blob: 53462d9531db2c15915d8879000cd99737fd297a [file] [log] [blame]
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -07001##
2## This file is part of the coreboot project.
3##
4## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
5##
6## This program is free software; you can redistribute it and/or modify
7## it under the terms of the GNU General Public License as published by
8## the Free Software Foundation; version 2 of the License.
9##
10## This program is distributed in the hope that it will be useful,
11## but WITHOUT ANY WARRANTY; without even the implied warranty of
12## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13## GNU General Public License for more details.
14##
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070015
Julius Werner5fc7c282017-03-17 14:29:10 -070016ifeq ($(CONFIG_VBOOT),y)
17
Furquan Shaikh0325dc62016-07-25 13:02:36 -070018bootblock-y += bootmode.c
19romstage-y += bootmode.c
20ramstage-y += bootmode.c
21verstage-y += bootmode.c
22postcar-y += bootmode.c
23
Aaron Durbin26681ec2015-05-01 16:48:54 -050024verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070025
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070026bootblock-y += vbnv.c
27verstage-y += vbnv.c
28romstage-y += vbnv.c
29ramstage-y += vbnv.c
30
31bootblock-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
32verstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
33romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
34ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
35
36bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
37verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
38romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
39ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
40
41bootblock-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
42verstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
43romstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
44ramstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
45
46bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
47verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
48romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
49ramstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
50
Aaron Durbin17200ad2015-05-01 16:48:54 -050051bootblock-y += vboot_loader.c
52romstage-y += vboot_loader.c
53ramstage-y += vboot_loader.c
54verstage-y += vboot_loader.c
Andrey Petrov60c64322016-04-14 14:12:47 -070055postcar-y += vboot_loader.c
Aaron Durbin17200ad2015-05-01 16:48:54 -050056
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070057bootblock-y += vboot_common.c
58verstage-y += vboot_common.c
59romstage-y += vboot_common.c
60ramstage-y += vboot_common.c
61postcar-y += vboot_common.c
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070062
Daisuke Nojiri54af6252014-11-04 12:32:29 -080063bootblock-y += common.c
Julius Wernere91d1702017-03-20 15:32:15 -070064verstage-y += vboot_logic.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -070065verstage-y += common.c
Julius Wernere91d1702017-03-20 15:32:15 -070066verstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += verstage.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -070067ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y)
Julius Wernere91d1702017-03-20 15:32:15 -070068verstage-y += secdata_mock.c
Julius Werner58c39382017-02-13 17:53:29 -080069romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_mock.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -070070else
Julius Wernere91d1702017-03-20 15:32:15 -070071verstage-y += secdata_tpm.c
Julius Werner58c39382017-02-13 17:53:29 -080072romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -070073endif
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070074romstage-y += vboot_handoff.c common.c
75
Aaron Durbin17200ad2015-05-01 16:48:54 -050076ramstage-y += common.c
Andrey Petrov60c64322016-04-14 14:12:47 -070077postcar-y += common.c
Aaron Durbin17200ad2015-05-01 16:48:54 -050078
