Gitiles
Code Review Sign In
review.coreboot.org / coreboot / b3182fbb0021f725c302bf327663696ca0800a4d
commitb3182fbb0021f725c302bf327663696ca0800a4d[log] [tgz]
authorJulius Werner <jwerner@chromium.org>Mon Apr 12 16:28:37 2021 -0700
committerJulius Werner <jwerner@chromium.org>Wed Apr 14 01:03:22 2021 +0000
treedcc2c9863f9265e38b508e2c43470d400c4356b1
parentc074f61d8fb0fbad1ec7a19e32cb7d1524ad97f0 [diff]
vboot: ec_sync: Switch to new CBFS API

This patch changes the vboot EC sync code to use the new CBFS API. As a
consequence, we have to map the whole EC image file at once (because the
new API doesn't support partial mapping). This should be fine on the
only platform that uses this code (Google_Volteer/_Dedede family)
because they are x86 devices that support direct mapping from flash, but
the code was originally written to more carefully map the file in
smaller steps to be theoretically able to support Arm devices.

EC sync in romstage for devices without memory-mapped flash would be
hard to combine with CBFS verification because there's not enough SRAM
to ever hold the whole file in memory at once, but we can't validate the
file hash until we have loaded the whole file and for performance (or
TOCTOU-safety, if applicable) reasons we wouldn't want to load anything
more than once. The "good" solution for this would be to introduce a
CBFS streaming API can slowly feed chunks of the file into a callback
but in the end still return a "hash valid/invalid" result to the caller.
If use cases like this become pressing in the future, we may have to
implement such an API.

However, for now this code is the only part of coreboot with constraints
like that, it was only ever used on platforms that do support
memory-mapped flash, and due to the new EC-EFS2 model used on more
recent Chrome OS devices we don't currently anticipate this to ever be
needed again. Therefore this patch goes the easier way of just papering
over the problem and punting the work of implementing a more generic
solution until we actually have a real need for it.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I7e263272aef3463f3b2924887d96de9b2607f5e5
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52280
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
1 file changed
tree: dcc2c9863f9265e38b508e2c43470d400c4356b1
  1. 3rdparty/
  2. configs/
  3. Documentation/
  4. LICENSES/
  5. payloads/
  6. src/
  7. tests/
  8. util/
  9. .checkpatch.conf
  10. .clang-format
  11. .editorconfig
  12. .gitignore
  13. .gitmodules
  14. .gitreview
  15. AUTHORS
  16. COPYING
  17. gnat.adc
  18. MAINTAINERS
  19. Makefile
  20. Makefile.inc
  21. README.md
  22. toolchain.inc
README.md

coreboot README

coreboot is a Free Software project aimed at replacing the proprietary BIOS (firmware) found in most computers. coreboot performs a little bit of hardware initialization and then executes additional boot logic, called a payload.

With the separation of hardware initialization and later boot logic, coreboot can scale from specialized applications that run directly firmware, run operating systems in flash, load custom bootloaders, or implement firmware standards, like PC BIOS services or UEFI. This allows for systems to only include the features necessary in the target application, reducing the amount of code and flash space required.

coreboot was formerly known as LinuxBIOS.

Payloads

After the basic initialization of the hardware has been performed, any desired "payload" can be started by coreboot.

See https://www.coreboot.org/Payloads for a list of supported payloads.

Supported Hardware

coreboot supports a wide range of chipsets, devices, and mainboards.

For details please consult:

Build Requirements

  • make
  • gcc / g++ Because Linux distribution compilers tend to use lots of patches. coreboot does lots of "unusual" things in its build system, some of which break due to those patches, sometimes by gcc aborting, sometimes - and that's worse - by generating broken object code. Two options: use our toolchain (eg. make crosstools-i386) or enable the ANY_TOOLCHAIN Kconfig option if you're feeling lucky (no support in this case).
  • iasl (for targets with ACPI support)
  • pkg-config
  • libssl-dev (openssl)

Optional:

  • doxygen (for generating/viewing documentation)
  • gdb (for better debugging facilities on some targets)
  • ncurses (for make menuconfig and make nconfig)
  • flex and bison (for regenerating parsers)

Building coreboot

Please consult https://www.coreboot.org/Build_HOWTO for details.

Testing coreboot Without Modifying Your Hardware

If you want to test coreboot without any risks before you really decide to use it on your hardware, you can use the QEMU system emulator to run coreboot virtually in QEMU.

Please see https://www.coreboot.org/QEMU for details.

Website and Mailing List

Further details on the project, a FAQ, many HOWTOs, news, development guidelines and more can be found on the coreboot website:

https://www.coreboot.org

You can contact us directly on the coreboot mailing list:

https://www.coreboot.org/Mailinglist

Copyright and License

The copyright on coreboot is owned by quite a large number of individual developers and companies. Please check the individual source files for details.

coreboot is licensed under the terms of the GNU General Public License (GPL). Some files are licensed under the "GPL (version 2, or any later version)", and some files are licensed under the "GPL, version 2". For some parts, which were derived from other projects, other (GPL-compatible) licenses may apply. Please check the individual source files for details.

This makes the resulting coreboot images licensed under the GPL, version 2.