Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 8fb7cd4123a1e60b88b65ebb8e330835adae71e2 / . / src / security / vboot / vboot_loader.c
blob: 7e637759ce4cd5e7df14c86c285b0fc174386f95 [file] [log] [blame]
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]1/*
2 * This file is part of the coreboot project.
3 *
4 * Copyright 2015 Google, Inc.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]14 */
15
16#include <cbfs.h>
17#include <console/console.h>
Aaron Durbinf7ce40b2016-08-24 14:58:12 -0500[diff] [blame]18#include <ec/google/chromeec/ec.h>
Aaron Durbin09560fa2015-05-12 16:43:10 -0500[diff] [blame]19#include <rmodule.h>
Philipp Deppenwiesefea24292017-10-17 17:02:29 +0200[diff] [blame]20#include <security/vboot/misc.h>
21#include <security/vboot/symbols.h>
22#include <security/vboot/vboot_common.h>
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]23
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]24/* Ensure vboot configuration is valid: */
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]25_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) +
26 CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1,
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]27 "vboot must either start in bootblock or romstage (not both!)");
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]28_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) ||
29 CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]30 "stand-alone verstage must start in (i.e. after) bootblock");
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]31_Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) ||
32 CONFIG(VBOOT_SEPARATE_VERSTAGE),
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]33 "return from verstage only makes sense for separate verstages");
34
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]35int vboot_executed;
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]36
Wim Vervoorn1058dd82019-11-01 10:22:22 +0100[diff] [blame]37void vboot_run_logic(void)
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]38{
Paul Kocialkowski18117682016-05-14 15:30:52 +0200[diff] [blame]39 if (verification_should_run()) {
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]40 /* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]41 verstage_main();
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]42 vboot_executed = 1;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]43 } else if (verstage_should_load()) {
Aaron Durbin37a5d152015-09-17 16:09:30 -0500[diff] [blame]44 struct cbfsf file;
Aaron Durbinac12c66c2015-05-20 12:08:55 -0500[diff] [blame]45 struct prog verstage =
Aaron Durbin7e7a4df2015-12-08 14:34:35 -0600[diff] [blame]46 PROG_INIT(PROG_VERSTAGE,
Aaron Durbinac12c66c2015-05-20 12:08:55 -0500[diff] [blame]47 CONFIG_CBFS_PREFIX "/verstage");
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]48
Aaron Durbince2c50d2015-05-13 13:33:27 -0500[diff] [blame]49 printk(BIOS_DEBUG, "VBOOT: Loading verstage.\n");
50
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]51 /* load verstage from RO */
Aaron Durbin37a5d152015-09-17 16:09:30 -0500[diff] [blame]52 if (cbfs_boot_locate(&file, prog_name(&verstage), NULL))
53 die("failed to load verstage");
54
55 cbfs_file_data(prog_rdev(&verstage), &file);
56
57 if (cbfs_prog_stage_load(&verstage))
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]58 die("failed to load verstage");
59
60 /* verify and select a slot */
61 prog_run(&verstage);
62
63 /* This is not actually possible to hit this condition at
64 * runtime, but this provides a hint to the compiler for dead
65 * code elimination below. */
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]66 if (!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]67 return;
68
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]69 vboot_executed = 1;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]70 }
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]71}
72
Julius Werner815611e2019-12-05 22:29:07 -0800[diff] [blame]73int vboot_locate_cbfs(struct region_device *rdev)
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]74{
Julius Wernerf8e17642019-12-12 13:23:06 -0800[diff] [blame]75 struct vb2_context *ctx;
Aaron Durbin899d13d2015-05-15 23:39:23 -0500[diff] [blame]76
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]77 /* Don't honor vboot results until the vboot logic has run. */
Joel Kitchingaf8471c2019-03-13 22:38:07 +0800[diff] [blame]78 if (!vboot_logic_executed())
Aaron Durbinb6981c02015-05-15 15:57:51 -0500[diff] [blame]79 return -1;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]80
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]81 ctx = vboot_get_context();
82
83 if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
Aaron Durbin4e50cdd2015-05-15 23:25:46 -0500[diff] [blame]84 return -1;
Aaron Durbinb6981c02015-05-15 15:57:51 -0500[diff] [blame]85
Aaron Durbinfe338e22019-11-18 12:35:21 -0700[diff] [blame]86 return vboot_locate_firmware(ctx, rdev);
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]87}