Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 40cb3fe94dacfba0b146aae2be9c03c0a0ddb691 / . / src / security / vboot / Makefile.inc
blob: ba83c3bd6ab99d2f3a90912858f95da463293bf9 [file] [log] [blame]
Patrick Georgic49d7a32020-05-08 22:50:46 +0200[diff] [blame]1## SPDX-License-Identifier: GPL-2.0-only
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]2
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]3ifeq ($(CONFIG_VBOOT_LIB),y)
4
Joel Kitchingec12bd02020-02-04 17:36:49 +0800[diff] [blame]5bootblock-y += vboot_lib.c
6verstage-y += vboot_lib.c
7romstage-y += vboot_lib.c
8ramstage-y += vboot_lib.c
9postcar-y += vboot_lib.c
10
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]11vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\
12 $(patsubst $(src)/%.h,$(top)/$(src)/%.h,\
13 $(filter-out -I$(obj),$(1))))
14
15# call with $1 = stage name to create rules for building the library
16# for the stage and adding it to the stage's set of object files.
17define vboot-for-stage
18VBOOT_LIB_$(1) = $(obj)/external/vboot_reference-$(1)/vboot_fw.a
19VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$(CPPFLAGS_$(1)))
20VBOOT_CFLAGS_$(1) += $$(CFLAGS_$(1))
21VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$($(1)-c-ccopts))
22VBOOT_CFLAGS_$(1) += -I$(abspath $(obj)) -Wno-missing-prototypes
23VBOOT_CFLAGS_$(1) += -DVBOOT_DEBUG
24
25$$(VBOOT_LIB_$(1)): $(obj)/config.h
26 printf " MAKE $(subst $(obj)/,,$(@))\n"
27 +FIRMWARE_ARCH=$$(ARCHDIR-$$(ARCH-$(1)-y)) \
28 CC="$$(CC_$(1))" \
29 CFLAGS="$$(VBOOT_CFLAGS_$(1))" VBOOT2="y" \
Sam McNallyeded5002020-03-04 16:08:06 +1100[diff] [blame]30 EC_EFS="$(CONFIG_VBOOT_EC_EFS)" \
Karthikeyan Ramasubramanian4f9853a2022-10-27 22:49:40 -0600[diff] [blame]31 X86_SHA_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_X86_32)$(CONFIG_ARCH_$(call toupper,$(1))_X86_64),$\
32 $(CONFIG_VBOOT_X86_SHA256_ACCELERATION))" \
Yidi Linbd6b81d2023-01-31 15:18:57 +0800[diff] [blame]33 ARMV8_CRYPTO_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_ARMV8_64),$$(CONFIG_VBOOT_ARMV8_CE_SHA256_ACCELERATION))" \
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]34 $(MAKE) -C $(VBOOT_SOURCE) \
35 BUILD=$$(abspath $$(dir $$(VBOOT_LIB_$(1)))) \
36 V=$(V) \
Brian Norris6d301c82023-02-01 16:38:44 -0800[diff] [blame]37 USE_FLASHROM=0 \
Maximilian Brune1d7a9de2022-04-14 14:54:16 +0200[diff] [blame]38 fwlib \
Maximilian Brune5cbf45e2022-12-26 06:37:21 +0100[diff] [blame]39 $(if $(CONFIG_SBOM_VBOOT),$$(abspath $$(dir $$(VBOOT_LIB_$(1))))/vboot_host.pc)
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]40
41$(1)-srcs += $$(VBOOT_LIB_$(1))
42
43endef # vboot-for-stage
44
45$(eval $(call vboot-for-stage,bootblock))
46$(eval $(call vboot-for-stage,romstage))
47$(eval $(call vboot-for-stage,ramstage))
48$(eval $(call vboot-for-stage,postcar))
49
50endif # CONFIG_VBOOT_LIB
51
Julius Werner5fc7c282017-03-17 14:29:10 -0700[diff] [blame]52ifeq ($(CONFIG_VBOOT),y)
53
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]54bootblock-y += bootmode.c
55romstage-y += bootmode.c
56ramstage-y += bootmode.c
57verstage-y += bootmode.c
58postcar-y += bootmode.c
59
Joel Kitchingd6f71d02019-02-21 12:37:55 +0800[diff] [blame]60verstage-generic-ccopts += -D__VERSTAGE__
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]61
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]62bootblock-y += vbnv.c
63verstage-y += vbnv.c
64romstage-y += vbnv.c
65ramstage-y += vbnv.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]66postcar-y += vbnv.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]67
Tim Wawrzynczakd6fc5572019-10-25 14:58:15 -0600[diff] [blame]68romstage-$(CONFIG_VBOOT_EARLY_EC_SYNC) += ec_sync.c
69
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]70bootblock-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
71verstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
72romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
73ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]74postcar-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]75
Arthur Heymans61ef0e42023-01-12 11:29:57 +0100[diff] [blame]76$(call src-to-obj,bootblock,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
77$(call src-to-obj,verstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
78$(call src-to-obj,romstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
79$(call src-to-obj,ramstage,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
80$(call src-to-obj,postcar,$(dir)/vbnv_flash.c) : $(obj)/fmap_config.h
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]81bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
82verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
83romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
84ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]85postcar-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]86
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]87bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
88verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
89romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
90ramstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]91postcar-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]92
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]93bootblock-y += vboot_loader.c
94romstage-y += vboot_loader.c
95ramstage-y += vboot_loader.c
96verstage-y += vboot_loader.c
Andrey Petrov60c64322016-04-14 14:12:47 -0700[diff] [blame]97postcar-y += vboot_loader.c
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]98
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]99bootblock-y += vboot_common.c
100verstage-y += vboot_common.c
101romstage-y += vboot_common.c
102ramstage-y += vboot_common.c
103postcar-y += vboot_common.c
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]104
Daisuke Nojiri54af6252014-11-04 12:32:29 -0800[diff] [blame]105bootblock-y += common.c
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]106verstage-y += vboot_logic.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]107verstage-y += common.c
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]108ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]109verstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += verstage.c
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]110endif
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]111ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]112verstage-y += secdata_mock.c
Julius Wernerf0ebaf22020-04-27 13:57:05 -0700[diff] [blame]113romstage-y += secdata_mock.c
Sridhar Siricilla89ac87a2020-04-20 18:45:22 +0530[diff] [blame]114ramstage-y += secdata_mock.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]115else
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]116verstage-y += secdata_tpm.c
Julius Wernerf0ebaf22020-04-27 13:57:05 -0700[diff] [blame]117romstage-y += secdata_tpm.c
Sridhar Siricilla89ac87a2020-04-20 18:45:22 +0530[diff] [blame]118ramstage-y += secdata_tpm.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]119endif
Christian Walter0bd84ed2019-07-23 10:26:30 +0200[diff] [blame]120
Kyösti Mälkkif303b4f2021-05-27 19:33:57 +0300[diff] [blame]121verstage-$(CONFIG_TPM) += tpm_common.c
Christian Walter0bd84ed2019-07-23 10:26:30 +0200[diff] [blame]122
Joel Kitchingeb203202019-06-16 17:26:53 +0800[diff] [blame]123romstage-y += common.c
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]124
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]125ramstage-y += common.c
Andrey Petrov60c64322016-04-14 14:12:47 -0700[diff] [blame]126postcar-y += common.c
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]127
Shelley Chen9f8ac642020-10-16 12:20:16 -0700[diff] [blame]128romstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
Shelley Chen1fed53f2020-10-16 12:30:05 -0700[diff] [blame]129ramstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]130
Matt DeVillier9ce755d2023-01-23 18:31:27 -0600[diff] [blame]131ramstage-$(CONFIG_SOC_AMD_GFX_CACHE_VBIOS_IN_FMAP) += vbios_cache_hash_tpm.c
132
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]133ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
Furquan Shaikhb038f412016-11-07 23:47:11 -0800[diff] [blame]134
Werner Zeh3c6d9e12018-11-26 06:54:13 +0100[diff] [blame]135$(eval $(call vboot-for-stage,verstage))
Furquan Shaikhb038f412016-11-07 23:47:11 -0800[diff] [blame]136
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]137ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),)
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]138cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]139$(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf
140$(CONFIG_CBFS_PREFIX)/verstage-type := stage
Julius Werner09f29212015-09-29 13:51:35 -0700[diff] [blame]141$(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG)
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]142endif # CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700[diff] [blame]143
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]144ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y)
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700[diff] [blame]145$(CONFIG_CBFS_PREFIX)/verstage-options := -a 64 -S ".car.data"
146
147# If CAR does not support execution of code, verstage on x86 is expected to be
148# xip.
