diff options
| -rw-r--r-- | firmware/include/vboot_api.h | 6 | ||||
| -rw-r--r-- | firmware/include/vboot_struct.h | 2 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_init.c | 22 |
3 files changed, 25 insertions, 5 deletions
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index 2a418ad3..60f06dfc 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -101,6 +101,8 @@ enum VbErrorPredefined_t { VBERROR_NO_BACKGROUND_SOUND = 0x10019, /* Developer has requested a BIOS shell */ VBERROR_BIOS_SHELL_REQUESTED = 0x10020, + /* Need VGA and don't have it, or vice-versa */ + VBERROR_VGA_OPROM_MISMATCH = 0x10021, }; @@ -171,8 +173,10 @@ typedef struct VbCommonParams { #define VB_INIT_FLAG_VIRTUAL_DEV_SWITCH 0x00000040 /* Set when the VGA Option ROM has been loaded already. */ #define VB_INIT_FLAG_OPROM_LOADED 0x00000080 +/* Set if we care about the VGA Option ROM - some platforms don't. */ +#define VB_INIT_FLAG_OPROM_MATTERS 0x00000100 /* EC on this platform supports EC software sync. */ -#define VB_INIT_FLAG_EC_SOFTWARE_SYNC 0x00000100 +#define VB_INIT_FLAG_EC_SOFTWARE_SYNC 0x00000200 /* Output flags for VbInitParams.out_flags. Used to indicate * potential boot paths and configuration to the calling firmware diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h index cfd56717..d894e23d 100644 --- a/firmware/include/vboot_struct.h +++ b/firmware/include/vboot_struct.h @@ -233,8 +233,6 @@ typedef struct VbKernelPreambleHeader { #define VBSD_BOOT_RO_NORMAL_SUPPORT 0x00000200 /* VbInit was told that the system has a virtual dev-switch */ #define VBSD_HONOR_VIRT_DEV_SWITCH 0x00000400 -/* VbInit was told that the VGA Option ROM was loaded at boot */ -#define VBSD_BOOT_OPROM_LOADED 0x00000800 /* Result codes for VbSharedDataHeader.check_fw_a_result (and b_result) */ #define VBSD_LF_CHECK_NOT_DONE 0 diff --git a/firmware/lib/vboot_api_init.c b/firmware/lib/vboot_api_init.c index 8581d898..229849e4 100644 --- a/firmware/lib/vboot_api_init.c +++ b/firmware/lib/vboot_api_init.c @@ -58,8 +58,6 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) { shared->flags |= VBSD_BOOT_S3_RESUME; if (iparams->flags & VB_INIT_FLAG_RO_NORMAL_SUPPORT) shared->flags |= VBSD_BOOT_RO_NORMAL_SUPPORT; - if (iparams->flags & VB_INIT_FLAG_OPROM_LOADED) - shared->flags |= VBSD_BOOT_OPROM_LOADED; is_s3_resume = (iparams->flags & VB_INIT_FLAG_S3_RESUME ? 1 : 0); @@ -205,12 +203,32 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) { VbNvGet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &require_official_os); if (!require_official_os) iparams->out_flags |= VB_INIT_OUT_ENABLE_ALTERNATE_OS; + + /* Dev-mode needs the VGA option ROM to be loaded so it can display the + * scary boot screen. If we don't have it, we need to request it and + * reboot so it can be loaded. */ + if ((iparams->flags & VB_INIT_FLAG_OPROM_MATTERS) && + !(iparams->flags & VB_INIT_FLAG_OPROM_LOADED)) { + VbNvSet(&vnc, VBNV_OPROM_NEEDED, 1); + retval = VBERROR_VGA_OPROM_MISMATCH; + VBDEBUG(("VbInit() needs oprom, doesn't have it\n")); + } + } else { /* Normal mode, so disable dev_boot_* flags. This ensures they will be * initially disabled if the user later transitions back into developer * mode. */ VbNvSet(&vnc, VBNV_DEV_BOOT_USB, 0); VbNvSet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, 0); + + /* If we don't need the VGA option ROM but got it anyway, stop asking for + * it and reboot in case there's some vulnerability in using it. */ + if ((iparams->flags & VB_INIT_FLAG_OPROM_MATTERS) && + (iparams->flags & VB_INIT_FLAG_OPROM_LOADED)) { + VbNvSet(&vnc, VBNV_OPROM_NEEDED, 0); + retval = VBERROR_VGA_OPROM_MISMATCH; + VBDEBUG(("VbInit() has oprom, doesn't need it\n")); + } } VbInit_exit: |