new Kconfig versions
Kconfig 4.17 started using the $(..) syntax for environment variable
expansion while we want to keep expansion to the build system.
Older Kconfig versions (like ours) simply drop the escapes, not
changing the behavior.

While we could let Kconfig expand some of the variables, that only
splits the handling in two places, making debugging harder and
potentially messing with reproducible builds (e.g. when paths end up
in configs), so escape them all.

Change-Id: Ibc4087fdd76089352bd8dd0edb1351ec79ea4faa
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42481
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2020-06-19 15:29:04 +00:00
Duncan Laurie ab673cee08 security/tpm: Change wording of variable names
Change the name of these variables to 'allowlist'.

Change-Id: I9d5553988a1c9972b8f1ebaeee20878b23a8aa9b
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42316
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-17 21:36:02 +00:00
Kyösti Mälkki 7336f97deb treewide: Replace CONFIG(ARCH_xx) tests
Once we support building stages for different architectures,
such CONFIG(ARCH_xx) tests do not evaluate correctly anymore.

Change-Id: I599995b3ed5c4dfd578c87067fe8bfc8c75b9d43
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42183
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-17 21:13:09 +00:00
Martin Roth 8a3a3c820b security/vboot: Add option to run verstage before bootblock
For AMD's family 17h, verstage can run as a userspace app in the PSP
before the X86 is released. The flags for this have been made generic
to support any other future systems that might run verstage before
the main processor starts.

Although an attempt has been made to make things somewhat generic,
since this is the first and currently only chip to support verstage
before bootblock, there are a number of options which might ultimately
be needed which have currently been left out for simplicity.  Examples
of this are:
- PCI is not currently supported - this is currently just a given
instead of making a separate Kconfig option for it.
- The PSP uses an ARM v7 processor, so that's the only processor that
is getting updated for the verstage-before-bootblock option.

BUG=b:158124527
TEST=Build with following patches

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I4849777cb7ba9f90fe8428b82c21884d1e662b96
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
2020-06-15 21:04:00 +00:00
Elyes HAOUAS e83c56ae46 src: Remove unused 'include <fmap.h>'
Change-Id: I79eea0a00c2de54f82b372229381534707a295bb
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41681
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-02 07:42:40 +00:00
Elyes HAOUAS 0c154af217 src: Remove redundant includes
<types.h> is supposed to provide <commonlib/bsd/cb_err.h>,
<stdbool.h>,<stdint.h> and <stddef.h>. So remove those includes
each time when <types.h> is included.

Change-Id: I886f02255099f3005852a2e6095b21ca86a940ed
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41817
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-06-02 07:42:32 +00:00
Elyes HAOUAS a3b02e2818 src: Remove unused 'include <symbols.h>'
Change-Id: Ica355292eeda9c386b49db97f021566d52943d40
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41673
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-02 07:40:59 +00:00
Daniel Gröber a895344936 lockdown: Fix missing spaces in boot log
Change-Id: I414703c53d356c6a69be515596c178997eed82e3
Signed-off-by: Daniel Gröber <dxld@darkboxed.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41748
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-06-02 07:35:43 +00:00
Kyösti Mälkki fcbbb91116 Remove MAYBE_STATIC_BSS and ENV_STAGE_HAS_BSS_SECTION
After removal of CAR_MIGRATION there are no more reasons
to carry around ENV_STAGE_HAS_BSS_SECTION=n case.

Replace 'MAYBE_STATIC_BSS' with 'static' and remove explicit
zero-initializers.

Change-Id: I14dd9f52da5b06f0116bd97496cf794e5e71bc37
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40535
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-05-26 15:04:08 +00:00
Jacob Garber fa8f567f32 security/tpm: Use SPDX identifiers
Also adjust a few comments to follow the style guide.

Change-Id: I22001320f2ce1f0db348e0f7fabc5a65b50ba53e
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41600
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-05-25 22:18:13 +00:00
harshit aae1633069 security/tpm/tspi: Fix handling of white space delimited list
The current implementation uses strcmp() without splitting the list
and therefore returns false even when the string pointed to by
'name' is a part of 'whitelist'. The patch fixes this problem.
Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to
space delimited list to align it with the other lists we use.

Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3
Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-05-19 07:57:23 +00:00
Elyes HAOUAS b74f45e9c4 src: Remove unused 'include <string.h>'
Unused includes found using following commande:
diff <(git grep -l '#include <string.h>' -- src/) <(git grep -l 'memcpy\|memmove\|memset\|memcmp\|memchr\|strdup\|strconcat\|strnlen\|strlen\|strchr\|strncpy\|strcpy\|strcmp\|strncmp\|strspn\|strcspn\|atol\|strrchr\|skip_atoi\|STRINGIFY' -- src/) |grep -v vendorcode |grep '<'

Change-Id: Ibaeec213b6019dfa9c45e3424b38af0e094d0c51
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41242
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2020-05-18 07:41:24 +00:00
Elyes HAOUAS 5dd76fd4cc src: Remove unused 'include <lib.h>'
Change-Id: Iad5540e791075270453a136a058823c28647f93a
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41245
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
2020-05-18 07:39:17 +00:00
Elyes HAOUAS c4b70276ed src: Remove leading blank lines from SPDX header
Change-Id: I8a207e30a73d10fe67c0474ff11324ae99e2cec6
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41360
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-18 07:00:27 +00:00
Elyes HAOUAS e30c396ffa src: Remove unused '#include <stddef.h>'
Unused includes found using following commande:
diff <(git grep -l '#include <stddef.h>' -- src/) <(git grep -l
'size_t\|ssize_t\|wchar_t\|wint_t\|NULL\|DEVTREE_EARLY\|DEVTREE_CONST\
|MAYBE_STATIC_NONZERO\|MAYBE_STATIC_BSS\|zeroptr' -- src/)|grep '<'
|grep -v vendor |grep -vF '.h'

Change-Id: Ic54b1db995fe7c61b416fa5e1c4022238e4a6ad5
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41150
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-13 08:48:50 +00:00
Elyes HAOUAS f70bd99d2a src: Remove unused '#include <stdint.h>'
unused includes of <stdin.h> found using following commande:
diff <(git grep -l '#include <stdint.h>' -- src/) <(git grep -l
'int8_t\|uint8_t\|int16_t\|uint16_t\|int32_t\|uint32_t\|int64_t\|
uint64_t\|intptr_t\|uintptr_t\|intmax_t\|uintmax_t\|s8\|u8\|s16\|
u16\|s32\|u32\|s64\|u64\|INT8_MIN\|INT8_MAX\|UINT8_MAX\|INT16_MIN\
|INT16_MAX\|UINT16_MAX\|INT32_MIN\|INT32_MAX\|UINT32_MAX\|INT64_MIN\
|INT64_MAX\|UINT64_MAX\|INTMAX_MIN\|INTMAX_MAX\|UINTMAX_MAX' -- src/)
|grep '<' |grep -v vendor |grep -vF '.h'

Change-Id: Icb9b54c6abfb18d1e263665981968a4d7cccabeb
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41148
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-13 08:48:17 +00:00
Patrick Georgi 593124d520 treewide: Convert more license headers to SPDX style
Change-Id: Ia3de79c7d71049da00ed108829eac6cb49ff3ed6
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41205
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-11 19:37:19 +00:00
Patrick Georgi 6b5bc77c9b treewide: Remove "this file is part of" lines
Stefan thinks they don't add value.

Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)

The exceptions are for:
 - crossgcc (patch file)
 - gcov (imported from gcc)
 - elf.h (imported from GNU's libc)
 - nvramtool (more complicated header)

The removed lines are:
-       fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-#  This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */

Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-11 17:11:40 +00:00
Patrick Georgi c49d7a3e63 src/: Replace GPL boilerplate with SPDX headers
Used commands:
perl -i -p0e 's|\/\*[\s*]*.*is free software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and\/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-2.0-only */|' $(cat filelist)

perl -i -p0e 's|\/\*[\s*]*.*is[\s*]*free[\s*]*software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*either[\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License,[\s*]*or[\s*]*.at[\s*]*your[\s*]*option.[\s*]*any[\s*]*later[\s*]*version.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-2.0-or-later */|' $(cat filelist)

perl -i -p0e 's|\/\*[\s*]*.*is[\s*#]*free[\s*#]*software[;:,][\s*#]*you[\s*#]*can[\s*#]*redistribute[\s*#]*it[\s*#]*and/or[\s*#]*modify[\s*#]*it[\s*#]*under[\s*#]*the[\s*#]*terms[\s*#]*of[\s*#]*the[\s*#]*GNU[\s*#]*General[\s*#]*Public[\s*#]*License[\s*#]*as[\s*#]*published[\s*#]*by[\s*#]*the[\s*#]*Free[\s*#]*Software[\s*#]*Foundation[;:,][\s*#]*either[\s*#]*version[\s*#]*3[\s*#]*of[\s*#]*the[\s*#]*License[;:,][\s*#]*or[\s*#]*.at[\s*#]*your[\s*#]*option.[\s*#]*any[\s*#]*later[\s*#]*version.[\s*#]*This[\s*#]*program[\s*#]*is[\s*#]*distributed[\s*#]*in[\s*#]*the[\s*#]*hope[\s*#]*that[\s*#]*it[\s*#]*will[\s*#]*be[\s*#]*useful[;:,][\s*#]*but[\s*#]*WITHOUT[\s*#]*ANY[\s*#]*WARRANTY[;:,][\s*#]*without[\s*#]*even[\s*#]*the[\s*#]*implied[\s*#]*warranty[\s*#]*of[\s*#]*MERCHANTABILITY[\s*#]*or[\s*#]*FITNESS[\s*#]*FOR[\s*#]*A[\s*#]*PARTICULAR[\s*#]*PURPOSE.[\s*#]*See[\s*#]*the[\s*#]*GNU[\s*#]*General[\s*#]*Public[\s*#]*License[\s*#]*for[\s*#]*more[\s*#]*details.[\s*]*\*\/|/* SPDX-License-Identifier: GPL-3.0-or-later */|' $(cat filelist)

perl -i -p0e 's|(\#\#*)[\w]*.*is free software[:;][\#\s]*you[\#\s]*can[\#\s]*redistribute[\#\s]*it[\#\s]*and\/or[\#\s]*modify[\#\s]*it[\s\#]*under[\s \#]*the[\s\#]*terms[\s\#]*of[\s\#]*the[\s\#]*GNU[\s\#]*General[\s\#]*Public[\s\#]*License[\s\#]*as[\s\#]*published[\s\#]*by[\s\#]*the[\s\#]*Free[\s\#]*Software[\s\#]*Foundation[;,][\s\#]*version[\s\#]*2[\s\#]*of[\s\#]*the[\s\#]*License.*[\s\#]*This[\s\#]*program[\s\#]*is[\s\#]*distributed[\s\#]*in[\s\#]*the[\s\#]*hope[\s\#]*that[\s\#]*it[\s\#]*will[\#\s]*be[\#\s]*useful,[\#\s]*but[\#\s]*WITHOUT[\#\s]*ANY[\#\s]*WARRANTY;[\#\s]*without[\#\s]*even[\#\s]*the[\#\s]*implied[\#\s]*warranty[\#\s]*of[\#\s]*MERCHANTABILITY[\#\s]*or[\#\s]*FITNESS[\#\s]*FOR[\#\s]*A[\#\s]*PARTICULAR[\#\s]*PURPOSE.[\#\s]*See[\#\s]*the[\#\s]*GNU[\#\s]*General[\#\s]*Public[\#\s]*License[\#\s]*for[\#\s]*more[\#\s]*details.\s(#* *\n)*|\1 SPDX-License-Identifier: GPL-2.0-only\n\n|' $(cat filelist)

perl -i -p0e 's|(\#\#*)[\w*]*.*is free software[:;][\s*]*you[\s*]*can[\s*]*redistribute[\s*]*it[\s*]*and\/or[\s*]*modify[\s*]*it[\s*]*under[\s*]*the[\s*]*terms[\s*]*of[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*as[\s*]*published[\s*]*by[\s*]*the[\s*]*Free[\s*]*Software[\s*]*Foundation[;,][\s*]*version[\s*]*2[\s*]*of[\s*]*the[\s*]*License.[\s*]*This[\s*]*program[\s*]*is[\s*]*distributed[\s*]*in[\s*]*the[\s*]*hope[\s*]*that[\s*]*it[\s*]*will[\s*]*be[\s*]*useful,[\s*]*but[\s*]*WITHOUT[\s*]*ANY[\s*]*WARRANTY;[\s*]*without[\s*]*even[\s*]*the[\s*]*implied[\s*]*warranty[\s*]*of[\s*]*MERCHANTABILITY[\s*]*or[\s*]*FITNESS[\s*]*FOR[\s*]*A[\s*]*PARTICULAR[\s*]*PURPOSE.[\s*]*See[\s*]*the[\s*]*GNU[\s*]*General[\s*]*Public[\s*]*License[\s*]*for[\s*]*more[\s*]*details.\s(#* *\n)*|\1 SPDX-License-Identifier: GPL-2.0-only\n\n|' $(cat filelist)

Change-Id: Ia01908544f4b92a2e06ea621eca548e582728280
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41178
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-09 21:22:25 +00:00
Julius Werner 71a131415e security: tcg-2.0: Ignore data payload for errors, fix Cr50 boot mode
This patch improves the response buffer handling for TPM 2.0. Previously
we would allow any command to return no payload, but if there was a
payload we would always try to unmarshal it according to the normal
success response. This was sort of relying on the fact that the TPM
usually returns no additional data after the header for error responses,
but in practice that is not always true. It also means that commands
without a response payload accidentally work by default even though we
did not explicitly add unmarshallig support for them, which seems
undesirable. Adding explicit unmarshalling support for TPM2_SelfTest
which was only supported through this loophole before.

