Gitiles
Code Review Sign In
review.coreboot.org / coreboot / b6dfcb7d1848a5731a5e3bf732fcfdf07d4ed00a / . / src / security / vboot / Makefile.inc
blob: 1689efb1558226d4ef292333ad9241cdee125be0 [file] [log] [blame]
Patrick Georgic49d7a32020-05-08 22:50:46 +0200[diff] [blame]1## SPDX-License-Identifier: GPL-2.0-only
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]2
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]3ifeq ($(CONFIG_VBOOT_LIB),y)
4
Joel Kitchingec12bd02020-02-04 17:36:49 +0800[diff] [blame]5bootblock-y += vboot_lib.c
6verstage-y += vboot_lib.c
7romstage-y += vboot_lib.c
8ramstage-y += vboot_lib.c
9postcar-y += vboot_lib.c
10
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]11vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\
12 $(patsubst $(src)/%.h,$(top)/$(src)/%.h,\
13 $(filter-out -I$(obj),$(1))))
14
15# call with $1 = stage name to create rules for building the library
16# for the stage and adding it to the stage's set of object files.
17define vboot-for-stage
18VBOOT_LIB_$(1) = $(obj)/external/vboot_reference-$(1)/vboot_fw.a
19VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$(CPPFLAGS_$(1)))
20VBOOT_CFLAGS_$(1) += $$(CFLAGS_$(1))
21VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$($(1)-c-ccopts))
22VBOOT_CFLAGS_$(1) += -I$(abspath $(obj)) -Wno-missing-prototypes
23VBOOT_CFLAGS_$(1) += -DVBOOT_DEBUG
24
25$$(VBOOT_LIB_$(1)): $(obj)/config.h
26 printf " MAKE $(subst $(obj)/,,$(@))\n"
27 +FIRMWARE_ARCH=$$(ARCHDIR-$$(ARCH-$(1)-y)) \
28 CC="$$(CC_$(1))" \
29 CFLAGS="$$(VBOOT_CFLAGS_$(1))" VBOOT2="y" \
Sam McNallyeded5002020-03-04 16:08:06 +1100[diff] [blame]30 EC_EFS="$(CONFIG_VBOOT_EC_EFS)" \
Karthikeyan Ramasubramanian4f9853a2022-10-27 22:49:40 -0600[diff] [blame]31 X86_SHA_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_X86_32)$(CONFIG_ARCH_$(call toupper,$(1))_X86_64),$\
32 $(CONFIG_VBOOT_X86_SHA256_ACCELERATION))" \
Jeremy Compostellab6dfcb72023-11-27 14:56:29 -0800[diff] [blame^]33 VB2_X86_RSA_ACCELERATION="$(if $(CONFIG_ARCH_$(call toupper,$(1))_X86_32)$(CONFIG_ARCH_$(call toupper,$(1))_X86_64),$\
34 $(CONFIG_VBOOT_X86_RSA_ACCELERATION))" \
Yidi Linbd6b81d2023-01-31 15:18:57 +0800[diff] [blame]35 ARMV8_CRYPTO_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_ARMV8_64),$$(CONFIG_VBOOT_ARMV8_CE_SHA256_ACCELERATION))" \
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]36 $(MAKE) -C $(VBOOT_SOURCE) \
37 BUILD=$$(abspath $$(dir $$(VBOOT_LIB_$(1)))) \
38 V=$(V) \
Brian Norris6d301c82023-02-01 16:38:44 -0800[diff] [blame]39 USE_FLASHROM=0 \
Maximilian Brune1d7a9de2022-04-14 14:54:16 +0200[diff] [blame]40 fwlib \
Maximilian Brune5cbf45e2022-12-26 06:37:21 +0100[diff] [blame]41 $(if $(CONFIG_SBOM_VBOOT),$$(abspath $$(dir $$(VBOOT_LIB_$(1))))/vboot_host.pc)
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]42
Julius Wernera5954782023-12-06 16:08:06 -0800[diff] [blame]43.PHONY: $$(VBOOT_LIB_$(1))
44
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]45$(1)-srcs += $$(VBOOT_LIB_$(1))
46
47endef # vboot-for-stage
48
49$(eval $(call vboot-for-stage,bootblock))
Arthur Heymansa2bc2542021-05-29 08:10:49 +0200[diff] [blame]50ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y)
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]51$(eval $(call vboot-for-stage,romstage))
Arthur Heymansa2bc2542021-05-29 08:10:49 +0200[diff] [blame]52endif
Bill XIEcdf6f3a2019-12-17 15:56:43 +0800[diff] [blame]53$(eval $(call vboot-for-stage,ramstage))
