Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 7a00a63829881a099d679de13d725d94ea658ed9 / . / src / vboot / Makefile.inc
blob: 0d6ce57f50a8995f66b90a79f44a99188c3c6f75 [file] [log] [blame]
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]1##
2## This file is part of the coreboot project.
3##
4## Copyright (C) 2014 The ChromiumOS Authors. All rights reserved.
5##
6## This program is free software; you can redistribute it and/or modify
7## it under the terms of the GNU General Public License as published by
8## the Free Software Foundation; version 2 of the License.
9##
10## This program is distributed in the hope that it will be useful,
11## but WITHOUT ANY WARRANTY; without even the implied warranty of
12## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13## GNU General Public License for more details.
14##
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]15
Julius Werner5fc7c282017-03-17 14:29:10 -0700[diff] [blame]16ifeq ($(CONFIG_VBOOT),y)
17
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]18bootblock-y += bootmode.c
19romstage-y += bootmode.c
20ramstage-y += bootmode.c
21verstage-y += bootmode.c
22postcar-y += bootmode.c
23
Aaron Durbin26681ec2015-05-01 16:48:54 -0500[diff] [blame]24verstage-generic-ccopts += -D__PRE_RAM__ -D__VERSTAGE__
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]25
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]26bootblock-y += vbnv.c
27verstage-y += vbnv.c
28romstage-y += vbnv.c
29ramstage-y += vbnv.c
30
31bootblock-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
32verstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
33romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
34ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
35
36bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
37verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
38romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
39ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
40
41bootblock-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
42verstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
43romstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
44ramstage-$(CONFIG_VBOOT_VBNV_EC) += vbnv_ec.c
45
46bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
47verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
48romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
49ramstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
50
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]51bootblock-y += vboot_loader.c
52romstage-y += vboot_loader.c
53ramstage-y += vboot_loader.c
54verstage-y += vboot_loader.c
Andrey Petrov60c64322016-04-14 14:12:47 -0700[diff] [blame]55postcar-y += vboot_loader.c
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]56
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]57bootblock-y += vboot_common.c
58verstage-y += vboot_common.c
59romstage-y += vboot_common.c
60ramstage-y += vboot_common.c
61postcar-y += vboot_common.c
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]62
Daisuke Nojiri54af6252014-11-04 12:32:29 -0800[diff] [blame]63bootblock-y += common.c
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]64verstage-y += vboot_logic.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]65verstage-y += common.c
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]66verstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += verstage.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]67ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]68verstage-y += secdata_mock.c
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]69romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_mock.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]70else
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]71verstage-y += secdata_tpm.c
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]72romstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += secdata_tpm.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]73endif
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]74romstage-y += vboot_handoff.c common.c
75
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]76ramstage-y += common.c
Andrey Petrov60c64322016-04-14 14:12:47 -0700[diff] [blame]77postcar-y += common.c
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]78
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]79ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
Aaron Durbind1cf44c2015-05-08 15:58:06 -0500[diff] [blame]80VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-verstage-y))
81else
82ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
83VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-bootblock-y))
84else
85VB_FIRMWARE_ARCH := $(ARCHDIR-$(ARCH-romstage-y))
86endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]87endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
Aaron Durbind1cf44c2015-05-08 15:58:06 -0500[diff] [blame]88
Bill Richardsonc8603152015-01-27 17:28:18 -0800[diff] [blame]89VB2_LIB = $(obj)/external/vboot_reference/vboot_fw20.a
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]90VBOOT_CFLAGS += $(patsubst -I%,-I$(top)/%, $(filter-out -I$(obj), $(filter-out -include $(src)/include/kconfig.h, $(CPPFLAGS_verstage))))
91VBOOT_CFLAGS += $(CFLAGS_verstage)
92VBOOT_CFLAGS += $(verstage-c-ccopts)
Paul Kocialkowski6a106942015-08-03 23:03:27 +0200[diff] [blame]93VBOOT_CFLAGS += -I$(abspath $(obj)) -include $(top)/src/include/kconfig.h -Wno-missing-prototypes
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]94VBOOT_CFLAGS += -DVBOOT_DEBUG
95
96$(VB2_LIB): $(obj)/config.h
Patrick Georgi78a5f222017-01-30 15:29:34 +0100[diff] [blame]97 printf " MAKE $(subst $(obj)/,,$(@))\n"
98 +FIRMWARE_ARCH=$(VB_FIRMWARE_ARCH) \
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]99 CC="$(CC_verstage)" \
100 CFLAGS="$(VBOOT_CFLAGS)" VBOOT2="y" \
Paul Kocialkowski46114512016-07-24 12:10:38 +0200[diff] [blame]101 $(MAKE) -C $(VBOOT_SOURCE) \
Paul Kocialkowski6a106942015-08-03 23:03:27 +0200[diff] [blame]102 BUILD=$(abspath $(dir $(VB2_LIB))) \
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]103 V=$(V) \
Bill Richardsonc8603152015-01-27 17:28:18 -0800[diff] [blame]104 fwlib20
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]105
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]106verstage-srcs += $(VB2_LIB)
Patrick Georgiba808872015-04-27 18:09:22 +0200[diff] [blame]107
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]108ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
Furquan Shaikhb038f412016-11-07 23:47:11 -0800[diff] [blame]109
110# This works under the assumption that romstage and verstage use the same
111# architecture and thus CC_verstage is the same as CC_romstage. If this is not
112# true, VB2_LIB needs to ensure that correct CC is being used.
