Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 944da4828fefe3ffcb691e55d9c55edef190fabe / . / src / soc / intel / common / block / cse / cse_lite.c
blob: 62c274be57c86234265dd7efbddbf52cb20edba5 [file] [log] [blame]
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Elyes HAOUAS944da482021-02-01 21:30:13 +0100[diff] [blame^]2
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]3#include <console/console.h>
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]4#include <boot_device.h>
5#include <cbfs.h>
6#include <commonlib/cbfs.h>
7#include <commonlib/region.h>
8#include <fmap.h>
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]9#include <intelblocks/cse.h>
10#include <security/vboot/vboot_common.h>
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]11#include <security/vboot/misc.h>
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]12#include <soc/intel/common/reset.h>
13
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]14/* Converts bp index to boot partition string */
15#define GET_BP_STR(bp_index) (bp_index ? "RW" : "RO")
16
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]17/* CSE RW boot partition signature */
18#define CSE_RW_SIGNATURE 0x000055aa
19
20/* CSE RW boot partition signature size */
21#define CSE_RW_SIGN_SIZE sizeof(uint32_t)
22
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]23/*
Sridhar Siricilla99dbca32020-05-12 21:05:04 +0530[diff] [blame]24 * CSE Firmware supports 3 boot partitions. For CSE Lite SKU, only 2 boot partitions are
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]25 * used and 3rd boot partition is set to BP_STATUS_PARTITION_NOT_PRESENT.
Sridhar Siricilla99dbca32020-05-12 21:05:04 +0530[diff] [blame]26 * CSE Lite SKU Image Layout:
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]27 * ------------- ------------------- ---------------------
28 * |CSE REGION | => | RO | RW | DATA | => | BP1 | BP2 | DATA |
29 * ------------- ------------------- ---------------------
30 */
31#define CSE_MAX_BOOT_PARTITIONS 3
32
Sridhar Siricilla99dbca32020-05-12 21:05:04 +0530[diff] [blame]33/* CSE Lite SKU's valid bootable partition identifiers */
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]34enum boot_partition_id {
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]35 /* RO(BP1) contains recovery/minimal boot firmware */
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]36 RO = 0,
37
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]38 /* RW(BP2) contains fully functional CSE firmware */
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]39 RW = 1
40};
41
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]42/* CSE recovery sub-error codes */
43enum csme_failure_reason {
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]44
45 /* No error */
46 CSE_LITE_SKU_NO_ERROR = 0,
47
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]48 /* Unspecified error */
49 CSE_LITE_SKU_UNSPECIFIED = 1,
50
51 /* CSE fails to boot from RW */
52 CSE_LITE_SKU_RW_JUMP_ERROR = 2,
53
54 /* CSE RW boot partition access error */
55 CSE_LITE_SKU_RW_ACCESS_ERROR = 3,
56
57 /* Fails to set next boot partition as RW */
58 CSE_LITE_SKU_RW_SWITCH_ERROR = 4,
59
60 /* CSE firmware update failure */
61 CSE_LITE_SKU_FW_UPDATE_ERROR = 5,
62
63 /* Fails to communicate with CSE */
64 CSE_LITE_SKU_COMMUNICATION_ERROR = 6,
65
66 /* Fails to wipe CSE runtime data */
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]67 CSE_LITE_SKU_DATA_WIPE_ERROR = 7,
68
69 /* CSE RW is not found */
70 CSE_LITE_SKU_RW_BLOB_NOT_FOUND = 8,
71
72 /* CSE CBFS RW SHA-256 mismatch with the provided SHA */
73 CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH = 9,
74
75 /* CSE CBFS RW metadata is not found */
76 CSE_LITE_SKU_RW_METADATA_NOT_FOUND = 10,
Sridhar Siricillaabeb6882020-12-07 15:55:10 +0530[diff] [blame]77
78 /* CSE CBFS RW blob layout is not correct */
79 CSE_LITE_SKU_LAYOUT_MISMATCH_ERROR = 11,
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]80};
81
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]82/*
83 * Boot partition status.
84 * The status is returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd.
85 */
86enum bp_status {
87 /* This value is returned when a partition has no errors */
88 BP_STATUS_SUCCESS = 0,
89
90 /*
91 * This value is returned when a partition should be present based on layout, but it is
92 * not valid.
93 */
94 BP_STATUS_GENERAL_FAILURE = 1,
95
96 /* This value is returned when a partition is not present per initial image layout */
97 BP_STATUS_PARTITION_NOT_PRESENT = 2,
98
Sridhar Siricilla2f6d5552020-04-19 23:39:02 +0530[diff] [blame]99 /*
100 * This value is returned when unexpected issues are detected in CSE Data area
101 * and CSE TCB-SVN downgrade scenario.