54$(eval $(call vboot-for-stage,postcar))
55
56endif # CONFIG_VBOOT_LIB
57
Julius Werner5fc7c282017-03-17 14:29:10 -0700[diff] [blame]58ifeq ($(CONFIG_VBOOT),y)
59
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]60bootblock-y += bootmode.c
61romstage-y += bootmode.c
62ramstage-y += bootmode.c
63verstage-y += bootmode.c
64postcar-y += bootmode.c
65
Joel Kitchingd6f71d02019-02-21 12:37:55 +0800[diff] [blame]66verstage-generic-ccopts += -D__VERSTAGE__
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]67
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]68bootblock-y += vbnv.c
69verstage-y += vbnv.c
70romstage-y += vbnv.c
71ramstage-y += vbnv.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]72postcar-y += vbnv.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]73
Tim Wawrzynczakd6fc5572019-10-25 14:58:15 -0600[diff] [blame]74romstage-$(CONFIG_VBOOT_EARLY_EC_SYNC) += ec_sync.c
75
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]76bootblock-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
77verstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
78romstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
79ramstage-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]80postcar-$(CONFIG_VBOOT_VBNV_CMOS) += vbnv_cmos.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]81
82bootblock-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
83verstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
84romstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
85ramstage-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]86postcar-$(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH) += vbnv_flash.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]87
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]88bootblock-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
89verstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
90romstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
91ramstage-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
Jakub Czapiga967a76b2022-08-19 12:25:27 +0200[diff] [blame]92postcar-$(CONFIG_VBOOT_VBNV_FLASH) += vbnv_flash.c
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]93
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]94bootblock-y += vboot_loader.c
95romstage-y += vboot_loader.c
96ramstage-y += vboot_loader.c
97verstage-y += vboot_loader.c
Andrey Petrov60c64322016-04-14 14:12:47 -0700[diff] [blame]98postcar-y += vboot_loader.c
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]99
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]100bootblock-y += vboot_common.c
101verstage-y += vboot_common.c
102romstage-y += vboot_common.c
103ramstage-y += vboot_common.c
104postcar-y += vboot_common.c
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]105
Daisuke Nojiri54af6252014-11-04 12:32:29 -0800[diff] [blame]106bootblock-y += common.c
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]107verstage-y += vboot_logic.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]108verstage-y += common.c
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]109ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]110verstage-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += verstage.c
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]111endif
Furquan Shaikh2a12e2e2016-07-25 11:48:03 -0700[diff] [blame]112ifeq (${CONFIG_VBOOT_MOCK_SECDATA},y)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]113verstage-y += secdata_mock.c
