Patrick Georgi | c49d7a3 | 2020-05-08 22:50:46 +0200 | [diff] [blame] | 1 | ## SPDX-License-Identifier: GPL-2.0-only |
Daisuke Nojiri | 742fc8d | 2014-10-10 10:51:06 -0700 | [diff] [blame] | 2 | |
Bill XIE | cdf6f3a | 2019-12-17 15:56:43 +0800 | [diff] [blame] | 3 | ifeq ($(CONFIG_VBOOT_LIB),y) |
| 4 | |
Joel Kitching | ec12bd0 | 2020-02-04 17:36:49 +0800 | [diff] [blame] | 5 | bootblock-y += vboot_lib.c |
| 6 | verstage-y += vboot_lib.c |
| 7 | romstage-y += vboot_lib.c |
| 8 | ramstage-y += vboot_lib.c |
| 9 | postcar-y += vboot_lib.c |
| 10 | |
Bill XIE | cdf6f3a | 2019-12-17 15:56:43 +0800 | [diff] [blame] | 11 | vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\ |
| 12 | $(patsubst $(src)/%.h,$(top)/$(src)/%.h,\ |
| 13 | $(filter-out -I$(obj),$(1)))) |
| 14 | |
| 15 | # call with $1 = stage name to create rules for building the library |
| 16 | # for the stage and adding it to the stage's set of object files. |
| 17 | define vboot-for-stage |
| 18 | VBOOT_LIB_$(1) = $(obj)/external/vboot_reference-$(1)/vboot_fw.a |
| 19 | VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$(CPPFLAGS_$(1))) |
| 20 | VBOOT_CFLAGS_$(1) += $$(CFLAGS_$(1)) |
| 21 | VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$($(1)-c-ccopts)) |
| 22 | VBOOT_CFLAGS_$(1) += -I$(abspath $(obj)) -Wno-missing-prototypes |
| 23 | VBOOT_CFLAGS_$(1) += -DVBOOT_DEBUG |
| 24 | |
| 25 | $$(VBOOT_LIB_$(1)): $(obj)/config.h |
| 26 | printf " MAKE $(subst $(obj)/,,$(@))\n" |
| 27 | +FIRMWARE_ARCH=$$(ARCHDIR-$$(ARCH-$(1)-y)) \ |
| 28 | CC="$$(CC_$(1))" \ |
| 29 | CFLAGS="$$(VBOOT_CFLAGS_$(1))" VBOOT2="y" \ |
Sam McNally | eded500 | 2020-03-04 16:08:06 +1100 | [diff] [blame] | 30 | EC_EFS="$(CONFIG_VBOOT_EC_EFS)" \ |
Karthikeyan Ramasubramanian | 4f9853a | 2022-10-27 22:49:40 -0600 | [diff] [blame] | 31 | X86_SHA_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_X86_32)$(CONFIG_ARCH_$(call toupper,$(1))_X86_64),$\ |
| 32 | $(CONFIG_VBOOT_X86_SHA256_ACCELERATION))" \ |
Yidi Lin | bd6b81d | 2023-01-31 15:18:57 +0800 | [diff] [blame] | 33 | ARMV8_CRYPTO_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_ARMV8_64),$$(CONFIG_VBOOT_ARMV8_CE_SHA256_ACCELERATION))" \ |
Bill XIE | cdf6f3a | 2019-12-17 15:56:43 +0800 | [diff] [blame] | 34 | $(MAKE) -C $(VBOOT_SOURCE) \ |
| 35 | BUILD=$$(abspath $$(dir $$(VBOOT_LIB_$(1)))) \ |
| 36 | V=$(V) \ |
Brian Norris | 6d301c8 | 2023-02-01 16:38:44 -0800 | [diff] [blame] | 37 | USE_FLASHROM=0 \ |
Maximilian Brune | 1d7a9de | 2022-04-14 14:54:16 +0200 | [diff] [blame] | 38 | fwlib \ |
Maximilian Brune | 5cbf45e | 2022-12-26 06:37:21 +0100 | [diff] [blame] | 39 | $(if $(CONFIG_SBOM_VBOOT),$$(abspath $$(dir $$(VBOOT_LIB_$(1))))/vboot_host.pc) |
Bill XIE | cdf6f3a | 2019-12-17 15:56:43 +0800 | [diff] [blame] | 40 | |
Julius Werner | a595478 | 2023-12-06 16:08:06 -0800 | [diff] [blame] | 41 | .PHONY: $$(VBOOT_LIB_$(1)) |
| 42 | |
Bill XIE | cdf6f3a | 2019-12-17 15:56:43 +0800 | [diff] [blame] | 43 | $(1)-srcs += $$(VBOOT_LIB_$(1)) |
| 44 | |
| 45 | endef # vboot-for-stage |
| 46 | |
| 47 | $(eval $(call vboot-for-stage,bootblock)) |
Arthur Heymans | a2bc254 | 2021-05-29 08:10:49 +0200 | [diff] [blame] | 48 | ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y) |
Bill XIE | cdf6f3a | 2019-12-17 15:56:43 +0800 | [diff] [blame] | 49 | $(eval $(call vboot-for-stage,romstage)) |
Arthur Heymans | a2bc254 | 2021-05-29 08:10:49 +0200 | [diff] [blame] | 50 | endif |