102 */
103 BP_STATUS_DATA_FAILURE = 3,
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]104};
105
106/*
107 * Boot Partition Info Flags
108 * The flags are returned in response to MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO cmd.
109 */
110enum bp_info_flags {
111
112 /* Redundancy Enabled: It indicates CSE supports RO(BP1) and RW(BP2) regions */
113 BP_INFO_REDUNDANCY_EN = 1 << 0,
114
115 /* It indicates RO(BP1) supports Minimal Recovery Mode */
116 BP_INFO_MIN_RECOV_MODE_EN = 1 << 1,
117
118 /*
119 * Read-only Config Enabled: It indicates HW protection to CSE RO region is enabled.
120 * The option is relevant only if the BP_INFO_MIN_RECOV_MODE_EN flag is enabled.
121 */
122 BP_INFO_READ_ONLY_CFG = 1 << 2,
123};
124
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]125/* CSE boot partition entry info */
126struct cse_bp_entry {
127 /* Boot partition version */
128 struct fw_version fw_ver;
129
130 /* Boot partition status */
131 uint32_t status;
132
133 /* Starting offset of the partition within CSE region */
134 uint32_t start_offset;
135
136 /* Ending offset of the partition within CSE region */
137 uint32_t end_offset;
138 uint8_t reserved[12];
139} __packed;
140
141/* CSE boot partition info */
142struct cse_bp_info {
143 /* Number of boot partitions */
144 uint8_t total_number_of_bp;
145
146 /* Current boot partition */
147 uint8_t current_bp;
148
149 /* Next boot partition */
150 uint8_t next_bp;
151
152 /* Boot Partition Info Flags */
153 uint8_t flags;
154
155 /* Boot Partition Entry Info */
156 struct cse_bp_entry bp_entries[CSE_MAX_BOOT_PARTITIONS];
157} __packed;
158
159struct get_bp_info_rsp {
160 struct mkhi_hdr hdr;
161 struct cse_bp_info bp_info;
162} __packed;
163
Sridhar Siricilla33aa1152020-06-26 14:29:40 +0530[diff] [blame]164static void cse_log_status_registers(void)
165{
166 printk(BIOS_DEBUG, "cse_lite: CSE status registers: HFSTS1: 0x%x, HFSTS2: 0x%x "
167 "HFSTS3: 0x%x\n", me_read_config32(PCI_ME_HFSTS1),
168 me_read_config32(PCI_ME_HFSTS2), me_read_config32(PCI_ME_HFSTS3));
169}
170
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]171static void cse_trigger_recovery(uint8_t rec_sub_code)
172{
Sridhar Siricilla33aa1152020-06-26 14:29:40 +0530[diff] [blame]173 /* Log CSE Firmware Status Registers to help debugging */
174 cse_log_status_registers();
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]175 if (CONFIG(VBOOT)) {
Subrata Banik754de4d2020-09-15 15:16:42 +0530[diff] [blame]176 struct vb2_context *ctx = vboot_get_context();
177 if (ctx == NULL)
178 goto failure;
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]179 vb2api_fail(ctx, VB2_RECOVERY_INTEL_CSE_LITE_SKU, rec_sub_code);
180 vboot_save_data(ctx);
181 vboot_reboot();
182 }
Subrata Banik754de4d2020-09-15 15:16:42 +0530[diff] [blame]183failure:
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]184 die("cse_lite: Failed to trigger recovery mode(recovery subcode:%d)\n", rec_sub_code);
185}
186
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]187static uint8_t cse_get_current_bp(const struct cse_bp_info *cse_bp_info)
188{
189 return cse_bp_info->current_bp;
190}
191
192static const struct cse_bp_entry *cse_get_bp_entry(enum boot_partition_id bp,
193 const struct cse_bp_info *cse_bp_info)
194{
195 return &cse_bp_info->bp_entries[bp];
196}
197
198static void cse_print_boot_partition_info(const struct cse_bp_info *cse_bp_info)
199{
200 const struct cse_bp_entry *cse_bp;
201
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]202 printk(BIOS_DEBUG, "cse_lite: Number of partitions = %d\n",
203 cse_bp_info->total_number_of_bp);
204 printk(BIOS_DEBUG, "cse_lite: Current partition = %s\n",
205 GET_BP_STR(cse_bp_info->current_bp));
206 printk(BIOS_DEBUG, "cse_lite: Next partition = %s\n", GET_BP_STR(cse_bp_info->next_bp));
207 printk(BIOS_DEBUG, "cse_lite: Flags = 0x%x\n", cse_bp_info->flags);
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]208
209 /* Log version info of RO & RW partitions */
210 cse_bp = cse_get_bp_entry(RO, cse_bp_info);
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]211 printk(BIOS_DEBUG, "cse_lite: %s version = %d.%d.%d.%d (Status=0x%x, Start=0x%x, End=0x%x)\n",
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]212 GET_BP_STR(RO), cse_bp->fw_ver.major, cse_bp->fw_ver.minor,
213 cse_bp->fw_ver.hotfix, cse_bp->fw_ver.build,
214 cse_bp->status, cse_bp->start_offset,
215 cse_bp->end_offset);
216
217 cse_bp = cse_get_bp_entry(RW, cse_bp_info);
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]218 printk(BIOS_DEBUG, "cse_lite: %s version = %d.%d.%d.%d (Status=0x%x, Start=0x%x, End=0x%x)\n",
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]219 GET_BP_STR(RW), cse_bp->fw_ver.major, cse_bp->fw_ver.minor,
220 cse_bp->fw_ver.hotfix, cse_bp->fw_ver.build,
221 cse_bp->status, cse_bp->start_offset,
222 cse_bp->end_offset);
223}
224
225/*
226 * Checks prerequisites for MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO and
227 * MKHI_BUP_COMMON_SET_BOOT_PARTITION_INFO HECI commands.