Julius Wernerf0ebaf22020-04-27 13:57:05 -0700[diff] [blame]114romstage-y += secdata_mock.c
Sridhar Siricilla89ac87a2020-04-20 18:45:22 +0530[diff] [blame]115ramstage-y += secdata_mock.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]116else
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]117verstage-y += secdata_tpm.c
Julius Wernerf0ebaf22020-04-27 13:57:05 -0700[diff] [blame]118romstage-y += secdata_tpm.c
Sridhar Siricilla89ac87a2020-04-20 18:45:22 +0530[diff] [blame]119ramstage-y += secdata_tpm.c
Daisuke Nojiri5d302c72015-04-09 08:18:22 -0700[diff] [blame]120endif
Christian Walter0bd84ed2019-07-23 10:26:30 +0200[diff] [blame]121
Kyösti Mälkkif303b4f2021-05-27 19:33:57 +0300[diff] [blame]122verstage-$(CONFIG_TPM) += tpm_common.c
Christian Walter0bd84ed2019-07-23 10:26:30 +0200[diff] [blame]123
Joel Kitchingeb203202019-06-16 17:26:53 +0800[diff] [blame]124romstage-y += common.c
Daisuke Nojiri742fc8d2014-10-10 10:51:06 -0700[diff] [blame]125
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]126ramstage-y += common.c
Andrey Petrov60c64322016-04-14 14:12:47 -0700[diff] [blame]127postcar-y += common.c
Aaron Durbin17200ad2015-05-01 16:48:54 -0500[diff] [blame]128
Shelley Chen9f8ac642020-10-16 12:20:16 -0700[diff] [blame]129romstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
Shelley Chen1fed53f2020-10-16 12:30:05 -0700[diff] [blame]130ramstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
Philipp Deppenwiese80961af2018-02-27 22:14:34 +0100[diff] [blame]131
Matt DeVillier9ce755d2023-01-23 18:31:27 -0600[diff] [blame]132ramstage-$(CONFIG_SOC_AMD_GFX_CACHE_VBIOS_IN_FMAP) += vbios_cache_hash_tpm.c
133
Jeremy Compostellab6dfcb72023-11-27 14:56:29 -0800[diff] [blame^]134ifeq ($(CONFIG_VBOOT_X86_RSA_ACCELERATION),y)
135CPPFLAGS_common += -DVB2_X86_RSA_ACCELERATION
136endif
137
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]138ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
Furquan Shaikhb038f412016-11-07 23:47:11 -0800[diff] [blame]139
Werner Zeh3c6d9e12018-11-26 06:54:13 +0100[diff] [blame]140$(eval $(call vboot-for-stage,verstage))
Furquan Shaikhb038f412016-11-07 23:47:11 -0800[diff] [blame]141
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]142ifeq ($(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK),)
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]143cbfs-files-$(CONFIG_VBOOT_SEPARATE_VERSTAGE) += $(CONFIG_CBFS_PREFIX)/verstage
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]144$(CONFIG_CBFS_PREFIX)/verstage-file := $(objcbfs)/verstage.elf
145$(CONFIG_CBFS_PREFIX)/verstage-type := stage
Julius Werner09f29212015-09-29 13:51:35 -0700[diff] [blame]146$(CONFIG_CBFS_PREFIX)/verstage-compression := $(CBFS_PRERAM_COMPRESS_FLAG)
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]147endif # CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700[diff] [blame]148
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]149ifeq ($(CONFIG_ARCH_VERSTAGE_X86_32)$(CONFIG_ARCH_VERSTAGE_X86_64),y)
Jeremy Compostellab7832de2023-08-30 15:42:09 -0700[diff] [blame]150$(CONFIG_CBFS_PREFIX)/verstage-options := -a 64
151ifeq ($(CONFIG_NO_XIP_EARLY_STAGES),y)
152$(CONFIG_CBFS_PREFIX)/verstage-options += -S ".car.data"
153else
154$(CONFIG_CBFS_PREFIX)/verstage-options += -S ".car.data,.data"
155endif
Furquan Shaikh94b18a12016-05-04 23:25:16 -0700[diff] [blame]156
157# If CAR does not support execution of code, verstage on x86 is expected to be
158# xip.