Bill XIE | cdf6f3a | 2019-12-17 15:56:43 +0800 | [diff] [blame] | 51 | $(eval $(call vboot-for-stage,ramstage)) |
| 52 | $(eval $(call vboot-for-stage,postcar)) |
| 53 | |
| 54 | endif # CONFIG_VBOOT_LIB |
| 55 | |
Julius Werner | 5fc7c28 | 2017-03-17 14:29:10 -0700 | [diff] [blame] | 56 | ifeq ($(CONFIG_VBOOT),y) |
| 57 | |
Furquan Shaikh | 0325dc6 | 2016-07-25 13:02:36 -0700 | [diff] [blame] | 58 | bootblock-y += bootmode.c |
| 59 | romstage-y += bootmode.c |
| 60 | ramstage-y += bootmode.c |
| 61 | verstage-y += bootmode.c |
| 62 | postcar-y += bootmode.c |
| 63 | |
Joel Kitching | d6f71d0 | 2019-02-21 12:37:55 +0800 | [diff] [blame] | 64 | verstage-generic-ccopts += -D__VERSTAGE__ |
Daisuke Nojiri | 742fc8d | 2014-10-10 10:51:06 -0700 | [diff] [blame] | 65 | |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 66 | bootblock-y += vbnv.c |
| 67 | verstage-y += vbnv.c |
| 68 | romstage-y += vbnv.c |
| 69 | ramstage-y += vbnv.c |
Jakub Czapiga | 967a76b | 2022-08-19 12:25:27 +0200 | [diff] [blame] | 70 | postcar-y += vbnv.c |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 71 | |
Tim Wawrzynczak | d6fc557 | 2019-10-25 14:58:15 -0600 | [diff] [blame] | 72 | romstage-$(CONFIG_VBOOT_EARLY_EC_SYNC) += ec_sync.c |
| 73 | |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 74 | bootblock-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c |
| 75 | verstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c |
| 76 | romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c |
| 77 | ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c |
Jakub Czapiga | 967a76b | 2022-08-19 12:25:27 +0200 | [diff] [blame] | 78 | postcar-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 79 | |
| 80 | bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c |
| 81 | verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c |
| 82 | romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c |
| 83 | ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c |
Jakub Czapiga | 967a76b | 2022-08-19 12:25:27 +0200 | [diff] [blame] | 84 | postcar-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 85 | |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 86 | bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c |
| 87 | verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c |
| 88 | romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c |
| 89 | ramstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c |
Jakub Czapiga | 967a76b | 2022-08-19 12:25:27 +0200 | [diff] [blame] | 90 | postcar-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 91 | |
Aaron Durbin | 17200ad | 2015-05-01 16:48:54 -0500 | [diff] [blame] | 92 | bootblock-y += vboot_loader.c |
| 93 | romstage-y += vboot_loader.c |
| 94 | ramstage-y += vboot_loader.c |
| 95 | verstage-y += vboot_loader.c |
Andrey Petrov | 60c6432 | 2016-04-14 14:12:47 -0700 | [diff] [blame] | 96 | postcar-y += vboot_loader.c |
Aaron Durbin | 17200ad | 2015-05-01 16:48:54 -0500 | [diff] [blame] | 97 | |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 98 | bootblock-y += vboot_common.c |
| 99 | verstage-y += vboot_common.c |
| 100 | romstage-y += vboot_common.c |
| 101 | ramstage-y += vboot_common.c |
| 102 | postcar-y += vboot_common.c |
Daisuke Nojiri | 742fc8d | 2014-10-10 10:51:06 -0700 | [diff] [blame] | 103 | |
Daisuke Nojiri | 54af625 | 2014-11-04 12:32:29 -0800 | [diff] [blame] | 104 | bootblock-y += common.c |