228 * It allows execution of the Boot Partition commands in below scenarios:
229 * - When CSE boots from RW partition (COM: Normal and CWS: Normal)
230 * - When CSE boots from RO partition (COM: Soft Temp Disable and CWS: Normal)
231 * - After HMRFPO_ENABLE command is issued to CSE (COM: SECOVER_MEI_MSG and CWS: Normal)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]232 * The prerequisite check should be handled in cse_get_bp_info() and
233 * cse_set_next_boot_partition() since the CSE's current operation mode is changed between these
234 * cmd handler calls.
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]235 */
236static bool cse_is_bp_cmd_info_possible(void)
237{
238 if (cse_is_hfs1_cws_normal()) {
239 if (cse_is_hfs1_com_normal())
240 return true;
241 if (cse_is_hfs1_com_secover_mei_msg())
242 return true;
243 if (cse_is_hfs1_com_soft_temp_disable())
244 return true;
245 }
246 return false;
247}
248
249static bool cse_get_bp_info(struct get_bp_info_rsp *bp_info_rsp)
250{
251 struct get_bp_info_req {
252 struct mkhi_hdr hdr;
253 uint8_t reserved[4];
254 } __packed;
255
256 struct get_bp_info_req info_req = {
257 .hdr.group_id = MKHI_GROUP_ID_BUP_COMMON,
258 .hdr.command = MKHI_BUP_COMMON_GET_BOOT_PARTITION_INFO,
259 .reserved = {0},
260 };
261
262 if (!cse_is_bp_cmd_info_possible()) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]263 printk(BIOS_ERR, "cse_lite: CSE does not meet prerequisites\n");
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]264 return false;
265 }
266
267 size_t resp_size = sizeof(struct get_bp_info_rsp);
268
269 if (!heci_send_receive(&info_req, sizeof(info_req), bp_info_rsp, &resp_size)) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]270 printk(BIOS_ERR, "cse_lite: Could not get partition info\n");
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]271 return false;
272 }
273
274 if (bp_info_rsp->hdr.result) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]275 printk(BIOS_ERR, "cse_lite: Get partition info resp failed: %d\n",
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]276 bp_info_rsp->hdr.result);
277 return false;
278 }
279
280 cse_print_boot_partition_info(&bp_info_rsp->bp_info);
281
282 return true;
283}
284/*
285 * It sends HECI command to notify CSE about its next boot partition. When coreboot wants
286 * CSE to boot from certain partition (BP1 <RO> or BP2 <RW>), then this command can be used.
287 * The CSE's valid bootable partitions are BP1(RO) and BP2(RW).
288 * This function must be used before EOP.
289 * Returns false on failure and true on success.