149ifneq ($(CONFIG_NO_XIP_EARLY_STAGES),y)
150$(CONFIG_CBFS_PREFIX)/verstage-options += --xip
151endif
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]152
153endif
Patrick Rudolphd9c799c2019-02-19 10:57:16 +0100[diff] [blame]154$(CONFIG_CBFS_PREFIX)/verstage-options += $(TXTIBB)
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]155
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]156else # CONFIG_VBOOT_SEPARATE_VERSTAGE
Aaron Durbind1cf44c2015-05-08 15:58:06 -0500[diff] [blame]157ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]158postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]159else
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]160postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs))
Patrick Georgiefc6aa02015-04-27 18:13:50 +0200[diff] [blame]161endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]162endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]163
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]164#RO-Partition is always there!
165VBOOT_PARTITIONS := COREBOOT
166# Check for RW_A partition
167ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)
168VBOOT_PARTITIONS += FW_MAIN_A
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]169RW_PARTITIONS := FW_MAIN_A
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]170endif
171# Check for RW_B partition
172ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)
173VBOOT_PARTITIONS += FW_MAIN_B
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]174RW_PARTITIONS += FW_MAIN_B
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]175endif
176
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]177# Return the regions a specific file should be placed in. The files listed below and the ones
Martin Roth63036712020-06-25 17:20:32 -0600[diff] [blame]178# that are specified in CONFIG_RO_REGION_ONLY, are only specified in the RO region. The files
179# specified in the CONFIG_RW_REGION_ONLY are placed in all RW regions. Files specified
180# in CONFIG_RWA_REGION_ONLY or CONFIG_RWB_REGION_ONLY get placed only in those sections.
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]181# All other files will be installed into RO and RW regions
182# Use $(sort) to cut down on extra spaces that would be translated to commas
183regions-for-file = $(subst $(spc),$(comma),$(sort \
Sridhar Siricilla77025b32020-07-23 23:41:36 +0530[diff] [blame]184 $(if $(value regions-for-file-$(1)), \
185 $(regions-for-file-$(1)), \
186 $(if $(filter $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)), \
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]187 %/romstage,) \
Arthur Heymans75226bb2022-03-30 20:16:36 +0200[diff] [blame]188 header_pointer \
189 cbfs_master_header \
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]190 mts \
191 %/verstage \
Patrick Georgieda794d2016-02-05 11:01:24 +0100[diff] [blame]192 locales \
193 locale_%.bin \
194 font.bin \
195 vbgfx.bin \
Lee Leahy5e347522017-01-04 08:51:52 -0800[diff] [blame]196 rmu.bin \
Patrick Rudolph9554b262018-06-05 15:12:56 +0200[diff] [blame]197 cmos_layout.bin \
198 cmos.default \
Arthur Heymanseeacd832021-02-19 17:14:23 +0100[diff] [blame]199 intel_fit \
200 intel_fit_ts \
Arthur Heymansd6612a42021-05-03 13:29:22 +0200[diff] [blame]201 fspt.bin \
Arthur Heymanse714fc02023-04-05 14:24:59 +0200[diff] [blame]202 pagetables \
Martin Rothbbd5ee412017-10-05 13:53:16 -0600[diff] [blame]203 $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]204 ,$(1)),COREBOOT,\
205 $(if $(filter \
Sridhar Siricilla77025b32020-07-23 23:41:36 +0530[diff] [blame]206 $(call strip_quotes,$(CONFIG_RWA_REGION_ONLY)) \
207 ,$(1)), FW_MAIN_A, \
Martin Roth63036712020-06-25 17:20:32 -0600[diff] [blame]208 $(if $(filter \
209 $(call strip_quotes,$(CONFIG_RWB_REGION_ONLY)) \
210 ,$(1)), FW_MAIN_B, \
211 $(if $(filter \
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]212 $(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \
213 ,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \
Sridhar Siricilla77025b32020-07-23 23:41:36 +0530[diff] [blame]214 ))))))
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]215
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]216CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
217CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
218CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK))
219CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY))
220CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY))
221CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL))
222CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION))
223
224# bool-to-mask(var, value)
225# return "value" if var is "y", 0 otherwise
226bool-to-mask = $(if $(filter y,$(1)),$(2),0)
227
228GBB_FLAGS := $(call int-add, \
229 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \
230 $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \
231 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \
232 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \
233 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \
234 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \
235 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \
Joel Kitchinga904fd62021-02-19 18:10:58 +0800[diff] [blame]236 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW),0x80) \
Joel Kitching984d0c62019-12-04 15:33:57 +0800[diff] [blame]237 $(call bool-to-mask,$(CONFIG_GBB_FLAG_RUNNING_FAFT),0x100) \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]238 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \
Joel Kitchinga904fd62021-02-19 18:10:58 +0800[diff] [blame]239 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW),0x400) \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]240 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \
241 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \
Julius Wernerae423852018-03-23 21:02:48 -0700[diff] [blame]242 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY),0x4000) \
243 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FWMP),0x8000) \
Eric Lai1cf24272021-01-29 16:14:37 +0800[diff] [blame]244 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_UDC),0x10000) \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]245 )
246
247ifneq ($(CONFIG_GBB_BMPFV_FILE),)
248$(obj)/gbb.sizetmp: $(obj)/coreboot.rom
249 $(CBFSTOOL) $< read -r GBB -f $@
250
251$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp
252 @printf " CREATE GBB (with BMPFV)\n"
253 $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp
254 mv $@.tmp $@
255else
256$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
257 @printf " CREATE GBB (without BMPFV)\n"
258 $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
259 mv $@.tmp $@
260endif
261
Hung-Te Lin117453e2019-09-27 12:23:20 +0800[diff] [blame]262# Generate a test-only HWID
263ifeq ($(CONFIG_GBB_HWID),)
264CONFIG_GBB_HWID := $$($(top)/util/chromeos/gen_test_hwid.sh "$(CONFIG_MAINBOARD_PART_NUMBER)")
265endif
266
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]267$(obj)/gbb.region: $(obj)/gbb.stub
268 @printf " SETUP GBB\n"
269 cp $< $@.tmp
270 $(FUTILITY) gbb_utility -s \
271 --hwid="$(CONFIG_GBB_HWID)" \
272 --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
273 --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
274 --flags=$(GBB_FLAGS) \
275 $@.tmp
276ifneq ($(CONFIG_GBB_BMPFV_FILE),)
277 $(FUTILITY) gbb_utility -s \
278 --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \
279 $@.tmp
280endif
281 mv $@.tmp $@
282
Raul E Rangel8c38a8b2018-08-06 16:13:14 -0600[diff] [blame]283$(obj)/fwid.version:
284 echo -n "$(CONFIG_VBOOT_FWID_VERSION)" > $@
285
286$(obj)/fwid.region: $(obj)/fwid.version
287 printf "%s%s\0" \
288 "$(CONFIG_VBOOT_FWID_MODEL)" \
Raul E Rangel128b0cf2018-08-09 12:30:39 -0600[diff] [blame]289 "$$(cat "$(obj)/fwid.version")" > $@
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]290
291build_complete:: $(obj)/gbb.region $(obj)/fwid.region
292 @printf " WRITE GBB\n"
293 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region
294 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]295ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]296 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]297endif
298ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]299 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]300endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]301
302ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)
303build_complete::
304 printf "\0" > $(obj)/shared_data.region
305 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region
306endif
307
Julius Werner5eda52a2022-05-19 14:37:21 -0700[diff] [blame]308fmap-section-offset-cmd = $(FUTILITY) dump_fmap -p $(obj)/coreboot.rom | \
309 grep '^$(1) ' | cut '-d ' -f2
Julius Werner39914a52022-08-01 15:04:44 -0700[diff] [blame]310fmap-section-size-cmd = $(FUTILITY) dump_fmap -p $(obj)/coreboot.rom | \
311 grep '^$(1) ' | cut '-d ' -f3
Julius Werner5eda52a2022-05-19 14:37:21 -0700[diff] [blame]312
313ifeq ($(CONFIG_VBOOT_GSCVD),y)
314#
315# vboot-gscvd-ranges
316#
317# This variable expands to the list of ranges that will be verified by the GSC
318# before releasing the SoC from reset. It needs to cover all security-relevant
319# ranges of the flash that CBFS verification cannot cover itself. By default
320# this is the `GBB` FMAP section (not handled here but through the special `-G`
321# parameter to `futility gscvd` below) and the bootblock. Here we are
322# initializing the variable to expansions that produce ranges for both the
323# `BOOTBLOCK` FMAP section (filled up to the real size of
324# `$(objcbfs)/bootblock.bin`) and the `bootblock` file in the primary CBFS --
325# only one of those two should normally exist on a given platform.
