Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 8a3a3c820b8f8a8d357bf54fb7532ad1ae1ba270 / . / src / security / vboot / vboot_loader.c
blob: bca4c3e3b7aae244b758c7e1f547f62d3058806f [file] [log] [blame]
Angel Pons986d50e2020-04-02 23:48:53 +0200[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]2
3#include <cbfs.h>
4#include <console/console.h>
Aaron Durbinf7ce40b2016-08-24 14:58:12 -0500[diff] [blame]5#include <ec/google/chromeec/ec.h>
Aaron Durbin09560fa2015-05-12 16:43:10 -0500[diff] [blame]6#include <rmodule.h>
Philipp Deppenwiesefea24292017-10-17 17:02:29 +0200[diff] [blame]7#include <security/vboot/misc.h>
8#include <security/vboot/symbols.h>
9#include <security/vboot/vboot_common.h>
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]10
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]11/* Ensure vboot configuration is valid: */
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]12_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) +
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame^]13 CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK) +
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]14 CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1,
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame^]15 "vboot must start in bootblock, PSP or romstage (but only one!)");
16_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) || CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) ||
17 CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK),
18 "stand-alone verstage must start in or before bootblock ");
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]19_Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) ||
20 CONFIG(VBOOT_SEPARATE_VERSTAGE),
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]21 "return from verstage only makes sense for separate verstages");
22
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]23int vboot_executed;
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]24
Wim Vervoorn1058dd82019-11-01 10:22:22 +0100[diff] [blame]25void vboot_run_logic(void)
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]26{
Paul Kocialkowski18117682016-05-14 15:30:52 +0200[diff] [blame]27 if (verification_should_run()) {
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]28 /* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]29 verstage_main();
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]30 vboot_executed = 1;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]31 } else if (verstage_should_load()) {
Aaron Durbin37a5d152015-09-17 16:09:30 -0500[diff] [blame]32 struct cbfsf file;
Aaron Durbinac12c66c2015-05-20 12:08:55 -0500[diff] [blame]33 struct prog verstage =
Aaron Durbin7e7a4df2015-12-08 14:34:35 -0600[diff] [blame]34 PROG_INIT(PROG_VERSTAGE,
Aaron Durbinac12c66c2015-05-20 12:08:55 -0500[diff] [blame]35 CONFIG_CBFS_PREFIX "/verstage");
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]36
Aaron Durbince2c50d2015-05-13 13:33:27 -0500[diff] [blame]37 printk(BIOS_DEBUG, "VBOOT: Loading verstage.\n");
38
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]39 /* load verstage from RO */
Aaron Durbin37a5d152015-09-17 16:09:30 -0500[diff] [blame]40 if (cbfs_boot_locate(&file, prog_name(&verstage), NULL))
41 die("failed to load verstage");
42
43 cbfs_file_data(prog_rdev(&verstage), &file);
44
45 if (cbfs_prog_stage_load(&verstage))
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]46 die("failed to load verstage");
47
48 /* verify and select a slot */
49 prog_run(&verstage);
50
51 /* This is not actually possible to hit this condition at
52 * runtime, but this provides a hint to the compiler for dead
53 * code elimination below. */
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]54 if (!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]55 return;
56
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]57 vboot_executed = 1;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]58 }
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]59}
60
Julius Werner815611e2019-12-05 22:29:07 -0800[diff] [blame]61int vboot_locate_cbfs(struct region_device *rdev)
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]62{
Julius Wernerf8e17642019-12-12 13:23:06 -0800[diff] [blame]63 struct vb2_context *ctx;
Aaron Durbin899d13d2015-05-15 23:39:23 -0500[diff] [blame]64
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]65 /* Don't honor vboot results until the vboot logic has run. */
Joel Kitchingaf8471c2019-03-13 22:38:07 +0800[diff] [blame]66 if (!vboot_logic_executed())
Aaron Durbinb6981c02015-05-15 15:57:51 -0500[diff] [blame]67 return -1;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]68
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]69 ctx = vboot_get_context();
70
71 if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
Aaron Durbin4e50cdd2015-05-15 23:25:46 -0500[diff] [blame]72 return -1;
Aaron Durbinb6981c02015-05-15 15:57:51 -0500[diff] [blame]73
Aaron Durbinfe338e22019-11-18 12:35:21 -0700[diff] [blame]74 return vboot_locate_firmware(ctx, rdev);
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]75}