Gitiles
Code Review Sign In
review.coreboot.org / coreboot / ad6157ebdfddc39b95e388487e00cadd2bbf368b / . / src / security / vboot / vboot_loader.c
blob: 1c4343bdc56a0d11627fe5395446b1b524e12add [file] [log] [blame]
Angel Pons986d50e2020-04-02 23:48:53 +0200[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0-only */
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]2
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]3#include <boot_device.h>
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]4#include <cbfs.h>
Elyes HAOUAS26a69212021-02-08 10:02:56 +0100[diff] [blame]5#include <cbmem.h>
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]6#include <commonlib/bsd/cbfs_private.h>
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]7#include <console/console.h>
Aaron Durbinf7ce40b2016-08-24 14:58:12 -0500[diff] [blame]8#include <ec/google/chromeec/ec.h>
Aaron Durbin09560fa2015-05-12 16:43:10 -0500[diff] [blame]9#include <rmodule.h>
Philipp Deppenwiesefea24292017-10-17 17:02:29 +0200[diff] [blame]10#include <security/vboot/misc.h>
11#include <security/vboot/symbols.h>
12#include <security/vboot/vboot_common.h>
Raul E Rangel170ac852021-06-09 15:39:19 -0600[diff] [blame]13#include <timestamp.h>
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]14
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]15/* Ensure vboot configuration is valid: */
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]16_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) +
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]17 CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK) +
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]18 CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1,
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]19 "vboot must start in bootblock, PSP or romstage (but only one!)");
20_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) || CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) ||
21 CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK),
22 "stand-alone verstage must start in or before bootblock ");
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]23_Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) ||
24 CONFIG(VBOOT_SEPARATE_VERSTAGE),
Julius Werner73d042b2017-03-17 16:54:48 -0700[diff] [blame]25 "return from verstage only makes sense for separate verstages");
26
Arthur Heymans344e86b2019-11-20 19:47:10 +0100[diff] [blame]27int vboot_executed;
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]28
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]29static void after_verstage(void)
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]30{
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]31 vboot_executed = 1; /* Mark verstage execution complete. */
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]32
33 const struct cbfs_boot_device *cbd = vboot_get_cbfs_boot_device();
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]34 if (!cbd) /* Can't initialize RW CBFS in recovery mode. */
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]35 return;
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]36
37 cb_err_t err = cbfs_init_boot_device(cbd, NULL); /* TODO: RW hash */
38 if (err && err != CB_CBFS_CACHE_FULL) /* TODO: -> recovery? */
39 die("RW CBFS initialization failure: %d", err);
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]40}
41
Wim Vervoorn1058dd82019-11-01 10:22:22 +0100[diff] [blame]42void vboot_run_logic(void)
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]43{
Paul Kocialkowski18117682016-05-14 15:30:52 +0200[diff] [blame]44 if (verification_should_run()) {
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]45 /* Note: this path is not used for VBOOT_RETURN_FROM_VERSTAGE */
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]46 verstage_main();
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]47 after_verstage();
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]48 } else if (verstage_should_load()) {
Aaron Durbinac12c66c2015-05-20 12:08:55 -0500[diff] [blame]49 struct prog verstage =
Aaron Durbin7e7a4df2015-12-08 14:34:35 -0600[diff] [blame]50 PROG_INIT(PROG_VERSTAGE,
Aaron Durbinac12c66c2015-05-20 12:08:55 -0500[diff] [blame]51 CONFIG_CBFS_PREFIX "/verstage");
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]52
Aaron Durbince2c50d2015-05-13 13:33:27 -0500[diff] [blame]53 printk(BIOS_DEBUG, "VBOOT: Loading verstage.\n");
54
Jakub Czapigaad6157e2022-02-15 11:50:31 +0100[diff] [blame^]55 timestamp_add_now(TS_COPYVER_START);
Aaron Durbin37a5d152015-09-17 16:09:30 -0500[diff] [blame]56 if (cbfs_prog_stage_load(&verstage))
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]57 die("failed to load verstage");
Jakub Czapigaad6157e2022-02-15 11:50:31 +0100[diff] [blame^]58 timestamp_add_now(TS_COPYVER_END);
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]59
60 /* verify and select a slot */
61 prog_run(&verstage);
62
63 /* This is not actually possible to hit this condition at
64 * runtime, but this provides a hint to the compiler for dead
65 * code elimination below. */
Julius Wernercd49cce2019-03-05 16:53:33 -0800[diff] [blame]66 if (!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]67 return;
68
Julius Wernerfdabf3f2020-05-06 17:06:35 -0700[diff] [blame]69 after_verstage();
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]70 }
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]71}
72
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]73const struct cbfs_boot_device *vboot_get_cbfs_boot_device(void)
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]74{
Aaron Durbin6d720f32015-12-08 17:00:23 -0600[diff] [blame]75 /* Don't honor vboot results until the vboot logic has run. */
Joel Kitchingaf8471c2019-03-13 22:38:07 +0800[diff] [blame]76 if (!vboot_logic_executed())
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]77 return NULL;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]78
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]79 static struct cbfs_boot_device cbd;
80 if (region_device_sz(&cbd.rdev))
81 return &cbd;
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]82
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]83 struct vb2_context *ctx = vboot_get_context();
Yu-Ping Wuaeb652a2019-11-14 15:42:25 +0800[diff] [blame]84 if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE)
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]85 return NULL;
Aaron Durbinb6981c02015-05-15 15:57:51 -0500[diff] [blame]86
Julius Werner1e37c9c2019-12-11 17:09:39 -0800[diff] [blame]87 boot_device_init();
88 if (vboot_locate_firmware(ctx, &cbd.rdev))
89 return NULL;
90
91 cbfs_boot_device_find_mcache(&cbd, CBMEM_ID_CBFS_RW_MCACHE);
92
93 return &cbd;
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]94}