diff options
| author | Michał Żygowski <michal.zygowski@3mdeb.com> | 2023-04-11 16:01:14 +0200 |
|---|---|---|
| committer | Matt DeVillier <matt.devillier@amd.corp-partner.google.com> | 2023-12-04 15:56:16 +0000 |
| commit | a87ab39817ce15ad88243ae3be830016a0f7d714 (patch) | |
| tree | 7eb2c68b6f1aa444089e59db17caa088812376a6 /src/security | |
| parent | 7f991b3a907ae44682bfa8a068d71930656b34d2 (diff) | |
| download | coreboot-a87ab39817ce15ad88243ae3be830016a0f7d714.tar.gz coreboot-a87ab39817ce15ad88243ae3be830016a0f7d714.tar.bz2 coreboot-a87ab39817ce15ad88243ae3be830016a0f7d714.zip | |
security/vboot: Add Kconfig option to clear recovery request
For ChromeOS platform the recovery reason is cleared in
vb2api_kernel_phase2 which is probably not called by any non-ChromeOS
system. It results in the platform being stuck in recovery mode, e.g.
when RW firmware verification fails. Even if the RW partition is
flashed with correctly signed image, the persistent non-zero recovery
reason will prevent vboot from attempting the RW partition check.
Use the newly exposed vb2api_clear_recovery and
VBOOT_CLEAR_RECOVERY_IN_RAMSTAGE Kconfig option to clear the recovery
reason and save it immediately to the VBNV. The idea is to let
non-ChromeOS coreboot platform to clear the recovery reason when
needed.
TEST=Clear the recovery reason in mainboard_final function right
before payload jump when RW partition is corrupted and RW partition is
valid. In case it is corrupted, the platform stays in recovery mode,
when valid the platform boots from RW partition. Tested on MSI PRO
Z690-A DDR4.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I7ffaf3e8f61a28a68c9802c184961b1b9bf9d617
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74343
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/vboot/Kconfig | 9 | ||||
| -rw-r--r-- | src/security/vboot/bootmode.c | 15 |
2 files changed, 24 insertions, 0 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 2d5b20f50dc4..9d90d1ee92b7 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -256,6 +256,15 @@ config CBFS_MCACHE_RW_PERCENTAGE will automatically be 0 (meaning the whole MCACHE is used for RO). Do NOT change this value for vboot RW updates! +config VBOOT_CLEAR_RECOVERY_IN_RAMSTAGE + bool "Clear the recovery request at the end of ramstage" + default n + help + If this option is enabled, the recovery request will be cleared and + saved to VBNV storage at the end of ramstage. This is useful for + platforms without vboot-integrated payloads, to avoid being stuck in + the recovery mode. + config VBOOT_ENABLE_CBFS_FALLBACK bool default n diff --git a/src/security/vboot/bootmode.c b/src/security/vboot/bootmode.c index 44149af04830..745af63f04f8 100644 --- a/src/security/vboot/bootmode.c +++ b/src/security/vboot/bootmode.c @@ -52,6 +52,21 @@ static void do_clear_recovery_mode_switch(void *unused) BOOT_STATE_INIT_ENTRY(BS_WRITE_TABLES, BS_ON_ENTRY, do_clear_recovery_mode_switch, NULL); +#if CONFIG(VBOOT_CLEAR_RECOVERY_IN_RAMSTAGE) +static void vboot_clear_recovery_request(void *unused) +{ + struct vb2_context *ctx; + + ctx = vboot_get_context(); + vb2api_clear_recovery(ctx); + save_vbnv(ctx->nvdata); +} + +/* This has to be called before back_up_vbnv_cmos, so BS_ON_ENTRY is used here. */ +BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, + vboot_clear_recovery_request, NULL); +#endif + int __weak get_recovery_mode_retrain_switch(void) { return 0; |