diff options
author | Joel Kitching <kitching@google.com> | 2019-12-13 13:34:56 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-12-19 10:54:41 +0000 |
commit | 7af82fb3b4f5a0afd080b9bc9e5002884ac26808 (patch) | |
tree | 4a213bf8f1e8506cbb2c48773f48e515aa1b16f3 | |
parent | 94cf1f5a29d354147817d0c2af6de1e843965e75 (diff) | |
download | vboot-7af82fb3b4f5a0afd080b9bc9e5002884ac26808.tar.gz |
vboot: relocate EC and auxfw sync API to 2api.h
Now that EC and auxfw software sync have been updated to
vboot2-style code, relocate function headers to 2api.h.
BUG=b:124141368, chromium:1016688
TEST=make clean && make runtests
BRANCH=none
Change-Id: Iad66b52452a90b13d3ff0ba8b4bced88fa1eb6e1
Cq-Depend: chromium:1973248
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1965925
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
-rw-r--r-- | firmware/2lib/include/2api.h | 202 | ||||
-rw-r--r-- | firmware/include/vboot_api.h | 108 |
2 files changed, 156 insertions, 154 deletions
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 28ad3aa8..dd72b974 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -756,36 +756,6 @@ vb2_gbb_flags_t vb2api_gbb_get_flags(struct vb2_context *ctx); uint32_t vb2api_get_firmware_size(struct vb2_context *ctx); /** - * Sync the Embedded Controller device to the expected version. - * - * This function will check if EC software sync is allowed, and if it - * is, it will compare the expected image hash to the actual image - * hash. If they are the same, the EC will simply jump to its RW - * firwmare. Otherwise, the specified flash image will be updated to - * the new version, and the EC will reboot into its new firmware. - * - * @param ctx Vboot context - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb2api_ec_sync(struct vb2_context *ctx); - -/** - * Sync all auxiliary firmware to the expected versions. - * - * This function will first check if an auxfw update is needed and - * what the "severity" of that update is (i.e., if any auxfw devices - * exist and the relative quickness of updating it. If the update is - * deemed slow, it may display a screen to notify the user. The - * platform is then instructed to perform the update. Finally, an EC - * reboot to its RO section is performed to ensure that auxfw devices - * are also reset and running the new firmware. - * - * @param ctx Vboot2 context - * @return VB2_SUCCESS, or non-zero error code. - */ -vb2_error_t vb2api_auxfw_sync(struct vb2_context *ctx); - -/** * If no display is available, set DISPLAY_REQUEST in nvdata. * * @param ctx Vboot2 context @@ -877,6 +847,50 @@ vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val); /* + * Abort vboot flow due to a failed assertion or broken assumption. + * + * Likely due to caller misusing vboot (e.g. calling API functions + * out-of-order, filling in vb2_context fields inappropriately). + * Implementation should reboot or halt the machine, or fall back to some + * alternative boot flow. Retrying vboot is unlikely to succeed. + */ +void vb2ex_abort(void); + +/** + * Commit any pending data to disk. + * + * Commit nvdata and secdata spaces if modified. Normally this should be + * performed after vboot has completed executing and control has been passed + * back to the caller. However, in certain kernel verification cases (e.g. + * right before attempting to boot an OS; from a UI screen which requires + * user-initiated shutdown; just prior to triggering battery cut-off), the + * caller may not get a chance to commit this data. + * + * @param ctx Vboot context + * @returns VB2_SUCCESS, or non-zero error code. + */ +vb2_error_t vb2ex_commit_data(struct vb2_context *ctx); + +/*****************************************************************************/ +/* Auxiliary firmware (auxfw) */ + +/** + * Sync all auxiliary firmware to the expected versions. + * + * This function will first check if an auxfw update is needed and + * what the "severity" of that update is (i.e., if any auxfw devices + * exist and the relative quickness of updating it. If the update is + * deemed slow, it may display a screen to notify the user. The + * platform is then instructed to perform the update. Finally, an EC + * reboot to its RO section is performed to ensure that auxfw devices + * are also reset and running the new firmware. + * + * @param ctx Vboot2 context + * @return VB2_SUCCESS, or non-zero error code. + */ +vb2_error_t vb2api_auxfw_sync(struct vb2_context *ctx); + +/* * severity levels for an auxiliary firmware update request */ enum vb2_auxfw_update_severity { @@ -925,29 +939,125 @@ vb2_error_t vb2ex_auxfw_update(void); */ vb2_error_t vb2ex_auxfw_finalize(struct vb2_context *ctx); +/*****************************************************************************/ +/* Embedded controller (EC) */ + /* - * Abort vboot flow due to a failed assertion or broken assumption. - * - * Likely due to caller misusing vboot (e.g. calling API functions - * out-of-order, filling in vb2_context fields inappropriately). - * Implementation should reboot or halt the machine, or fall back to some - * alternative boot flow. Retrying vboot is unlikely to succeed. + * Firmware selection type for EC software sync logic. Note that we store + * these in a uint32_t because enum maps to int, which isn't fixed-size. */ -void vb2ex_abort(void); +enum vb2_firmware_selection { + /* Read only firmware for normal or developer path. */ + VB_SELECT_FIRMWARE_READONLY = 3, + /* Rewritable EC firmware currently set active */ + VB_SELECT_FIRMWARE_EC_ACTIVE = 4, + /* Rewritable EC firmware currently not set active thus updatable */ + VB_SELECT_FIRMWARE_EC_UPDATE = 5, + /* Keep this at the end */ + VB_SELECT_FIRMWARE_COUNT, +}; /** - * Commit any pending data to disk. + * Sync the Embedded Controller device to the expected version. * - * Commit nvdata and secdata spaces if modified. Normally this should be - * performed after vboot has completed executing and control has been passed - * back to the caller. However, in certain kernel verification cases (e.g. - * right before attempting to boot an OS; from a UI screen which requires - * user-initiated shutdown; just prior to triggering battery cut-off), the - * caller may not get a chance to commit this data. + * This function will check if EC software sync is allowed, and if it + * is, it will compare the expected image hash to the actual image + * hash. If they are the same, the EC will simply jump to its RW + * firwmare. Otherwise, the specified flash image will be updated to + * the new version, and the EC will reboot into its new firmware. * * @param ctx Vboot context - * @returns VB2_SUCCESS, or non-zero error code. + * @return VB2_SUCCESS, or non-zero if error. */ -vb2_error_t vb2ex_commit_data(struct vb2_context *ctx); +vb2_error_t vb2api_ec_sync(struct vb2_context *ctx); + +/** + * This is called only if the system implements a keyboard-based (virtual) + * developer switch. It must return true only if the system has an embedded + * controller which is provably running in its RO firmware at the time the + * function is called. + */ +int vb2ex_ec_trusted(void); + +/** + * Check if the EC is currently running rewritable code. + * + * If the EC is in RO code, sets *in_rw=0. + * If the EC is in RW code, sets *in_rw non-zero. + * If the current EC image is unknown, returns error. */ +vb2_error_t vb2ex_ec_running_rw(int *in_rw); + +/** + * Request the EC jump to its rewritable code. If successful, returns when the + * EC has booting its RW code far enough to respond to subsequent commands. + * Does nothing if the EC is already in its rewritable code. + */ +vb2_error_t vb2ex_ec_jump_to_rw(void); + +/** + * Tell the EC to refuse another jump until it reboots. Subsequent calls to + * vb2ex_ec_jump_to_rw() in this boot will fail. + */ +vb2_error_t vb2ex_ec_disable_jump(void); + +/** + * Read the SHA-256 hash of the selected EC image. + * + * @param select Image to get hash of. RO or RW. + * @param hash Pointer to the hash. + * @param hash_size Pointer to the hash size. + * @return VB2_SUCCESS, or error code on error. + */ +vb2_error_t vb2ex_ec_hash_image(enum vb2_firmware_selection select, + const uint8_t **hash, int *hash_size); + +/** + * Read the SHA-256 hash of the expected contents of the EC image associated + * with the main firmware specified by the "select" argument. + * + * @param select Image to get expected hash for (RO or RW). + * @param hash Pointer to the hash. + * @param hash_size Pointer to the hash size (in bytes). + * @return VB2_SUCCESS, or error code on error. + */ +vb2_error_t vb2ex_ec_get_expected_image_hash(enum vb2_firmware_selection select, + const uint8_t **hash, + int *hash_size); + +/** + * Update the selected EC image to the expected version. + * + * @param select Image to get expected hash for (RO or RW). + * @return VB2_SUCCESS, or error code on error. + */ +vb2_error_t vb2ex_ec_update_image(enum vb2_firmware_selection select); + +/** + * Lock the EC code to prevent updates until the EC is rebooted. + * Subsequent calls to vb2ex_ec_update_image() with the same region this + * boot will fail. + * + * @param select Image to get expected hash for (RO or RW). + * @return VB2_SUCCESS, or error code on error. + */ +vb2_error_t vb2ex_ec_protect(enum vb2_firmware_selection select); + +/** + * Perform EC post-verification / updating / jumping actions. + * + * This routine is called to perform certain actions that must wait until + * after the EC resides in its `final` image (the image the EC will + * run for the duration of boot). These actions