12 files changed, 57 insertions, 4 deletions

diff --git a/Makefile.inc b/Makefile.inc
index b0289c00ef0f..0c6aafa4dd40 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -75,7 +75,7 @@ subdirs-y += site-local
 
 #######################################################################
 # Add source classes and their build options
-classes-y := ramstage romstage bootblock smm smmstub cpu_microcode
+classes-y := ramstage romstage bootblock smm smmstub cpu_microcode verstage
 
 # Add dynamic classes for rmodules
 $(foreach supported_arch,$(ARCH_SUPPORTED), \
@@ -128,6 +128,8 @@ ramstage-postprocess=$(foreach d,$(sort $(dir $(1))), \
 	$(eval $(d)ramstage.o: $(call files-in-dir,$(d),$(1)); $$(LD_ramstage) -o $$@ -r $$^ ) \
 	$(eval ramstage-objs:=$(d)ramstage.o $(filter-out $(call files-in-dir,$(d),$(1)),$(ramstage-objs))))
 
+verstage-c-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
+verstage-S-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
 romstage-c-ccopts:=-D__PRE_RAM__
 romstage-S-ccopts:=-D__PRE_RAM__
 ifeq ($(CONFIG_TRACE),y)
@@ -162,6 +164,7 @@ endif
 
 ramstage-c-deps:=$$(OPTION_TABLE_H)
 romstage-c-deps:=$$(OPTION_TABLE_H)
+verstage-c-deps:=$$(OPTION_TABLE_H)
 bootblock-c-deps:=$$(OPTION_TABLE_H)
 smm-c-deps:=$$(OPTION_TABLE_H)
 
@@ -374,6 +377,10 @@ $(obj)/%.romstage.o $(abspath $(obj))/%.romstage.o: $(obj)/%.c $(obj)/config.h $
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_romstage) -MMD $(CFLAGS_romstage) $(CPPFLAGS_romstage) $(romstage-c-ccopts) -c -o $@ $<
 
+$(obj)/%.verstage.o $(abspath $(obj))/%.verstage.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
+	@printf "    CC         $(subst $(obj)/,,$(@))\n"
+	$(CC_verstage) -MMD $(CFLAGS_verstage) $(verstage-c-ccopts) -c -o $@ $<
+
 $(obj)/%.bootblock.o $(abspath $(obj))/%.bootblock.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_bootblock) -MMD $(CFLAGS_bootblock) $(CPPFLAGS_bootblock) $(bootblock-c-ccopts) -c -o $@ $<
diff --git a/src/arch/arm/Kconfig b/src/arch/arm/Kconfig
index 156c8c227e07..f73ad279f110 100644
--- a/src/arch/arm/Kconfig
+++ b/src/arch/arm/Kconfig
@@ -3,6 +3,10 @@ config ARCH_BOOTBLOCK_ARM
 	default n
 	select ARCH_ARM
 
+config ARCH_VERSTAGE_ARM
+  bool
+  default n
+
 config ARCH_ROMSTAGE_ARM
 	bool
 	default n
diff --git a/src/arch/arm/Makefile.inc b/src/arch/arm/Makefile.inc
index 5698f38c9b2d..ba7fb6020636 100644
--- a/src/arch/arm/Makefile.inc
+++ b/src/arch/arm/Makefile.inc
@@ -61,7 +61,7 @@ bootblock-y += memcpy.S
 bootblock-y += memmove.S
 bootblock-y += div0.c
 
-$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs)
+$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs) $$(VERSTAGE_LIB) 
 	@printf "    LINK       $(subst $(obj)/,,$(@))\n"
 	$(LD_bootblock) --gc-sections -static -o $@ -L$(obj) --start-group $(bootblock-objs) --end-group -T $(src)/arch/arm/bootblock.ld
 
diff --git a/src/arch/arm/armv7/Kconfig b/src/arch/arm/armv7/Kconfig
index f8e0205c405c..aa188e2764ea 100644
--- a/src/arch/arm/armv7/Kconfig
+++ b/src/arch/arm/armv7/Kconfig
@@ -2,6 +2,10 @@ config ARCH_BOOTBLOCK_ARMV7
 	def_bool n
 	select ARCH_BOOTBLOCK_ARM
 
