GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/security/vboot/bootmode.c
Hsuan-ting Chen 642508aa9c Reland "vboot_logic: Set VB2_CONTEXT_EC_TRUSTED in verstage_main" 
This reverts commit adb393bdd6.
This relands commit 6260bf712a.

Reason for revert:
The original CL did not handle some devices correctly.
With the fixes:
* commit 36721a4 (mb/google/brya: Add GPIO_IN_RW to all variants'
early GPIO tables)
* commit 3bfe46c (mb/google/guybrush: Add GPIO EC in RW to early
GPIO tables)
* commit 3a30cf9 (mb/google/guybrush: Build chromeos.c in verstage

This CL also fix the following platforms:
* Change to always trusted: cyan.
* Add to early GPIO table: dedede, eve, fizz, glados, hatch, octopus,
			   poppy, reef, volteer.
* Add to both Makefile and early GPIO table: zork.

For mb/intel:
* adlrvp: Add support for get_ec_is_trusted().
* glkrvp: Add support for get_ec_is_trusted() with always trusted.
* kblrvp: Add support for get_ec_is_trusted() with always trusted.
* kunimitsu: Add support for get_ec_is_trusted() and initialize it as
	     early GPIO.
* shadowmountain: Add support for get_ec_is_trusted() and initialize
	     it as early GPIO.
* tglrvp: Add support for get_ec_is_trusted() with always trusted.

For qemu-q35: Add support for get_ec_is_trusted() with always trusted.

We could attempt another land.

Change-Id: I66b8b99d6e6bf259b18573f9f6010f9254357bf9
Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/58253
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2021-11-15 12:00:12 +00:00

89 lines
2.2 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0-only */
#include <assert.h>
#include <bootmode.h>
#include <bootstate.h>
#include <vb2_api.h>
#include <security/vboot/misc.h>
#include <security/vboot/vbnv.h>
#include <security/vboot/vboot_common.h>
/*
* Functions which check vboot information should only be called after verstage
* has run. Otherwise, they will hit the assertion in vboot_get_context().
*/
int vboot_check_recovery_request(void)
{
return vb2api_get_recovery_reason(vboot_get_context());
}
int vboot_recovery_mode_enabled(void)
{
return vboot_get_context()->flags & VB2_CONTEXT_RECOVERY_MODE;
}
int vboot_developer_mode_enabled(void)
{
return vboot_get_context()->flags & VB2_CONTEXT_DEVELOPER_MODE;
}
int __weak clear_recovery_mode_switch(void)
{
return 0;
}
static void do_clear_recovery_mode_switch(void *unused)
{
if (vboot_get_context()->flags & VB2_CONTEXT_FORCE_RECOVERY_MODE)
clear_recovery_mode_switch();
}
/*
* The recovery mode switch (typically backed by EC) is not cleared until
* BS_WRITE_TABLES for two reasons:
*
* (1) On some platforms, FSP initialization may cause a reboot. Push clearing
* the recovery mode switch until after FSP code runs, so that a manual recovery
* request (three-finger salute) will function correctly under this condition.
*
* (2) To give the implementation of clear_recovery_mode_switch a chance to
* add an event to elog. See the function in chromeec/switches.c.
*/
BOOT_STATE_INIT_ENTRY(BS_WRITE_TABLES, BS_ON_ENTRY,
do_clear_recovery_mode_switch, NULL);
int __weak get_recovery_mode_retrain_switch(void)
{
return 0;
}
int __weak get_ec_is_trusted(void)
{
/*
* If board doesn't override this, by default we always assume EC is in
* RW and untrusted. However, newer platforms are supposed to use cr50
* BOOT_MODE to report this and won't need to override this anymore.
*/
return 0;
}
#if CONFIG(VBOOT_NO_BOARD_SUPPORT)
/**
* TODO: Create flash protection interface which implements get_write_protect_state.
* get_recovery_mode_switch should be implemented as default function.
*/
int __weak get_write_protect_state(void)
{
return 0;
}
int __weak get_recovery_mode_switch(void)
{
return 0;
}
void __weak fill_lb_gpios(struct lb_gpios *gpios)
{
}
#endif
Reference in a new issue View git blame Copy permalink