Julius Werner | e91d170 | 2017-03-20 15:32:15 -0700 | [diff] [blame] | 105 | verstage-y += vboot_logic.c |
Daisuke Nojiri | 5d302c7 | 2015-04-09 08:18:22 -0700 | [diff] [blame] | 106 | verstage-y += common.c |
Martin Roth | 8a3a3c8 | 2020-05-04 10:13:45 -0600 | [diff] [blame] | 107 | ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),) |
Julius Werner | e91d170 | 2017-03-20 15:32:15 -0700 | [diff] [blame] | 108 | verstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += verstage.c |
Martin Roth | 8a3a3c8 | 2020-05-04 10:13:45 -0600 | [diff] [blame] | 109 | endif |
Furquan Shaikh | 2a12e2e | 2016-07-25 11:48:03 -0700 | [diff] [blame] | 110 | ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y) |
Julius Werner | e91d170 | 2017-03-20 15:32:15 -0700 | [diff] [blame] | 111 | verstage-y += secdata_mock.c |
Julius Werner | f0ebaf2 | 2020-04-27 13:57:05 -0700 | [diff] [blame] | 112 | romstage-y += secdata_mock.c |
Sridhar Siricilla | 89ac87a | 2020-04-20 18:45:22 +0530 | [diff] [blame] | 113 | ramstage-y += secdata_mock.c |
Daisuke Nojiri | 5d302c7 | 2015-04-09 08:18:22 -0700 | [diff] [blame] | 114 | else |
Julius Werner | e91d170 | 2017-03-20 15:32:15 -0700 | [diff] [blame] | 115 | verstage-y += secdata_tpm.c |
Julius Werner | f0ebaf2 | 2020-04-27 13:57:05 -0700 | [diff] [blame] | 116 | romstage-y += secdata_tpm.c |
Sridhar Siricilla | 89ac87a | 2020-04-20 18:45:22 +0530 | [diff] [blame] | 117 | ramstage-y += secdata_tpm.c |
Daisuke Nojiri | 5d302c7 | 2015-04-09 08:18:22 -0700 | [diff] [blame] | 118 | endif |
Christian Walter | 0bd84ed | 2019-07-23 10:26:30 +0200 | [diff] [blame] | 119 | |
Kyösti Mälkki | f303b4f | 2021-05-27 19:33:57 +0300 | [diff] [blame] | 120 | verstage-$(CONFIG_TPM) += tpm_common.c |
Christian Walter | 0bd84ed | 2019-07-23 10:26:30 +0200 | [diff] [blame] | 121 | |
Joel Kitching | eb20320 | 2019-06-16 17:26:53 +0800 | [diff] [blame] | 122 | romstage-y += common.c |
Daisuke Nojiri | 742fc8d | 2014-10-10 10:51:06 -0700 | [diff] [blame] | 123 | |
Aaron Durbin | 17200ad | 2015-05-01 16:48:54 -0500 | [diff] [blame] | 124 | ramstage-y += common.c |
Andrey Petrov | 60c6432 | 2016-04-14 14:12:47 -0700 | [diff] [blame] | 125 | postcar-y += common.c |
Aaron Durbin | 17200ad | 2015-05-01 16:48:54 -0500 | [diff] [blame] | 126 | |
Shelley Chen | 9f8ac64 | 2020-10-16 12:20:16 -0700 | [diff] [blame] | 127 | romstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c |
Shelley Chen | 1fed53f | 2020-10-16 12:30:05 -0700 | [diff] [blame] | 128 | ramstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c |
Philipp Deppenwiese | 80961af | 2018-02-27 22:14:34 +0100 | [diff] [blame] | 129 | |
Matt DeVillier | 9ce755d | 2023-01-23 18:31:27 -0600 | [diff] [blame] | 130 | ramstage-$(CONFIG_SOC_AMD_GFX_CACHE_VBIOS_IN_FMAP) += vbios_cache_hash_tpm.c |
| 131 | |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 132 | ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) |
Furquan Shaikh | b038f41 | 2016-11-07 23:47:11 -0800 | [diff] [blame] | 133 | |
Werner Zeh | 3c6d9e1 | 2018-11-26 06:54:13 +0100 | [diff] [blame] | 134 | $(eval $(call vboot-for-stage,verstage)) |
Furquan Shaikh | b038f41 | 2016-11-07 23:47:11 -0800 | [diff] [blame] | 135 | |
Martin Roth | 8a3a3c8 | 2020-05-04 10:13:45 -0600 | [diff] [blame] | 136 | ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),) |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 137 | cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage |
Patrick Georgi | 1cab012 | 2015-11-26 16:39:23 +0100 | [diff] [blame] | 138 | $(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf |
| 139 | $(CONFIG_CBFS_PREFIX)/verstage-type := stage |
Julius Werner | 09f2921 | 2015-09-29 13:51:35 -0700 | [diff] [blame] | 140 | $(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG) |
Martin Roth | 8a3a3c8 | 2020-05-04 10:13:45 -0600 | [diff] [blame] | 141 | endif # CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK |
Furquan Shaikh | 94b18a1 | 2016-05-04 23:25:16 -0700 | [diff] [blame] | 142 | |
Patrick Georgi | 1cab012 | 2015-11-26 16:39:23 +0100 | [diff] [blame] | 143 | ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y) |
Jeremy Compostella | b7832de | 2023-08-30 15:42:09 -0700 | [diff] [blame] | 144 | $(CONFIG_CBFS_PREFIX)/verstage-options := -a 64 |
| 145 | ifeq ($(CONFIG_NO_XIP_EARLY_STAGES),y) |
| 146 | $(CONFIG_CBFS_PREFIX)/verstage-options += -S ".car.data" |
| 147 | else |
| 148 | $(CONFIG_CBFS_PREFIX)/verstage-options += -S ".car.data,.data" |
| 149 | endif |
Furquan Shaikh | 94b18a1 | 2016-05-04 23:25:16 -0700 | [diff] [blame] | 150 | |
| 151 | # If CAR does not support execution of code, verstage on x86 is expected to be |
| 152 | # xip. |
| 153 | ifneq ($(CONFIG_NO_XIP_EARLY_STAGES),y) |
| 154 | $(CONFIG_CBFS_PREFIX)/verstage-options += --xip |
| 155 | endif |
Patrick Georgi | 1cab012 | 2015-11-26 16:39:23 +0100 | [diff] [blame] | 156 | |
| 157 | endif |
Patrick Rudolph | d9c799c | 2019-02-19 10:57:16 +0100 | [diff] [blame] | 158 | $(CONFIG_CBFS_PREFIX)/verstage-options += $(TXTIBB) |
Patrick Georgi | 1cab012 | 2015-11-26 16:39:23 +0100 | [diff] [blame] | 159 | |
Julius Werner | e91d170 | 2017-03-20 15:32:15 -0700 | [diff] [blame] | 160 | else # CONFIG_VBOOT_SEPARATE_VERSTAGE |
Aaron Durbin | d1cf44c | 2015-05-08 15:58:06 -0500 | [diff] [blame] | 161 | ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y) |
Julius Werner | e91d170 | 2017-03-20 15:32:15 -0700 | [diff] [blame] | 162 | postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs)) |
Aaron Durbin | 57e3728 | 2015-04-28 16:17:25 -0500 | [diff] [blame] | 163 | else |
Arthur Heymans | a2bc254 | 2021-05-29 08:10:49 +0200 | [diff] [blame] | 164 | ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y) |
Julius Werner | e91d170 | 2017-03-20 15:32:15 -0700 | [diff] [blame] | 165 | postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs)) |
Arthur Heymans | a2bc254 | 2021-05-29 08:10:49 +0200 | [diff] [blame] | 166 | else |
| 167 | postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs)) |
| 168 | endif |
Patrick Georgi | efc6aa0 | 2015-04-27 18:13:50 +0200 | [diff] [blame] | 169 | endif |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 170 | endif # CONFIG_VBOOT_SEPARATE_VERSTAGE |
Patrick Georgi | c8d4abd | 2016-01-20 15:54:31 +0100 | [diff] [blame] | 171 | |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 172 | #RO-Partition is always there! |
| 173 | VBOOT_PARTITIONS := COREBOOT |
| 174 | # Check for RW_A partition |
| 175 | ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y) |
| 176 | VBOOT_PARTITIONS += FW_MAIN_A |
Wim Vervoorn | a1c259b | 2019-11-01 10:47:01 +0100 | [diff] [blame] | 177 | RW_PARTITIONS := FW_MAIN_A |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 178 | endif |
| 179 | # Check for RW_B partition |