This patch changes the behavior to always accept any amount of payload
data for error responses but not unmarshal any of it. None of our use
cases actually care about payload data for errors, so it seems safer to
not even try to interpret it. For success responses, on the other hand,
we always require support for the command to be explicitly added.

This fixes a problem with the Cr50 GET_BOOT_MODE command where an error
response would only return the subcommand code but no data after that.
Also add support for a second, slightly different NO_SUCH_COMMAND error
code that was added in Cr50 recently.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ib85032d85482d5484180be6fd105f2467f393cd2
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41100
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-08 15:30:31 +00:00
Elyes HAOUAS f7b2fe6b64 {security,soc}/*/Kconfig: Replace GPLv2 long form headers with SPDX header
Change-Id: Ie3721f6a93dacb8014f93aa86780d51a659a68df
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41145
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-05-08 15:26:48 +00:00
Furquan Shaikh 8c92bcc966 vboot: Provide declaration for verstage_mainboard_early_init()
Similar to bootblock, provide declaration for
verstage_mainboard_early_init() to support early mainboard
initialization if verstage is run before bootblock.

BUG=b:155824234
TEST=Verified that trembyle still builds

Signed-off-by: Furquan Shaikh <furquan@google.com>
Change-Id: I106213ecc1c44100f1f74071189518563ac08121
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41137
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-05-08 15:19:53 +00:00
Sridhar Siricilla 89ac87a976 security/vboot: Limit vboot verification code access to only verstage
Make vboot verification code accessible in only verstage.
Vboot verification code in vboot_logic.c is being used
in verstage. Due to support function vboot_save_data(),
so core functionality in vboot_logic.c is made available in romstage.
The patch decouples the support function frm vboot_logic.c to
limit itself to verstage.

BUG=b:155544643
TEST=Verified on hatch

Signed-off-by: Sridhar Siricilla <sridhar.siricilla@intel.com>
Change-Id: Id1ede45c4dffe90afcef210eabaa657cf92a9335
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40562
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Rizwan Qureshi <rizwan.qureshi@intel.com>
2020-05-04 09:46:58 +00:00
Furquan Shaikh 76cedd2c29 acpi: Move ACPI table support out of arch/x86 (3/5)
This change moves all ACPI table support in coreboot currently living
under arch/x86 into common code to make it architecture
independent. ACPI table generation is not really tied to any
architecture and hence it makes sense to move this to its own
directory.

In order to make it easier to review, this change is being split into
multiple CLs. This is change 3/5 which basically is generated by
running the following command:
$ git grep -iIl "arch/acpi" | xargs sed -i 's/arch\/acpi/acpi\/acpi/g'

BUG=b:155428745

Change-Id: I16b1c45d954d6440fb9db1d3710063a47b582eae
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40938
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-05-02 18:45:16 +00:00
Eugene D Myers f213f17992 intel/stm: Drop now unneeded `num_cpus` param
Suggested by Nico Huber in CB:38766

Change-Id: Ib8a340f17a12951bc6bc67e3093046575e7b0e46
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40438
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-05-02 17:04:16 +00:00
Eugene D Myers 076605bc92 intel/stm: Place resource list right below MSEG
Suggested by Nico Huber in CB:38765.

This placement makes the address calculation simpler and
makes its location indepedent of the number of CPUs.

As part of the change in the BIOS resource list address
calculation, the `size` variable was factored out of the
conditional in line 361, thus eliminating the else.

Change-Id: I9ee2747474df02b0306530048bdec75e95413b5d
Signed-off-by: Eugene D Myers <cedarhouse@comcast.net>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40437
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-02 17:03:48 +00:00
Yu-Ping Wu 30322785c4 security/vboot: Convert reboot-related errors to vboot2-style
Error codes are renamed as follows:

 VBERROR_SHUTDOWN_REQUESTED
 --> VB2_REQUEST_SHUTDOWN

 VBERROR_REBOOT_REQUIRED
 --> VB2_REQUEST_REBOOT

 VBERROR_EC_REBOOT_TO_SWITCH_RW
 --> VB2_REQUEST_REBOOT_EC_SWITCH_RW

 VBERROR_EC_REBOOT_TO_RO_REQUIRED
 --> VB2_REQUEST_REBOOT_EC_TO_RO

BRANCH=none
BUG=b:124141368, chromium:988410
TEST=emerge-nami coreboot

Cq-Depend: chromium:2143030
Change-Id: Id82cf85f49dfb63a9c3d41aacd3969786bffcac7
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40749
Reviewed-by: Joel Kitching <kitching@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-05-01 06:27:56 +00:00
Julius Werner f0ebaf2260 vboot: Always build secdata functions for romstage
Since CB:40389, all platforms with CONFIG_VBOOT_EARLY_EC_SYNC need to
write back secdata in romstage. Those platforms currently all happen to
have CONFIG_VBOOT_SEPARATE_VERSTAGE set as well, but there's no official
dependency between those options. Change the Makefile to unconditionally
build the secdata access routines for romstage so that this would work
on other platforms as well.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I0b3c79e9bb8af9d09ef91f5749953ca109dd2a40
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40760
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-04-28 20:34:07 +00:00
Patrick Rudolph 6093c5099f security/lockdown: Write-protect WP_RO
Allow to write protect only the WP_RO region in case of enabled VBOOT.
One can either lock the boot device in VERSTAGE early if VBOOT is enabled,
or late in RAMSTAGE. Both options have their downsides as explained below.

Lock early if you don't trust the code that's stored in the writeable
flash partition. This prevents write-protecting the MRC cache, which
is written in ramstage. In case the contents of the MRC cache are
corrupted this can lead to system instability or trigger unwanted code
flows inside the firmware.

Lock late if you trust the code that's stored in the writeable
flash partition. This allows write-protecting the MRC cache, but
if a vulnerability is found in the code of the writeable partition
an attacker might be able to overwrite the whole flash as it hasn't
been locked yet.

Change-Id: I72c3e1a0720514b9b85b0433944ab5fb7109b2a2
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32705
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-04-28 01:20:43 +00:00
Patrick Rudolph 78feacc440 security: Add common boot media write protection
Introduce boot media protection settings and use the existing
boot_device_wp_region() function to apply settings on all
platforms that supports it yet.

Also remove the Intel southbridge code, which is now obsolete.
Every platform locks the SPIBAR in a different stage.
For align up with the common mrc cache driver and lock after it has been
written to.

Tested on Supermicro X11SSH-TF. The whole address space is write-protected.

Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32704
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-28 01:19:32 +00:00
Patrick Rudolph 7bcd9a1d91 drivers/spi/tpm: Add support for non CR50 SPI TPM2
Add support for a STM SPI TPM2 by adding checks for CR50.
Tested using ST33HTPH2E32.

Change-Id: I015497ca078979a44ba2b84e4995493de1f7247b
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39693
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-28 01:19:15 +00:00
Julius Werner 21a4053fde rules.h: Rename ENV_VERSTAGE to ENV_SEPARATE_VERSTAGE
When CONFIG_SEPARATE_VERSTAGE=n, all verstage code gets linked into the
appropriate calling stage (bootblock or romstage). This means that
ENV_VERSTAGE is actually 0, and instead ENV_BOOTBLOCK or ENV_ROMSTAGE
are 1. This keeps tripping up people who are just trying to write a
simple "are we in verstage (i.e. wherever the vboot init logic runs)"
check, e.g. for TPM init functions which may run in "verstage" or
ramstage depending on whether vboot is enabled. Those checks will not
work as intended for CONFIG_SEPARATE_VERSTAGE=n.

This patch renames ENV_VERSTAGE to ENV_SEPARATE_VERSTAGE to try to
clarify that this macro can really only be used to check whether code is
running in a *separate* verstage, and clue people in that they may need
to cover the linked-in verstage case as well.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I2ff3a3c3513b3db44b3cff3d93398330cd3632ea
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40582
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2020-04-23 01:21:56 +00:00
Daisuke Nojiri d9f26edfec vboot: Add permission check for kernel space
This patch restores the permission check for the kernel space which
was dropped when read_space_kernel was moved from Depthcharge by
CL:2155429.

BUG=chromium:1045217, chromium:1020578
BRANCH=none
TEST=none

Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: If6d487940f39865cadc0ca9d5de6e055ad3e017d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40579
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-23 01:21:07 +00:00
Patrick Georgi b81147cb56 security/vboot, mb/google: Fix build errors
There have been two cases of incompatibilities between overlapping
changes, and they need to be resolved in a single commit to unbreak the
tree:

1. CB:40389 introduced a new use of write_secdata while CB:40359 removed
that function in favor of safe_write.

Follow the refactor of the latter in the code introduced by the former.

2. CB:39849 changed google_chromeec_get_usb_pd_power_info()'s interface
and adapted all its users. Except for duffy and kaisa which were only
added in CB:40223 and CB:40393 respectively, so reapply the patch to
puff's mainboard.c to their mainboard.c files.

Change-Id: Ib8dfcd61bb79e0a487eaa60e719bd93561f2d97a
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40518
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
2020-04-20 08:27:32 +00:00
Joel Kitching 3814116b42 vboot/secdata: remove retries, readback, and CRC check
Depthcharge trusts that our TPM driver is working reliably,
and so should we.  Also remove CRC check -- the value returned
by antirollback_read_space_firmware() is dropped in vboot_logic.c
verstage_main(), and vboot handles this check internally.

BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I5d3f3823fca8507fd58087bb0f7b78cfa49417ab
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40359
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-20 06:06:25 +00:00
Joel Kitching 97e4422a58 vboot: remove leftover TPM_PCR_GBB constants
These constants were left behind after the code using them
was relocated in CB:34510.

BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I6ce7c969a9e9bdf6cdce3343ba666a08b3521f27
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40358
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-20 06:04:29 +00:00
dnojiri dff56a056c ec_sync: Run EFS2 in romstage
EFS2 allows EC RO to enable PD for special cases. When doing so, it sets
NO_BOOT flag to avoid booting the OS. AP needs to get NO_BOOT flag from
Cr50 and enforce that.

This patch makes verstage get a boot mode and a mirrored hash stored
in kernel secdata from Cr50.

This patch also makes romstage write an expected EC hash (a.k.a. Hexp) to
Cr50 (if there is an update).

BUG=b:147298634, chromium:1045217, b:148259137
BRANCH=none
TEST=Verify software sync succeeds on Puff.

Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: I1f387b6e920205b9cc4c8536561f2a279c36413d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40389
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-04-17 22:01:48 +00:00
dnojiri 622c6b84ab TPM: Add tlcl_cr50_get_boot_mode
tlcl_cr50_get_boot_mode gets the boot mode from Cr50. The boot mode
tells coreboot/depthcharge whether booting the kernel is allowed or
not.

BUG=b:147298634, chromium:1045217, b:148259137
BRANCH=none
TEST=Verify software sync succeeds on Puff.

Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: Iadae848c4bf315f2131ff6aebcb35938307b5db4
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40388
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-17 22:01:28 +00:00
Nico Huber 374d7c2e94 Do not select USE_BLOBS
The `USE_BLOBS` config only exists for idealistic reasons. If we would
allow us to use blobs by default, we wouldn't need that option and could
just always do it. It's generally debatable for the project as a whole,
but not per board/subject.