include verifying that + * enough power is available to continue with boot. + * + * @param ctx Pointer to vboot context. + * @return VB2_SUCCESS, or error code on error. + */ +vb2_error_t vb2ex_ec_vboot_done(struct vb2_context *ctx); + +/** + * Request EC to stop discharging and cut-off battery. + */ +vb2_error_t vb2ex_ec_battery_cutoff(void); #endif /* VBOOT_REFERENCE_2API_H_ */ diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index 5bfaf571..10b2914c 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -54,22 +54,6 @@ typedef struct VbSharedDataHeader VbSharedDataHeader; #define VB_SWITCH_FLAG_ALLOW_USB_BOOT 0x00004000 /* - * Firmware types for VbHashFirmwareBody() and - * VbSelectFirmwareParams.selected_firmware. Note that we store these in a - * uint32_t because enum maps to int, which isn't fixed-size. - */ -enum vb2_firmware_selection { - /* Read only firmware for normal or developer path. */ - VB_SELECT_FIRMWARE_READONLY = 3, - /* Rewritable EC firmware currently set active */ - VB_SELECT_FIRMWARE_EC_ACTIVE = 4, - /* Rewritable EC firmware currently not set active thus updatable */ - VB_SELECT_FIRMWARE_EC_UPDATE = 5, - /* Keep this at the end */ - VB_SELECT_FIRMWARE_COUNT, -}; - -/* * We use disk handles rather than indices. Using indices causes problems if * a disk is removed/inserted in the middle of processing. */ @@ -582,98 +566,6 @@ uint32_t VbExKeyboardReadWithFlags(uint32_t *flags_ptr); uint32_t VbExGetSwitches(uint32_t request_mask); /*****************************************************************************/ -/* Embedded controller (EC) */ - -/** - * This is called only if the system implements a keyboard-based (virtual) - * developer switch. It must return true only if the system has an embedded - * controller which is provably running in its RO firmware at the time the - * function is called. - */ -int vb2ex_ec_trusted(void); - -/** - * Check if the EC is currently running rewritable code. - * - * If the EC is in RO code, sets *in_rw=0. - * If the EC is in RW code, sets *in_rw non-zero. - * If the current EC image is unknown, returns error. */ -vb2_error_t vb2ex_ec_running_rw(int *in_rw); - -/** - * Request the EC jump to its rewritable code. If successful, returns when the - * EC has booting its RW code far enough to respond to subsequent commands. - * Does nothing if the EC is already in its rewritable code. - */ -vb2_error_t vb2ex_ec_jump_to_rw(void); - -/** - * Tell the EC to refuse another jump until it reboots. Subsequent calls to - * vb2ex_ec_jump_to_rw() in this boot will fail. - */ -vb2_error_t vb2ex_ec_disable_jump(void); - -/** - * Read the SHA-256 hash of the selected EC image. - * - * @param select Image to get hash of. RO or RW. - * @param hash Pointer to the hash. - * @param hash_size Pointer to the hash size. - * @return VB2_SUCCESS, or error code on error. - */ -vb2_error_t vb2ex_ec_hash_image(enum vb2_firmware_selection select, - const uint8_t **hash, int *hash_size); - -/** - * Read the SHA-256 hash of the expected contents of the EC image associated - * with the main firmware specified by the "select" argument. - * - * @param select Image to get expected hash for (RO or RW). - * @param hash Pointer to the hash. - * @param hash_size Pointer to the hash size (in bytes). - * @return VB2_SUCCESS, or error code on error. - */ -vb2_error_t vb2ex_ec_get_expected_image_hash(enum vb2_firmware_selection select, - const uint8_t **hash, - int *hash_size); - -/** - * Update the selected EC image to the expected version. - * - * @param select Image to get expected hash for (RO or RW). - * @return VB2_SUCCESS, or error code on error. - */ -vb2_error_t vb2ex_ec_update_image(enum vb2_firmware_selection select); - -/** - * Lock the EC code to prevent updates until the EC is rebooted. - * Subsequent calls to vb2ex_ec_update_image() with the same region this - * boot will fail. - * - * @param select Image to get expected hash for (RO or RW). - * @return VB2_SUCCESS, or error code on error. - */ -vb2_error_t vb2ex_ec_protect(enum vb2_firmware_selection select); - -/** - * Perform EC post-verification / updating / jumping actions. - * - * This routine is called to perform certain actions that must wait until - * after the EC resides in its `final` image (the image the EC will - * run for the duration of boot). These actions include verifying that - * enough power is available to continue with boot. - * - * @param ctx Pointer to vboot context. - * @return VB2_SUCCESS, or error code on error. - */ -vb2_error_t vb2ex_ec_vboot_done(struct vb2_context *ctx); - -/** - * Request EC to stop discharging and cut-off battery. - */ -vb2_error_t vb2ex_ec_battery_cutoff(void); - -/*****************************************************************************/ /* Misc */ /** |