| 180 | ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y) |
| 181 | VBOOT_PARTITIONS += FW_MAIN_B |
Wim Vervoorn | a1c259b | 2019-11-01 10:47:01 +0100 | [diff] [blame] | 182 | RW_PARTITIONS += FW_MAIN_B |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 183 | endif |
| 184 | |
Wim Vervoorn | a1c259b | 2019-11-01 10:47:01 +0100 | [diff] [blame] | 185 | # Return the regions a specific file should be placed in. The files listed below and the ones |
Martin Roth | 6303671 | 2020-06-25 17:20:32 -0600 | [diff] [blame] | 186 | # that are specified in CONFIG_RO_REGION_ONLY, are only specified in the RO region. The files |
| 187 | # specified in the CONFIG_RW_REGION_ONLY are placed in all RW regions. Files specified |
| 188 | # in CONFIG_RWA_REGION_ONLY or CONFIG_RWB_REGION_ONLY get placed only in those sections. |
Patrick Georgi | c8d4abd | 2016-01-20 15:54:31 +0100 | [diff] [blame] | 189 | # All other files will be installed into RO and RW regions |
| 190 | # Use $(sort) to cut down on extra spaces that would be translated to commas |
| 191 | regions-for-file = $(subst $(spc),$(comma),$(sort \ |
Sridhar Siricilla | 77025b3 | 2020-07-23 23:41:36 +0530 | [diff] [blame] | 192 | $(if $(value regions-for-file-$(1)), \ |
| 193 | $(regions-for-file-$(1)), \ |
| 194 | $(if $(filter $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)), \ |
Martin Roth | 8a3a3c8 | 2020-05-04 10:13:45 -0600 | [diff] [blame] | 195 | %/romstage,) \ |
Arthur Heymans | 75226bb | 2022-03-30 20:16:36 +0200 | [diff] [blame] | 196 | header_pointer \ |
| 197 | cbfs_master_header \ |
Patrick Georgi | c8d4abd | 2016-01-20 15:54:31 +0100 | [diff] [blame] | 198 | mts \ |
| 199 | %/verstage \ |
Patrick Georgi | eda794d | 2016-02-05 11:01:24 +0100 | [diff] [blame] | 200 | locales \ |
| 201 | locale_%.bin \ |
| 202 | font.bin \ |
| 203 | vbgfx.bin \ |
Lee Leahy | 5e34752 | 2017-01-04 08:51:52 -0800 | [diff] [blame] | 204 | rmu.bin \ |
Patrick Rudolph | 9554b26 | 2018-06-05 15:12:56 +0200 | [diff] [blame] | 205 | cmos_layout.bin \ |
| 206 | cmos.default \ |
Arthur Heymans | eeacd83 | 2021-02-19 17:14:23 +0100 | [diff] [blame] | 207 | intel_fit \ |
| 208 | intel_fit_ts \ |
Arthur Heymans | d6612a4 | 2021-05-03 13:29:22 +0200 | [diff] [blame] | 209 | fspt.bin \ |
Arthur Heymans | e714fc0 | 2023-04-05 14:24:59 +0200 | [diff] [blame] | 210 | pagetables \ |
Martin Roth | bbd5ee41 | 2017-10-05 13:53:16 -0600 | [diff] [blame] | 211 | $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \ |
Wim Vervoorn | a1c259b | 2019-11-01 10:47:01 +0100 | [diff] [blame] | 212 | ,$(1)),COREBOOT,\ |
| 213 | $(if $(filter \ |
Sridhar Siricilla | 77025b3 | 2020-07-23 23:41:36 +0530 | [diff] [blame] | 214 | $(call strip_quotes,$(CONFIG_RWA_REGION_ONLY)) \ |
| 215 | ,$(1)), FW_MAIN_A, \ |
Martin Roth | 6303671 | 2020-06-25 17:20:32 -0600 | [diff] [blame] | 216 | $(if $(filter \ |
| 217 | $(call strip_quotes,$(CONFIG_RWB_REGION_ONLY)) \ |
| 218 | ,$(1)), FW_MAIN_B, \ |
| 219 | $(if $(filter \ |
Wim Vervoorn | a1c259b | 2019-11-01 10:47:01 +0100 | [diff] [blame] | 220 | $(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \ |
| 221 | ,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \ |
Sridhar Siricilla | 77025b3 | 2020-07-23 23:41:36 +0530 | [diff] [blame] | 222 | )))))) |
Furquan Shaikh | 0325dc6 | 2016-07-25 13:02:36 -0700 | [diff] [blame] | 223 | |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 224 | CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) |
