diff options
74 files changed, 480 insertions, 493 deletions
diff --git a/src/arch/x86/assembly_entry.S b/src/arch/x86/assembly_entry.S index d1f5d61ce757..56a5b630c836 100644 --- a/src/arch/x86/assembly_entry.S +++ b/src/arch/x86/assembly_entry.S @@ -21,7 +21,7 @@ * verstage runs directly after bootblock. */ #define ROMSTAGE_AFTER_VERSTAGE \ - (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE) && \ + (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) && \ IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) && ENV_ROMSTAGE) #if IS_ENABLED(CONFIG_C_ENVIRONMENT_BOOTBLOCK) || ROMSTAGE_AFTER_VERSTAGE diff --git a/src/arch/x86/bootblock_simple.c b/src/arch/x86/bootblock_simple.c index 8e44add28efb..5df279c370dc 100644 --- a/src/arch/x86/bootblock_simple.c +++ b/src/arch/x86/bootblock_simple.c @@ -28,7 +28,7 @@ static void main(unsigned long bist) #endif } -#if CONFIG_SEPARATE_VERSTAGE +#if CONFIG_VBOOT_SEPARATE_VERSTAGE const char *target1 = "fallback/verstage"; #else const char *target1 = "fallback/romstage"; diff --git a/src/arch/x86/car.ld b/src/arch/x86/car.ld index 92360096d19c..aa579c3c580d 100644 --- a/src/arch/x86/car.ld +++ b/src/arch/x86/car.ld @@ -21,7 +21,7 @@ _car_region_start = . ; /* Vboot work buffer is completely volatile outside of verstage and * romstage. Appropriate code needs to handle the transition. */ -#if IS_ENABLED(CONFIG_SEPARATE_VERSTAGE) +#if IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) VBOOT2_WORK(., 16K) #endif /* Stack for CAR stages. Since it persists across all stages that diff --git a/src/ec/google/chromeec/Kconfig b/src/ec/google/chromeec/Kconfig index 76eef05dbe49..3e9cb29375ae 100644 --- a/src/ec/google/chromeec/Kconfig +++ b/src/ec/google/chromeec/Kconfig @@ -160,7 +160,7 @@ config EC_GOOGLE_CHROMEEC_PD_FIRMWARE_FILE The path and filename of the PD firmware file to use. config EC_GOOGLE_CHROMEEC_SWITCHES - depends on EC_GOOGLE_CHROMEEC && CHROMEOS + depends on EC_GOOGLE_CHROMEEC && VBOOT bool help Enable support for Chrome OS mode switches provided by the Chrome OS diff --git a/src/ec/google/chromeec/switches.c b/src/ec/google/chromeec/switches.c index 7ed4bfd5cc49..e05d37c20514 100644 --- a/src/ec/google/chromeec/switches.c +++ b/src/ec/google/chromeec/switches.c @@ -20,7 +20,7 @@ #if IS_ENABLED(CONFIG_EC_GOOGLE_CHROMEEC_LPC) int get_lid_switch(void) { - if (!IS_ENABLED(CONFIG_LID_SWITCH)) + if (!IS_ENABLED(CONFIG_VBOOT_LID_SWITCH)) return -1; return !!(google_chromeec_get_switches() & EC_SWITCH_LID_OPEN); diff --git a/src/include/memlayout.h b/src/include/memlayout.h index b39a8955c954..c9c77cfa5c9d 100644 --- a/src/include/memlayout.h +++ b/src/include/memlayout.h @@ -154,7 +154,7 @@ INCLUDE "verstage/lib/program.ld" #define OVERLAP_VERSTAGE_ROMSTAGE(addr, size) \ - _ = ASSERT(IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) == 1, \ + _ = ASSERT(IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE) == 1, \ "Must set RETURN_FROM_VERSTAGE to overlap romstage."); \ VERSTAGE(addr, size) #else diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 1117076049da..4576006cb1da 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -54,11 +54,11 @@ libverstage-$(CONFIG_TPM) += tlcl.c libverstage-$(CONFIG_TPM2) += tpm2_marshaling.c libverstage-$(CONFIG_TPM2) += tpm2_tlcl.c -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) romstage-$(CONFIG_TPM) += tlcl.c romstage-$(CONFIG_TPM2) += tpm2_marshaling.c romstage-$(CONFIG_TPM2) += tpm2_tlcl.c -endif # CONFIG_SEPARATE_VERSTAGE +endif # CONFIG_VBOOT_SEPARATE_VERSTAGE verstage-$(CONFIG_GENERIC_UDELAY) += timer.c verstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c diff --git a/src/mainboard/google/auron/Kconfig b/src/mainboard/google/auron/Kconfig index 41c9a7cf1b9e..d911ff546170 100644 --- a/src/mainboard/google/auron/Kconfig +++ b/src/mainboard/google/auron/Kconfig @@ -16,8 +16,10 @@ if BOARD_GOOGLE_BASEBOARD_AURON config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC + +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/beltino/Kconfig b/src/mainboard/google/beltino/Kconfig index bceb8fb74b88..a029fecab20f 100644 --- a/src/mainboard/google/beltino/Kconfig +++ b/src/mainboard/google/beltino/Kconfig @@ -15,8 +15,8 @@ config BOARD_GOOGLE_BASEBOARD_BELTINO if BOARD_GOOGLE_BASEBOARD_BELTINO -config CHROMEOS - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/butterfly/Kconfig b/src/mainboard/google/butterfly/Kconfig index 09d2157d3a02..ffd0c03cd16e 100644 --- a/src/mainboard/google/butterfly/Kconfig +++ b/src/mainboard/google/butterfly/Kconfig @@ -17,7 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 select SERIRQ_CONTINUOUS_MODE # Workaround for EC/KBC IRQ1. -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/chell/Kconfig b/src/mainboard/google/chell/Kconfig index 9b88a8573d52..01423a7571fc 100644 --- a/src/mainboard/google/chell/Kconfig +++ b/src/mainboard/google/chell/Kconfig @@ -20,9 +20,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MONOTONIC_TIMER_MSR select SOC_INTEL_SKYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/google/cosmos/Kconfig b/src/mainboard/google/cosmos/Kconfig index 62cd82100939..3d8d64921cda 100644 --- a/src/mainboard/google/cosmos/Kconfig +++ b/src/mainboard/google/cosmos/Kconfig @@ -26,7 +26,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH select SPI_FLASH_SPANSION -config CHROMEOS +config VBOOT select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/google/cyan/Kconfig b/src/mainboard/google/cyan/Kconfig index 424c08fa347b..77d72ae55fc0 100644 --- a/src/mainboard/google/cyan/Kconfig +++ b/src/mainboard/google/cyan/Kconfig @@ -15,9 +15,9 @@ config BOARD_SPECIFIC_OPTIONS select HAVE_ACPI_RESUME select PCIEXP_L1_SUB_STATE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config DISPLAY_SPD_DATA diff --git a/src/mainboard/google/daisy/Kconfig b/src/mainboard/google/daisy/Kconfig index 29d6690c72ff..b08500de24d0 100644 --- a/src/mainboard/google/daisy/Kconfig +++ b/src/mainboard/google/daisy/Kconfig @@ -28,7 +28,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_NATIVE_VGA_INIT select MAINBOARD_DO_NATIVE_VGA_INIT -config CHROMEOS +config VBOOT select VBOOT_VBNV_EC config MAINBOARD_DIR diff --git a/src/mainboard/google/eve/Kconfig b/src/mainboard/google/eve/Kconfig index b4442f2f204e..1d1fa7b1333b 100644 --- a/src/mainboard/google/eve/Kconfig +++ b/src/mainboard/google/eve/Kconfig @@ -21,10 +21,10 @@ config BOARD_SPECIFIC_OPTIONS select SOC_INTEL_KABYLAKE select TPM2 -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select HAS_RECOVERY_MRC_CACHE - select LID_SWITCH + select VBOOT_LID_SWITCH select MRC_CLEAR_NORMAL_CACHE_ON_RECOVERY_RETRAIN config DRIVER_TPM_I2C_BUS diff --git a/src/mainboard/google/fizz/Kconfig b/src/mainboard/google/fizz/Kconfig index a3be595fa796..377a13c77322 100644 --- a/src/mainboard/google/fizz/Kconfig +++ b/src/mainboard/google/fizz/Kconfig @@ -14,7 +14,7 @@ config BOARD_SPECIFIC_OPTIONS select NO_FADT_8042 select SOC_INTEL_KABYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC diff --git a/src/mainboard/google/foster/Kconfig b/src/mainboard/google/foster/Kconfig index c408ca1f9dab..ee22110bf3ef 100644 --- a/src/mainboard/google/foster/Kconfig +++ b/src/mainboard/google/foster/Kconfig @@ -26,7 +26,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select COMMON_CBFS_SPI_WRAPPER select SPI_FLASH_WINBOND -config CHROMEOS +config VBOOT select VBOOT_VBNV_FLASH config MAINBOARD_DIR @@ -84,7 +84,7 @@ config GBB_HWID depends on CHROMEOS default "FOSTER TEST 1184" -config CHROMEOS_FWID_MODEL +config VBOOT_FWID_MODEL