Change-Id: I8591862699aef02e5a4ede32655fc82c44c97555
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39884
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2020-04-15 19:11:08 +00:00
Nico Huber db2c8dfecb assert.h: Simplify dead_code()
It turns out the linker's error message already includes the line
number of the dead_code() invocation. If we don't include the line
number in the identifier for our undefined reference, we don't need
individual identifiers at all and can work with a single, global
declaration.

Change-Id: Ib63868ce3114c3f839867a3bfb1b03bdb6facf16
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40240
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-04-10 00:10:58 +00:00
Nico Huber 7c45c8363d assert.h: Add a tag parameter to dead_code()
When dead_code() is used in inline functions in a header file, the
generated function names (based on the line number) may collide with
a dead_code() in the code file. Now that we are hit by such a case,
we need a quick solution: Add a tag argument for all invocations in
header files.

Change-Id: I0c548ce998cf8e28ae9f76b5c0ea5630b4e91ae2
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40140
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2020-04-04 21:42:43 +00:00
Angel Pons 986d50ea47 src/security: Use SPDX for GPL-2.0-only files
Done with sed and God Lines. Only done for C-like code for now.

Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2020-04-04 16:33:38 +00:00
Julius Werner 23a82e87ee security/tpm: Fix compile-time elimination for SEPARATE_VERSTAGE
CB:35077 pulled TPM measurement code into the bootblock, with the catch
that we'll only cache PCR extensions and not actually write them to the
TPM until it gets initialized in a later stage. The goal of this was to
keep the heavy TPM driver code out of the size-constrained bootblock.

Unfortunately, a small mistake in the tspi_tpm_is_setup() function
prevents the compiler from eliminating references to the TPM driver
code in the bootblock on platforms with CONFIG_VBOOT and
CONFIG_SEPARATE_VERSTAGE. In those cases vboot_logic_executed() is known
at compile-time to be 0, but that still makes the final expression
`return 0 || tpm_is_setup;`. We know that tpm_is_setup can never be set
to 1 in the bootblock, but the compiler doesn't.

This patch rewrites the logic slightly to achieve the same effect in a
way that the compiler can follow (because we only really need to check
tpm_is_setup in the stage that actually runs the vboot code).

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Idc25acf1e6c02d929639e83d529cc14af80e0870
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39993
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-01 21:25:47 +00:00
Bill XIE 516c0a5338 security/vboot: relocate and rename vboot_platform_is_resuming()
After measured boot is decoupled from verified boot in CB:35077,
vboot_platform_is_resuming() is never vboot-specific, thus it is
renamed to platform_is_resuming() and declared in bootmode.h.

Change-Id: I29b5b88af0576c34c10cfbd99659a5cdc0c75842
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39103
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31 10:38:07 +00:00
Bill XIE bad08c2c29 security/tpm: Include mrc.bin in CRTM if present
mrc.bin, on platforms where it is present, is code executed on CPU, so
it should be considered a part of CRTM.

cbfs_locate_file_in_region() is hooked to measurement here too, since
mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is
measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR.

TODO: I have heard that SMM is too resource-limited to link with vboot
library, so currently tspi_measure_cbfs_hook() is masked in SMM.
Please correct me if I am wrong.

Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-31 10:37:38 +00:00
Bill XIE c79e96b4eb security/vboot: Decouple measured boot from verified boot
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.

As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.

In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.

This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.

TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().

Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2020-03-31 07:55:18 +00:00
Patrick Georgi f3f36faf35 src (minus soc and mainboard): Remove copyright notices
They're listed in AUTHORS and often incorrect anyway, for example:
- What's a "Copyright $year-present"?
- Which incarnation of Google (Inc, LLC, ...) is the current
  copyright holder?
- People sometimes have their editor auto-add themselves to files even
  though they only deleted stuff
- Or they let the editor automatically update the copyright year,
  because why not?
- Who is the copyright holder "The coreboot project Authors"?
- Or "Generated Code"?

Sidestep all these issues by simply not putting these notices in
individual files, let's list all copyright holders in AUTHORS instead
and use the git history to deal with the rest.

Change-Id: I89b10076e0f4a4b3acd59160fb7abe349b228321
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39611
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-17 18:26:34 +00:00
Angel Pons 31b7ee4201 treewide: Replace uses of "Nehalem"
The code in coreboot is actually for the Arrandale processors, which
are a MCM (Multi-Chip Module) with two different dies:

- Hillel:   32nm Westmere dual-core CPU
- Ironlake: 45nm northbridge with integrated graphics

This has nothing to do with the older, single-die Nehalem processors.
Therefore, replace the references to Nehalem with the correct names.

Change-Id: I8c10a2618c519d2411211b9b8f66d24f0018f908
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38942
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-03-15 13:04:39 +00:00
Joel Kitching 9a2922871d vboot: remove extraneous vboot_recovery_mode_memory_retrain
Just call get_recovery_mode_retrain_switch() directly.

BUG=b:124141368
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Icb88d6862db1782e0218276984e527638b21fd3a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39343
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-03-12 07:39:47 +00:00
dnojiri 58cf6030f5 vboot: Upgrade kernel space to v1.0
This patch upgrades the kernel space to v1.0 to accommodate EC hash,
which is used for CrOS EC's early firmware selection.

BUG=chromium:1045217
BRANCH=none
TEST=Boot Helios. Verify software sync works.

Cq-Depend: chromium:2041695
Change-Id: I525f1551afd1853cae826e87198057410167b239
Signed-off-by: dnojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39137
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-03-07 20:45:37 +00:00
Sam McNally eded500e3c security/vboot: Support enabling EC EFS with EC software sync
If the ChromeOS EC uses EC early firmware selection (EFS), the AP vboot
build must also enable EC EFS. Add an option to control this, passing it
through to vboot.

BUG=b:150742950
TEST=none
BRANCH=none

Signed-off-by: Sam McNally <sammc@chromium.org>
Change-Id: I697e90748e19d15af154011413b30c0f2a0bf52e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39272
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2020-03-06 00:28:42 +00:00
Elyes HAOUAS 2119d0ba43 treewide: Capitalize 'CMOS'
Change-Id: I1d36e554618498d70f33f6c425b0abc91d4fb952
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38928
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Peter Lemenkov <lemenkov@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-24 14:10:00 +00:00
Joel Kitching a6531a335c vboot: remove rogue vboot_struct.h include
As part of vboot1 deprecation, remove an unused vboot_struct.h
include.  coreboot is now free of vboot1 data structure use.
One vboot_api.h include remains as part of security/vboot/ec_sync.c.

BUG=b:124141368
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I042d692aa252f8f859d4005455eb6a2eabc24a87
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39024
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-24 12:47:55 +00:00
Eugene Myers 9d4f94af24 security/intel/stm: Use depends on ENABLE_VMX
The STM is a part of the core VTx and using ENABLE_VMX will make the
STM option available for any configuration that has an Intel
processor that supports VTx.

Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Change-Id: I57ff82754e6c692c8722d41f812e35940346888a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38852
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-21 09:02:06 +00:00
Eugene Myers 5544f62746 security/intel/stm: Check for processor STM support
Check to ensure that dual monitor mode is supported on the
current processor. Dual monitor mode is normally supported on
any Intel x86 processor that has VTx support.  The STM is
a hypervisor that executes in SMM dual monitor mode.  This
check should fail only in the rare case were dual monitor mode
is disabled.  If the check fails, then the STM will not
be initialized by coreboot.

Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Change-Id: I518bb2aa1bdec94b5b6d5e991d7575257f3dc6e9
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38836
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2020-02-21 09:01:57 +00:00
Joel Kitching 338e9dcd6b vboot: use vb2api_get_recovery_reason function
Use vb2api_get_recovery_reason() API function rather
than accessing vb2_shared_data internals.

Of all the vanilla verified boot code in coreboot,
this is the last remaining use of vboot's internal
data structures in coreboot.  There remains only one
sole instance in Eltan's code.

BUG=b:124141368, chromium:957880
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I845c9b14ffa830bc7de28e9a38188f7066871803
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:2055662
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38886
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-19 12:08:03 +00:00
Yu-Ping Wu 214fb9b511 security/vboot: Correct help text of VBOOT_STARTS_IN_ROMSTAGE
Since CB:37231 [1], the vboot working data has been replaced with vboot work
buffer, so corrrect the help text of option VBOOT_STARTS_IN_ROMSTAGE
accordingly.

[1] security/vboot: Remove struct vboot_working_data

BRANCH=none
BUG=chromium:1021452
TEST=none

Change-Id: I80783274179ae7582bbb4c8f9d392895623badce
Signed-off-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38900
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
2020-02-18 14:58:52 +00:00
Joel Kitching 984d0c6afe vboot: rename GBB flag FAFT_KEY_OVERIDE to FLAG_RUNNING_FAFT
This was renamed in vboot_reference CL:1977902.

BUG=b:124141368, chromium:965914
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I79af304e9608a30c6839cd616378c7330c3de00a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37462
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-17 16:02:10 +00:00
Joel Kitching 56e2f130a6 vboot: remove VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT option
With CL:1940398, this option is no longer needed.  Recovery
requests are not cleared until kernel verification stage is
reached.  If the FSP triggers any reboots, recovery requests
will be preserved.  In particular:

- Manual requests will be preserved via recovery switch state,
  whose behaviour is modified in CB:38779.
- Other recovery requests will remain in nvdata across reboot.

These functions now only work after verstage has run:
  int vboot_check_recovery_request(void)
  int vboot_recovery_mode_enabled(void)
  int vboot_developer_mode_enabled(void)

BUG=b:124141368, b:35576380
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I52d17a3c6730be5c04c3c0ae020368d11db6ca3c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38780
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-17 08:08:35 +00:00
Joel Kitching 81726663bc vboot: push clear recovery mode switch until BS_WRITE_TABLES
Serves two purposes:

(1) On some platforms, FSP initialization may cause a reboot.
Push clearing the recovery mode switch until after FSP code runs,
so that a manual recovery request (three-finger salute) will
function correctly under this condition.

(2) The recovery mode switch value is needed at BS_WRITE_TABLES
for adding an event to elog.  (Previously this was done by
stashing the value in CBMEM_ID_EC_HOSTEVENT.)

BUG=b:124141368, b:35576380
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I30c02787c620b937e5a50a5ed94ac906e3112dad
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38779
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2020-02-17 08:08:19 +00:00
Joel Kitching 814c8657cb vboot: fix up some includes
These header files need to make use of vb2_shared_data.
Remove the last vestiges of vboot1 data structures in coreboot.

BUG=b:124141368, chromium:1038260
TEST=Build locally with CL:2054269
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I61b27e33751c11aac9f8af261a75d83b003b5f92
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38884
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-14 07:21:38 +00:00
Joel Kitching 8a3bc3be92 vboot: correct workbuf size when VBOOT_STARTS_IN_ROMSTAGE
Part of the design of vboot persistent context is that the workbuf gets
placed in CBMEM and stays there for depthcharge to use in kernel
verification.  As such, the space allocated in CBMEM needs to be at least
VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE.

In the VBOOT_STARTS_IN_ROMSTAGE case, prior to this CL, vboot_get_context()
would get invoked for the first time after CBMEM comes up, and it would
only allocate VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE.

Initialize the workbuf directly in vboot_setup_cbmem() instead with the
correct VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE.

BUG=b:124141368, chromium:994060
TEST=make clean && make test-abuild
TEST=boot on GOOGLE_EVE with VBOOT_STARTS_IN_ROMSTAGE set
BRANCH=none

Change-Id: Ie09c39f960b3f14f3a64c648eee6ca3f23214d9a
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38778
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-02-10 21:25:14 +00:00
Nico Huber 9f78faedab intel/stm: Add platform opt-in Kconfig
Selecting STM on an arbitrary platform would likely result in a brick,
so let's hide the prompt by default.

Change-Id: I50f2106ac05c3efb7f92fccb1e6edfbf961b68b8
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38764
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: <cedarhouse1@comcast.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-02-09 19:36:32 +00:00
Joel Kitching ec12bd011b security/vboot: relocate vb2ex_abort and vb2ex_printf
Enabling an assertion in vb2_member_of() results in coreboot
linking vb2ex_abort() and vb2ex_printf() in ramstage.