290 */
291static bool cse_set_next_boot_partition(enum boot_partition_id bp)
292{
293 struct set_boot_partition_info_req {
294 struct mkhi_hdr hdr;
295 uint8_t next_bp;
296 uint8_t reserved[3];
297 } __packed;
298
299 struct set_boot_partition_info_req switch_req = {
300 .hdr.group_id = MKHI_GROUP_ID_BUP_COMMON,
301 .hdr.command = MKHI_BUP_COMMON_SET_BOOT_PARTITION_INFO,
302 .next_bp = bp,
303 .reserved = {0},
304 };
305
306 if (bp != RO && bp != RW) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]307 printk(BIOS_ERR, "cse_lite: Incorrect partition id(%d) is provided", bp);
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]308 return false;
309 }
310
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]311 printk(BIOS_INFO, "cse_lite: Set Boot Partition Info Command (%s)\n", GET_BP_STR(bp));
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]312
313 if (!cse_is_bp_cmd_info_possible()) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]314 printk(BIOS_ERR, "cse_lite: CSE does not meet prerequisites\n");
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]315 return false;
316 }
317
318 struct mkhi_hdr switch_resp;
319 size_t sw_resp_sz = sizeof(struct mkhi_hdr);
320
321 if (!heci_send_receive(&switch_req, sizeof(switch_req), &switch_resp, &sw_resp_sz))
322 return false;
323
324 if (switch_resp.result) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]325 printk(BIOS_ERR, "cse_lite: Set Boot Partition Info Response Failed: %d\n",
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]326 switch_resp.result);
327 return false;
328 }
329
330 return true;
331}
332
V Sowmyaf9905522020-11-12 20:19:04 +0530[diff] [blame]333static bool cse_data_clear_request(const struct cse_bp_info *cse_bp_info)
334{
335 struct data_clr_request {
336 struct mkhi_hdr hdr;
337 uint8_t reserved[4];
338 } __packed;
339
340 struct data_clr_request data_clr_rq = {
341 .hdr.group_id = MKHI_GROUP_ID_BUP_COMMON,
342 .hdr.command = MKHI_BUP_COMMON_DATA_CLEAR,
343 .reserved = {0},
344 };
345
346 if (!cse_is_hfs1_cws_normal() || !cse_is_hfs1_com_soft_temp_disable() ||
347 cse_get_current_bp(cse_bp_info) != RO) {
348 printk(BIOS_ERR, "cse_lite: CSE doesn't meet DATA CLEAR cmd prerequisites\n");
349 return false;
350 }
351
352 printk(BIOS_DEBUG, "cse_lite: Sending DATA CLEAR HECI command\n");
353
354 struct mkhi_hdr data_clr_rsp;
355 size_t data_clr_rsp_sz = sizeof(data_clr_rsp);
356
357 if (!heci_send_receive(&data_clr_rq, sizeof(data_clr_rq), &data_clr_rsp,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]358 &data_clr_rsp_sz)) {
V Sowmyaf9905522020-11-12 20:19:04 +0530[diff] [blame]359 return false;
360 }
361
362 if (data_clr_rsp.result) {
363 printk(BIOS_ERR, "cse_lite: CSE DATA CLEAR command response failed: %d\n",
364 data_clr_rsp.result);
365 return false;
366 }
367
368 return true;
369}
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]370
Karthikeyan Ramasubramanianf9cc6372020-08-04 16:38:58 -0600[diff] [blame]371__weak void cse_board_reset(void)
372{
373 /* Default weak implementation, does nothing. */
374}
375
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]376/* Set the CSE's next boot partition and issues system reset */
377static bool cse_set_and_boot_from_next_bp(enum boot_partition_id bp)
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]378{
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]379 if (!cse_set_next_boot_partition(bp))
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]380 return false;
381
Karthikeyan Ramasubramanianf9cc6372020-08-04 16:38:58 -0600[diff] [blame]382 /* Allow the board to perform a reset for CSE RO<->RW jump */
383 cse_board_reset();
384
385 /* If board does not perform the reset, then perform global_reset */
Furquan Shaikhb13bd1e2020-09-21 22:44:27 +0000[diff] [blame]386 do_global_reset();
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]387
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]388 die("cse_lite: Failed to reset the system\n");
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]389
390 /* Control never reaches here */
391 return false;
392}
393
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]394static bool cse_boot_to_rw(const struct cse_bp_info *cse_bp_info)
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]395{
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]396 if (cse_get_current_bp(cse_bp_info) == RW)
397 return true;
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]398
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]399 return cse_set_and_boot_from_next_bp(RW);
400}
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]401
V Sowmyaf9905522020-11-12 20:19:04 +0530[diff] [blame]402/* Check if CSE RW data partition is valid or not */
403static bool cse_is_rw_dp_valid(const struct cse_bp_info *cse_bp_info)
404{
405 const struct cse_bp_entry *rw_bp;
406
407 rw_bp = cse_get_bp_entry(RW, cse_bp_info);
408 return rw_bp->status != BP_STATUS_DATA_FAILURE;
409}
410
411/*
412 * It returns true if RW partition doesn't indicate BP_STATUS_DATA_FAILURE
413 * otherwise false if any operation fails.
414 */
415static bool cse_fix_data_failure_err(const struct cse_bp_info *cse_bp_info)
416{
417 /*
418 * If RW partition status indicates BP_STATUS_DATA_FAILURE,
419 * - Send DATA CLEAR HECI command to CSE
420 * - Send SET BOOT PARTITION INFO(RW) command to set CSE's next partition
421 * - Issue GLOBAL RESET HECI command.