326#
327# Platforms where the bootblock isn't the first and only thing loaded by the
328# hardware or which otherwise have special security-relevant flash areas that
329# cannot be covered normally by CBFS verification will need to manually add
330# ranges to this variable in their own Makefiles, in the format produced by
331# printf("%x:%x", start_offset, size). The variable is only expanded once in a
332# recipe of the `files_added` target, so $(shell) expansions that depend on
333# inspecting $(obj)/coreboot.rom (or any of its dependencies) are valid.
334#
335vboot-gscvd-ranges += $(shell ( \
336 offset=$$($(call fmap-section-offset-cmd,BOOTBLOCK)) ;\
337 if [ -n "$$offset" ]; then \
338 size=$$(wc -c < $(objcbfs)/bootblock.bin) ;\
339 printf "%x:%x" $$offset $$size ;\
340 fi ;\
341))
342vboot-gscvd-ranges += $(shell ( \
343 line=$$($(CBFSTOOL) $(obj)/coreboot.rom print -k | grep '^bootblock[[:space:]]') ;\
344 if [ -n "$$line" ]; then \
345 cbfs_start=$$($(call fmap-section-offset-cmd,COREBOOT)) ;\
346 offset=$$(printf "$$line" | cut -f2) ;\
347 size=$$(printf "$$line" | cut -f6) ;\
348 printf "%x:%x" $$((cbfs_start + offset)) $$size ;\
349 fi ;\
350))
351files_added:: $(FUTILITY)
352 @printf " WRITE GSCVD\n"
353 gscvd_range_args="$(foreach range,$(vboot-gscvd-ranges),-R $(range))" ;\
354 if [ -z "$$gscvd_range_args" ]; then \
355 echo "ERROR: No valid GSCVD ranges detected in image!" ;\
356 exit 1 ;\
357 fi ;\
358 $(FUTILITY) gscvd -G $$gscvd_range_args -b $(CONFIG_VBOOT_GSC_BOARD_ID) \
359 -r "$(CONFIG_VBOOT_GSCVD_ROOT_PUBKEY)" \
360 -p "$(CONFIG_VBOOT_GSCVD_PLATFORM_PRIVKEY)" \
361 -k "$(CONFIG_VBOOT_GSCVD_PLATFORM_KEYBLOCK)" \
362 $(obj)/coreboot.rom
363endif
364
Jakub Czapiga190afda2022-07-25 14:24:06 +0200[diff] [blame]365ifneq (,$(filter y,$(CONFIG_VBOOT_SLOTS_RW_A) $(CONFIG_VBOOT_SLOTS_RW_AB)))
366files_added:: $(obj)/coreboot.rom $(FUTILITY) $(CBFSTOOL)
367 CBFSTOOL="$(CBFSTOOL)" \
368 $(FUTILITY) sign \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]369 --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \
Jakub Czapiga190afda2022-07-25 14:24:06 +0200[diff] [blame]370 --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]371 --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \
Jakub Czapiga190afda2022-07-25 14:24:06 +0200[diff] [blame]372 --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \
373 --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) \
374 $(obj)/coreboot.rom
375 if [ "$(CONFIG_VBOOT_SLOTS_RW_AB)" = 'y' ]; then \
376 printf " FLASHMAP Layout generated for RO, A and B partition.\n"; \
377 elif [ "$(CONFIG_VBOOT_SLOTS_RW_A)" = 'y' ]; then \
378 printf " FLASHMAP Layout generated for RO and A partition.\n"; \
379 fi
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]380else
381files_added::
382 @printf " FLASHMAP Layout generated for RO partition only.\n"
383 @printf " Beware that there is no failure safety in case of update now!\n"
384endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]385
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]386endif # CONFIG_VBOOT