| 225 | CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) |
| 226 | CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK)) |
| 227 | CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)) |
| 228 | CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY)) |
| 229 | CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL)) |
| 230 | CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION)) |
| 231 | |
| 232 | # bool-to-mask(var, value) |
| 233 | # return "value" if var is "y", 0 otherwise |
| 234 | bool-to-mask = $(if $(filter y,$(1)),$(2),0) |
| 235 | |
| 236 | GBB_FLAGS := $(call int-add, \ |
| 237 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \ |
| 238 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \ |
| 239 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \ |
| 240 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \ |
| 241 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \ |
| 242 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \ |
| 243 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \ |
Joel Kitching | a904fd6 | 2021-02-19 18:10:58 +0800 | [diff] [blame] | 244 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW),0x80) \ |
Joel Kitching | 984d0c6 | 2019-12-04 15:33:57 +0800 | [diff] [blame] | 245 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_RUNNING_FAFT),0x100) \ |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 246 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \ |
Joel Kitching | a904fd6 | 2021-02-19 18:10:58 +0800 | [diff] [blame] | 247 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW),0x400) \ |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 248 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \ |
| 249 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \ |
Julius Werner | ae42385 | 2018-03-23 21:02:48 -0700 | [diff] [blame] | 250 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY),0x4000) \ |
| 251 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FWMP),0x8000) \ |
Eric Lai | 1cf2427 | 2021-01-29 16:14:37 +0800 | [diff] [blame] | 252 | $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_UDC),0x10000) \ |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 253 | ) |
| 254 | |
| 255 | ifneq ($(CONFIG_GBB_BMPFV_FILE),) |
| 256 | $(obj)/gbb.sizetmp: $(obj)/coreboot.rom |
| 257 | $(CBFSTOOL) $< read -r GBB -f $@ |
| 258 | |
| 259 | $(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp |
| 260 | @printf " CREATE GBB (with BMPFV)\n" |
| 261 | $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp |
| 262 | mv $@.tmp $@ |
| 263 | else |
| 264 | $(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) |
| 265 | @printf " CREATE GBB (without BMPFV)\n" |
| 266 | $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp |
| 267 | mv $@.tmp $@ |
| 268 | endif |
| 269 | |
Hung-Te Lin | 117453e | 2019-09-27 12:23:20 +0800 | [diff] [blame] | 270 | # Generate a test-only HWID |
| 271 | ifeq ($(CONFIG_GBB_HWID),) |
| 272 | CONFIG_GBB_HWID := $$($(top)/util/chromeos/gen_test_hwid.sh "$(CONFIG_MAINBOARD_PART_NUMBER)") |
| 273 | endif |
| 274 | |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 275 | $(obj)/gbb.region: $(obj)/gbb.stub |
| 276 | @printf " SETUP GBB\n" |
| 277 | cp $< $@.tmp |
| 278 | $(FUTILITY) gbb_utility -s \ |
| 279 | --hwid="$(CONFIG_GBB_HWID)" \ |