422 */
423 if (cse_is_rw_dp_valid(cse_bp_info))
424 return true;
425
426 if (!cse_data_clear_request(cse_bp_info))
427 return false;
428
429 return cse_boot_to_rw(cse_bp_info);
430}
431
V Sowmyaf9905522020-11-12 20:19:04 +0530[diff] [blame]432static const struct fw_version *cse_get_bp_entry_version(enum boot_partition_id bp,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]433 const struct cse_bp_info *bp_info)
V Sowmyaf9905522020-11-12 20:19:04 +0530[diff] [blame]434{
435 const struct cse_bp_entry *cse_bp;
436
437 cse_bp = cse_get_bp_entry(bp, bp_info);
438 return &cse_bp->fw_ver;
439}
440
441static const struct fw_version *cse_get_rw_version(const struct cse_bp_info *cse_bp_info)
442{
443 return cse_get_bp_entry_version(RW, cse_bp_info);
444}
445
446static void cse_get_bp_entry_range(const struct cse_bp_info *cse_bp_info,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]447 enum boot_partition_id bp, uint32_t *start_offset, uint32_t *end_offset)
V Sowmyaf9905522020-11-12 20:19:04 +0530[diff] [blame]448{
449 const struct cse_bp_entry *cse_bp;
450
451 cse_bp = cse_get_bp_entry(bp, cse_bp_info);
452
453 if (start_offset)
454 *start_offset = cse_bp->start_offset;
455
456 if (end_offset)
457 *end_offset = cse_bp->end_offset;
458
459}
460
461static bool cse_is_rw_bp_status_valid(const struct cse_bp_info *cse_bp_info)
462{
463 const struct cse_bp_entry *rw_bp;
464
465 rw_bp = cse_get_bp_entry(RW, cse_bp_info);
466
467 if (rw_bp->status == BP_STATUS_PARTITION_NOT_PRESENT ||
468 rw_bp->status == BP_STATUS_GENERAL_FAILURE) {
469 printk(BIOS_ERR, "cse_lite: RW BP (status:%u) is not valid\n", rw_bp->status);
470 return false;
471 }
472 return true;
473}
474
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]475static bool cse_boot_to_ro(const struct cse_bp_info *cse_bp_info)
476{
477 if (cse_get_current_bp(cse_bp_info) == RO)
478 return true;
479
480 return cse_set_and_boot_from_next_bp(RO);
481}
482
483static bool cse_get_rw_rdev(struct region_device *rdev)
484{
485 if (fmap_locate_area_as_rdev_rw(CONFIG_SOC_INTEL_CSE_FMAP_NAME, rdev) < 0) {
486 printk(BIOS_ERR, "cse_lite: Failed to locate %s in FMAP\n",
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]487 CONFIG_SOC_INTEL_CSE_FMAP_NAME);
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]488 return false;
489 }
490
491 return true;
492}
493
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]494static bool cse_is_rw_bp_sign_valid(const struct region_device *target_rdev)
495{
496 uint32_t cse_bp_sign;
497
498 if (rdev_readat(target_rdev, &cse_bp_sign, 0, CSE_RW_SIGN_SIZE) != CSE_RW_SIGN_SIZE) {
499 printk(BIOS_ERR, "cse_lite: Failed to read RW boot partition signature\n");
500 return false;
501 }
502
503 return cse_bp_sign == CSE_RW_SIGNATURE;
504}
505
506static bool cse_get_target_rdev(const struct cse_bp_info *cse_bp_info,
507 struct region_device *target_rdev)
508{
509 struct region_device cse_region_rdev;
510 size_t size;
511 uint32_t start_offset;
512 uint32_t end_offset;
513
514 if (!cse_get_rw_rdev(&cse_region_rdev))
515 return false;
516
517 cse_get_bp_entry_range(cse_bp_info, RW, &start_offset, &end_offset);
518 size = end_offset + 1 - start_offset;
519
520 if (rdev_chain(target_rdev, &cse_region_rdev, start_offset, size))
521 return false;
522
523 printk(BIOS_DEBUG, "cse_lite: CSE RW partition: offset = 0x%x, size = 0x%x\n",
524 (uint32_t)start_offset, (uint32_t) size);
525
526 return true;
527}
528
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]529static const char *cse_get_source_rdev_fmap(void)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]530{
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]531 struct vb2_context *ctx = vboot_get_context();
532 if (ctx == NULL)
533 return NULL;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]534
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]535 if (vboot_is_firmware_slot_a(ctx))
536 return CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME;
537
538 return CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME;
539}
540
541static bool cse_get_source_rdev(struct region_device *rdev)
542{
543 const char *reg_name;
544 uint32_t cbfs_type = CBFS_TYPE_RAW;
545 struct cbfsf fh;
546
547 reg_name = cse_get_source_rdev_fmap();
548
549 if (reg_name == NULL)
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]550 return false;
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]551
552 if (cbfs_locate_file_in_region(&fh, reg_name, CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME,