+config ARCH_VERSTAGE_ARMV7
+	def_bool n
+	select ARCH_VERSTAGE_ARM
+
 config ARCH_ROMSTAGE_ARMV7
 	def_bool n
 	select ARCH_ROMSTAGE_ARM
diff --git a/src/soc/nvidia/tegra124/Kconfig b/src/soc/nvidia/tegra124/Kconfig
index 195261e2e446..ea946e65835b 100644
--- a/src/soc/nvidia/tegra124/Kconfig
+++ b/src/soc/nvidia/tegra124/Kconfig
@@ -2,6 +2,7 @@ config SOC_NVIDIA_TEGRA124
 	bool
 	default n
 	select ARCH_BOOTBLOCK_ARMV4
+	select ARCH_VERSTAGE_ARMV7
 	select ARCH_ROMSTAGE_ARMV7
 	select ARCH_RAMSTAGE_ARMV7
 	select HAVE_UART_SPECIAL
diff --git a/src/soc/nvidia/tegra124/Makefile.inc b/src/soc/nvidia/tegra124/Makefile.inc
index 792bb9992b1f..b306412956dc 100644
--- a/src/soc/nvidia/tegra124/Makefile.inc
+++ b/src/soc/nvidia/tegra124/Makefile.inc
@@ -20,6 +20,8 @@ ifeq ($(CONFIG_BOOTBLOCK_CONSOLE),y)
 bootblock-$(CONFIG_CONSOLE_SERIAL) += uart.c
 endif
 
+verstage-y += verstage.c
+
 romstage-y += cbfs.c
 romstage-y += cbmem.c
 romstage-y += clock.c
diff --git a/src/soc/nvidia/tegra124/bootblock.c b/src/soc/nvidia/tegra124/bootblock.c
index 2857a90ace46..0456b488c955 100644
--- a/src/soc/nvidia/tegra124/bootblock.c
+++ b/src/soc/nvidia/tegra124/bootblock.c
@@ -23,10 +23,13 @@
 #include <console/console.h>
 #include <soc/clock.h>
 #include <soc/nvidia/tegra/apbmisc.h>
-
 #include "pinmux.h"
 #include "power.h"
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+#include "verstage.h"
+#endif
+
 void main(void)
 {
 	void *entry;
@@ -72,7 +75,11 @@ void main(void)
 	power_enable_cpu_rail();
 	power_ungate_cpu();
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+	entry = (void *)verstage_vboot_main;
+#else
 	entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, "fallback/romstage");
+#endif
 
 	if (entry)
 		clock_cpu0_config_and_reset(entry);
diff --git a/src/soc/nvidia/tegra124/verstage.c b/src/soc/nvidia/tegra124/verstage.c
new file mode 100644
index 000000000000..234a89d0b27b
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.c
@@ -0,0 +1,9 @@
+#include "verstage.h"
+
+/**
+ * Stage entry point
+ */
+void vboot_main(void)
+{
+	for(;;);
+}
diff --git a/src/soc/nvidia/tegra124/verstage.h b/src/soc/nvidia/tegra124/verstage.h
new file mode 100644
index 000000000000..a0bac347c62d
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.h
@@ -0,0 +1,2 @@
+void vboot_main(void);
+void verstage_vboot_main(void);
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 81567582c160..62d991b64d66 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -85,6 +85,14 @@ config VBOOT_VERIFY_FIRMWARE
 	  Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
 	  and boot loader.
 
+config VBOOT2_VERIFY_FIRMWARE
+  bool "Firmware Verification with vboot2"
+  default n
+  depends on CHROMEOS
+  help
+	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
+	  and boot loader.
+
 config EC_SOFTWARE_SYNC
 	bool "Enable EC software sync"
 	default n
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index e17f50cd269f..12d35b64c8fc 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -93,3 +93,12 @@ $(VB_LIB):
 		fwlib
 
 endif
+
+ifeq ($(CONFIG_VBOOT2_VERIFY_FIRMWARE),y)
+VERSTAGE_LIB = $(obj)/vendorcode/google/chromeos/verstage.a
+$(VERSTAGE_LIB): $$(verstage-objs)
+	@printf "    AR         $(subst $(obj)/,,$(@))\n"
+	$(AR_verstage) rc $@.tmp $(verstage-objs)
+	@printf "    OBJCOPY    $(subst $(obj)/,,$(@))\n"
+	$(OBJCOPY_verstage) --prefix-symbols=verstage_ $@.tmp $@
+endif
diff --git a/toolchain.inc b/toolchain.inc
index b54d95935bec..bd8da8336602 100644
--- a/toolchain.inc
+++ b/toolchain.inc
@@ -51,7 +51,7 @@ HOSTCXX:=CCC_CXX="$(HOSTCXX)" $(CXX)
 ROMCC=CCC_CC="$(ROMCC_BIN)" $(CC)
 endif
 
-COREBOOT_STANDARD_STAGES := bootblock romstage ramstage
+COREBOOT_STANDARD_STAGES := bootblock verstage romstage ramstage
 
 ARCHDIR-i386    := x86
 ARCHDIR-x86_32  := x86