Move these two functions from vboot_logic.c to vboot_lib.c,
which is should be enabled in all stages if CONFIG_VBOOT_LIB
is enabled.  Note that CONFIG_VBOOT_LIB is implied by
CONFIG_VBOOT.

Relevant vboot_reference commit: CL:2037263.

BUG=b:124141368, chromium:1005700
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ica0103c5684b3d50ba7dc1b4c39559cb192efa81
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38706
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
2020-02-07 03:56:44 +00:00
Eugene Myers ae438be578 security/intel/stm: Add STM support
This update is a combination of all four of the patches so that the
commit can be done without breaking parts of coreboot.  This possible
breakage is because of the cross-dependencies between the original
separate patches would cause failure because of data structure changes.

security/intel/stm

This directory contains the functions that check and move the STM to the
MSEG, create its page tables, and create the BIOS resource list.

The STM page tables is a six page region located in the MSEG and are
pointed to by the CR3 Offset field in the MSEG header.  The initial
page tables will identity map all memory between 0-4G.  The STM starts
in IA32e mode, which requires page tables to exist at startup.

The BIOS resource list defines the resources that the SMI Handler is
allowed to access.  This includes the SMM memory area where the SMI
handler resides and other resources such as I/O devices.  The STM uses
the BIOS resource list to restrict the SMI handler's accesses.

The BIOS resource list is currently located in the same area as the
SMI handler.  This location is shown in the comment section before
smm_load_module in smm_module_loader.c

Note: The files within security/intel/stm come directly from their
Tianocore counterparts.  Unnecessary code has been removed and the
remaining code has been converted to meet coreboot coding requirements.

For more information see:
     SMI Transfer Monitor (STM) User Guide, Intel Corp.,
     August 2015, Rev 1.0, can be found at firmware.intel.com

include/cpu/x86:

Addtions to include/cpu/x86 for STM support.

cpu/x86:

STM Set up - The STM needs to be loaded into the MSEG during BIOS
initialization and the SMM Monitor Control MSR be set to indicate
that an STM is in the system.

cpu/x86/smm:

SMI module loader modifications needed to set up the
SMM descriptors used by the STM during its initialization

Change-Id: If4adcd92c341162630ce1ec357ffcf8a135785ec
Signed-off-by: Eugene D. Myers <edmyers@tycho.nsa.gov>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: ron minnich <rminnich@gmail.com>
2020-02-05 18:49:27 +00:00
Wim Vervoorn 821004776f vendorcode/eltan/security: Switch to vb2 vboot library
The eltan verified_boot is using the vboot 2.1 data structures and code,
as well as the fwlib21 build target, they are all deprecated. Refer to
CB:37654 for more information.

The verified_boot code is updated to use the vb2 structures and code and
make sure only public functions are used.

BUG=N/A
TEST=build

Change-Id: I1e1a7bce6110fe35221a4d7a47c1eb7c7074c318
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38590
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2020-02-05 09:31:42 +00:00
Christian Walter c9ac0bcb98 security/tpm/tss: Add ClearControl Function
Add ClearControl Function which is needed for a follow-up patch.

Change-Id: Ia19185528fd821e420b0bdb424760c93b79523a4
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38617
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2020-02-04 16:16:20 +00:00
Julius Werner b38586f77f vboot: Remove hard dependency on MISSING_BOARD_RESET
Having a working board reset is certainly better when you're running
vboot (because otherwise you'll hang when transitioning into recovery
mode), but I don't think it should be strictly required, since it's
still somewhat usable without. This is particularly important for
certain test platforms that don't have a good way to reset but might
still be useful for vboot testing/prototyping.

Change-Id: Ia765f54b6e2e176e2d54478fb1e0839d8cab9849
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38417
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-01-25 00:08:17 +00:00
Wim Vervoorn 50337f164c security/vboot: Allow UDC regardless of vboot state
When a VBOOT enabled system is used without ChromeOS it may be valid to
allow the UDC independent of the vboot state.

Provide the option to always allow UDC when CHROMEOS is not selected.

BUG=N/A
TEST=build

Change-Id: I6142c4a74ca6930457b16f62f32e1199b8baaff8
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38403
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2020-01-18 11:17:30 +00:00
Julius Werner 815611ef56 cbfs: Remove locator concept
When vboot was first integrated into CBFS it was still part of Google
vendorcode. So to not directly tie custom vendorcode into the core CBFS
library, the concept of cbfs_locator was introduced to decouple core
code from an arbitrary amount of platform-specific implementations that
want to decide where the CBFS can be found.

Nowadays vboot is a core coreboot feature itself, and the locator
concept isn't used by anything else anymore. This patch simplifies the
code by removing it and just calling vboot from the CBFS library
directly. That should make it easier to more closely integrate vboot
into CBFS in the future.

Change-Id: I7b9112adc7b53aa218c58b8cb5c85982dcc1dbc0
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38419
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-01-18 10:51:04 +00:00
Elyes HAOUAS 58f3fd636c src/security: Fix typos
Change-Id: I238fce2d48cf62003a701f972a87974415419538
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38198
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
2020-01-10 15:20:57 +00:00
Elyes HAOUAS 4200a52263 src: Remove unused include <string.h>
Change-Id: Ic6b66dd8fa387e67bb0ce609fb7e2553eeb66b3c
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37888
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-26 10:45:37 +00:00
Bill XIE cdf6f3a4ba security/vboot: Add a dedicated flag for building of vboot library
As discussed in CB:35077, since both measured boot and verified boot
depends on vboot library, it had better to introduce a dedicated flag
CONFIG_VBOOT_LIB to control the building and linking of the vboot
library, and make other flags needing vboot library select it. Only
the actual verification stuff should be conditional on CONFIG_VBOOT.

Change-Id: Ia1907a11c851ee45a70582e02bdbe08fb18cc6a4
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37787
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
2019-12-20 17:58:44 +00:00
Elyes HAOUAS 94b503094f src/security: Remove unused <stdlib.h>
Change-Id: I0b5c375baf7911ebced2f8c43a88aae014c877ad
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33694
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-12-19 05:24:07 +00:00
Arthur Heymans 494b031eb7 arch/x86: Drop uses of ROMCC_BOOTBLOCK
Change-Id: Ia0405fdd448cb31b3c6ca3b3d76e49e9f430bf74
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37339
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-12-19 03:26:27 +00:00
Joel Kitching 85d44f4a5e vboot: remove 2lib headers from Makefile
Only headers from firmware/lib should be imported.
As far as I can tell, nothing imports 2lib headers
directly anymore, so we can get rid of this CFLAG.

BUG=b:124141368, chromium:968464
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ie5f3fe1d0180113b332e57ed07d4cfe563e7ecf2
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37786
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-18 09:47:40 +00:00
Julius Werner 413a742ad9 vboot: Fix MOCK_SECDATA for new naming scheme
CB:37655 updated all secdata_xxx to secdata_firmware_xxx, but forgot the
code that's only compiled when MOCK_SECDATA is set. This patch fixes it.

Change-Id: Icf12fe405d7ce46345ccbdcb76f6aa1b56ed0194
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37772
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Joel Kitching <kitching@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-12-18 06:31:30 +00:00
Julius Werner f8e1764bb9 security/vboot: Ensure firmware body size is respected again
CB:36845 simplified how coreboot finds the RW CBFS after vboot has and
eliminated a layer of caching. Unfortunately, we missed the fact that
the former cached value didn't exactly match the FMAP section... it was
in fact truncated to the data actually used by vboot. That patch
unintentionally broke this truncation which leads to performance
regressions on certain CBFS accesses.

This patch makes use of a new API function added to vboot (CL:1965920)
which we can use to retrieve the real firmware body length as before.

(Also stop making all the vb2_context pointers const. vboot generally
never marks context pointers as const in its API functions, even when
the function doesn't modify the context. Therefore constifying it inside
coreboot just makes things weird because it prevents you from calling
random API functions for no reason. If we really want const context
pointers, that's a refactoring that would have to start inside vboot
first.)

This patch brings in upstream vboot commit 4b0408d2:
2019-12-12 Julius Werner   2lib: Move firmware body size reporting to
			   separate function

Change-Id: I167cd40cb435dbae7f09d6069c9f1ffc1d99fe13
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37680
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mathew King <mathewk@chromium.org>
2019-12-13 20:14:26 +00:00
Joel Kitching 928511add1 vboot: update secdata naming scheme
secdata -> secdata_firmware
  secdatak -> secdata_kernel

BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ie2051de51c8f483a8921831385557fad816eb9fb
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37655
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-12 17:19:09 +00:00
Joel Kitching 9e052c2b6c vboot: remove old vboot_fill_handoff function header
This function was removed in CB:33535.

BUG=b:124141368
TEST=make clean && make runtests
BRANCH=none

Change-Id: Ifded75319c92dcbb4befbb3fbecc1cd2df8a9ad0
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37588
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-10 11:20:21 +00:00
Tim Wawrzynczak 14dd073e80 EC sync: Properly handle VBERROR return codes from vb2api_ec_sync
Some return codes were missed when implementing this initially; the vboot
logic can require the system to command the EC to reboot to its RO, switch
RW slots or it can require a poweroff of the SoC.  This patch appropriately
handles these return codes.

BUG=b:145768046
BRANCH=firmware-hatch-12672.B
TEST=ODM verified this patch fixes the issues seen.

Change-Id: I2748cf626d49c255cb0274cb336b072dcdf8cded
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37562
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-09 09:39:29 +00:00
Julius Werner 683657e93a vboot: Clear secdata change flags after factory init
factory_initialize_tpm() calls secdata_xxx_create() (for both firmware
and kernel space) and then immediately writes those spaces out to the
TPM. The create() functions make vboot think it just changed the secdata
(because it reinitialized the byte arrays in the context), so we also
need to clear the VB2_CONTEXT_SECDATA_xxx_CHANGED flags again, otherwise
vboot thinks it still needs to flush the spaces out to the TPM even
though we already did that.

Also clean up some minor related stuff (VB2_CONTEXT_SECDATA_CHANGED
notation is deprecated, and secdata space intialization should use the
same write-and-readback function we use for updates).

Change-Id: I231fadcf7b35a1aec3b39254e7e41c3d456d4911
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37471
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-06 05:23:33 +00:00
Joel Kitching 1debc0c101 vboot: update VbExNvStorageWrite function
Going forwards, vb2ex_commit_data will be used to flush both
nvdata and secdata.

The patch that is circularly dependent on this lies between a patch that
makes vboot no longer build and the patch that fixes that, so we have to
pull the whole thing in at once to sort out the mess.

Updating from commit id 1c4dbaa0:
2019-11-18 Julius Werner   Makefile: Fix typo for MOCK_TPM

to commit id 695c56dc:
2019-12-04 Julius Werner   Makefile: Make loop unrolling fully
                           controllable by the caller

BUG=b:124141368, chromium:1006689
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ia2612da0df101cd3c46151dbce728633a39fada1
Signed-off-by: Joel Kitching <kitching@google.com>
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37315
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-06 05:23:26 +00:00
Elyes HAOUAS 68ec3eb1f0 src: Move 'static' to the beginning of declaration
Change-Id: I9b2cc1bb58922d9e32202ea4c20b9aacfe308bad
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33673
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-12-02 15:56:40 +00:00
Yu-Ping Wu 63b9700b2c lib/coreboot_table: Add CBMEM_ID_VBOOT_WORKBUF pointer to coreboot table
Since struct vb2_shared_data already contains workbuf_size and
vboot_workbuf_size is never used in depthcharge, remove it from struct
sysinfo_t. In addition, remove lb_vboot_workbuf() and add
CBMEM_ID_VBOOT_WORKBUF pointer to coreboot table with
add_cbmem_pointers(). Parsing of coreboot table in libpayload is
modified accordingly.

BRANCH=none
BUG=chromium:1021452
TEST=emerge-nami coreboot libpayload depthcharge; Akali booted correctly

Change-Id: I890df3ff93fa44ed6d3f9ad05f9c6e49780a8ecb
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-12-02 13:00:45 +00:00
Yu-Ping Wu a2962daf6f security/vboot: Remove struct vboot_working_data
After CB:36808, CB:36844 and CB:36845, all fields except buffer_offset
were removed from struct vboot_working_data. Since buffer_offset is used
to record the offset of the workbuf relative to the whole structure, it
is no longer needed.

This patch removes the structure, and renames vboot_get_working_data()
to vboot_get_workbuf().