553 &cbfs_type) < 0)
554 return false;
555
556 cbfs_file_data(rdev, &fh);
557
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]558 return true;
559}
560
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]561/*
562 * Compare versions of CSE CBFS RW and CSE RW partition
563 * If ver_cmp_status = 0, no update is required
564 * If ver_cmp_status < 0, coreboot downgrades CSE RW region
565 * If ver_cmp_status > 0, coreboot upgrades CSE RW region
566 */
567static int cse_check_version_mismatch(const struct cse_bp_info *cse_bp_info,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]568 const struct cse_rw_metadata *source_metadata)
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]569{
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]570 const struct fw_version *cse_rw_ver;
571
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]572 printk(BIOS_DEBUG, "cse_lite: CSE CBFS RW version : %d.%d.%d.%d\n",
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]573 source_metadata->version.major,
574 source_metadata->version.minor,
575 source_metadata->version.hotfix,
576 source_metadata->version.build);
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]577
578 cse_rw_ver = cse_get_rw_version(cse_bp_info);
579
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]580 if (source_metadata->version.major != cse_rw_ver->major)
581 return source_metadata->version.major - cse_rw_ver->major;
582 else if (source_metadata->version.minor != cse_rw_ver->minor)
583 return source_metadata->version.minor - cse_rw_ver->minor;
584 else if (source_metadata->version.hotfix != cse_rw_ver->hotfix)
585 return source_metadata->version.hotfix - cse_rw_ver->hotfix;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]586 else
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]587 return source_metadata->version.build - cse_rw_ver->build;
588}
589
590/* The function calculates SHA-256 of CSE RW blob and compares it with the provided SHA value */
591static bool cse_verify_cbfs_rw_sha256(const uint8_t *expected_rw_blob_sha,
592 const void *rw_blob, const size_t rw_blob_sz)
593
594{
595 uint8_t rw_comp_sha[VB2_SHA256_DIGEST_SIZE];
596
597 if (vb2_digest_buffer(rw_blob, rw_blob_sz, VB2_HASH_SHA256, rw_comp_sha,
598 VB2_SHA256_DIGEST_SIZE)) {
599 printk(BIOS_ERR, "cse_lite: CSE CBFS RW's SHA-256 calculation has failed\n");
600 return false;
601 }
602
603 if (memcmp(expected_rw_blob_sha, rw_comp_sha, VB2_SHA256_DIGEST_SIZE)) {
604 printk(BIOS_ERR, "cse_lite: Computed CBFS RW's SHA-256 does not match with"
605 "the provided SHA in the metadata\n");
606 return false;
607 }
608 printk(BIOS_SPEW, "cse_lite: Computed SHA of CSE CBFS RW Image matches the"
609 " provided hash in the metadata\n");
610 return true;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]611}
612
613static bool cse_erase_rw_region(const struct region_device *target_rdev)
614{
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]615 if (rdev_eraseat(target_rdev, 0, region_device_sz(target_rdev)) < 0) {
616 printk(BIOS_ERR, "cse_lite: CSE RW partition could not be erased\n");
617 return false;
618 }
619 return true;
620}
621
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]622static bool cse_copy_rw(const struct region_device *target_rdev, const void *buf,
623 size_t offset, size_t size)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]624{
625 if (rdev_writeat(target_rdev, buf, offset, size) < 0) {
626 printk(BIOS_ERR, "cse_lite: Failed to update CSE firmware\n");
627 return false;
628 }
629
630 return true;
631}
632
633static bool cse_is_rw_version_latest(const struct cse_bp_info *cse_bp_info,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]634 const struct cse_rw_metadata *source_metadata)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]635{
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]636 return !cse_check_version_mismatch(cse_bp_info, source_metadata);
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]637}
638
Sridhar Siricilla2f6d5552020-04-19 23:39:02 +0530[diff] [blame]639static bool cse_is_downgrade_instance(const struct cse_bp_info *cse_bp_info,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]640 const struct cse_rw_metadata *source_metadata)
Sridhar Siricilla2f6d5552020-04-19 23:39:02 +0530[diff] [blame]641{
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]642 return cse_check_version_mismatch(cse_bp_info, source_metadata) < 0;
Sridhar Siricilla2f6d5552020-04-19 23:39:02 +0530[diff] [blame]643}
644