113ifeq ($(CONFIG_VBOOT_HAS_REC_HASH_SPACE),y)
114romstage-srcs += $(VB2_LIB)
115endif
116
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]117cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]118$(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf
119$(CONFIG_CBFS_PREFIX)/verstage-type := stage
Julius Werner09f29212015-09-29 13:51:35 -0700[diff] [blame]120$(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG)
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700[diff] [blame]121
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]122ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y)
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700[diff] [blame]123$(CONFIG_CBFS_PREFIX)/verstage-options := -a 64 -S ".car.data"
124
125# If CAR does not support execution of code, verstage on x86 is expected to be
126# xip.
127ifneq ($(CONFIG_NO_XIP_EARLY_STAGES),y)
128$(CONFIG_CBFS_PREFIX)/verstage-options += --xip
129endif
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]130
131endif
132
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]133else # CONFIG_VBOOT_SEPARATE_VERSTAGE
Aaron Durbind1cf44c2015-05-08 15:58:06 -0500[diff] [blame]134ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]135postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]136else
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]137postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs))
Patrick Georgiefc6aa02015-04-27 18:13:50 +0200[diff] [blame]138endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]139endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]140
141# Define a list of files that need to be in RO only.
142# All other files will be installed into RO and RW regions
143# Use $(sort) to cut down on extra spaces that would be translated to commas
144regions-for-file = $(subst $(spc),$(comma),$(sort \
145 $(if $(filter \
146 $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \
147 %/romstage) \
148 mts \
149 %/verstage \
Patrick Georgieda794d2016-02-05 11:01:24 +0100[diff] [blame]150 locales \
151 locale_%.bin \
152 font.bin \
153 vbgfx.bin \
Lee Leahy5e347522017-01-04 08:51:52 -0800[diff] [blame]154 rmu.bin \
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]155 ,$(1)),COREBOOT,COREBOOT FW_MAIN_A FW_MAIN_B)))
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]156
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]157CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
158CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
159CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK))
160CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY))
161CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY))
162CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL))
163CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION))
164
165# bool-to-mask(var, value)
166# return "value" if var is "y", 0 otherwise
167bool-to-mask = $(if $(filter y,$(1)),$(2),0)
168
169GBB_FLAGS := $(call int-add, \
170 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \
171 $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \
172 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \
173 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \
174 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \
175 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \
176 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \
177 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_LEGACY),0x80) \
178 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FAFT_KEY_OVERIDE),0x100) \
179 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \
180 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY),0x400) \
181 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \
182 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \
183 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP),0x2000) \
184 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_SERIAL),0x4000) \
185 )
186
187ifneq ($(CONFIG_GBB_BMPFV_FILE),)
188$(obj)/gbb.sizetmp: $(obj)/coreboot.rom
189 $(CBFSTOOL) $< read -r GBB -f $@
190
191$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp
192 @printf " CREATE GBB (with BMPFV)\n"
193 $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp
194 mv $@.tmp $@
195else
196$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
197 @printf " CREATE GBB (without BMPFV)\n"
198 $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
199 mv $@.tmp $@
200endif
201
202$(obj)/gbb.region: $(obj)/gbb.stub
203 @printf " SETUP GBB\n"
204 cp $< $@.tmp
205 $(FUTILITY) gbb_utility -s \
206 --hwid="$(CONFIG_GBB_HWID)" \
207 --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
208 --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
209 --flags=$(GBB_FLAGS) \
210 $@.tmp
211ifneq ($(CONFIG_GBB_BMPFV_FILE),)
212 $(FUTILITY) gbb_utility -s \
213 --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \
214 $@.tmp
215endif
216 mv $@.tmp $@
217
218$(obj)/fwid.region:
219 printf "$(CONFIG_VBOOT_FWID_MODEL)$(CONFIG_VBOOT_FWID_VERSION)\0" > $@
220
221build_complete:: $(obj)/gbb.region $(obj)/fwid.region
222 @printf " WRITE GBB\n"
223 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region
224 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region
225 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
226 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region
227
228ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)
229build_complete::
230 printf "\0" > $(obj)/shared_data.region
231 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region
232endif
233
234# Extract FW_MAIN_? region and minimize it if the last file is empty, so it
235# doesn't contain this empty file (that can have a significant size),
236# improving a lot on hash times due to a smaller amount of data loaded from
237# firmware storage.
238# When passing the minimized image to vbutil_firmware, its length is recorded
239# in the keyblock, and coreboot's vboot code clips the region_device to match,
240# which prevents any potential extension attacks.
241$(obj)/FW_MAIN_%.bin: $(obj)/coreboot.rom
242 $(CBFSTOOL) $< read -r $(basename $(notdir $@)) -f $@.tmp
243 $(CBFSTOOL) $(obj)/coreboot.rom print -k -r $(basename $(notdir $@)) | \
244 tail -1 | \
245 sed "s,^(empty)[[:space:]]\(0x[0-9a-f]*\)\tnull\t.*$$,\1," \
246 > $@.tmp.size
247 if [ -n "$$(cat $@.tmp.size)" ] && [ $$( printf "%d" $$(cat $@.tmp.size)) -gt 0 ]; then \
248 head -c $$( printf "%d" $$(cat $@.tmp.size)) $@.tmp > $@.tmp2 && \
249 mv $@.tmp2 $@; \
250 else \
251 mv $@.tmp $@; \
252 fi
253
254$(obj)/VBLOCK_%.bin: $(obj)/FW_MAIN_%.bin $(FUTILITY)
255 $(FUTILITY) vbutil_firmware \
256 --vblock $@ \
257 --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \
258 --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \
259 --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \
260 --fv $< \
261 --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \
262 --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS)
263
264files_added:: $(obj)/VBLOCK_A.bin $(obj)/VBLOCK_B.bin
265 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_A -f $(obj)/VBLOCK_A.bin
266 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r VBLOCK_B -f $(obj)/VBLOCK_B.bin
267
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]268endif # CONFIG_VBOOT