BRANCH=none
BUG=chromium:1021452
TEST=emerge-nami coreboot

Change-Id: I304a5e4236f13b1aecd64b88ca5c8fbc1526e592
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37231
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
2019-12-02 13:00:36 +00:00
Arthur Heymans 0ca944b16f security/tpm: Drop CAR_GLOBAL_MIGRATION support
Change-Id: I1c09eda6164efb390de4626f52aafba59962f9c4
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37029
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-29 09:08:33 +00:00
Arthur Heymans 344e86bb3b security/vboot: Drop CAR_GLOBAL_MIGRATION support
Change-Id: I9dee03da028b9111b685e325368815a86e444a47
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37028
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-29 09:05:04 +00:00
Julius Werner d618aaceae security/vboot: Use persistent context to read GBB flags
With the persistent vboot context coreboot no longer needs to read GBB
flags from flash itself -- it can just ask vboot for the cached result.
This patch removes the existing GBB code and provides gbb_is_flag_set()
(with a slightly better namespaced name) as a static inline instead.

Change-Id: Ibc3ed0f3fbeb53d630925d47df4dc474b0ed07ee
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37261
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-28 07:03:20 +00:00
Jacob Garber a3eb125238 security/vboot: Remove duplicate offsetof() definition
This macro is already defined in commonlib/helpers.h

Change-Id: I1fce2936757b13807e254f4a844f583b938bf349
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37181
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Alex James <theracermaster@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-26 11:46:06 +00:00
Arthur Heymans c05b1a66b3 Kconfig: Drop the C_ENVIRONMENT_BOOTBLOCK symbol
The romcc bootblock will be deprecated soon and most platforms use
C_ENVIRONMENT_BOOTBLOCK already. This patch drops the
CONFIG_C_ENVIRONMENT_BOOTBLOCK symbol and adds CONFIG_ROMCC_BOOTBLOCK
where needed.

Change-Id: I773a76aade623303b7cd95ebe9b0411e5a7ecbaf
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37154
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
2019-11-25 09:17:38 +00:00
Kyösti Mälkki 75396f67aa Makefiles: Remove -D__PRE_RAM__
All cases of testing for __PRE_RAM__ have been converted
to equivalent ENV_xxx definitions from <rules.h>.

Change-Id: Ib6cd598f17109cc1072818cebe4791f7410c3428
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/37075
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-22 06:27:21 +00:00
Arthur Heymans 15c012181d drivers/intel/fsp1_0: Drop support
No platform is using this.

Change-Id: I3ea6df4d9ce9043755f319f699adc189d754df1f
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36985
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2019-11-21 06:47:43 +00:00
Arthur Heymans f67c81fc70 soc/intel/fsp_broadwell_de: Drop support
Relocatable ramstage, postcar stage and C_ENVIRONMENT_BOOTBLOCK are
now mandatory features, which this platform lacks.

Change-Id: I8b6502b0894f9e2b8b1334871d7b6cde65cba7d4
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36984
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
2019-11-21 06:43:29 +00:00
Tim Wawrzynczak baeced336a security/vboot: Build vboot library with same .a that depthcharge uses
Currently, depthcharge and coreboot are using two different vboot libraries.
coreboot is using "fwlib20", while depthcharge uses "fwlib".  The only
difference between the two libraries is the inclusion of vboot1-only
compilation units in fwlib, which are now deprecated.  Therefore, coreboot
may as well use fwlib too.  Vboot is expected to converge on a single firmware
library soon.

BUG=none
BRANCH=none
TEST=compiles and runs verstage correctly

Change-Id: I905b781c3596965ec7ef45a2a7eafe15fdd4d9cc
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36341
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-20 13:30:44 +00:00
Tim Wawrzynczak f9e74991d3 security/vboot/sync_ec: Add timestamps
Add 4 new timestamps to the EC software sync flow:
1) Beginning of EC software sync
2) EC finished calculating Vboot hash
3) EC is no longer requesting power limiting
4) End of EC software sync

BUG=none
BRANCH=none
TEST=verified timestamps show up in cbmem log

Change-Id: I6e5703c146b5ec27d01700fdb39cb3d2092ea8a8
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36209
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20 13:30:09 +00:00
Tim Wawrzynczak d6fc557b93 security/vboot: Add vboot callbacks to support EC software sync
Use the new functions introduced into the EC driver to support
performing EC software sync via vboot callbacks.

NOTE: This patch assumes that the EC image is added to CBFS
uncompressed.  Streaming decompression of the image will be added in a
future patch.

Also adds a new Kconfig option VBOOT_EARLY_EC_SYNC.  The new Kconfig
option compiles EC software sync into romstage, dependent upon having a
CrOS EC.

BUG=b:112198832
BRANCH=none
TEST=Successful EC software sync

Change-Id: I9b1458a45ab3ed5623af50f78036c4f88461b226
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36208
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-20 13:29:49 +00:00
Aaron Durbin fe338e2319 cbfs: switch to region_device for location APIs
Drop struct cbfs_props and replace with struct region_device object.
The goal of the cbfs locator APIs are to determine the correct region
device to find the cbfs files. Therefore, start directly using struct
region_device in the cbfs location paths. Update the users of the API
and leverage the default boot region device implementation for
apollolake.

Change-Id: I0158a095cc64c9900d8738f8ffd45ae4040575ea
Signed-off-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36939
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20 13:27:44 +00:00
Yu-Ping Wu aeb652a4a0 security/vboot: Remove selected_region from struct vboot_working_data
Since we already have pre-RAM cache for FMAP (CB:36657), calling
load_firmware() multiple times is no longer a problem. This patch
replaces vboot_get_selected_region() usage with vboot_locate_firmware(),
which locates the firmware by reading from the CBMEM cache.

In addition, returning false from vboot_is_slot_selected() implies the
recovery path was requested, i.e., vb2_shared_data.recovery_reason was
set. Therefore, we simply remove the vboot_is_slot_selected() check from
vboot_check_recovery_request().

BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot

Change-Id: I27cb1a2175beb189053fc3e44b17b60aba474bb0
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36845
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20 13:26:17 +00:00
Yu-Ping Wu ea544574d0 security/vboot: Remove buffer_size from struct vboot_working_data
Since buffer_size is no longer used, remove it from struct
vboot_working_data.

BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot

Change-Id: Ie770e89b4a45e0ec703d5bbb8fb6a298ce915056
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36844
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-20 13:25:05 +00:00
Yu-Ping Wu 29c8fa4769 security/vboot: Remove vboot_named_region_device(_rw)
Remove vboot_named_region_device(_rw) and use
fmap_locate_area_as_rdev(_rw) directly.

BRANCH=none
BUG=none
TEST=emerge-kukui coreboot

Change-Id: I244ac4e01ae5b80285162b3baffc0b30aa057bfb
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36922
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-11-19 15:29:20 +00:00
Julius Werner a2148377b5 include: Make stdbool.h a separate file
This patch moves the traditional POSIX stdbool.h definitions out from
stdint.h into their own file. This helps for using these definitions in
commonlib code which may be compiled in different environments. For
coreboot everything should chain-include this stuff via types.h anyway
so nothing should change.

Change-Id: Ic8d52be80b64d8e9564f3aee8975cb25e4c187f5
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36837
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-11-18 22:47:13 +00:00
Wim Vervoorn e7087a19bc security/vboot: Add config option to always enable the display
In order to always show the bootlogo very early in coreboot we need the
option to always enable the display when VBOOT is enabled.

To do this a config option is added to make sure this functionality can
be provided without interfering with systems that require the standard
VBOOT display handing.

BUG=N/A
TEST=tested on facebook fbg1701.

Change-Id: I3ffaac85d2082717bb9608d536f7cec66a583789
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36547
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-16 20:45:30 +00:00
Joel Kitching c50847e51e vboot: remove vboot_possibly_executed function
vboot_possibly_executed previously provided some better
compile-time code elimination, before CB:32716 made
vboot_logic_executed capable of that directly.

BUG=b:124141368,
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: If5ca8f03c51e1ced20e1215b1cfdde54da3d001f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36863
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-16 20:38:50 +00:00
Patrick Georgi 751c496c74 vboot: update comment
The comment in the source referred to an earlier approach, so update
it to match current reality.

Change-Id: I9a23ec0a719fb623cfd465c397ef7ef16550b93c
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36862
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
2019-11-16 20:38:30 +00:00
Yu-Ping Wu 9fc8cf89e8 security/vboot: Remove flags from struct vboot_working_data
Since now we have persistent context, the usage of the flags can be
replaced with vb2_context.flags.

BRANCH=none
BUG=chromium:1021452
TEST=emerge-kukui coreboot

Change-Id: I8e5757a8cc09712c3acde9cbaab910b7498681b4
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-11-15 10:37:46 +00:00
Joel Kitching 2332c7459e vboot: use vboot persistent context
vb2_context object is now stored on the workbuf as part of
vb2_shared_data.  Use vboot's new API functions vb2api_init
and vb2api_relocate to create and move the workbuf.

BUG=b:124141368, chromium:994060
TEST=Build locally
BRANCH=none

Change-Id: I051be1e47bf79b15a1689d49a5d4c031e9363dfa
Signed-off-by: Joel Kitching <kitching@google.com>
Also-Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/coreboot/+/1902339
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36300
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Maulik V Vaghela <maulik.v.vaghela@intel.com>
2019-11-15 10:37:13 +00:00
Wim Vervoorn dd0dc1ac92 security/intel: Hide Intel submenu when INTEL TXT is disabled
An empty submenu Intel is displayed in security menu when INTEL_TXT is
disabled.
Enable submenu Intel only when INTEL_TXT is enabled.

BUG=N/A
TEST=build

Change-Id: Iff1d84ff60a15259b60c6205a63a27ecb26346a3
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36852
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-11-14 16:00:45 +00:00
Wim Vervoorn a1c259beef security/vboot: Add rw_region_only support to vboot
In some case where the flash space is limited or when a large payload such as LinuxBoot
is used, the RO region may not be large enough to contain all components that would
normally be added.

This patch adds the possibility to add specific components to the RW regions only in
the same way as the RO_ONLY_SUPPORT does for the RO region.

Please note: this applies only to the items that would normally be added to all regions.
If the payload is directed to the RW region only, a recovery payload needs to be added
to the RO region manually.

BUG=N/A
TEST=build

Change-Id: Ie0df9b5dfc6df4f24efc5582a1aec9ecfb48c44d
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36544
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-11 10:38:34 +00:00
Wim Vervoorn 114e2e8830 lib/cbfs: Add fallback to RO region to cbfs_boot_locate
With this change cbfs_boot_locate will check the RO (COREBOOT) region if
a file can not be found in the active RW region. By doing so it is not
required to duplicate static files that are not intended to be updated
to the RW regions.

The coreboot image can still be updated by adding the file to the RW
region.

This change is intended to support VBOOT on systems with a small flash
device.

BUG=N/A
TEST=tested on facebook fbg1701

Change-Id: I81ceaf927280cef9a3f09621c796c451e9115211
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36545
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-07 14:12:00 +00:00
Arthur Heymans 214661e00c security/vboot/Kconfig: Remove unused symbols
Change-Id: I417a2ff45b4a8f5bc800459a64f1c5a861fcd3d5
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36605
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-11-06 13:57:02 +00:00
Wim Vervoorn 1058dd84f0 security/vboot: Removed vboot_prepare from vboot_locator
When prog_locate() is called in the stage VBOOT is starting from and the
image to be loaded is not the target image vboot_prepare() may be called
too early.

To prevent this vboot_prepare() is removed from the vboot_locator
structure. This allows more control over the start of the vboot logic.

To clarify the change the vboot_prepare() has been renamed to
vboot_run_logic() and calls to initialize vboot have been added at the
following places:

postcar_loader: when VBOOT starts in ROMSTAGE
romstage_loader: when VBOOT starts in BOOTBLOCK
ramstage_loader: when VBOOT starts in ROMSTAGE

BUG=N/A
TEST=tested on facebook fbg1701

Change-Id: Id5e8fd78458c09dd3896bfd142bd49c2c3d686df
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36543
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-11-05 15:03:44 +00:00
Martin Roth 468d02cc82 src/[northbridge,security]: change "unsigned" to "unsigned int"
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: If6b5930f78c3da6dcefaa7b6202cd0424a24525b
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36331
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-10-27 18:12:50 +00:00
Elyes HAOUAS 0edf6a59f8 src: Use 'include <boot/coreboot_tables.h>' when appropriate
Change-Id: I3d90e46ed391ce323436750c866a0afc3879e2e6
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36359
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-10-27 17:48:30 +00:00
Patrick Rudolph 0e6e457702 security/memory: Add x86_64 support
Fix compiler warning by adding an additional check for the fastpath
memset.