string default "Nvidia_Foster" diff --git a/src/mainboard/google/gale/Kconfig b/src/mainboard/google/gale/Kconfig index b6639bc5d56a..461ed5b76e22 100644 --- a/src/mainboard/google/gale/Kconfig +++ b/src/mainboard/google/gale/Kconfig @@ -31,9 +31,9 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH_WINBOND select DRIVERS_UART -config CHROMEOS +config VBOOT select VBOOT_DISABLE_DEV_ON_RECOVERY - select WIPEOUT_SUPPORTED + select VBOOT_WIPEOUT_SUPPORTED config BOARD_VARIANT_DK01 bool "Build an image for DK01" diff --git a/src/mainboard/google/glados/Kconfig b/src/mainboard/google/glados/Kconfig index 09082945de03..102a8c1e17eb 100644 --- a/src/mainboard/google/glados/Kconfig +++ b/src/mainboard/google/glados/Kconfig @@ -20,9 +20,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MONOTONIC_TIMER_MSR select SOC_INTEL_SKYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/google/gru/Kconfig b/src/mainboard/google/gru/Kconfig index bd19a291dc9d..43f671b600a4 100644 --- a/src/mainboard/google/gru/Kconfig +++ b/src/mainboard/google/gru/Kconfig @@ -45,7 +45,7 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select MAINBOARD_HAS_SPI_TPM_CR50 if GRU_HAS_TPM2 select SPI_TPM if GRU_HAS_TPM2 diff --git a/src/mainboard/google/jecht/Kconfig b/src/mainboard/google/jecht/Kconfig index 39cee21044fe..fdb5ee01fffe 100644 --- a/src/mainboard/google/jecht/Kconfig +++ b/src/mainboard/google/jecht/Kconfig @@ -14,7 +14,9 @@ if BOARD_GOOGLE_BASEBOARD_JECHT config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select PHYSICAL_REC_SWITCH + +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/lars/Kconfig b/src/mainboard/google/lars/Kconfig index 73d502c313a1..78db8b219cef 100644 --- a/src/mainboard/google/lars/Kconfig +++ b/src/mainboard/google/lars/Kconfig @@ -22,9 +22,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MONOTONIC_TIMER_MSR select SOC_INTEL_SKYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/google/link/Kconfig b/src/mainboard/google/link/Kconfig index b521f9c238ac..8469e86c1fe9 100644 --- a/src/mainboard/google/link/Kconfig +++ b/src/mainboard/google/link/Kconfig @@ -16,9 +16,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SERIRQ_CONTINUOUS_MODE select MAINBOARD_HAS_NATIVE_VGA_INIT -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/nyan/Kconfig b/src/mainboard/google/nyan/Kconfig index 7f5854ce03fa..d944a439b38c 100644 --- a/src/mainboard/google/nyan/Kconfig +++ b/src/mainboard/google/nyan/Kconfig @@ -31,7 +31,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_EC diff --git a/src/mainboard/google/nyan_big/Kconfig b/src/mainboard/google/nyan_big/Kconfig index 602e77856945..cacc30186588 100644 --- a/src/mainboard/google/nyan_big/Kconfig +++ b/src/mainboard/google/nyan_big/Kconfig @@ -32,7 +32,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_EC diff --git a/src/mainboard/google/nyan_blaze/Kconfig b/src/mainboard/google/nyan_blaze/Kconfig index d64eb72c8411..2264068f8c23 100644 --- a/src/mainboard/google/nyan_blaze/Kconfig +++ b/src/mainboard/google/nyan_blaze/Kconfig @@ -33,7 +33,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_WINBOND select SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_EC diff --git a/src/mainboard/google/oak/Kconfig b/src/mainboard/google/oak/Kconfig index 0efa478dc4ed..28771b8dd720 100644 --- a/src/mainboard/google/oak/Kconfig +++ b/src/mainboard/google/oak/Kconfig @@ -33,10 +33,9 @@ config BOARD_SPECIFIC_OPTIONS select RAM_CODE_SUPPORT select SPI_FLASH -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_EC_SLOW_UPDATE - select VBOOT_OPROM_MATTERS select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/google/parrot/Kconfig b/src/mainboard/google/parrot/Kconfig index 7b6b49b98a14..5ce1f2492efb 100644 --- a/src/mainboard/google/parrot/Kconfig +++ b/src/mainboard/google/parrot/Kconfig @@ -17,7 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy # Workaround for EC/KBC IRQ1. select SERIRQ_CONTINUOUS_MODE -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/peach_pit/Kconfig b/src/mainboard/google/peach_pit/Kconfig index be06a18d0a4d..640c0099cf3b 100644 --- a/src/mainboard/google/peach_pit/Kconfig +++ b/src/mainboard/google/peach_pit/Kconfig @@ -25,7 +25,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_DO_NATIVE_VGA_INIT select DRIVER_PARADE_PS8625 -config CHROMEOS +config VBOOT select VBOOT_VBNV_EC config MAINBOARD_DIR diff --git a/src/mainboard/google/poppy/Kconfig b/src/mainboard/google/poppy/Kconfig index 2240c2d89ca4..fc68edfe1a9c 100644 --- a/src/mainboard/google/poppy/Kconfig +++ b/src/mainboard/google/poppy/Kconfig @@ -16,9 +16,9 @@ config BOARD_SPECIFIC_OPTIONS select NO_FADT_8042 select SOC_INTEL_KABYLAKE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config GBB_HWID string diff --git a/src/mainboard/google/purin/Kconfig b/src/mainboard/google/purin/Kconfig index ca0909b25e63..6e0572420c91 100644 --- a/src/mainboard/google/purin/Kconfig +++ b/src/mainboard/google/purin/Kconfig @@ -27,7 +27,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_SPANSION select SPI_FLASH_STMICRO # required for the reference board BCM958305K -config CHROMEOS +config VBOOT select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/google/rambi/Kconfig b/src/mainboard/google/rambi/Kconfig index 9b25b49b4514..78f077ab7bb6 100644 --- a/src/mainboard/google/rambi/Kconfig +++ b/src/mainboard/google/rambi/Kconfig @@ -13,9 +13,9 @@ config BOARD_GOOGLE_BASEBOARD_RAMBI if BOARD_GOOGLE_BASEBOARD_RAMBI -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/reef/Kconfig b/src/mainboard/google/reef/Kconfig index b6c3462f2dd8..c4bf212d02d6 100644 --- a/src/mainboard/google/reef/Kconfig +++ b/src/mainboard/google/reef/Kconfig @@ -37,11 +37,11 @@ config DRIVER_TPM_I2C_IRQ int default 60 # GPE0_DW1_28 -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select HAS_RECOVERY_MRC_CACHE select MRC_CLEAR_NORMAL_CACHE_ON_RECOVERY_RETRAIN - select LID_SWITCH if BASEBOARD_REEF_LAPTOP + select VBOOT_LID_SWITCH if BASEBOARD_REEF_LAPTOP config MAINBOARD_DIR string diff --git a/src/mainboard/google/rotor/Kconfig b/src/mainboard/google/rotor/Kconfig index a47a7666016a..437fa02c1838 100644 --- a/src/mainboard/google/rotor/Kconfig +++ b/src/mainboard/google/rotor/Kconfig @@ -21,7 +21,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_CHROMEOS select BOARD_ROMSIZE_KB_4096 -config CHROMEOS +config VBOOT select VBOOT_MOCK_SECDATA config MAINBOARD_DIR @@ -37,7 +37,7 @@ config GBB_HWID depends on CHROMEOS default "ROTOR TEST 1234" -config CHROMEOS_FWID_MODEL +config VBOOT_FWID_MODEL string default "Marvell_Rotor" diff --git a/src/mainboard/google/slippy/Kconfig b/src/mainboard/google/slippy/Kconfig index a19c966e6e1e..1537ff11ca51 100644 --- a/src/mainboard/google/slippy/Kconfig +++ b/src/mainboard/google/slippy/Kconfig @@ -21,9 +21,9 @@ config BOARD_GOOGLE_BASEBOARD_SLIPPY if BOARD_GOOGLE_BASEBOARD_SLIPPY -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select MAINBOARD_DO_NATIVE_VGA_INIT if (BOARD_GOOGLE_FALCO || BOARD_GOOGLE_PEPPY) select VBOOT_VBNV_CMOS diff --git a/src/mainboard/google/smaug/Kconfig b/src/mainboard/google/smaug/Kconfig index 52076748a5b5..344be282dc32 100644 --- a/src/mainboard/google/smaug/Kconfig +++ b/src/mainboard/google/smaug/Kconfig @@ -32,7 +32,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_CHROMEOS select RAM_CODE_SUPPORT -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES select VBOOT_VBNV_FLASH diff --git a/src/mainboard/google/storm/Kconfig b/src/mainboard/google/storm/Kconfig index f844cf8b04dc..24822ab8ddc0 100644 --- a/src/mainboard/google/storm/Kconfig +++ b/src/mainboard/google/storm/Kconfig @@ -29,9 +29,9 @@ config BOARD_SPECIFIC_OPTIONS select SPI_FLASH_STMICRO select DRIVERS_UART -config CHROMEOS +config VBOOT select VBOOT_DISABLE_DEV_ON_RECOVERY - select WIPEOUT_SUPPORTED + select VBOOT_WIPEOUT_SUPPORTED config BOARD_VARIANT_AP148 bool "pick this to build an image for ap148" diff --git a/src/mainboard/google/stout/Kconfig b/src/mainboard/google/stout/Kconfig index 571cbce394c6..d34f595c9faa 100644 --- a/src/mainboard/google/stout/Kconfig +++ b/src/mainboard/google/stout/Kconfig @@ -17,7 +17,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 select SANDYBRIDGE_IVYBRIDGE_LVDS -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/google/veyron/Kconfig b/src/mainboard/google/veyron/Kconfig index 3eb32525a192..5fb340bcfcf6 100644 --- a/src/mainboard/google/veyron/Kconfig +++ b/src/mainboard/google/veyron/Kconfig @@ -45,7 +45,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS +config VBOOT select VBOOT_VBNV_EC config MAINBOARD_DIR @@ -54,6 +54,11 @@ config MAINBOARD_DIR config MAINBOARD_PART_NUMBER string + default "Veyron_Jaq" if BOARD_GOOGLE_VEYRON_JAQ + default "Veyron_Jerry" if BOARD_GOOGLE_VEYRON_JERRY + default "Veyron_Mighty" if BOARD_GOOGLE_VEYRON_MIGHTY + default "Veyron_Minnie" if BOARD_GOOGLE_VEYRON_MINNIE + default "Veyron_Speedy" if BOARD_GOOGLE_VEYRON_SPEEDY default "Veyron" config MAINBOARD_VENDOR @@ -112,12 +117,4 @@ config GBB_HWID default "MINNIE TEST A-A 5151" if BOARD_GOOGLE_VEYRON_MINNIE default "SPEEDY TEST A-A 8421" if BOARD_GOOGLE_VEYRON_SPEEDY -config CHROMEOS_FWID_MODEL - string - default "Google_Veyron_Jaq" if BOARD_GOOGLE_VEYRON_JAQ - default "Google_Veyron_Jerry" if BOARD_GOOGLE_VEYRON_JERRY - default "Google_Veyron_Mighty" if BOARD_GOOGLE_VEYRON_MIGHTY - default "Google_Veyron_Minnie" if BOARD_GOOGLE_VEYRON_MINNIE - default "Google_Veyron_Speedy" if BOARD_GOOGLE_VEYRON_SPEEDY - endif # BOARD_GOOGLE_VEYRON diff --git a/src/mainboard/google/veyron_mickey/Kconfig b/src/mainboard/google/veyron_mickey/Kconfig index 24d7921bc9e3..1f66ff035ed7 100644 --- a/src/mainboard/google/veyron_mickey/Kconfig +++ b/src/mainboard/google/veyron_mickey/Kconfig @@ -30,8 +30,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_FLASH config MAINBOARD_DIR @@ -40,7 +40,7 @@ config MAINBOARD_DIR config MAINBOARD_PART_NUMBER string - default "Veyron_mickey" + default "Veyron_Mickey" config MAINBOARD_VENDOR string @@ -72,8 +72,4 @@ config GBB_HWID depends on CHROMEOS default "MICKEY TEST A-A 0352" -config CHROMEOS_FWID_MODEL - string - default "Google_Veyron_Mickey" - endif # BOARD_GOOGLE_VEYRON_MICKEY diff --git a/src/mainboard/google/veyron_rialto/Kconfig b/src/mainboard/google/veyron_rialto/Kconfig index bbd6ffddfb51..cc6a4a605850 100644 --- a/src/mainboard/google/veyron_rialto/Kconfig +++ b/src/mainboard/google/veyron_rialto/Kconfig @@ -30,8 +30,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SPI_FLASH_GIGADEVICE select SPI_FLASH_WINBOND -config CHROMEOS - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_FLASH config MAINBOARD_DIR diff --git a/src/mainboard/intel/baskingridge/Kconfig b/src/mainboard/intel/baskingridge/Kconfig index df5d312127ea..445dbcbf22dc 100644 --- a/src/mainboard/intel/baskingridge/Kconfig +++ b/src/mainboard/intel/baskingridge/Kconfig @@ -14,7 +14,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_LPC_TPM select INTEL_INT15 -config CHROMEOS +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/intel/emeraldlake2/Kconfig b/src/mainboard/intel/emeraldlake2/Kconfig index 9ee41e81986e..7b5528ab8f85 100644 --- a/src/mainboard/intel/emeraldlake2/Kconfig +++ b/src/mainboard/intel/emeraldlake2/Kconfig @@ -13,7 +13,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy select INTEL_INT15 #select MAINBOARD_HAS_CHROMEOS -config CHROMEOS +config VBOOT #select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/intel/galileo/Kconfig b/src/mainboard/intel/galileo/Kconfig index f31ca5e9f781..0ab682c82711 100644 --- a/src/mainboard/intel/galileo/Kconfig +++ b/src/mainboard/intel/galileo/Kconfig @@ -153,7 +153,7 @@ config VBOOT_WITH_CRYPTO_SHIELD select COLLECT_TIMESTAMPS select I2C_TPM select MAINBOARD_HAS_I2C_TPM_ATMEL - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE select VBOOT select VBOOT_STARTS_IN_BOOTBLOCK select VBOOT_SOFT_REBOOT_WORKAROUND diff --git a/src/mainboard/intel/kblrvp/Kconfig b/src/mainboard/intel/kblrvp/Kconfig index 296b9225c5c2..6aa4ad5bdf64 100644 --- a/src/mainboard/intel/kblrvp/Kconfig +++ b/src/mainboard/intel/kblrvp/Kconfig @@ -14,8 +14,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy select MAINBOARD_HAS_CHROMEOS select GENERIC_SPD_BIN -config CHROMEOS - select LID_SWITCH +config VBOOT + select VBOOT_LID_SWITCH choice prompt "TPM to USE" diff --git a/src/mainboard/intel/kunimitsu/Kconfig b/src/mainboard/intel/kunimitsu/Kconfig index 64a360f9f563..aec394bf8691 100644 --- a/src/mainboard/intel/kunimitsu/Kconfig +++ b/src/mainboard/intel/kunimitsu/Kconfig @@ -34,9 +34,9 @@ config KUNIMITSU_USES_FSP2_0 endchoice -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH config IRQ_SLOT_COUNT int diff --git a/src/mainboard/intel/strago/Kconfig b/src/mainboard/intel/strago/Kconfig index c7221e915d89..f56889175659 100644 --- a/src/mainboard/intel/strago/Kconfig +++ b/src/mainboard/intel/strago/Kconfig @@ -15,9 +15,9 @@ config BOARD_SPECIFIC_OPTIONS select SOC_INTEL_BRASWELL select PCIEXP_L1_SUB_STATE -config CHROMEOS +config VBOOT select EC_GOOGLE_CHROMEEC_SWITCHES - select LID_SWITCH + select VBOOT_LID_SWITCH select VBOOT_VBNV_CMOS config DYNAMIC_VNN_SUPPORT diff --git a/src/mainboard/intel/wtm2/Kconfig b/src/mainboard/intel/wtm2/Kconfig index f57cb2338bc3..76ed4bfaf268 100644 --- a/src/mainboard/intel/wtm2/Kconfig +++ b/src/mainboard/intel/wtm2/Kconfig @@ -15,6 +15,8 @@ config BOARD_SPECIFIC_OPTIONS # dummy config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC + +config VBOOT select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/samsung/lumpy/Kconfig b/src/mainboard/samsung/lumpy/Kconfig index db1debb0eecb..bd7078dd539d 100644 --- a/src/mainboard/samsung/lumpy/Kconfig +++ b/src/mainboard/samsung/lumpy/Kconfig @@ -20,9 +20,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select DRIVERS_GENERIC_IOAPIC select INTEL_INT15 -config CHROMEOS - select PHYSICAL_DEV_SWITCH - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_DEV_SWITCH + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/mainboard/samsung/stumpy/Kconfig b/src/mainboard/samsung/stumpy/Kconfig index f8e9b99b01cf..4f3d1e9f097f 100644 --- a/src/mainboard/samsung/stumpy/Kconfig +++ b/src/mainboard/samsung/stumpy/Kconfig @@ -17,9 +17,9 @@ config BOARD_SPECIFIC_OPTIONS # dummy select SUPERIO_SMSC_LPC47N207 select INTEL_INT15 -config CHROMEOS - select PHYSICAL_DEV_SWITCH - select PHYSICAL_REC_SWITCH +config VBOOT + select VBOOT_PHYSICAL_DEV_SWITCH + select VBOOT_PHYSICAL_REC_SWITCH select VBOOT_VBNV_CMOS config MAINBOARD_DIR diff --git a/src/soc/broadcom/cygnus/Kconfig b/src/soc/broadcom/cygnus/Kconfig index e5849f020ad1..e2f97e4ab2c3 100644 --- a/src/soc/broadcom/cygnus/Kconfig +++ b/src/soc/broadcom/cygnus/Kconfig @@ -28,10 +28,10 @@ config SOC_BROADCOM_CYGNUS if SOC_BROADCOM_CYGNUS -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE - select RETURN_FROM_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE config CONSOLE_SERIAL_UART_ADDRESS hex diff --git a/src/soc/intel/apollolake/Kconfig b/src/soc/intel/apollolake/Kconfig index 234e2900b972..ca8f5d082974 100644 --- a/src/soc/intel/apollolake/Kconfig +++ b/src/soc/intel/apollolake/Kconfig @@ -70,7 +70,9 @@ config CPU_SPECIFIC_OPTIONS config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select SEPARATE_VERSTAGE + +config VBOOT + select VBOOT_SEPARATE_VERSTAGE select VBOOT_OPROM_MATTERS select VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT select VBOOT_STARTS_IN_BOOTBLOCK diff --git a/src/soc/intel/quark/romstage/fsp1_1.c b/src/soc/intel/quark/romstage/fsp1_1.c index f715f434257b..6ce2079256a9 100644 --- a/src/soc/intel/quark/romstage/fsp1_1.c +++ b/src/soc/intel/quark/romstage/fsp1_1.c @@ -119,7 +119,7 @@ void soc_memory_init_params(struct romstage_params *params, printk(BIOS_SPEW, "| coreboot stack |\n"); printk(BIOS_SPEW, "+-------------------+ 0x%p", _car_stack_start); - if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) { + if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) { printk(BIOS_SPEW, "\n"); printk(BIOS_SPEW, "| vboot data |\n"); printk(BIOS_SPEW, "+-------------------+ 0x%08x", diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index b7c5552a7a06..8ac7263c89dc 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -87,8 +87,10 @@ config USE_FSP1_1_DRIVER config CHROMEOS select CHROMEOS_RAMOOPS_DYNAMIC - select SEPARATE_VERSTAGE - select VBOOT_EC_SLOW_UPDATE if EC_GOOGLE_CHROMEEC + +config VBOOT + select VBOOT_EC_SLOW_UPDATE if VBOOT_EC_SOFTWARE_SYNC + select VBOOT_SEPARATE_VERSTAGE select VBOOT_OPROM_MATTERS select VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT select VBOOT_STARTS_IN_BOOTBLOCK diff --git a/src/soc/marvell/armada38x/Kconfig b/src/soc/marvell/armada38x/Kconfig index ed8cbe810046..20f9d09c892a 100644 --- a/src/soc/marvell/armada38x/Kconfig +++ b/src/soc/marvell/armada38x/Kconfig @@ -7,13 +7,15 @@ config SOC_MARVELL_ARMADA38X select ARCH_RAMSTAGE_ARMV7 select HAVE_UART_SPECIAL select BOOTBLOCK_CONSOLE - select RETURN_FROM_VERSTAGE select BOOTBLOCK_CUSTOM select GENERIC_UDELAY select UART_OVERRIDE_REFCLK if SOC_MARVELL_ARMADA38X +config VBOOT + select VBOOT_RETURN_FROM_VERSTAGE + config BOOTBLOCK_CPU_INIT string default "soc/marvell/armada38x/bootblock.c" diff --git a/src/soc/marvell/bg4cd/Kconfig b/src/soc/marvell/bg4cd/Kconfig index cdd8597de883..6f9b6aab3243 100644 --- a/src/soc/marvell/bg4cd/Kconfig +++ b/src/soc/marvell/bg4cd/Kconfig @@ -28,7 +28,7 @@ config SOC_MARVELL_BG4CD if SOC_MARVELL_BG4CD -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK endif diff --git a/src/soc/marvell/mvmap2315/Kconfig b/src/soc/marvell/mvmap2315/Kconfig index 45e03c1e7759..072f4eee0169 100644 --- a/src/soc/marvell/mvmap2315/Kconfig +++ b/src/soc/marvell/mvmap2315/Kconfig @@ -31,8 +31,7 @@ config SOC_MARVELL_MVMAP2315 if SOC_MARVELL_MVMAP2315 -config CHROMEOS - select VBOOT +config VBOOT select VBOOT_STARTS_IN_ROMSTAGE config CONSOLE_SERIAL_MVMAP2315_UART_ADDRESS diff --git a/src/soc/mediatek/mt8173/Kconfig b/src/soc/mediatek/mt8173/Kconfig index 7558ad18d225..a367470ed656 100644 --- a/src/soc/mediatek/mt8173/Kconfig +++ b/src/soc/mediatek/mt8173/Kconfig @@ -17,10 +17,10 @@ config SOC_MEDIATEK_MT8173 if SOC_MEDIATEK_MT8173 -config CHROMEOS +config VBOOT select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE config MEMORY_TEST bool diff --git a/src/soc/nvidia/tegra124/Kconfig b/src/soc/nvidia/tegra124/Kconfig index fdbbc7fc6c8c..cd753f42aef0 100644 --- a/src/soc/nvidia/tegra124/Kconfig +++ b/src/soc/nvidia/tegra124/Kconfig @@ -16,10 +16,10 @@ config SOC_NVIDIA_TEGRA124 if SOC_NVIDIA_TEGRA124 -config CHROMEOS +config VBOOT select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE config TEGRA124_MODEL_TD570D bool "TD570D" diff --git a/src/soc/nvidia/tegra210/Kconfig b/src/soc/nvidia/tegra210/Kconfig index 880f1996f0e0..30a23ef39488 100644 --- a/src/soc/nvidia/tegra210/Kconfig +++ b/src/soc/nvidia/tegra210/Kconfig @@ -17,9 +17,9 @@ config SOC_NVIDIA_TEGRA210 if SOC_NVIDIA_TEGRA210 -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE select VBOOT_OPROM_MATTERS config MAINBOARD_DO_DSI_INIT diff --git a/src/soc/qualcomm/ipq40xx/Kconfig b/src/soc/qualcomm/ipq40xx/Kconfig index d0c1fbd4f090..b0d3f07ad28e 100644 --- a/src/soc/qualcomm/ipq40xx/Kconfig +++ b/src/soc/qualcomm/ipq40xx/Kconfig @@ -12,10 +12,10 @@ config SOC_QC_IPQ40XX if SOC_QC_IPQ40XX -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK - select RETURN_FROM_VERSTAGE - select SEPARATE_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE select VBOOT_VBNV_FLASH config IPQ_QFN_PART diff --git a/src/soc/qualcomm/ipq806x/Kconfig b/src/soc/qualcomm/ipq806x/Kconfig index 13977e5cbaf7..54300ebf2b7d 100644 --- a/src/soc/qualcomm/ipq806x/Kconfig +++ b/src/soc/qualcomm/ipq806x/Kconfig @@ -11,11 +11,11 @@ config SOC_QC_IPQ806X if SOC_QC_IPQ806X -config CHROMEOS +config VBOOT select VBOOT_STARTS_IN_BOOTBLOCK select VBOOT_VBNV_FLASH - select SEPARATE_VERSTAGE - select RETURN_FROM_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE config MBN_ENCAPSULATION depends on USE_BLOBS diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig index ea34bb913065..19e52b64d9f5 100644 --- a/src/soc/rockchip/rk3288/Kconfig +++ b/src/soc/rockchip/rk3288/Kconfig @@ -31,11 +31,11 @@ config SOC_ROCKCHIP_RK3288 if SOC_ROCKCHIP_RK3288 -config CHROMEOS +config VBOOT select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK - select SEPARATE_VERSTAGE - select RETURN_FROM_VERSTAGE + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE config PMIC_BUS int diff --git a/src/soc/rockchip/rk3399/Kconfig b/src/soc/rockchip/rk3399/Kconfig index b4017c88569e..65b31d523e0e 100644 --- a/src/soc/rockchip/rk3399/Kconfig +++ b/src/soc/rockchip/rk3399/Kconfig @@ -14,9 +14,9 @@ config SOC_ROCKCHIP_RK3399 if SOC_ROCKCHIP_RK3399 -config CHROMEOS - select RETURN_FROM_VERSTAGE - select SEPARATE_VERSTAGE +config VBOOT + select VBOOT_SEPARATE_VERSTAGE + select VBOOT_RETURN_FROM_VERSTAGE select VBOOT_OPROM_MATTERS select VBOOT_STARTS_IN_BOOTBLOCK diff --git a/src/vboot/Kconfig b/src/vboot/Kconfig index a92a2fa5e131..c5173239efea 100644 --- a/src/vboot/Kconfig +++ b/src/vboot/Kconfig @@ -12,22 +12,39 @@ ## GNU General Public License for more details. ## -config VBOOT_VBNV_OFFSET - hex - default 0x26 - depends on PC80_SYSTEM +menu "Verified Boot (vboot)" + +config VBOOT + bool "Verify firmware with vboot." + default n + select TPM if !MAINBOARD_HAS_TPM2 + select TPM2 if MAINBOARD_HAS_TPM2 + select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM + select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM + depends on HAVE_HARD_RESET help - CMOS offset for VbNv data. This value must match cmos.layout - in the mainboard directory, minus 14 bytes for the RTC. + Enabling VBOOT will use vboot to verify the components of the firmware + (stages, payload, etc). + +if VBOOT config VBOOT_VBNV_CMOS - bool "Vboot non-volatile storage in CMOS." + bool default n + depends on PC80_SYSTEM help VBNV is stored in CMOS +config VBOOT_VBNV_OFFSET + hex + default 0x26 + depends on VBOOT_VBNV_CMOS + help + CMOS offset for VbNv data. This value must match cmos.layout + in the mainboard directory, minus 14 bytes for the RTC. + config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH - bool "Back up Vboot non-volatile storage from CMOS to flash." + bool default n depends on VBOOT_VBNV_CMOS && BOOT_DEVICE_SUPPORTS_WRITES help @@ -35,35 +52,38 @@ config VBOOT_VBNV_CMOS_BACKUP_TO_FLASH and restored from flash if the CMOS is invalid due to power loss. config VBOOT_VBNV_EC - bool "Vboot non-volatile storage in EC." + bool default n help VBNV is stored in EC config VBOOT_VBNV_FLASH - def_bool n + bool + default n