Julius Werner58c39382017-02-13 17:53:29 -080079ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
Aaron Durbind1cf44c2015-05-08 15:58:06 -050080VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-verstage-y))
81else
82ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
83VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-bootblock-y))
84else
85VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-romstage-y))
86endif
Julius Werner58c39382017-02-13 17:53:29 -080087endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
Aaron Durbind1cf44c2015-05-08 15:58:06 -050088
Bill Richardsonc8603152015-01-27 17:28:18 -080089VB2_LIB = $(obj)/external/vboot_reference/vboot_fw20.a
Julius Wernere91d1702017-03-20 15:32:15 -070090VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%, $(filter-out -I$(obj), $(filter-out -include $(src)/include/kconfig.h, $(CPPFLAGS_verstage))))
91VBOOT_CFLAGS += $(CFLAGS_verstage)
92VBOOT_CFLAGS += $(verstage-c-ccopts)
Paul Kocialkowski6a106942015-08-03 23:03:27 +020093VBOOT_CFLAGS += -I$(abspath $(obj)) -include $(top)/src/include/kconfig.h -Wno-missing-prototypes
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070094VBOOT_CFLAGS += -DVBOOT_DEBUG
95
96$(VB2_LIB): $(obj)/config.h
Patrick Georgi78a5f222017-01-30 15:29:34 +010097 printf " MAKE $(subst $(obj)/,,$(@))\n"
98 +FIRMWARE_ARCH=$(VB_FIRMWARE_ARCH) \
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -070099 CC="$(CC_verstage)" \
100 CFLAGS="$(VBOOT_CFLAGS)" VBOOT2="y" \
Paul Kocialkowski46114512016-07-24 12:10:38 +0200101 $(MAKE) -C $(VBOOT_SOURCE) \
Paul Kocialkowski6a106942015-08-03 23:03:27 +0200102 BUILD=$(abspath $(dir $(VB2_LIB))) \
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700103 V=$(V) \
Bill Richardsonc8603152015-01-27 17:28:18 -0800104 fwlib20
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700105
Julius Wernere91d1702017-03-20 15:32:15 -0700106verstage-srcs += $(VB2_LIB)
Patrick Georgiba808872015-04-27 18:09:22 +0200107
Julius Werner58c39382017-02-13 17:53:29 -0800108ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
Furquan Shaikhb038f412016-11-07 23:47:11 -0800109
110# This works under the assumption that romstage and verstage use the same
111# architecture and thus CC_verstage is the same as CC_romstage. If this is not
112# true, VB2_LIB needs to ensure that correct CC is being used.
113ifeq ($(CONFIG_VBOOT_HAS_REC_HASH_SPACE),y)
114romstage-srcs += $(VB2_LIB)
115endif
116
Julius Werner58c39382017-02-13 17:53:29 -0800117cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage
Patrick Georgi1cab0122015-11-26 16:39:23 +0100118$(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf
119$(CONFIG_CBFS_PREFIX)/verstage-type := stage
Julius Werner09f29212015-09-29 13:51:35 -0700120$(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG)
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700121
Patrick Georgi1cab0122015-11-26 16:39:23 +0100122ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y)
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700123$(CONFIG_CBFS_PREFIX)/verstage-options := -a 64 -S ".car.data"
124
125# If CAR does not support execution of code, verstage on x86 is expected to be
126# xip.
127ifneq ($(CONFIG_NO_XIP_EARLY_STAGES),y)
128$(CONFIG_CBFS_PREFIX)/verstage-options += --xip
129endif
Patrick Georgi1cab0122015-11-26 16:39:23 +0100130
131endif
132
Julius Wernere91d1702017-03-20 15:32:15 -0700133else # CONFIG_VBOOT_SEPARATE_VERSTAGE
Aaron Durbind1cf44c2015-05-08 15:58:06 -0500134ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
Julius Wernere91d1702017-03-20 15:32:15 -0700135postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
Aaron Durbin57e37282015-04-28 16:17:25 -0500136else
Julius Wernere91d1702017-03-20 15:32:15 -0700137postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs))
Patrick Georgiefc6aa02015-04-27 18:13:50 +0200138endif
Julius Werner58c39382017-02-13 17:53:29 -0800139endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100140
141# Define a list of files that need to be in RO only.
