GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/security/vboot/misc.h
Martin Roth 8a3a3c820b security/vboot: Add option to run verstage before bootblock 
For AMD's family 17h, verstage can run as a userspace app in the PSP
before the X86 is released. The flags for this have been made generic
to support any other future systems that might run verstage before
the main processor starts.

Although an attempt has been made to make things somewhat generic,
since this is the first and currently only chip to support verstage
before bootblock, there are a number of options which might ultimately
be needed which have currently been left out for simplicity.  Examples
of this are:
- PCI is not currently supported - this is currently just a given
instead of making a separate Kconfig option for it.
- The PSP uses an ARM v7 processor, so that's the only processor that
is getting updated for the verstage-before-bootblock option.

BUG=b:158124527
TEST=Build with following patches

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I4849777cb7ba9f90fe8428b82c21884d1e662b96
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
2020-06-15 21:04:00 +00:00

91 lines
2.4 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef __VBOOT_MISC_H__
#define __VBOOT_MISC_H__
#include <assert.h>
#include <security/vboot/vboot_common.h>
#include <vb2_api.h>
/*
* Source: security/vboot/common.c
*/
struct vb2_context *vboot_get_context(void);
/*
* Returns 1 if firmware slot A is used, 0 if slot B is used.
*/
static inline int vboot_is_firmware_slot_a(struct vb2_context *ctx)
{
return !(ctx->flags & VB2_CONTEXT_FW_SLOT_B);
}
/*
* Check if given flag is set in the flags field in GBB header.
* Return value:
* true: Flag is set.
* false: Flag is not set.
*/
static inline bool vboot_is_gbb_flag_set(enum vb2_gbb_flag flag)
{
return !!(vb2api_gbb_get_flags(vboot_get_context()) & flag);
}
/*
* Locates firmware as a region device. Returns 0 on success, -1 on failure.
*/
int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw);
/*
* The stage loading code is compiled and entered from multiple stages. The
* helper functions below attempt to provide more clarity on when certain
* code should be called. They are implemented inline for better compile-time
* code elimination.
*/
static inline int verification_should_run(void)
{
if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
return ENV_SEPARATE_VERSTAGE;
else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
return ENV_ROMSTAGE;
else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
return ENV_BOOTBLOCK;
else
dead_code();
}
static inline int verstage_should_load(void)
{
if (CONFIG(VBOOT_SEPARATE_VERSTAGE) && !CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK))
return ENV_BOOTBLOCK;
else
return 0;
}
static inline int vboot_logic_executed(void)
{
extern int vboot_executed; /* should not be globally accessible */
/* If we are in the stage that runs verification, or in the stage that
both loads the verstage and is returned to from it afterwards, we
need to check a global to see if verification has run. */
if (verification_should_run() ||
(verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE)))
return vboot_executed;
if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) {
/* All other stages are "after the bootblock" */
return !ENV_BOOTBLOCK;
} else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
/* Post-RAM stages are "after the romstage" */
return !ENV_ROMSTAGE_OR_BEFORE;
} else if (CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK)) {
return !ENV_SEPARATE_VERSTAGE;
} else {
dead_code();
}
}
#endif /* __VBOOT_MISC_H__ */
Reference in a new issue View git blame Copy permalink