Change-Id: I9a80438995bafe7e436f3fe2180b8c9574eeff23
Signed-off-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35682
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-10-20 11:30:47 +00:00
Patrick Rudolph d9c799c529 build: Mark bootblock files on x86 as IBB
* Add cbfsoption --ibb to mark files as IBB
* Will be used by "Legacy FIT TXT" boot

Change-Id: I83313f035e7fb7e1eb484b323862522e28cb73d4
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31497
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-10-18 15:38:19 +00:00
Arthur Heymans 6d5fcf4fbe security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startup
There are use cases where TPM has already been set up in a previous
stage, e.g. TXT or when a CPU reset without a platform reset happens.
If this is the case the TPM startup will return a
INVALID_POSTINIT (return code 0x26). This adds a Kconfig to allow
platforms to disregard that return code.

Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36027
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-10-17 15:07:31 +00:00
Joel Kitching f350768a82 vboot: add new vb2ex_abort callback
Required for new VB2_ASSERT and VB2_DIE macros in vboot code.
(See chromium:972956.)

BUG=b:124141368, chromium:1005700
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I61a1036ccab80862d6eb12f9f72286f29e8478cf
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36035
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-10-16 05:47:25 +00:00
Hung-Te Lin 117453e890 vboot: create board-specific test-only GBB HWID if not set
The HWID in vboot GBB is an identifier for machine model. On Chrome OS,
that should be provisioned in manufacturing process (by collecting real
hardware information), and will be checked in system startup.

For bring up developers, they usually prefer to generate a test-only
string for HWID. However that format was not well documented and cause
problems. Further more, most Chromebooks are using HWID v3+ today while
the test-only HWID is usually v2. Non-Chrome OS developers may also
prefer their own format.

To simplify development process, the GBB_CONFIG now defaults to empty
string, and will be replaced by a board-specific test-only v2 HWID
automatically. Developers can still override that in mainboard Kconfig
if they prefer v3 or other arbitrary format.

BUG=b:140067412
TEST=Built 'kukui' successfully. Removed kukui GBB config and built
     again, still seeing correct test HWID.

Change-Id: I0cda17a374641589291ec8dfb1d66c553f7cbf35
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35634
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-09-30 11:33:20 +00:00
Andrey Pronin 31839f3c45 vboot: extend BOOT_MODE_PCR to SHA256 bank on TPM2
With the support of various algorithms and banks in tlcl_extend(),
digest_algo parameter of tpm_extend_pcr() started defining the target
PCR bank in TPM2 case.

The OS expects coreboot to extend the SHA256 bank of BOOT_MODE_PCR.
The value that the OS expects coreboot to extend into BOOT_MODE_PCR
is the SHA1 digest of mode bits extended to the length of SHA256 digest
by appending zero bytes.

Thus the correct value for digest_algo passed into tpm_extend_pcr() for
BOOT_MODE_PCR is TPM_ALG_SHA256.

This didn't matter until adding the support for multiple digest introduced
by patches like https://review.coreboot.org/c/coreboot/+/33252, as
tlcl_extend always used SHA256 bank before.

Change-Id: I834fec24023cd10344cc359117f00fc80c61b80c
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35476
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-21 01:13:54 +00:00
Elyes HAOUAS 087504f142 src/security: Remove unused #include <fmap.h>
Change-Id: I9db59d5db2ed3e792251a94b67fb277d9160e4e8
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33734
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-15 20:42:15 +00:00
Kyösti Mälkki b590a04f78 security/vboot: Replace use of __PRE_RAM__
Change-Id: Ibaeda2762c733fdbe48979b635cc0cfd7ee4295d
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35387
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-13 19:29:18 +00:00
Julius Werner b3426c03b4 Revert "security/tpm/tss/tcg-2.0: Add multi digits support to tlcl_extend()"
This reverts commit fdb9805d68.

CB:33252 wasn't reviewed by a TPM maintainer and breaks abstraction
layers (pulling TSS-details into TSPI, completely changing
interpretation of the arguments to tlcl_extend() based on TSS version).
It's also not clear why it was implemented the way it was (should have
been much easier and cleaner ways to achieve the same thing).

Since the author is not reacting, let's revert it for now. It can be
cleaned up and resubmitted later. (Not reverting the header changes
since those are not objectionable, and there are later patches dependent
on it.)

Change-Id: Ice44f55c75a0acc07794fe41c757a7bca75406eb
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35351
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-11 22:14:54 +00:00
Jacob Garber c563d34fc1 security/tpm: Use correct hash digest lengths
TPMU_HA is a union of all the different hash digests, and so
sizeof(TPMU_HA) evaluates to 64 (the size of the largest one). This will
lead to out-of-bounds writes when copying smaller digests, so use the
specific digest size for each algorithm.

Change-Id: Ic9101f157d5a19836b200ecd99f060de552498d2
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 14049{49,50,51,52,53,54,55,56,57,58,60,61,62}
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35287
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-09-07 01:02:43 +00:00
Frans Hendriks aa771cb19f security/tpm/tss/tcg-2.0: Add support for algorithms
Function marshal_TPMT_HA() supports SHA-256 only.
Add support for more algorithms.

BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701

Change-Id: Ife8d44484c7a7cb717035e5ae0870bbee205661b
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35276
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-06 15:32:10 +00:00
Frans Hendriks fdb9805d68 security/tpm/tss/tcg-2.0: Add multi digits support to tlcl_extend()
To support multi digists the tlcl_extend() for TPM2 expects
TPML_DIGEST_VALUE pointer as input argument.

BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701

Change-Id: I8d86c41c23e4e93a84e0527d7cddcfd30d5d8394
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33252
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
2019-09-05 14:54:52 +00:00
Frans Hendriks 7e220cac2d security/tpm/tss/tcg-2.0: Use tlcl_get_hash_size_from_algo() for hash size
mashal_TPMT_HA() uses size of SHA-256 hash.
Use tlcll_get_hash_size_from_algo() to determince the hash size.

BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701

Change-Id: I739260e13e9cd10a61d52e13e8741b12ec868d7f
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33251
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2019-09-03 23:48:58 +00:00
Joel Kitching 4d9d964276 vboot: remove fastboot support
Fastboot support in vboot_reference is unused, unmaintained, and
produces compile errors when enabled.  Since there is no current
or planned use cases for fastboot, remove it.

BUG=b:124141368, chromium:995172
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I06ea816ffb910163ec2c3c456b3c09408c806d0b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35002
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-09-02 05:48:35 +00:00
Patrick Rudolph 5fffb5e30d security/intel: Add TXT infrastructure
* Add Kconfig to enable TXT
* Add possibility to add BIOS and SINIT ACMs
* Set default BIOS ACM alignment
* Increase FIT space if TXT is enabled

The following commits depend on the basic Kconfig infrastructure.
Intel TXT isn't supported until all following commits are merged.

Change-Id: I5f0f956d2b7ba43d4e7e0062803c6d8ba569a052
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34585
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
2019-09-02 04:52:04 +00:00
Kyösti Mälkki 117cf2bdcb Split MAYBE_STATIC to _BSS and _NONZERO variants
These are required to cover the absensce of .data and
.bss sections in some programs, most notably ARCH_X86
in execute-in-place with cache-as-ram.

Change-Id: I80485ebac94b88c5864a949b17ad1dccdfda6a40
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35003
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-26 20:56:29 +00:00
Joel Kitching 220ac049ba vboot: update vboot2 functions to use new vb2_error_t
To make explicit when vboot2 error codes should be returned,
use the new vb2_error_t type on all functions which return
VB2_ERROR_* constants.

Additionally, add required vboot submodule commit id e6700f4c:
    2019-07-31 14:12:30 +0800 - (vboot: update vboot2 functions to use new vb2_error_t)

NOTE: This patch was merged separately on the Chromium tree:
https://chromium-review.googlesource.com/c/1728499

BUG=b:124141368, chromium:988410
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I804c2b407e496d0c8eb9833be629b7c40118415c
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1728292
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34860
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-21 09:32:45 +00:00
Joel Kitching 544b572c07 vboot: use vboot2 API to set initial secdatak value
Previously, the initial value for secdatak was embedded
in secdata_tpm.c as a uint8_t array.  Switch to using
vb2api_secdatak_create instead, and write the value in
ctx->secdatak.

Remove an unnecessary call to vb2api_secdata_create in
_factory_initialize_tpm.

BUG=b:124141368, chromium:972956
TEST=make clean && make test-abuild
BRANCH=none

TEST=Check that size and value of initial secdatak
     has not changed.  Apply the patch below and
     check for this output:
_factory_initialize_tpm():266: _factory_initialize_tpm: secdatak sizes are identical? 1
_factory_initialize_tpm():269: _factory_initialize_tpm: secdatak values are identical? 1

diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index ff62185107..c1818b482f 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -148,6 +148,18 @@ static uint32_t write_secdata(uint32_t index,
        return TPM_E_CORRUPTED_STATE;
 }

+/*
+ * This is derived from rollback_index.h of vboot_reference. see struct
+ * RollbackSpaceKernel for details.
+ */
+static const uint8_t secdata_kernel[] = {
+       0x02,
+       0x4C, 0x57, 0x52, 0x47,
+       0x00, 0x00, 0x00, 0x00,
+       0x00, 0x00, 0x00,
+       0xE8,
+};
+
 /*
  * This is used to initialize the TPM space for recovery hash after defining
  * it. Since there is no data available to calculate hash at the point where TPM
@@ -250,6 +262,11 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
         * indication that TPM factory initialization was successfully
         * completed.
         */
+       VBDEBUG("%s: secdatak sizes are identical? %d\n", __func__,
+               sizeof(secdata_kernel) == sizeof(ctx->secdatak));
+       VBDEBUG("%s: secdatak values are identical? %d\n", __func__,
+               memcmp(secdata_kernel, ctx->secdatak,
+                      sizeof(secdata_kernel)) == 0);
        RETURN_ON_FAILURE(set_kernel_space(ctx->secdatak));

        if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
@@ -452,7 +469,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)

        /* Read the firmware space. */
        rv = read_space_firmware(ctx);
-       if (rv == TPM_E_BADINDEX) {
+       if (true) {
                /*
                 * This seems the first time we've run. Initialize the TPM.
                 */

Change-Id: I74261453df6cc55ef3f38d8fb922bcc604084c0a
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1652874, chromium:1655049
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33386
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-21 04:30:33 +00:00
Joel Kitching 2a20d13c39 vboot: fix conditional using vboot_setup_tpm return value
vboot_setup_tpm returns (TPM_SUCCESS == 0) on success.
In this case, call antirollback_read_space_firmware.

This regression was introduced in CB:34510.

BUG=b:139101213
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ifdea1d85167a50a1ada5afe9b107408e3a2e0d6f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34790
Reviewed-by: Subrata Banik <subrata.banik@intel.com>
Reviewed-by: Aamir Bohra <aamir.bohra@intel.com>
Reviewed-by: Ronak Kanabar <ronak.kanabar@intel.com>
Reviewed-by: V Sowmya <v.sowmya@intel.com>
Reviewed-by: caveh jalali <caveh@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-08 07:03:24 +00:00
Joel Kitching 2c469ad79c tpm/tspi: include vb2_sha for vb2_get_hash_algorithm_name
BUG=b:124141368
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I2e04c16e309d765353f152203a44e90d997394d1
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34742
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-08 03:20:45 +00:00
Christian Walter 0bd84ed250 security/vboot: Add Support for Intel PTT
Add support for Intel PTT. For supporting Intel PTT we need to disable
read and write access to the TPM NVRAM during the bootblock. TPM NVRAM
will only be available once the DRAM is initialized. To circumvent this,
we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is,
that the iTPM only supports a stripped down instruction set while the
Intel ME is not fully booted up. Details can be found in Intel document
number 571993 - Paragraph 2.10.

Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-06 12:07:49 +00:00
Christian Walter 7706a04c60 drivers/crb: Add CRB driver for TPM2 support
Add the Command Response Buffer which is defined in the TPM 2.0 Specs.
CRB can be specified with MAINBOARD_HAS_CRB_TPM, even though it is
actually SoC/SB specific.

Change-Id: I477e45963fe3cdbc02cda9ae99c19142747e4b46
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34106
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
2019-07-31 10:58:36 +00:00
Christian Walter 90cf4bb02a Revert "src/security/vboot: Add option to skip display init with vboot 2.0"
This reverts commit 598af2e2c2.