| 280 | --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \ |
| 281 | --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \ |
| 282 | --flags=$(GBB_FLAGS) \ |
| 283 | $@.tmp |
| 284 | ifneq ($(CONFIG_GBB_BMPFV_FILE),) |
| 285 | $(FUTILITY) gbb_utility -s \ |
| 286 | --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \ |
| 287 | $@.tmp |
| 288 | endif |
| 289 | mv $@.tmp $@ |
| 290 | |
Raul E Rangel | 8c38a8b | 2018-08-06 16:13:14 -0600 | [diff] [blame] | 291 | $(obj)/fwid.version: |
| 292 | echo -n "$(CONFIG_VBOOT_FWID_VERSION)" > $@ |
| 293 | |
| 294 | $(obj)/fwid.region: $(obj)/fwid.version |
| 295 | printf "%s%s\0" \ |
| 296 | "$(CONFIG_VBOOT_FWID_MODEL)" \ |
Raul E Rangel | 128b0cf | 2018-08-09 12:30:39 -0600 | [diff] [blame] | 297 | "$$(cat "$(obj)/fwid.version")" > $@ |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 298 | |
| 299 | build_complete:: $(obj)/gbb.region $(obj)/fwid.region |
| 300 | @printf " WRITE GBB\n" |
| 301 | $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region |
| 302 | $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 303 | ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y) |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 304 | $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 305 | endif |
| 306 | ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y) |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 307 | $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 308 | endif |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 309 | |
| 310 | ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),) |
| 311 | build_complete:: |
| 312 | printf "\0" > $(obj)/shared_data.region |
| 313 | $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region |
| 314 | endif |
| 315 | |
Julius Werner | 5eda52a | 2022-05-19 14:37:21 -0700 | [diff] [blame] | 316 | fmap-section-offset-cmd = $(FUTILITY) dump_fmap -p $(obj)/coreboot.rom | \ |
| 317 | grep '^$(1) ' | cut '-d ' -f2 |
Julius Werner | 39914a5 | 2022-08-01 15:04:44 -0700 | [diff] [blame] | 318 | fmap-section-size-cmd = $(FUTILITY) dump_fmap -p $(obj)/coreboot.rom | \ |
| 319 | grep '^$(1) ' | cut '-d ' -f3 |
Julius Werner | 5eda52a | 2022-05-19 14:37:21 -0700 | [diff] [blame] | 320 | |
| 321 | ifeq ($(CONFIG_VBOOT_GSCVD),y) |
| 322 | # |
| 323 | # vboot-gscvd-ranges |
| 324 | # |
| 325 | # This variable expands to the list of ranges that will be verified by the GSC |
| 326 | # before releasing the SoC from reset. It needs to cover all security-relevant |
| 327 | # ranges of the flash that CBFS verification cannot cover itself. By default |
| 328 | # this is the `GBB` FMAP section (not handled here but through the special `-G` |
| 329 | # parameter to `futility gscvd` below) and the bootblock. Here we are |
| 330 | # initializing the variable to expansions that produce ranges for both the |
| 331 | # `BOOTBLOCK` FMAP section (filled up to the real size of |
| 332 | # `$(objcbfs)/bootblock.bin`) and the `bootblock` file in the primary CBFS -- |
| 333 | # only one of those two should normally exist on a given platform. |
| 334 | # |
| 335 | # Platforms where the bootblock isn't the first and only thing loaded by the |
| 336 | # hardware or which otherwise have special security-relevant flash areas that |
| 337 | # cannot be covered normally by CBFS verification will need to manually add |