159ifneq ($(CONFIG_NO_XIP_EARLY_STAGES),y)
160$(CONFIG_CBFS_PREFIX)/verstage-options += --xip
161endif
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]162
163endif
Patrick Rudolphd9c799c2019-02-19 10:57:16 +0100[diff] [blame]164$(CONFIG_CBFS_PREFIX)/verstage-options += $(TXTIBB)
Patrick Georgi1cab0122015-11-26 16:39:23 +0100[diff] [blame]165
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]166else # CONFIG_VBOOT_SEPARATE_VERSTAGE
Aaron Durbind1cf44c2015-05-08 15:58:06 -0500[diff] [blame]167ifeq ($(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),y)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]168postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
Aaron Durbin57e37282015-04-28 16:17:25 -0500[diff] [blame]169else
Arthur Heymansa2bc2542021-05-29 08:10:49 +0200[diff] [blame]170ifeq ($(CONFIG_SEPARATE_ROMSTAGE),y)
Julius Wernere91d1702017-03-20 15:32:15 -0700[diff] [blame]171postinclude-hooks += $$(eval romstage-srcs += $$(verstage-srcs))
Arthur Heymansa2bc2542021-05-29 08:10:49 +0200[diff] [blame]172else
173postinclude-hooks += $$(eval bootblock-srcs += $$(verstage-srcs))
174endif
Patrick Georgiefc6aa02015-04-27 18:13:50 +0200[diff] [blame]175endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]176endif # CONFIG_VBOOT_SEPARATE_VERSTAGE
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]177
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]178#RO-Partition is always there!
179VBOOT_PARTITIONS := COREBOOT
180# Check for RW_A partition
181ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)
182VBOOT_PARTITIONS += FW_MAIN_A
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]183RW_PARTITIONS := FW_MAIN_A
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]184endif
185# Check for RW_B partition
186ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)
187VBOOT_PARTITIONS += FW_MAIN_B
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]188RW_PARTITIONS += FW_MAIN_B
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]189endif
190
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]191# Return the regions a specific file should be placed in. The files listed below and the ones
Martin Roth63036712020-06-25 17:20:32 -0600[diff] [blame]192# that are specified in CONFIG_RO_REGION_ONLY, are only specified in the RO region. The files
193# specified in the CONFIG_RW_REGION_ONLY are placed in all RW regions. Files specified
194# in CONFIG_RWA_REGION_ONLY or CONFIG_RWB_REGION_ONLY get placed only in those sections.
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]195# All other files will be installed into RO and RW regions
196# Use $(sort) to cut down on extra spaces that would be translated to commas
197regions-for-file = $(subst $(spc),$(comma),$(sort \
Sridhar Siricilla77025b32020-07-23 23:41:36 +0530[diff] [blame]198 $(if $(value regions-for-file-$(1)), \
199 $(regions-for-file-$(1)), \
200 $(if $(filter $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)), \
Martin Roth8a3a3c82020-05-04 10:13:45 -0600[diff] [blame]201 %/romstage,) \
Arthur Heymans75226bb2022-03-30 20:16:36 +0200[diff] [blame]202 header_pointer \
203 cbfs_master_header \
Patrick Georgic8d4abd2016-01-20 15:54:31 +0100[diff] [blame]204 mts \
205 %/verstage \
Patrick Georgieda794d2016-02-05 11:01:24 +0100[diff] [blame]206 locales \
207 locale_%.bin \
208 font.bin \
209 vbgfx.bin \
Lee Leahy5e347522017-01-04 08:51:52 -0800[diff] [blame]210 rmu.bin \
Patrick Rudolph9554b262018-06-05 15:12:56 +0200[diff] [blame]211 cmos_layout.bin \
212 cmos.default \
Arthur Heymanseeacd832021-02-19 17:14:23 +0100[diff] [blame]213 intel_fit \
214 intel_fit_ts \
Arthur Heymansd6612a42021-05-03 13:29:22 +0200[diff] [blame]215 fspt.bin \
Arthur Heymanse714fc02023-04-05 14:24:59 +0200[diff] [blame]216 pagetables \