Reason for revert: This commit breaks every board with VBOOT enabled
if the platform is apollolake, broadwell, skylake, baswell, baytrails
or icelake. The reason is, that the SoC selects
VBOOT_MUST_REQUEST_DISPLAY by default, and this has a dependency now
on VBOOT_MAY_SKIP_DISPLAY_INIT. This will only be auto-selected if
it is a CHROMEOS platform.

Change-Id: I3872d9aa993326ded135d8a5d950d5b1b1eddf34
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34308
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-29 17:21:09 +00:00
Joel Kitching 7b10debe2e vboot: relocate call to vboot_save_recovery_reason_vbnv
Relocate call to vboot_save_recovery_reason_vbnv and rename
vb2_clear_recovery_reason_vbnv for consistency.

BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I111cc23cf3d4b16fdb058dd395ac17a97f23a53f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33551
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-07-23 12:07:16 +00:00
Joel Kitching 452aaae601 vboot: deprecate vboot_handoff structure
vboot_handoff is no longer used in coreboot, and is not
needed in CBMEM or cbtable.

BUG=b:124141368, b:124192753
TEST=make clean && make runtests
BRANCH=none

Change-Id: I782d53f969dc9ae2775e3060371d06e7bf8e1af6
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33536
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-23 12:07:07 +00:00
Frans Hendriks 589eff7e47 security/tpm/tss/tcg-2.0: Add TPM2 function tlcl_getcapability()
Add function tlcl_getcapability() to return TPM2 capability.
To support TPM2 capability TPM_CAP_PCRS handling is added to
unmarshal_get_capability().

BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701

Change-Id: I85e1bd2822aa6e7fd95ff2b9faa25cf183e6de37
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30826
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-19 09:56:56 +00:00
Sukerkar, Amol N 598af2e2c2 src/security/vboot: Add option to skip display init with vboot 2.0
This config option, when set, will allow the platform to skip display
initialization in normal (non-developer, non-recovery) mode. This allows
platforms that do not implement firmware UI in normal mode to skip the
display init in firmware.

TEST=Set option CONFIG_VBOOT and clear CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT
     and the display should initialize in ramstage when platform boots. Set
     CONFIG_VBOOT and set CONFIG_VBOOT_MAY_SKIP_DISPLAY_INIT and the display
     initialization should be skipped in coreboot.

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
Change-Id: Icadad6da34dcb817af02868e89a94ea62dbfa7b3
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33844
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-07-07 20:09:24 +00:00
Julius Werner eda20b677f vboot: Use CONFIG_VBOOT_MIGRATE_WORKING_DATA on all platforms
When we added CONFIG_VBOOT_MIGRATE_WORKING_DATA, the idea was that on
some Arm platforms the original working data buffer was in SRAM, which
stays accessbile for the whole runtime of the system. There is no reason
to migrate it into CBMEM on those platforms because ramstage and the
payload could continue to access it in SRAM.

Now that we've had a couple of months of experience with this option, we
found that most of our Arm platforms have some issue that requires
migrating anyway, because BL31 often claims SRAM for itself and makes it
inaccessible to the payload. On the remaining platforms, accessing SRAM
from the payload is possible but still an issue, because libpayload
doesn't have enough memory layout information to set up proper page
tables for it, so we're accessing it uncached and at risk of alignment
errors.

Rather than having to figure out how to map the right SRAM range for
every platform in the payload, let's just get rid of the option.
memcpy()ing 12KB isn't worth this much hassle.

Change-Id: I1b94e01c998f723c8950be4d12cc8f02b363a1bf
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33952
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
2019-07-03 00:38:41 +00:00
Patrick Rudolph a19b07fec1 security/memory: Clear memory in ramstage
* Add architecture independend way of clearing all DRAM
* Implemented in ramstage as MTRRs need to be set to speed up
  clearing. Takes up to 15 seconds per GiB otherwise.
* Use memset_pae on x86
* Add quirks for FSP1.0

Tested on P8H61M-Pro:
* Clears 4GiB in less than 1 second
Tested on wedge100s:
* Clears 8GiB in 2 seconds

Change-Id: Idaadb8fb438e5b95557c0f65a14534e8762fde20
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31550
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-07-02 08:46:00 +00:00
Frans Hendriks 3891d272a0 security/tpm/tss/tcg-2.0/tss.c: Add debug message to tlcl_lib_init()
No message is reported in tlcl_lib_init() when tis_init() or tis_open()
returned an error value.
Add debug string.

BUG=N/A
TEST=Build binary and verified logging on Facebook FBG-1701

Change-Id: I522e488ddd3a1bd94a1a8c8470c757bd79c6d5c5
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33415
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
2019-07-01 08:31:26 +00:00
Patrick Rudolph 1b35295ec2 security: Add memory subfolder
Add files to introduce a memory clearing framework.
Introduce Kconfig PLATFORM_HAS_DRAM_CLEAR that is to be selected by
platforms, that are able to clear all DRAM.

Introduce Kconfig SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT that is user
selectable to always clear DRAM on non S3 boot.

The function security_clear_dram_request tells the calling platform when
to wipe all DRAM. Will be extended by TEE frameworks.

Add Documentation for the new security API.

Change-Id: Ifba25bfdd1057049f5cbae8968501bd9be487110
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31548
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
2019-06-27 10:02:04 +00:00
Joel Kitching eb20320d7b vboot: remove vboot_handoff step
Depthcharge no longer reads this data structure, and uses
the vboot workbuf in vboot_working_data instead.

Since vboot2 downstream migration is not yet completed, the
vboot2 -> vboot1 migration code is still required, but has
been relocated to depthcharge.

BUG=b:124141368, b:124192753
TEST=make clean && make runtests
BRANCH=none

Change-Id: I769abbff79695b38d11fb6a93c2b42f64d4bafde
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33535
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-27 04:36:59 +00:00
Elyes HAOUAS eb1dea8faf security/vboot: Remove useless 'const'
Change-Id: I3b5ca272abffe46c6a63251cf4905780f87a6836
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33540
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Joel Kitching <kitching@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21 08:48:51 +00:00
Frans Hendriks 7c05d2a641 security/tpm/Makefile.inc: Remove VBOOT dependency for tss files in postcar
tss_marshaling.c and tss.c depends on VBOOT for postcar.
Eltan vendorcode used function in these file, but has VBOOT disabled.

Remove depency of VBOOT for postcar fo tss/tcg-2.0/tss-marshaling.c and
tss/tcg-2.0/tss.c

BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701

Change-Id: I195c79283abf403208f406518372bf52289772ed
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33444
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-06-21 08:41:44 +00:00
Joel Kitching 532e0c74e1 vboot: relocate code to log and clear recovery mode switch
Logging and clearing the recovery mode switch doesn't have
anything to do with vboot_handoff.  Move it to the main verstage
logic file.

BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I2e74f3893463e43fe5fad4a8df8036560f34e0db
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33534
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-06-21 00:52:35 +00:00
Joel Kitching b6bcb6cc8f vboot: remove functions which read vboot_handoff.out_flags
These functions are no longer used and may be removed:
* vboot_handoff_check_recovery_flag
* vboot_get_handoff_flag

BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ie05652ef1288eef74bd2e7e8bea79fd29d523859
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33533
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-06-21 00:50:59 +00:00
Joel Kitching a06cd6c29e vboot: remove vboot_handoff_get_recovery_reason
Two functions retrieve vboot recovery_reason:
* vboot_handoff_get_recovery_reason
* vboot_get_recovery_reason_shared_data

Previously, when CBMEM comes online, a vboot_handoff data
structure is created, and depending on the architecture,
coreboot may eventually lose access to vboot_working_data.

After implementing vboot_working_data CBMEM migration,
vboot_working_data is always guaranteed to be accessible.

vboot_get_recovery_reason_shared_data is corrected to also
allow accessing vboot_working_data in ramstage and postcar.

Now, vboot_handoff_get_recovery reason returning a valid recovery
reason implies that vboot_get_recovery_reason_shared_data should
*also* return a valid recovery reason.  Thus we may remove the
former.

BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Iac216dc968dd155d9d4f8bd0f2dfd5034762f9a0
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33532
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-06-21 00:50:48 +00:00
Joel Kitching ba50e4885f vboot: recovery path should finalize work context
Recovery path should finalize work context, and trim
vboot_working_data buffer_size.  Otherwise, depthcharge ingests
the full 12 KB workbuf in recovery path.

BUG=chromium:972528, b:134893812
TEST=Build with vboot_reference CL:1584488.  Check that USB disks
     are properly verified in recovery path.
BRANCH=none

Change-Id: Icf2600d2eb5d846a26aec35a153946dd2f7f128c
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33358
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-06-12 05:45:10 +00:00
Keith Short 7006458777 post_code: add post code for failure to load next stage
Add a new post code, POST_INVALID_ROM, used when coreboot fails to
locate or validate a resource that is stored in ROM.

BUG=b:124401932
BRANCH=sarien
TEST=build coreboot for sarien and arcada platforms

Change-Id: Ie6de6590595d8fcdc57ad156237fffa03d5ead38
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32770
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-22 14:21:57 +00:00
Eric Lai b6ee05692d vboot: determine display init before recovery check
Display is required by recovery mode. Determine display init
before recovery check.

BUG=b:133197727,b:133175864
TEST=enter recovery mode, checked the display shows up

Signed-off-by: Eric Lai <ericr_lai@compal.corp-partner.google.com>
Change-Id: Id6ac611f51241373bca3e2b394a94dcd52d3fde7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32906
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
2019-05-22 02:54:27 +00:00
Frans Hendriks c1b77c1391 security/vboot/vboot_crtm.h: Remove ENV_ for vboot_measure_cbfs_hook()
vboot_measure_cbfs_hook() is included when CONFIG_VBOOT_MEASURED_BOOT
is enabled, but this function is defined as 0 in vboot_crtm.h using ENV_

Remove ENV_ for vboot_measure_cbfs_hook() function definition.
This function is added to bootblock stage also.

BUG=NA
TEST=Build Google Banon and Google Cyan

Change-Id: Ic62c18db09c119dfb85340a6b7f36bfd148aaa45
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32532
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-20 14:41:40 +00:00
Joel Kitching 7576bd7f42 vboot: save whether developer mode is enabled
Save whether or not vboot has selected developer mode as a flag
in vboot_working_data.  Other coreboot code may access this flag
without needing to consult vboot_handoff (which is in the process
of being deprecated).

BUG=b:124141368, b:124192753
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ieb6ac4937c943aea78ddc762595a05387d2b8114
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32843
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-20 12:48:19 +00:00
Joel Kitching 807803afa2 vboot: remove OPROM-related code
As of CL:1605641, vboot2 code should be used for setting and
checking display init state.  Remove all vboot1 OPROM-related
code, and use the vboot2 display init code which has already
been added in previous commits.

coreboot should not be reading vboot NVRAM flags directly.
Remove the function vboot_wants_oprom(), and instead rely on
display_init_required(), which uses the
VBOOT_WD_FLAG_DISPLAY_INIT value stored in
vboot_working_data.flags, initialized during verstage.
Note that this means in the case of CONFIG_VBOOT=y, the return
value of display_init_required() can only be trusted after
verstage has been executed.  This should not be a problem
assuming that all display initialization occurs in ramstage.

BUG=b:124141368, b:124192753, chromium:948529
TEST=Build locally
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ic8f9dc5a3c7f1546a8fed82bde02be4d04568f8d
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1605641, chromium:1605525
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32723
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-15 17:50:08 +00:00
Joel Kitching 18b51b7315 vboot: rename BOOT_OPROM_NEEDED to BOOT_DISPLAY_REQUEST
Verified Boot OPROM code is being refactored.  OPROM is being
generalized into "display initialization".  As such, the NVRAM
request flag is being renamed from OPROM_NEEDED to
DISPLAY_REQUEST.

BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I74374abf7d1deb594c073f7a4a76c9de46092143
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1605640
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32720
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-15 17:49:24 +00:00
Julius Werner 998dc17f52 vboot: Turn vboot_logic_executed() into a static inline
This patch moves vboot_logic_executed() (and its dependencies) into a
header and turns it into a static inline function. The function is used
to guard larger amounts of code in several places, so this should allow
us to save some more space through compile-time elimination (and also
makes it easier to avoid undefined reference issues in some cases).