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]645static bool cse_is_update_required(const struct cse_bp_info *cse_bp_info,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]646 const struct cse_rw_metadata *source_metadata,
647 struct region_device *target_rdev)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]648{
649 return (!cse_is_rw_bp_sign_valid(target_rdev) ||
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]650 !cse_is_rw_version_latest(cse_bp_info, source_metadata));
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]651}
652
653static bool cse_write_rw_region(const struct region_device *target_rdev,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]654 const void *cse_cbfs_rw, const size_t cse_cbfs_rw_sz)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]655{
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]656 /* Points to CSE CBFS RW image after boot partition signature */
657 uint8_t *cse_cbfs_rw_wo_sign = (uint8_t *)cse_cbfs_rw + CSE_RW_SIGN_SIZE;
658
659 /* Size of CSE CBFS RW image without boot partition signature */
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]660 uint32_t cse_cbfs_rw_wo_sign_sz = cse_cbfs_rw_sz - CSE_RW_SIGN_SIZE;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]661
662 /* Update except CSE RW signature */
663 if (!cse_copy_rw(target_rdev, cse_cbfs_rw_wo_sign, CSE_RW_SIGN_SIZE,
664 cse_cbfs_rw_wo_sign_sz))
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]665 return false;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]666
667 /* Update CSE RW signature to indicate update is complete */
668 if (!cse_copy_rw(target_rdev, (void *)cse_cbfs_rw, 0, CSE_RW_SIGN_SIZE))
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]669 return false;
670
671 printk(BIOS_INFO, "cse_lite: CSE RW Update Successful\n");
672 return true;
673}
674
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]675static enum csme_failure_reason cse_update_rw(const struct cse_bp_info *cse_bp_info,
676 const void *cse_cbfs_rw, const size_t cse_blob_sz,
677 struct region_device *target_rdev)
678{
Sridhar Siricillaabeb6882020-12-07 15:55:10 +0530[diff] [blame]679 if (region_device_sz(target_rdev) < cse_blob_sz) {
680 printk(BIOS_ERR, "RW update does not fit. CSE RW flash region size: %zx, Update blob size:%zx\n",
681 region_device_sz(target_rdev), cse_blob_sz);
682 return CSE_LITE_SKU_LAYOUT_MISMATCH_ERROR;
683 }
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]684
685 if (!cse_erase_rw_region(target_rdev))
686 return CSE_LITE_SKU_FW_UPDATE_ERROR;
687
688 if (!cse_write_rw_region(target_rdev, cse_cbfs_rw, cse_blob_sz))
689 return CSE_LITE_SKU_FW_UPDATE_ERROR;
690
691 return CSE_LITE_SKU_NO_ERROR;
692}
693
Sridhar Siricilla2f6d5552020-04-19 23:39:02 +0530[diff] [blame]694static bool cse_prep_for_rw_update(const struct cse_bp_info *cse_bp_info,
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]695 const struct cse_rw_metadata *source_metadata)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]696{
697 /*
698 * To set CSE's operation mode to HMRFPO mode:
699 * 1. Ensure CSE to boot from RO(BP1)
700 * 2. Send HMRFPO_ENABLE command to CSE
701 */
702 if (!cse_boot_to_ro(cse_bp_info))
703 return false;
704
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]705 if (cse_is_downgrade_instance(cse_bp_info, source_metadata) &&
Sridhar Siricilla2f6d5552020-04-19 23:39:02 +0530[diff] [blame]706 !cse_data_clear_request(cse_bp_info)) {
707 printk(BIOS_ERR, "cse_lite: CSE FW downgrade is aborted\n");
708 return false;
709 }
710
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]711 return cse_hmrfpo_enable();
712}
713
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]714static enum csme_failure_reason cse_trigger_fw_update(const struct cse_bp_info *cse_bp_info,
715 const struct cse_rw_metadata *source_metadata,
716 struct region_device *target_rdev)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]717{
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]718 struct region_device source_rdev;
719 enum csme_failure_reason rv;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]720
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]721 if (!cse_get_source_rdev(&source_rdev))
722 return CSE_LITE_SKU_RW_BLOB_NOT_FOUND;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]723
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]724 void *cse_cbfs_rw = rdev_mmap_full(&source_rdev);
725
726 if (!cse_cbfs_rw) {
727 printk(BIOS_ERR, "cse_lite: CSE CBFS RW blob could not be mapped\n");