depends on BOOT_DEVICE_SUPPORTS_WRITES help VBNV is stored in flash storage config VBOOT_STARTS_IN_BOOTBLOCK - bool "Vboot starts verifying in bootblock" + bool default n - depends on VBOOT help - Firmware verification happens during or at the end of bootblock. + Firmware verification happens during the end of or right after the + bootblock. This implies that a static VBOOT2_WORK() buffer must be + allocated in memlayout. config VBOOT_STARTS_IN_ROMSTAGE - bool "Vboot starts verifying in romstage" + bool default n - depends on VBOOT && !VBOOT_STARTS_IN_BOOTBLOCK + depends on !VBOOT_STARTS_IN_BOOTBLOCK help - Firmware verification happens during or at the end of romstage. + Firmware verification happens during the end of romstage (after + memory initialization). This implies that vboot working data is + allocated in CBMEM. config VBOOT_MOCK_SECDATA bool "Mock secdata for firmware verification" default n - depends on VBOOT help Enabling VBOOT_MOCK_SECDATA will mock secdata for the firmware verification to avoid access to a secdata storage (typically TPM). @@ -72,29 +92,28 @@ config VBOOT_MOCK_SECDATA THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES. config VBOOT_DISABLE_DEV_ON_RECOVERY - bool "Disable dev mode on recovery requests" + bool default n - depends on VBOOT help When this option is enabled, the Chrome OS device leaves the developer mode as soon as recovery request is detected. This is handy on embedded devices with limited input capabilities. -config SEPARATE_VERSTAGE - bool "Vboot verification is built into a separate stage" +config VBOOT_SEPARATE_VERSTAGE + bool default n - depends on VBOOT && VBOOT_STARTS_IN_BOOTBLOCK + depends on VBOOT_STARTS_IN_BOOTBLOCK help If this option is set, vboot verification runs in a standalone stage that is loaded from the bootblock and exits into romstage. If it is not set, the verification code is linked directly into the bootblock or the romstage and runs as part of that stage (cf. related options - VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and RETURN_FROM_VERSTAGE). + VBOOT_STARTS_IN_BOOTBLOCK/_ROMSTAGE and VBOOT_RETURN_FROM_VERSTAGE). -config RETURN_FROM_VERSTAGE - bool "The separate verification stage returns to its caller" +config VBOOT_RETURN_FROM_VERSTAGE + bool default n - depends on SEPARATE_VERSTAGE + depends on VBOOT_SEPARATE_VERSTAGE help If this is set, the verstage returns back to the calling stage instead of exiting to the succeeding stage so that the verstage space can be @@ -104,16 +123,14 @@ config RETURN_FROM_VERSTAGE config VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT bool default n - depends on VBOOT help This option ensures that the recovery request is not lost because of reboots caused after vboot verification is run. e.g. reboots caused by FSP components on Intel platforms. config VBOOT_OPROM_MATTERS - bool "Video option ROM matters (= can skip display init)" + bool default n - depends on VBOOT help Set this option to indicate to vboot that this platform will skip its display initialization on a normal (non-recovery, non-developer) boot. @@ -125,7 +142,6 @@ config VBOOT_OPROM_MATTERS config VBOOT_HAS_REC_HASH_SPACE bool default n - depends on VBOOT help Set this option to indicate to vboot that recovery data hash space is present in TPM. @@ -134,14 +150,168 @@ config VBOOT_SOFT_REBOOT_WORKAROUND bool default n -config VBOOT - bool "Verify firmware with vboot." +config VBOOT_EC_SOFTWARE_SYNC + bool "Enable EC software sync" + default y if EC_GOOGLE_CHROMEEC default n - select TPM if !MAINBOARD_HAS_TPM2 - select TPM2 if MAINBOARD_HAS_TPM2 - select TPM_INIT_FAILURE_IS_FATAL if PC80_SYSTEM && LPC_TPM - select SKIP_TPM_STARTUP_ON_NORMAL_BOOT if PC80_SYSTEM && LPC_TPM - depends on HAVE_HARD_RESET help - Enabling VBOOT will use vboot to verify the components of the firmware - (stages, payload, etc). + EC software sync is a mechanism where the AP helps the EC verify its + firmware similar to how vboot verifies the main system firmware. This + option selects whether vboot should support EC software sync. + +config VBOOT_EC_SLOW_UPDATE + bool + default n + depends on VBOOT_EC_SOFTWARE_SYNC + help + Whether the EC (or PD) is slow to update and needs to display a + screen that informs the user the update is happening. + +config VBOOT_PHYSICAL_DEV_SWITCH + bool + default n + help + Whether this platform has a physical developer switch. Note that this + disables virtual dev switch functionality (through secdata). Operation + where both a physical pin and the virtual switch get sampled is not + supported by coreboot. + +config VBOOT_PHYSICAL_REC_SWITCH + bool + default n + help + Whether this platform has a physical recovery switch. + +config VBOOT_LID_SWITCH + bool + default n + help + Whether this platform has a lid switch. If it does, vboot will not + decrement try counters for boot failures if the lid is closed. + +config VBOOT_WIPEOUT_SUPPORTED + bool + default n + help + When this option is enabled, the firmware provides the ability to + signal the application the need for factory reset (a.k.a. wipe + out) of the device + +config VBOOT_FWID_MODEL + string "Firmware ID model" + default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" + help + This is the first part of the FWID written to various regions of a + vboot firmware image to identify its version. + +config VBOOT_FWID_VERSION + string "Firmware ID version" + default "$(KERNELVERSION)" + help + This is the second part of the FWID written to various regions of a + vboot firmware image to identify its version. + +menu "GBB configuration" + +config GBB_HWID + string "Hardware ID" + default "NOCONF HWID" + +config GBB_BMPFV_FILE + string "Path to bmpfv image" + default "" + +config GBB_FLAG_DEV_SCREEN_SHORT_DELAY + bool "Reduce dev screen delay" + default n + +config GBB_FLAG_LOAD_OPTION_ROMS + bool "Load option ROMs" + default n + +config GBB_FLAG_ENABLE_ALTERNATE_OS + bool "Allow booting a non-Chrome OS kernel if dev switch is on" + default n + +config GBB_FLAG_FORCE_DEV_SWITCH_ON + bool "Force dev switch on" + default n + +config GBB_FLAG_FORCE_DEV_BOOT_USB + bool "Allow booting from USB in dev mode even if dev_boot_usb=0" + default y + +config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK + bool "Disable firmware rollback protection" + default y + +config GBB_FLAG_ENTER_TRIGGERS_TONORM + bool "Return to normal boot with Enter" + default n + +config GBB_FLAG_FORCE_DEV_BOOT_LEGACY + bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0" + default n + +config GBB_FLAG_FAFT_KEY_OVERIDE + bool "Allow booting using alternative keys for FAFT servo testing" + default n + +config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC + bool "Disable EC software sync" + default n + +config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY + bool "Default to booting to legacy in dev mode" + default n + +config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC + bool "Disable PD software sync" + default n + +config GBB_FLAG_DISABLE_LID_SHUTDOWN + bool "Disable shutdown on closed lid" + default n + +config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP + bool "Allow fastboot even if dev_boot_fastboot_full_cap=0" + default n + +config GBB_FLAG_ENABLE_SERIAL + bool "Tell vboot to enable serial console" + default n + +endmenu # GBB + +menu "Vboot Keys" +config VBOOT_ROOT_KEY + string "Root key (public)" + default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" + +config VBOOT_RECOVERY_KEY + string "Recovery key (public)" + default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" + +config