vboot2: add verstage

Verstage will host vboot2 for firmware verification.
It's a stage in the sense that it has its own set of toolchains, compiler flags,
and includes. This allows us to easily add object files as needed. But
it's directly linked to bootblock. This allows us to avoid code
duplication for stage loading and jumping (e.g. cbfs driver) for the boards
where bootblock has to run in a different architecture (e.g. Tegra124).
To avoid name space conflict, verstage symbols are prefixed with verstage_.

TEST=Built with VBOOT2_VERIFY_FIRMWARE on/off. Booted Nyan Blaze.
BUG=None
BRANCH=none

Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Change-Id: Iad57741157ec70426c676e46c5855e6797ac1dac
Original-Reviewed-on: https://chromium-review.googlesource.com/204376
Original-Reviewed-by: Randall Spangler <rspangler@chromium.org>

(cherry picked from commit 27940f891678dae975b68f2fc729ad7348192af3)
Signed-off-by: Marc Jones <marc.jones@se-eng.com>

Change-Id: I42b2b3854a24ef6cda2316eb741ca379f41516e0
Reviewed-on: http://review.coreboot.org/8159
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Tested-by: build bot (Jenkins)

12 files changed, 57 insertions, 4 deletions

diff --git a/Makefile.inc b/Makefile.inc
index b0289c00ef..0c6aafa4dd 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -75,7 +75,7 @@ subdirs-y += site-local
 
 #######################################################################
 # Add source classes and their build options
-classes-y := ramstage romstage bootblock smm smmstub cpu_microcode
+classes-y := ramstage romstage bootblock smm smmstub cpu_microcode verstage
 
 # Add dynamic classes for rmodules
 $(foreach supported_arch,$(ARCH_SUPPORTED), \
@@ -128,6 +128,8 @@ ramstage-postprocess=$(foreach d,$(sort $(dir $(1))), \
 	$(eval $(d)ramstage.o: $(call files-in-dir,$(d),$(1)); $$(LD_ramstage) -o $$@ -r $$^ ) \
 	$(eval ramstage-objs:=$(d)ramstage.o $(filter-out $(call files-in-dir,$(d),$(1)),$(ramstage-objs))))
 
+verstage-c-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
+verstage-S-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
 romstage-c-ccopts:=-D__PRE_RAM__
 romstage-S-ccopts:=-D__PRE_RAM__
 ifeq ($(CONFIG_TRACE),y)
@@ -162,6 +164,7 @@ endif
 
 ramstage-c-deps:=$$(OPTION_TABLE_H)
 romstage-c-deps:=$$(OPTION_TABLE_H)
+verstage-c-deps:=$$(OPTION_TABLE_H)
 bootblock-c-deps:=$$(OPTION_TABLE_H)
 smm-c-deps:=$$(OPTION_TABLE_H)
 
@@ -374,6 +377,10 @@ $(obj)/%.romstage.o $(abspath $(obj))/%.romstage.o: $(obj)/%.c $(obj)/config.h $
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_romstage) -MMD $(CFLAGS_romstage) $(CPPFLAGS_romstage) $(romstage-c-ccopts) -c -o $@ $<
 
+$(obj)/%.verstage.o $(abspath $(obj))/%.verstage.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
+	@printf "    CC         $(subst $(obj)/,,$(@))\n"
+	$(CC_verstage) -MMD $(CFLAGS_verstage) $(verstage-c-ccopts) -c -o $@ $<
+
 $(obj)/%.bootblock.o $(abspath $(obj))/%.bootblock.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_bootblock) -MMD $(CFLAGS_bootblock) $(CPPFLAGS_bootblock) $(bootblock-c-ccopts) -c -o $@ $<
diff --git a/src/arch/arm/Kconfig b/src/arch/arm/Kconfig
index 156c8c227e..f73ad279f1 100644
--- a/src/arch/arm/Kconfig
+++ b/src/arch/arm/Kconfig
@@ -3,6 +3,10 @@ config ARCH_BOOTBLOCK_ARM
 	default n
 	select ARCH_ARM
 
+config ARCH_VERSTAGE_ARM
+  bool
+  default n
+
 config ARCH_ROMSTAGE_ARM
 	bool
 	default n
diff --git a/src/arch/arm/Makefile.inc b/src/arch/arm/Makefile.inc
index 5698f38c9b..ba7fb60206 100644
--- a/src/arch/arm/Makefile.inc
+++ b/src/arch/arm/Makefile.inc
@@ -61,7 +61,7 @@ bootblock-y += memcpy.S
 bootblock-y += memmove.S
 bootblock-y += div0.c
 
-$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs)
+$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs) $$(VERSTAGE_LIB) 
 	@printf "    LINK       $(subst $(obj)/,,$(@))\n"
 	$(LD_bootblock) --gc-sections -static -o $@ -L$(obj) --start-group $(bootblock-objs) --end-group -T $(src)/arch/arm/bootblock.ld
 
diff --git a/src/arch/arm/armv7/Kconfig b/src/arch/arm/armv7/Kconfig
index f8e0205c40..aa188e2764 100644
--- a/src/arch/arm/armv7/Kconfig
+++ b/src/arch/arm/armv7/Kconfig
@@ -2,6 +2,10 @@ config ARCH_BOOTBLOCK_ARMV7
 	def_bool n
 	select ARCH_BOOTBLOCK_ARM
 