Martin Rothbbd5ee412017-10-05 13:53:16 -0600[diff] [blame]217 $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]218 ,$(1)),COREBOOT,\
219 $(if $(filter \
Sridhar Siricilla77025b32020-07-23 23:41:36 +0530[diff] [blame]220 $(call strip_quotes,$(CONFIG_RWA_REGION_ONLY)) \
221 ,$(1)), FW_MAIN_A, \
Martin Roth63036712020-06-25 17:20:32 -0600[diff] [blame]222 $(if $(filter \
223 $(call strip_quotes,$(CONFIG_RWB_REGION_ONLY)) \
224 ,$(1)), FW_MAIN_B, \
225 $(if $(filter \
Wim Vervoorna1c259b2019-11-01 10:47:01 +0100[diff] [blame]226 $(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \
227 ,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \
Sridhar Siricilla77025b32020-07-23 23:41:36 +0530[diff] [blame]228 ))))))
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]229
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]230CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
231CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
232CONFIG_VBOOT_KEYBLOCK := $(call strip_quotes,$(CONFIG_VBOOT_KEYBLOCK))
233CONFIG_VBOOT_FIRMWARE_PRIVKEY := $(call strip_quotes,$(CONFIG_VBOOT_FIRMWARE_PRIVKEY))
234CONFIG_VBOOT_KERNEL_KEY := $(call strip_quotes,$(CONFIG_VBOOT_KERNEL_KEY))
235CONFIG_VBOOT_FWID_MODEL := $(call strip_quotes,$(CONFIG_VBOOT_FWID_MODEL))
236CONFIG_VBOOT_FWID_VERSION := $(call strip_quotes,$(CONFIG_VBOOT_FWID_VERSION))
237
238# bool-to-mask(var, value)
239# return "value" if var is "y", 0 otherwise
240bool-to-mask = $(if $(filter y,$(1)),$(2),0)
241
242GBB_FLAGS := $(call int-add, \
243 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY),0x1) \
244 $(call bool-to-mask,$(CONFIG_GBB_FLAG_LOAD_OPTION_ROMS),0x2) \
245 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS),0x4) \
246 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON),0x8) \
247 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB),0x10) \
248 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK),0x20) \
249 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM),0x40) \
Joel Kitchinga904fd62021-02-19 18:10:58 +0800[diff] [blame]250 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW),0x80) \
Joel Kitching984d0c62019-12-04 15:33:57 +0800[diff] [blame]251 $(call bool-to-mask,$(CONFIG_GBB_FLAG_RUNNING_FAFT),0x100) \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]252 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC),0x200) \
Joel Kitchinga904fd62021-02-19 18:10:58 +0800[diff] [blame]253 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW),0x400) \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]254 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC),0x800) \
255 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN),0x1000) \
Julius Wernerae423852018-03-23 21:02:48 -0700[diff] [blame]256 $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY),0x4000) \
257 $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FWMP),0x8000) \
Eric Lai1cf24272021-01-29 16:14:37 +0800[diff] [blame]258 $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_UDC),0x10000) \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]259 )
260
261ifneq ($(CONFIG_GBB_BMPFV_FILE),)
262$(obj)/gbb.sizetmp: $(obj)/coreboot.rom
263 $(CBFSTOOL) $< read -r GBB -f $@
264
265$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY) $(obj)/gbb.sizetmp
266 @printf " CREATE GBB (with BMPFV)\n"
267 $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract,$(call file-size,$(obj)/gbb.sizetmp) 0x2180),0x1000 $@.tmp
268 mv $@.tmp $@
269else
270$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
271 @printf " CREATE GBB (without BMPFV)\n"
272 $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
273 mv $@.tmp $@
274endif
275
Hung-Te Lin117453e2019-09-27 12:23:20 +0800[diff] [blame]276# Generate a test-only HWID
277ifeq ($(CONFIG_GBB_HWID),)