728 return CSE_LITE_SKU_RW_BLOB_NOT_FOUND;
729 }
730
731 if (!cse_verify_cbfs_rw_sha256(source_metadata->sha256, cse_cbfs_rw,
732 region_device_sz(&source_rdev))) {
733 rv = CSE_LITE_SKU_RW_BLOB_SHA256_MISMATCH;
734 goto error_exit;
735 }
736
737 if (!cse_prep_for_rw_update(cse_bp_info, source_metadata)) {
738 rv = CSE_LITE_SKU_COMMUNICATION_ERROR;
739 goto error_exit;
740 }
741
742 rv = cse_update_rw(cse_bp_info, cse_cbfs_rw, region_device_sz(&source_rdev),
743 target_rdev);
744
745error_exit:
746 rdev_munmap(&source_rdev, cse_cbfs_rw);
747 return rv;
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]748}
749
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]750static uint8_t cse_fw_update(const struct cse_bp_info *cse_bp_info)
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]751{
752 struct region_device target_rdev;
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]753 struct cse_rw_metadata source_metadata;
754
755 /* Read CSE CBFS RW metadata */
V Sowmya13695162020-12-04 09:40:12 +0530[diff] [blame]756 if (cbfs_load(CONFIG_SOC_INTEL_CSE_RW_METADATA_CBFS_NAME, &source_metadata,
757 sizeof(source_metadata)) != sizeof(source_metadata)) {
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]758 printk(BIOS_ERR, "cse_lite: Failed to get CSE CBFS RW metadata\n");
759 return CSE_LITE_SKU_RW_METADATA_NOT_FOUND;
760 }
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]761
762 if (!cse_get_target_rdev(cse_bp_info, &target_rdev)) {
763 printk(BIOS_ERR, "cse_lite: Failed to get CSE RW Partition\n");
764 return CSE_LITE_SKU_RW_ACCESS_ERROR;
765 }
766
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]767 if (cse_is_update_required(cse_bp_info, &source_metadata, &target_rdev)) {
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]768 printk(BIOS_DEBUG, "cse_lite: CSE RW update is initiated\n");
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]769 return cse_trigger_fw_update(cse_bp_info, &source_metadata, &target_rdev);
Rizwan Qureshiec321092019-09-06 20:28:43 +0530[diff] [blame]770 }
771
772 if (!cse_is_rw_bp_status_valid(cse_bp_info))
773 return CSE_LITE_SKU_RW_JUMP_ERROR;
774
775 return 0;
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]776}
777
Sridhar Siricilla1a2b7022020-12-04 02:22:28 +0530[diff] [blame]778void cse_fw_sync(void)
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]779{
780 static struct get_bp_info_rsp cse_bp_info;
781
782 if (vboot_recovery_mode_enabled()) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]783 printk(BIOS_DEBUG, "cse_lite: Skip switching to RW in the recovery path\n");
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]784 return;
785 }
786
Sridhar Siricilla99dbca32020-05-12 21:05:04 +0530[diff] [blame]787 /* If CSE SKU type is not Lite, skip enabling CSE Lite SKU */
788 if (!cse_is_hfs3_fw_sku_lite()) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]789 printk(BIOS_ERR, "cse_lite: Not a CSE Lite SKU\n");
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]790 return;
791 }
792
793 if (!cse_get_bp_info(&cse_bp_info)) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]794 printk(BIOS_ERR, "cse_lite: Failed to get CSE boot partition info\n");
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]795 cse_trigger_recovery(CSE_LITE_SKU_COMMUNICATION_ERROR);
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]796 }
797
Sridhar Siricilla2f6d5552020-04-19 23:39:02 +0530[diff] [blame]798 if (!cse_fix_data_failure_err(&cse_bp_info.bp_info))
799 cse_trigger_recovery(CSE_LITE_SKU_DATA_WIPE_ERROR);
800
Sridhar Siricilla361e3642020-10-18 20:14:07 +0530[diff] [blame]801 /*
802 * If SOC_INTEL_CSE_RW_UPDATE is defined , then trigger CSE firmware update. The driver
803 * triggers recovery if CSE CBFS RW metadata or CSE CBFS RW blob is not available.
804 */
Sridhar Siricilla4c2890d2020-12-09 00:28:30 +0530[diff] [blame]805 if (CONFIG(SOC_INTEL_CSE_RW_UPDATE)) {
806 uint8_t rv;
807 rv = cse_fw_update(&cse_bp_info.bp_info);
808 if (rv)
809 cse_trigger_recovery(rv);
810 }
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]811
812 if (!cse_boot_to_rw(&cse_bp_info.bp_info)) {
Sridhar Siricilla9f71b172020-06-01 14:50:52 +0530[diff] [blame]813 printk(BIOS_ERR, "cse_lite: Failed to switch to RW\n");
Sridhar Siricilla87e36c42020-05-03 19:08:18 +0530[diff] [blame]814 cse_trigger_recovery(CSE_LITE_SKU_RW_SWITCH_ERROR);
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]815 }
Sridhar Siricillaf87ff332019-09-12 17:18:20 +0530[diff] [blame]816}