142# All other files will be installed into RO and RW regions
143# Use $(sort) to cut down on extra spaces that would be translated to commas
144regions-for-file = $(subst $(spc),$(comma),$(sort \
145 $(if $(filter \
146 $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \
147 %/romstage) \
148 mts \
149 %/verstage \
Patrick Georgieda794d2016-02-05 11:01:24 +0100150 locales \
151 locale_%.bin \
152 font.bin \
153 vbgfx.bin \
Lee Leahy5e347522017-01-04 08:51:52 -0800154 rmu.bin \
Martin Rothbbd5ee412017-10-05 13:53:16 -0600155 $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100156 ,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B)))
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700157
Julius Werner58c39382017-02-13 17:53:29 -0800158CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
159CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
160CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK))
161CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY))
162CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY))
163CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL))
164CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION))
165
166# bool-to-mask(var, value)
167# return "value" if var is "y", 0 otherwise
168bool-to-mask = $(if $(filter y,$(1)),$(2),0)
169
170GBB_FLAGS := $(call int-add, \
171 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \
172 $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \
173 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \
174 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \
175 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \
176 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \
177 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \
178 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_LEGACY),0x80) \
179 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FAFT_KEY_OVERIDE),0x100) \
180 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \
181 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY),0x400) \
182 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \
183 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \
184 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP),0x2000) \
Julius Wernerae423852018-03-23 21:02:48 -0700185 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY),0x4000) \
186 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FWMP),0x8000) \
Julius Werner58c39382017-02-13 17:53:29 -0800187 )
188
189ifneq ($(CONFIG_GBB_BMPFV_FILE),)
190$(obj)/gbb.sizetmp: $(obj)/coreboot.rom
191 $(CBFSTOOL) $< read -r GBB -f $@
192
193$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp
194 @printf " CREATE GBB (with BMPFV)\n"
195 $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp
196 mv $@.tmp $@
197else
198$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
199 @printf " CREATE GBB (without BMPFV)\n"
200 $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
201 mv $@.tmp $@
202endif
203
204$(obj)/gbb.region: $(obj)/gbb.stub
205 @printf " SETUP GBB\n"
206 cp $< $@.tmp
207 $(FUTILITY) gbb_utility -s \
208 --hwid="$(CONFIG_GBB_HWID)" \
209 --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
210 --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
211 --flags=$(GBB_FLAGS) \
212 $@.tmp
213ifneq ($(CONFIG_GBB_BMPFV_FILE),)
214 $(FUTILITY) gbb_utility -s \
215 --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \
216 $@.tmp
217endif
218 mv $@.tmp $@
219
220$(obj)/fwid.region:
221 printf "$(CONFIG_VBOOT_FWID_MODEL)$(CONFIG_VBOOT_FWID_VERSION)\0" > $@
222
223build_complete:: $(obj)/gbb.region $(obj)/fwid.region
224 @printf " WRITE GBB\n"
225 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region
226 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region
227 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
228 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region
229
230ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)
231build_complete::
232 printf "\0" > $(obj)/shared_data.region
233 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region
234endif
235
236# Extract FW_MAIN_? region and minimize it if the last file is empty, so it
237# doesn't contain this empty file (that can have a significant size),
238# improving a lot on hash times due to a smaller amount of data loaded from
239# firmware storage.
240# When passing the minimized image to vbutil_firmware, its length is recorded
241# in the keyblock, and coreboot's vboot code clips the region_device to match,
242# which prevents any potential extension attacks.
243$(obj)/FW_MAIN_%.bin: $(obj)/coreboot.rom
Patrick Georgibf375e32017-09-20 12:01:28 +0200244 $(CBFSTOOL) $< truncate -r $(basename $(notdir $@)) > $@.tmp.size
Julius Werner58c39382017-02-13 17:53:29 -0800245 $(CBFSTOOL) $< read -r $(basename $(notdir $@)) -f $@.tmp
Patrick Georgibf375e32017-09-20 12:01:28 +0200246 head -c $$( printf "%d" $$(cat $@.tmp.size)) $@.tmp > $@.tmp2
247 mv $@.tmp2 $@
248 rm -f $@.tmp $@.tmp.size
Julius Werner58c39382017-02-13 17:53:29 -0800249
250$(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY)
251 $(FUTILITY) vbutil_firmware \
252 --vblock $@ \
253 --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \
254 --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \
255 --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \
256 --fv $< \
257 --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \
258 --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS)
259
260files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin
261 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin
262 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin
263
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700264endif # CONFIG_VBOOT