VBOOT_FIRMWARE_PRIVKEY + string "Firmware key (private)" + default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" + +config VBOOT_KERNEL_KEY + string "Kernel subkey (public)" + default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" + +config VBOOT_KEYBLOCK + string "Keyblock to use for the RW regions" + default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" + +config VBOOT_KEYBLOCK_VERSION + int "Keyblock version number" + default 1 + +config VBOOT_KEYBLOCK_PREAMBLE_FLAGS + hex "Keyblock preamble flags" + default 0x0 + +endmenu # Keys +endif # VBOOT +endmenu # Verified Boot (vboot) diff --git a/src/vboot/Makefile.inc b/src/vboot/Makefile.inc index a09811b52c89..56a3bacb7233 100644 --- a/src/vboot/Makefile.inc +++ b/src/vboot/Makefile.inc @@ -67,17 +67,17 @@ verstage-y += common.c verstage-y += verstage.c ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y) libverstage-y += secdata_mock.c -romstage-$(CONFIG_SEPARATE_VERSTAGE) += secdata_mock.c +romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_mock.c else libverstage-y += secdata_tpm.c -romstage-$(CONFIG_SEPARATE_VERSTAGE) += secdata_tpm.c +romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c endif romstage-y += vboot_handoff.c common.c ramstage-y += common.c postcar-y += common.c -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-verstage-y)) else ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) @@ -85,7 +85,7 @@ VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-bootblock-y)) else VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-romstage-y)) endif -endif # CONFIG_SEPARATE_VERSTAGE +endif # CONFIG_VBOOT_SEPARATE_VERSTAGE VB2_LIB = $(obj)/external/vboot_reference/vboot_fw20.a VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%, $(filter-out -I$(obj), $(filter-out -include $(src)/include/kconfig.h, $(CPPFLAGS_libverstage)))) @@ -106,7 +106,7 @@ $(VB2_LIB): $(obj)/config.h libverstage-srcs += $(VB2_LIB) -ifeq ($(CONFIG_SEPARATE_VERSTAGE),y) +ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) # This works under the assumption that romstage and verstage use the same # architecture and thus CC_verstage is the same as CC_romstage. If this is not @@ -115,7 +115,7 @@ ifeq ($(CONFIG_VBOOT_HAS_REC_HASH_SPACE),y) romstage-srcs += $(VB2_LIB) endif -cbfs-files-$(CONFIG_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage +cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage $(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf $(CONFIG_CBFS_PREFIX)/verstage-type := stage $(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG) @@ -137,7 +137,7 @@ bootblock-srcs += $(objgenerated)/libverstage.a else romstage-srcs += $(objgenerated)/libverstage.a endif -endif # CONFIG_SEPARATE_VERSTAGE +endif # CONFIG_VBOOT_SEPARATE_VERSTAGE # Define a list of files that need to be in RO only. # All other files will be installed into RO and RW regions @@ -155,4 +155,115 @@ regions-for-file = $(subst $(spc),$(comma),$(sort \ rmu.bin \ ,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B))) +CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) +CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) +CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK)) +CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)) +CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY)) +CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL)) +CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION)) + +# bool-to-mask(var, value) +# return "value" if var is "y", 0 otherwise +bool-to-mask = $(if $(filter y,$(1)),$(2),0) + +GBB_FLAGS := $(call int-add, \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_LEGACY),0x80) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FAFT_KEY_OVERIDE),0x100) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY),0x400) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP),0x2000) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_SERIAL),0x4000) \ + ) + +ifneq ($(CONFIG_GBB_BMPFV_FILE),) +$(obj)/gbb.sizetmp: $(obj)/coreboot.rom + $(CBFSTOOL) $< read -r GBB -f $@ + +$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp + @printf " CREATE GBB (with BMPFV)\n" + $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp + mv $@.tmp $@ +else +$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) + @printf " CREATE GBB (without BMPFV)\n" + $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp + mv $@.tmp $@ +endif + +$(obj)/gbb.region: $(obj)/gbb.stub + @printf " SETUP GBB\n" + cp $< $@.tmp + $(FUTILITY) gbb_utility -s \ + --hwid="$(CONFIG_GBB_HWID)" \ + --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \ + --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \ + --flags=$(GBB_FLAGS) \ + $@.tmp +ifneq ($(CONFIG_GBB_BMPFV_FILE),) + $(FUTILITY) gbb_utility -s \ + --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \ + $@.tmp +endif + mv $@.tmp $@ + +$(obj)/fwid.region: + printf "$(CONFIG_VBOOT_FWID_MODEL)$(CONFIG_VBOOT_FWID_VERSION)\0" > $@ + +build_complete:: $(obj)/gbb.region $(obj)/fwid.region + @printf " WRITE GBB\n" + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region + +ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),) +build_complete:: + printf "\0" > $(obj)/shared_data.region + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region +endif + +# Extract FW_MAIN_? region and minimize it if the last file is empty, so it +# doesn't contain this empty file (that can have a significant size), +# improving a lot on hash times due to a smaller amount of data loaded from +# firmware storage. +# When passing the minimized image to vbutil_firmware, its length is recorded +# in the keyblock, and coreboot's vboot code clips the region_device to match, +# which prevents any potential extension attacks. +$(obj)/FW_MAIN_%.bin: $(obj)/coreboot.rom + $(CBFSTOOL) $< read -r $(basename $(notdir $@)) -f $@.tmp + $(CBFSTOOL) $(obj)/coreboot.rom print -k -r $(basename $(notdir $@)) | \ + tail -1 | \ + sed "s,^(empty)[[:space:]]\(0x[0-9a-f]*\)\tnull\t.*$$,\1," \ + > $@.tmp.size + if [ -n "$$(cat $@.tmp.size)" ] && [ $$( printf "%d" $$(cat $@.tmp.size)) -gt 0 ]; then \ + head -c $$( printf "%d" $$(cat $@.tmp.size)) $@.tmp > $@.tmp2 && \ + mv $@.tmp2 $@; \ + else \ + mv $@.tmp $@; \ + fi + +$(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) + $(FUTILITY) vbutil_firmware \ + --vblock $@ \ + --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \ + --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \ + --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \ + --fv $< \ + --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \ + --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) + +files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin + $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin + endif # CONFIG_VBOOT diff --git a/src/vboot/bootmode.c b/src/vboot/bootmode.c index d66911fa91b7..23dec1339625 100644 --- a/src/vboot/bootmode.c +++ b/src/vboot/bootmode.c @@ -75,7 +75,7 @@ BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT, static int vboot_possibly_executed(void) { if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) { - if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) return 0; return 1; } @@ -141,6 +141,23 @@ int vboot_recovery_mode_enabled(void) return !!vboot_check_recovery_request(); } +int __attribute__((weak)) clear_recovery_mode_switch(void) +{ + // Weak implementation. Nothing to do. + return 0; +} + +int __attribute__((weak)) get_sw_write_protect_state(void) +{ + // Can be implemented by a platform / mainboard + return 0; +} + +void __attribute__((weak)) log_recovery_mode_switch(void) +{ + // Weak implementation. Nothing to do. +} + int __attribute__((weak)) get_recovery_mode_retrain_switch(void) { return 0; diff --git a/src/vboot/vboot_handoff.c b/src/vboot/vboot_handoff.c index 85be928ae3db..b3a5c1964101 100644 --- a/src/vboot/vboot_handoff.c +++ b/src/vboot/vboot_handoff.c @@ -83,11 +83,11 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff, vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON; } /* TODO: Set these in depthcharge */ - if (!IS_ENABLED(CONFIG_PHYSICAL_DEV_SWITCH)) + if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH)) vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH; - if (IS_ENABLED(CONFIG_EC_SOFTWARE_SYNC)) + if (IS_ENABLED(CONFIG_VBOOT_EC_SOFTWARE_SYNC)) vb_sd->flags |= VBSD_EC_SOFTWARE_SYNC; - if (!IS_ENABLED(CONFIG_PHYSICAL_REC_SWITCH)) + if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_REC_SWITCH)) vb_sd->flags |= VBSD_BOOT_REC_SWITCH_VIRTUAL; if (IS_ENABLED(CONFIG_VBOOT_EC_SLOW_UPDATE)) vb_sd->flags |= VBSD_EC_SLOW_UPDATE; diff --git a/src/vboot/vboot_loader.c b/src/vboot/vboot_loader.c index 3629402f7e64..9aab789854db 100644 --- a/src/vboot/vboot_loader.c +++ b/src/vboot/vboot_loader.c @@ -29,11 +29,11 @@ _Static_assert(IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) + IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE) == 1, "vboot must either start in bootblock or romstage (not both!)"); -_Static_assert(!IS_ENABLED(CONFIG_SEPARATE_VERSTAGE) || +_Static_assert(!IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) || IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK), "stand-alone verstage must start in (i.e. after) bootblock"); -_Static_assert(!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) || - IS_ENABLED(CONFIG_SEPARATE_VERSTAGE), +_Static_assert(!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE) || + IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE), "return from verstage only makes sense for separate verstages"); /* The stage loading code is compiled and entered from multiple stages. The @@ -42,7 +42,7 @@ _Static_assert(!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE) || static int verification_should_run(void) { - if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) return ENV_VERSTAGE; else if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) return ENV_ROMSTAGE; @@ -54,7 +54,7 @@ static int verification_should_run(void) static int verstage_should_load(void) { - if (IS_ENABLED(CONFIG_SEPARATE_VERSTAGE)) + if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) return ENV_BOOTBLOCK; else return 0; @@ -87,7 +87,7 @@ int vb2_logic_executed(void) static void vboot_prepare(void) { if (verification_should_run()) { - /* Note: this path is not used for RETURN_FROM_VERSTAGE */ + /* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */ verstage_main(); car_set_var(vboot_executed, 1); vb2_save_recovery_reason_vbnv(); @@ -130,7 +130,7 @@ static void vboot_prepare(void) /* This is not actually possible to hit this condition at * runtime, but this provides a hint to the compiler for dead * code elimination below. */ - if (!IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) + if (!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)) return; car_set_var(vboot_executed, 1); diff --git a/src/vboot/vboot_logic.c b/src/vboot/vboot_logic.c index fbbe3e8be735..9145ad003e91 100644 --- a/src/vboot/vboot_logic.c +++ b/src/vboot/vboot_logic.c @@ -329,7 +329,7 @@ void verstage_main(void) antirollback_read_space_firmware(&ctx); timestamp_add_now(TS_END_TPMINIT); - if (IS_ENABLED(CONFIG_PHYSICAL_DEV_SWITCH) && + if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; @@ -339,10 +339,11 @@ void verstage_main(void) ctx.flags |= VB2_DISABLE_DEVELOPER_MODE; } - if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) + if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && + get_wipeout_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE; - if (IS_ENABLED(CONFIG_LID_SWITCH) && !get_lid_switch()) + if (IS_ENABLED(CONFIG_VBOOT_LID_SWITCH) && !get_lid_switch()) ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT; /* Do early init (set up secdata and NVRAM, load GBB) */ diff --git a/src/vboot/verstage.c b/src/vboot/verstage.c index 64fadc736e98..aca4ab328d0f 100644 --- a/src/vboot/verstage.c +++ b/src/vboot/verstage.c @@ -30,7 +30,7 @@ void main(void) exception_init(); verstage_mainboard_init(); - if (IS_ENABLED(CONFIG_RETURN_FROM_VERSTAGE)) { + if (IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)) { verstage_main(); } else { run_romstage(); diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 62e60d40d484..ab2478212d5b 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -59,24 +59,6 @@ config CHROMEOS_RAMOOPS_RAM_SIZE default 0x00100000 depends on CHROMEOS_RAMOOPS -config EC_SOFTWARE_SYNC - bool "Enable EC software sync" - default y if EC_GOOGLE_CHROMEEC - default n - depends on VBOOT - help - EC software sync is a mechanism where the AP helps the EC verify its - firmware similar to how vboot verifies the main system firmware. This - option selects whether depthcharge should support EC software sync. - -config VBOOT_EC_SLOW_UPDATE - bool "EC is slow to update" - default n - depends on EC_SOFTWARE_SYNC - help - Whether the EC (or PD) is slow to update and needs to display a - screen that informs the user the update is happening. - config NO_TPM_RESUME bool default n @@ -85,55 +67,12 @@ config NO_TPM_RESUME boards, booting Windows will break if the TPM resume command is sent during an S3 resume. -config PHYSICAL_DEV_SWITCH - bool - default n - help - Whether this platform has a physical developer switch. Note that this - disables virtual dev switch functionality (through secdata). Operation - where both a physical pin and the virtual switch get sampled is not - supported by coreboot. - -config PHYSICAL_REC_SWITCH - bool - default n - help - Whether this platform has a physical recovery switch - -config LID_SWITCH - bool "Lid switch is present" - default n - help - Whether this platform has a lid switch - -config WIPEOUT_SUPPORTED - bool "User is able to request factory reset" - default n - help - When this option is enabled, the firmware provides the ability to - signal the application the need for factory reset (a.k.a. wipe - out) of the device - config HAVE_REGULATORY_DOMAIN bool "Add regulatory domain methods" default n help This option is needed to add ACPI regulatory domain methods -config CHROMEOS_FWID_MODEL - string "Chrome OS Firmware ID model" - default "$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" - help - This is the first part of the FWID written to various regions of a - Chrome OS firmware image to identify its version. - -config CHROMEOS_FWID_VERSION - string "Chrome OS Firmware ID version" - default "$(KERNELVERSION)" - help - This is the second part of the FWID written to various regions of a - Chrome OS firmware image to identify its version. - config CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME bool default y @@ -148,108 +87,5 @@ config CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME on normal boot as well as resume and coreboot is only involved in the resume piece w.r.t. the platform hierarchy. -menu "GBB configuration" - -config GBB_HWID - string "Hardware ID" - default "NOCONF HWID" - -config GBB_BMPFV_FILE - string "Path to bmpfv image" - default "" - -config GBB_FLAG_DEV_SCREEN_SHORT_DELAY - bool "Reduce dev screen delay" - default n - -config