| 338 | # ranges to this variable in their own Makefiles, in the format produced by |
| 339 | # printf("%x:%x", start_offset, size). The variable is only expanded once in a |
| 340 | # recipe of the `files_added` target, so $(shell) expansions that depend on |
| 341 | # inspecting $(obj)/coreboot.rom (or any of its dependencies) are valid. |
| 342 | # |
| 343 | vboot-gscvd-ranges += $(shell ( \ |
| 344 | offset=$$($(call fmap-section-offset-cmd,BOOTBLOCK)) ;\ |
| 345 | if [ -n "$$offset" ]; then \ |
| 346 | size=$$(wc -c < $(objcbfs)/bootblock.bin) ;\ |
| 347 | printf "%x:%x" $$offset $$size ;\ |
| 348 | fi ;\ |
| 349 | )) |
| 350 | vboot-gscvd-ranges += $(shell ( \ |
| 351 | line=$$($(CBFSTOOL) $(obj)/coreboot.rom print -k | grep '^bootblock[[:space:]]') ;\ |
| 352 | if [ -n "$$line" ]; then \ |
| 353 | cbfs_start=$$($(call fmap-section-offset-cmd,COREBOOT)) ;\ |
| 354 | offset=$$(printf "$$line" | cut -f2) ;\ |
| 355 | size=$$(printf "$$line" | cut -f6) ;\ |
| 356 | printf "%x:%x" $$((cbfs_start + offset)) $$size ;\ |
| 357 | fi ;\ |
| 358 | )) |
| 359 | files_added:: $(FUTILITY) |
| 360 | @printf " WRITE GSCVD\n" |
| 361 | gscvd_range_args="$(foreach range,$(vboot-gscvd-ranges),-R $(range))" ;\ |
| 362 | if [ -z "$$gscvd_range_args" ]; then \ |
| 363 | echo "ERROR: No valid GSCVD ranges detected in image!" ;\ |
| 364 | exit 1 ;\ |
| 365 | fi ;\ |
| 366 | $(FUTILITY) gscvd -G $$gscvd_range_args -b $(CONFIG_VBOOT_GSC_BOARD_ID) \ |
| 367 | -r "$(CONFIG_VBOOT_GSCVD_ROOT_PUBKEY)" \ |
| 368 | -p "$(CONFIG_VBOOT_GSCVD_PLATFORM_PRIVKEY)" \ |
| 369 | -k "$(CONFIG_VBOOT_GSCVD_PLATFORM_KEYBLOCK)" \ |
| 370 | $(obj)/coreboot.rom |
| 371 | endif |
| 372 | |
Jakub Czapiga | 190afda | 2022-07-25 14:24:06 +0200 | [diff] [blame] | 373 | ifneq (,$(filter y,$(CONFIG_VBOOT_SLOTS_RW_A) $(CONFIG_VBOOT_SLOTS_RW_AB))) |
| 374 | files_added:: $(obj)/coreboot.rom $(FUTILITY) $(CBFSTOOL) |
| 375 | CBFSTOOL="$(CBFSTOOL)" \ |
| 376 | $(FUTILITY) sign \ |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 377 | --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \ |
Jakub Czapiga | 190afda | 2022-07-25 14:24:06 +0200 | [diff] [blame] | 378 | --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \ |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 379 | --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \ |
Jakub Czapiga | 190afda | 2022-07-25 14:24:06 +0200 | [diff] [blame] | 380 | --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \ |
| 381 | --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) \ |
| 382 | $(obj)/coreboot.rom |
| 383 | if [ "$(CONFIG_VBOOT_SLOTS_RW_AB)" = 'y' ]; then \ |
| 384 | printf " FLASHMAP Layout generated for RO, A and B partition.\n"; \ |
| 385 | elif [ "$(CONFIG_VBOOT_SLOTS_RW_A)" = 'y' ]; then \ |
| 386 | printf " FLASHMAP Layout generated for RO and A partition.\n"; \ |
| 387 | fi |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 388 | else |
Martin Roth | 372503f | 2023-12-08 00:43:23 -0700 | [diff] [blame^] | 389 | show_notices:: |
Philipp Deppenwiese | a558ca9 | 2018-07-28 23:30:49 +0200 | [diff] [blame] | 390 | @printf " FLASHMAP Layout generated for RO partition only.\n" |
| 391 | @printf " Beware that there is no failure safety in case of update now!\n" |
| 392 | endif |
Julius Werner | 58c3938 | 2017-02-13 17:53:29 -0800 | [diff] [blame] | 393 | |
Furquan Shaikh | 0325dc6 | 2016-07-25 13:02:36 -0700 | [diff] [blame] | 394 | endif # CONFIG_VBOOT |