+config ARCH_VERSTAGE_ARMV7
+	def_bool n
+	select ARCH_VERSTAGE_ARM
+
 config ARCH_ROMSTAGE_ARMV7
 	def_bool n
 	select ARCH_ROMSTAGE_ARM
diff --git a/src/soc/nvidia/tegra124/Kconfig b/src/soc/nvidia/tegra124/Kconfig
index 195261e2e4..ea946e6583 100644
--- a/src/soc/nvidia/tegra124/Kconfig
+++ b/src/soc/nvidia/tegra124/Kconfig
@@ -2,6 +2,7 @@ config SOC_NVIDIA_TEGRA124
 	bool
 	default n
 	select ARCH_BOOTBLOCK_ARMV4
+	select ARCH_VERSTAGE_ARMV7
 	select ARCH_ROMSTAGE_ARMV7
 	select ARCH_RAMSTAGE_ARMV7
 	select HAVE_UART_SPECIAL
diff --git a/src/soc/nvidia/tegra124/Makefile.inc b/src/soc/nvidia/tegra124/Makefile.inc
index 792bb9992b..b306412956 100644
--- a/src/soc/nvidia/tegra124/Makefile.inc
+++ b/src/soc/nvidia/tegra124/Makefile.inc
@@ -20,6 +20,8 @@ ifeq ($(CONFIG_BOOTBLOCK_CONSOLE),y)
 bootblock-$(CONFIG_CONSOLE_SERIAL) += uart.c
 endif
 
+verstage-y += verstage.c
+
 romstage-y += cbfs.c
 romstage-y += cbmem.c
 romstage-y += clock.c
diff --git a/src/soc/nvidia/tegra124/bootblock.c b/src/soc/nvidia/tegra124/bootblock.c
index 2857a90ace..0456b488c9 100644
--- a/src/soc/nvidia/tegra124/bootblock.c
+++ b/src/soc/nvidia/tegra124/bootblock.c
@@ -23,10 +23,13 @@
 #include <console/console.h>
 #include <soc/clock.h>
 #include <soc/nvidia/tegra/apbmisc.h>
-
 #include "pinmux.h"
 #include "power.h"
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+#include "verstage.h"
+#endif
+
 void main(void)
 {
 	void *entry;
@@ -72,7 +75,11 @@ void main(void)
 	power_enable_cpu_rail();
 	power_ungate_cpu();
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+	entry = (void *)verstage_vboot_main;
+#else
 	entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, "fallback/romstage");
+#endif
 
 	if (entry)
 		clock_cpu0_config_and_reset(entry);
diff --git a/src/soc/nvidia/tegra124/verstage.c b/src/soc/nvidia/tegra124/verstage.c
new file mode 100644
index 0000000000..234a89d0b2
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.c
@@ -0,0 +1,9 @@
+#include "verstage.h"
+
+/**
+ * Stage entry point
+ */
+void vboot_main(void)
+{
+	for(;;);
+}
diff --git a/src/soc/nvidia/tegra124/verstage.h b/src/soc/nvidia/tegra124/verstage.h
new file mode 100644
index 0000000000..a0bac347c6
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.h
@@ -0,0 +1,2 @@
+void vboot_main(void);
+void verstage_vboot_main(void);
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 81567582c1..62d991b64d 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -85,6 +85,14 @@ config VBOOT_VERIFY_FIRMWARE
 	  Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
 	  and boot loader.
 
+config VBOOT2_VERIFY_FIRMWARE
+  bool "Firmware Verification with vboot2"
+  default n
+  depends on CHROMEOS
+  help
+	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
+	  and boot loader.
+
 config EC_SOFTWARE_SYNC
 	bool "Enable EC software sync"
 	default n
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index e17f50cd26..12d35b64c8 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -93,3 +93,12 @@ $(VB_LIB):
 		fwlib
 
 endif
+
+ifeq ($(CONFIG_VBOOT2_VERIFY_FIRMWARE),y)
+VERSTAGE_LIB = $(obj)/vendorcode/google/chromeos/verstage.a
+$(VERSTAGE_LIB): $$(verstage-objs)
+	@printf "    AR         $(subst $(obj)/,,$(@))\n"
+	$(AR_verstage) rc $@.tmp $(verstage-objs)
+	@printf "    OBJCOPY    $(subst $(obj)/,,$(@))\n"
+	$(OBJCOPY_verstage) --prefix-symbols=verstage_ $@.tmp $@
+endif
diff --git a/toolchain.inc b/toolchain.inc
index b54d95935b..bd8da83366 100644
--- a/toolchain.inc
+++ b/toolchain.inc
@@ -51,7 +51,7 @@ HOSTCXX:=CCC_CXX="$(HOSTCXX)" $(CXX)
 ROMCC=CCC_CC="$(ROMCC_BIN)" $(CC)
 endif
 
-COREBOOT_STANDARD_STAGES := bootblock romstage ramstage
+COREBOOT_STANDARD_STAGES := bootblock verstage romstage ramstage
 
 ARCHDIR-i386    := x86
 ARCHDIR-x86_32  := x86