GBB_FLAG_LOAD_OPTION_ROMS - bool "Load option ROMs" - default n - -config GBB_FLAG_ENABLE_ALTERNATE_OS - bool "Allow booting a non-Chrome OS kernel if dev switch is on" - default n - -config GBB_FLAG_FORCE_DEV_SWITCH_ON - bool "Force dev switch on" - default n - -config GBB_FLAG_FORCE_DEV_BOOT_USB - bool "Allow booting from USB in dev mode even if dev_boot_usb=0" - default y - -config GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK - bool "Disable firmware rollback protection" - default y - -config GBB_FLAG_ENTER_TRIGGERS_TONORM - bool "Return to normal boot with Enter" - default n - -config GBB_FLAG_FORCE_DEV_BOOT_LEGACY - bool "Allow booting to legacy in dev mode even if dev_boot_legacy=0" - default n - -config GBB_FLAG_FAFT_KEY_OVERIDE - bool "Allow booting using alternative keys for FAFT servo testing" - default n - -config GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC - bool "Disable EC software sync" - default n - -config GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY - bool "Default to booting to legacy in dev mode" - default n - -config GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC - bool "Disable PD software sync" - default n - -config GBB_FLAG_DISABLE_LID_SHUTDOWN - bool "Disable shutdown on closed lid" - default n - -config GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP - bool "Allow fastboot even if dev_boot_fastboot_full_cap=0" - default n - -config GBB_FLAG_ENABLE_SERIAL - bool "Tell vboot to enable serial console" - default n - -endmenu # GBB - -menu "Vboot Keys" -config VBOOT_ROOT_KEY - string "Root key (public)" - default "$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" - -config VBOOT_RECOVERY_KEY - string "Recovery key (public)" - default "$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" - -config VBOOT_FIRMWARE_PRIVKEY - string "Firmware key (private)" - default "$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" - -config VBOOT_KERNEL_KEY - string "Kernel subkey (public)" - default "$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" - -config VBOOT_KEYBLOCK - string "Keyblock to use for the RW regions" - default "$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" - -config VBOOT_KEYBLOCK_VERSION - int "Keyblock version number" - default 1 - -config VBOOT_KEYBLOCK_PREAMBLE_FLAGS - hex "Keyblock preamble flags" - default 0x0 - -endmenu # Keys - endif # CHROMEOS endmenu diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 3326ced1eb02..22352ef24336 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -13,11 +13,6 @@ ## GNU General Public License for more details. ## -bootblock-y += chromeos.c -verstage-y += chromeos.c -romstage-y += chromeos.c -ramstage-y += chromeos.c - ramstage-$(CONFIG_ELOG) += elog.c ramstage-$(CONFIG_HAVE_ACPI_TABLES) += gnvs.c ramstage-$(CONFIG_HAVE_ACPI_TABLES) += acpi.c @@ -31,114 +26,3 @@ ifeq ($(CONFIG_ARCH_MIPS),) bootblock-y += watchdog.c ramstage-y += watchdog.c endif - -CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) -CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) -CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK)) -CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)) -CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY)) -CONFIG_CHROMEOS_FWID_MODEL := $(call strip_quotes,$(CONFIG_CHROMEOS_FWID_MODEL)) -CONFIG_CHROMEOS_FWID_VERSION := $(call strip_quotes,$(CONFIG_CHROMEOS_FWID_VERSION)) - -# bool-to-mask(var, value) -# return "value" if var is "y", 0 otherwise -bool-to-mask = $(if $(filter y,$(1)),$(2),0) - -GBB_FLAGS := $(call int-add, \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_LEGACY),0x80) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FAFT_KEY_OVERIDE),0x100) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY),0x400) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP),0x2000) \ - $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_SERIAL),0x4000) \ - ) - -ifneq ($(CONFIG_GBB_BMPFV_FILE),) -$(obj)/gbb.sizetmp: $(obj)/coreboot.rom - $(CBFSTOOL) $< read -r GBB -f $@ - -$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp - @printf " CREATE GBB (with BMPFV)\n" - $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp - mv $@.tmp $@ -else -$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) - @printf " CREATE GBB (without BMPFV)\n" - $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp - mv $@.tmp $@ -endif - -$(obj)/gbb.region: $(obj)/gbb.stub - @printf " SETUP GBB\n" - cp $< $@.tmp - $(FUTILITY) gbb_utility -s \ - --hwid="$(CONFIG_GBB_HWID)" \ - --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \ - --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \ - --flags=$(GBB_FLAGS) \ - $@.tmp -ifneq ($(CONFIG_GBB_BMPFV_FILE),) - $(FUTILITY) gbb_utility -s \ - --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \ - $@.tmp -endif - mv $@.tmp $@ - -$(obj)/fwid.region: - printf "$(CONFIG_CHROMEOS_FWID_MODEL)$(CONFIG_CHROMEOS_FWID_VERSION)\0" > $@ - -build_complete:: $(obj)/gbb.region $(obj)/fwid.region - @printf " WRITE GBB\n" - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region - -ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),) -build_complete:: - printf "\0" > $(obj)/shared_data.region - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region -endif - -# Extract FW_MAIN_? region and minimize it if the last file is empty, so it -# doesn't contain this empty file (that can have a significant size), -# improving a lot on hash times due to a smaller amount of data loaded from -# firmware storage. -# When passing the minimized image to vbutil_firmware, its length is recorded -# in the keyblock, and coreboot's vboot code clips the region_device to match, -# which prevents any potential extension attacks. -$(obj)/FW_MAIN_%.bin: $(obj)/coreboot.rom - $(CBFSTOOL) $< read -r $(basename $(notdir $@)) -f $@.tmp - $(CBFSTOOL) $(obj)/coreboot.rom print -k -r $(basename $(notdir $@)) | \ - tail -1 | \ - sed "s,^(empty)[[:space:]]\(0x[0-9a-f]*\)\tnull\t.*$$,\1," \ - > $@.tmp.size - if [ -n "$$(cat $@.tmp.size)" ] && [ $$( printf "%d" $$(cat $@.tmp.size)) -gt 0 ]; then \ - head -c $$( printf "%d" $$(cat $@.tmp.size)) $@.tmp > $@.tmp2 && \ - mv $@.tmp2 $@; \ - else \ - mv $@.tmp $@; \ - fi - -$(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY) - $(FUTILITY) vbutil_firmware \ - --vblock $@ \ - --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \ - --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \ - --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \ - --fv $< \ - --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \ - --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) - -files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin - $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin diff --git a/src/vendorcode/google/chromeos/chromeos.c b/src/vendorcode/google/chromeos/chromeos.c deleted file mode 100644 index 515b79f45d83..000000000000 --- a/src/vendorcode/google/chromeos/chromeos.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * This file is part of the coreboot project. - * - * Copyright (C) 2011 The ChromiumOS Authors. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -#include <stddef.h> -#include <string.h> -#include "chromeos.h" - -int __attribute__((weak)) clear_recovery_mode_switch(void) -{ - // Weak implementation. Nothing to do. - return 0; -} - -int __attribute__((weak)) get_sw_write_protect_state(void) -{ - // Can be implemented by a platform / mainboard - return 0; -} - -void __attribute__((weak)) log_recovery_mode_switch(void) -{ - // Weak implementation. Nothing to do. -} |