Change-Id: I193f608882cbfe07dc91ee90d02fafbd67a3c324
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32716
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-05-10 21:43:15 +00:00
Julius Werner ef7d89cabe vboot: Make vboot_logic_executed() a bit more precise
This patch adds another check to vboot_logic_executed() to make sure we
only do a runtime check for verstage_should_load() if
CONFIG_VBOOT_RETURN_FROM_VERSTAGE is enabled. That's the only case where
the stage that's loading the verstage can execute after verification has
run (because the verstage will return to it when it's done). In the
other case, the stage that loads verstage really just loads it and will
never do anything again after hand-off, so it's guaranteed to always
execute before verification.

This change may allow extra dead-code elimination in some cases.

Change-Id: I7019b6f7b0acfbf0a8173914b53364751b08f2cf
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32714
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
2019-05-10 21:41:14 +00:00
Joel Kitching 2eb89c8b14 vboot: include vb2_sha.h when required
Should include vb2_sha.h header when SHA library functions or
constants are required.  This replaces NEED_VB2_SHA_LIBRARY.

BUG=b:124141368, chromium:956474
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I9f32174dbf3de05fbe5279cb8017888757abf368
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1583820
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32454
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09 06:32:44 +00:00
Joel Kitching 5923d67cfd vboot: communicate display requirements with vb2api_fw_phase1
Input: tell vb2api_fw_phase1 if display unconditionally available
Output: vb2api_fw_phase1 may request coreboot to initialize
        display, if needed based on some internal request

Move setting the VBOOT_FLAG_DISPLAY_REQUESTED flag into
verstage_main.

BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I81c82c46303564b63b8a32e7f80beb9d891a4628
Cq-Depend: chromium:1564232
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32324
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-09 06:32:26 +00:00
Joel Kitching 9e8cf3cc86 vboot: remove use of VbInitParams
The VbInitParams struct will be deprecated.  Remove its
use in preparation.

Additionally, remove use of the flag
VB_INIT_OUT_ENABLE_USB_STORAGE, which is no longer used
downstream since vboot_reference CL:347257.

BUG=b:124141368, chromium:960226
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Ibe02cb6ba639de0d7cbdf79fc4dbf49044c92278
Signed-off-by: Joel Kitching <kitching@google.com>
Cq-Depend: chromium:1583943
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32664
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-05-09 06:31:57 +00:00
Joel Kitching 1a6b5c23a1 vboot: remove use of GoogleBinaryBlockHeader
Remove use of deprecated GoogleBinaryBlockHeader struct, and
replace with vb2_gbb_header.

BUG=b:124141368, chromium:954774
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: Iee3bd877cb1791a689efdeabda324f43f7d0c6f2
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32455
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-05-06 12:40:31 +00:00
Joel Kitching 6672bd8e6b vboot: refactor OPROM code
The name OPROM is somewhat inaccurate, since other steps to bring
up display and graphics are needed depending on mainboard/SoC.
This patch cleans up OPROM code nomenclature, and works towards
the goal of deprecating vboot1:

* Rename CONFIG_VBOOT_OPROM_MATTERS to
  CONFIG_VBOOT_MUST_REQUEST_DISPLAY and clarify Kconfig
  description
* Remove function vboot_handoff_skip_display_init
* Remove use of the VbInit oflag VB_INIT_OUT_ENABLE_DISPLAY
* Add |flags| field to vboot_working_data struct
* Create VBOOT_FLAG_DISPLAY_REQUESTED and set in vboot_handoff

BUG=b:124141368, b:124192753, chromium:948529
TEST=make clean && make test-abuild
TEST=build and flash eve device; attempt loading dev/rec modes
BRANCH=none

Change-Id: Idf111a533c3953448b4b9084885a9a65a2432a8b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32262
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-30 21:47:25 +00:00
Joel Kitching 4114aa8375 vboot: specify NEED_VB20_INTERNALS when needed
NEED_VB20_INTERNALS should always be specified when peeking
into vboot internal data structures.

BUG=b:124141368, chromium:956474
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I5a47a28350fd5a68efeff0d06ca150c1ae145412
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32452
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-29 12:24:17 +00:00
Keith Short 97f8029ad4 security/tpm: Change POWER_OFF_ON_CR50_UPDATE so it can be disabled
Modify the POWER_OFF_ON_CR50_UPDATE Kconfig option so that specific
mainboard implementations can disable the option.

BUG=b:126632503
BRANCH=none
TEST=Build coreboot on sarien/arcada.
TEST=Perform Cr50 firmware update on Sarien, confirm the platform boots
normally after sending TURN_UPDATE_ON to the Cr50.

Change-Id: I3beefaae21de61e53ae232dbdc8ea9dbb2c78cd5
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32435
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
2019-04-24 15:53:08 +00:00
Elyes HAOUAS cd4fe0f718 src: include <assert.h> when appropriate
Change-Id: Ib843eb7144b7dc2932931b9e8f3f1d816bcc1e1a
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/26796
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: David Guckian
2019-04-23 10:01:36 +00:00
Joel Kitching a751445de4 vboot: do not set VBSD_BOOT_FIRMWARE_WP_ENABLED flag
The value of "write protect" GPIO shall be read in depthcharge,
and the flag shall be set there instead.

BUG=b:124141368, b:124192753, chromium:1556855
TEST=Build locally
CQ-DEPEND=CL:1556855
BRANCH=none

Change-Id: I4d24a057b1385244a836a67c565ee6726a894fdc
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32234
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-04-11 11:23:33 +00:00
Frans Hendriks 8bd5c996ab {src,util}: Correct typo in comment and debug string
Correct typo in comment and debug string.

BUG=N/A
TEST=build

Change-Id: I0362bb8d7c883e7fcbc6a2fc2f9918251f0d8d6e
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/29321
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-04-08 14:10:20 +00:00
Elyes HAOUAS bf0970e762 src: Use include <delay.h> when appropriate
Change-Id: I23bc0191ca8fcd88364e5c08be7c90195019e399
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32012
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: David Guckian
2019-04-06 16:09:12 +00:00
Joel Kitching e556f716e4 vboot: remove Kconfig option VBOOT_PHYSICAL_REC_SWITCH
This option is duplicated in depthcharge:
https://crrev.com/c/1545144

BUG=b:124141368, b:124192753, chromium:943150
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1545144
BRANCH=none

Change-Id: I48e20ad21cdcb948a23387d3e5fcf142723b0c82
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32135
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2019-04-04 10:33:38 +00:00
Julius Werner 9993b6f0b5 vboot: Select CONFIG_VBOOT_OPROM_MATTERS in more cases
This patch enables CONFIG_VBOOT_OPROM_MATTERS in a few more cases where
I think(?) it should be. Haswell, Broadwell and Baytrail Chromebooks
have this enabled in their old depthcharge firmware branches -- we
presumably just forgot to move it over when vboot2 migrated the option
to coreboot. Braswell didn't, but it seems like this requirement was
added when it was migrated to FSP 1.1...? (Not very sure about that one,
but it does call load_vbt() right now which executes things based on
display_init_required().) Additionally, it seems to make sense to enable
it whenever the user explicitly selects VGA_ROM_RUN in menuconfig (like
one of the Intel defconfigs does).

Once we have all this, one could take a step back and ask whether this
option still makes sense at all anymore. It's enabled for almost all
devices (that work with vboot at all), it will presumably be enabled for
all future devices, and it seems that most devices that don't enable it
use libgfxinit, which as far as I can tell isn't gated on
display_init_required() but probably should be. Realistically, whatever
kind of display init a board needs to do (native or option ROM), it's
probably expensive enough that it's worth skipping on a normal mode
vboot boot, and we'd want to have this enabled by default on everything
except boards that actually don't have a display. So maybe we should
flip it around to CONFIG_VBOOT_OPROM_DOESNT_MATTER, but doing that would
probably lead to nobody ever selecting it at all.

Not sure what the best solution there is yet, but I think this patch
at least moves things in the more correct direction.

Change-Id: Id96a88296ddb9cfbb58ea67d93e1638d95570e2c
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32114
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-04-01 07:56:48 +00:00
Elyes HAOUAS eb789f0b79 src: Use include <reset.h> when appropriate
Change-Id: I3b852cae4ef84d257bf1e5486447583bdd16b441
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/29301
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-03-29 20:00:20 +00:00
Joel Kitching f7f41a663f vboot_handoff: do not set VBSD_HONOR_VIRT_DEV_SWITCH
As part of chromium:942901, physical dev switch functionality
is being deprecated.

This flag is no longer read after CL:1526070, and thus
does not need to be set here.

coreboot's vboot subrepository needs to be updated to include
CL:1526070 before this CL can be merged.

BUG=b:124141368, b:124192753, chromium:942901
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1526070
BRANCH=none

Change-Id: Ie5849f9e0fcb8e4e6d35d542a141bf635e751af4
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31952
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-27 08:19:58 +00:00
Joel Kitching 51bbdac7d5 vboot: deprecate physical dev switch
Currently only two devices make use of physical dev switch:
  stumpy, lumpy

Deprecate this switch.  If these devices are flashed to ToT,
they may still make use of virtual dev switch, activated
via recovery screen.

BUG=b:124141368, b:124192753, chromium:942901
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
BRANCH=none

Change-Id: I87ec0db6148c1727b95475d94e3e3f6e7ec83193
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31943
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-27 06:13:27 +00:00
Joel Kitching 0ef562feee vboot: remove VBOOT_EC_SOFTWARE_SYNC Kconfig option
This option is duplicated in depthcharge:
https://crrev.com/c/1524811

BUG=b:124141368, b:124192753, b:128737909
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1524811
BRANCH=none

Change-Id: Id8c207ec4ad5a476e24eee1ceb9e40f24d55e725
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31926
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-26 20:19:49 +00:00
Joel Kitching a7a2387456 vboot: remove VBOOT_EC_SLOW_UPDATE Kconfig option
This option has been relocated to depthcharge:
https://crrev.com/c/1524806

BUG=b:124141368, b:124192753
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1524806
BRANCH=none

Change-Id: Ib4a83af2ba143577a064fc0d72c9bc318db56adc
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31909
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-25 18:04:06 +00:00
Joel Kitching 7169450310 vboot: remove VBOOT_EC_EFS Kconfig option
This option has been relocated to depthcharge:
https://crrev.com/c/1523248

BUG=b:124141368, b:124192753, chromium:943511
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
CQ-DEPEND=CL:1523248, CL:1525647
BRANCH=none

Change-Id: I8b3740c8301f9a193f4fce2c6492d9382730faa1
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31897
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-21 16:24:23 +00:00
Joel Kitching 0097f5589e vboot: standardize on working data size
Previously, the size of memory made for vboot_working_data
through the macro VBOOT2_WORK was always specified in each
individual memlayout file.  However, there is effectively no
reason to provide this customizability -- the workbuf size
required for verifying firmware has never been more than 12K.
(This could potentially increase in the future if key sizes
or algorithms are changed, but this could be applied globally
rather than for each individual platform.)

This CL binds the VBOOT2_WORK macro to directly use the
VB2_WORKBUF_RECOMMENDED_DATA_SIZE constant as defined by vboot
API.  Since the constant needs to be used in a linker script, we
may not include the full vboot API, and must instead directly
include the vb2_constants.h header.

BUG=b:124141368, b:124192753
TEST=Build locally for eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
TEST=make clean && make test-abuild
BRANCH=none
CQ-DEPEND=CL:1504490

Change-Id: Id71a8ab2401efcc0194d48c8af9017fc90513cb8
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31474
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2019-03-21 16:24:03 +00:00
Elyes HAOUAS a1e22b8192 src: Use 'include <string.h>' when appropriate
Drop 'include <string.h>' when it is not used and
add it when it is missing.
Also extra lines removed, or added just before local includes.

Change-Id: Iccac4dbaa2dd4144fc347af36ecfc9747da3de20
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31966
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
2019-03-20 20:27:51 +00:00
Joel Kitching 8d0f59935d vboot: make vboot workbuf available to payload
Create a new cbtable entry called VBOOT_WORKBUF for
storing a pointer to the vboot workbuf within the
vboot_working_data structure.

BUG=b:124141368, b:124192753
TEST=Build and deploy to eve
TEST=util/lint/checkpatch.pl -g origin/master..HEAD
TEST=util/abuild/abuild -B -e -y -c 50 -p none -x
BRANCH=none

Change-Id: Id68f43c282939d9e1b419e927a14fe8baa290d91
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/31887
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-19 21:43:02 +00:00