278CONFIG_GBB_HWID := $$($(top)/util/chromeos/gen_test_hwid.sh "$(CONFIG_MAINBOARD_PART_NUMBER)")
279endif
280
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]281$(obj)/gbb.region: $(obj)/gbb.stub
282 @printf " SETUP GBB\n"
283 cp $< $@.tmp
284 $(FUTILITY) gbb_utility -s \
285 --hwid="$(CONFIG_GBB_HWID)" \
286 --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
287 --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
288 --flags=$(GBB_FLAGS) \
289 $@.tmp
290ifneq ($(CONFIG_GBB_BMPFV_FILE),)
291 $(FUTILITY) gbb_utility -s \
292 --bmpfv="$(CONFIG_GBB_BMPFV_FILE)" \
293 $@.tmp
294endif
295 mv $@.tmp $@
296
Raul E Rangel8c38a8b2018-08-06 16:13:14 -0600[diff] [blame]297$(obj)/fwid.version:
298 echo -n "$(CONFIG_VBOOT_FWID_VERSION)" > $@
299
300$(obj)/fwid.region: $(obj)/fwid.version
301 printf "%s%s\0" \
302 "$(CONFIG_VBOOT_FWID_MODEL)" \
Raul E Rangel128b0cf2018-08-09 12:30:39 -0600[diff] [blame]303 "$$(cat "$(obj)/fwid.version")" > $@
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]304
305build_complete:: $(obj)/gbb.region $(obj)/fwid.region
306 @printf " WRITE GBB\n"
307 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -i 0 -f $(obj)/gbb.region
308 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RO_FRID -i 0 -f $(obj)/fwid.region
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]309ifeq ($(CONFIG_VBOOT_SLOTS_RW_A),y)
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]310 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_A -i 0 -f $(obj)/fwid.region
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]311endif
312ifeq ($(CONFIG_VBOOT_SLOTS_RW_AB),y)
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]313 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r RW_FWID_B -i 0 -f $(obj)/fwid.region
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]314endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]315
316ifneq ($(shell grep "SHARED_DATA" "$(CONFIG_FMDFILE)"),)
317build_complete::
318 printf "\0" > $(obj)/shared_data.region
319 $(CBFSTOOL) $(obj)/coreboot.rom write -u -r SHARED_DATA -i 0 -f $(obj)/shared_data.region
320endif
321
Julius Werner5eda52a2022-05-19 14:37:21 -0700[diff] [blame]322fmap-section-offset-cmd = $(FUTILITY) dump_fmap -p $(obj)/coreboot.rom | \
323 grep '^$(1) ' | cut '-d ' -f2
Julius Werner39914a52022-08-01 15:04:44 -0700[diff] [blame]324fmap-section-size-cmd = $(FUTILITY) dump_fmap -p $(obj)/coreboot.rom | \
325 grep '^$(1) ' | cut '-d ' -f3
Julius Werner5eda52a2022-05-19 14:37:21 -0700[diff] [blame]326
327ifeq ($(CONFIG_VBOOT_GSCVD),y)
328#
329# vboot-gscvd-ranges
330#
331# This variable expands to the list of ranges that will be verified by the GSC
332# before releasing the SoC from reset. It needs to cover all security-relevant
333# ranges of the flash that CBFS verification cannot cover itself. By default
334# this is the `GBB` FMAP section (not handled here but through the special `-G`
335# parameter to `futility gscvd` below) and the bootblock. Here we are
336# initializing the variable to expansions that produce ranges for both the
337# `BOOTBLOCK` FMAP section (filled up to the real size of
338# `$(objcbfs)/bootblock.bin`) and the `bootblock` file in the primary CBFS --
339# only one of those two should normally exist on a given platform.
340#
341# Platforms where the bootblock isn't the first and only thing loaded by the
342# hardware or which otherwise have special security-relevant flash areas that
343# cannot be covered normally by CBFS verification will need to manually add
344# ranges to this variable in their own Makefiles, in the format produced by
345# printf("%x:%x", start_offset, size). The variable is only expanded once in a
346# recipe of the `files_added` target, so $(shell) expansions that depend on
347# inspecting $(obj)/coreboot.rom (or any of its dependencies) are valid.
348#
349vboot-gscvd-ranges += $(shell ( \
350 offset=$$($(call fmap-section-offset-cmd,BOOTBLOCK)) ;\
351 if [ -n "$$offset" ]; then \
352 size=$$(wc -c < $(objcbfs)/bootblock.bin) ;\
353 printf "%x:%x" $$offset $$size ;\
354 fi ;\
355))
356vboot-gscvd-ranges += $(shell ( \
357 line=$$($(CBFSTOOL) $(obj)/coreboot.rom print -k | grep '^bootblock[[:space:]]') ;\
358 if [ -n "$$line" ]; then \
359 cbfs_start=$$($(call fmap-section-offset-cmd,COREBOOT)) ;\
360 offset=$$(printf "$$line" | cut -f2) ;\
361 size=$$(printf "$$line" | cut -f6) ;\
362 printf "%x:%x" $$((cbfs_start + offset)) $$size ;\
363 fi ;\
364))
365files_added:: $(FUTILITY)
366 @printf " WRITE GSCVD\n"
367 gscvd_range_args="$(foreach range,$(vboot-gscvd-ranges),-R $(range))" ;\
368 if [ -z "$$gscvd_range_args" ]; then \
369 echo "ERROR: No valid GSCVD ranges detected in image!" ;\
370 exit 1 ;\
371 fi ;\
372 $(FUTILITY) gscvd -G $$gscvd_range_args -b $(CONFIG_VBOOT_GSC_BOARD_ID) \
373 -r "$(CONFIG_VBOOT_GSCVD_ROOT_PUBKEY)" \
374 -p "$(CONFIG_VBOOT_GSCVD_PLATFORM_PRIVKEY)" \
375 -k "$(CONFIG_VBOOT_GSCVD_PLATFORM_KEYBLOCK)" \
376 $(obj)/coreboot.rom
377endif
378
Jakub Czapiga190afda2022-07-25 14:24:06 +0200[diff] [blame]379ifneq (,$(filter y,$(CONFIG_VBOOT_SLOTS_RW_A) $(CONFIG_VBOOT_SLOTS_RW_AB)))
380files_added:: $(obj)/coreboot.rom $(FUTILITY) $(CBFSTOOL)
381 CBFSTOOL="$(CBFSTOOL)" \
382 $(FUTILITY) sign \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]383 --signprivate "$(CONFIG_VBOOT_FIRMWARE_PRIVKEY)" \
Jakub Czapiga190afda2022-07-25 14:24:06 +0200[diff] [blame]384 --keyblock "$(CONFIG_VBOOT_KEYBLOCK)" \
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]385 --kernelkey "$(CONFIG_VBOOT_KERNEL_KEY)" \
Jakub Czapiga190afda2022-07-25 14:24:06 +0200[diff] [blame]386 --version $(CONFIG_VBOOT_KEYBLOCK_VERSION) \
387 --flags $(CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS) \
388 $(obj)/coreboot.rom
389 if [ "$(CONFIG_VBOOT_SLOTS_RW_AB)" = 'y' ]; then \
390 printf " FLASHMAP Layout generated for RO, A and B partition.\n"; \
391 elif [ "$(CONFIG_VBOOT_SLOTS_RW_A)" = 'y' ]; then \
392 printf " FLASHMAP Layout generated for RO and A partition.\n"; \
393 fi
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]394else
Martin Roth372503f2023-12-08 00:43:23 -0700[diff] [blame]395show_notices::
Philipp Deppenwiesea558ca92018-07-28 23:30:49 +0200[diff] [blame]396 @printf " FLASHMAP Layout generated for RO partition only.\n"
397 @printf " Beware that there is no failure safety in case of update now!\n"
398endif
Julius Werner58c39382017-02-13 17:53:29 -0800[diff] [blame]399
Furquan Shaikh0325dc62016-07-25 13:02:36 -0700[diff] [blame]400endif # CONFIG_VBOOT