summaryrefslogtreecommitdiff
path: root/firmware
Commit message (Collapse)AuthorAgeFilesLines
* vboot: fix a typo in CL:2112321stabilize-13070.BJoel Kitching2020-04-301-1/+1
| | | | | | | | | | | | | | | | | CL:2112321 inadvertently removed the escape on a \n newline in a VB2_DEBUG string. Put it back. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Change-Id: I19ee4a77d3cc58d6995212151b381ae76c602a42 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2174039 Reviewed-by: Hsuan Ting Chen <roccochen@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org>
* 2crypto: Force correct section flags for .rodata arraysJulius Werner2020-04-291-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a follow-up fix to CL:2157900. That CL put the problematic arrays into sections with the right name, but they still didn't set the right ELF flags for them (specifically the READONLY flag). This made the assembler unhappy in coreboot, although it still seems to have built things correctly in the end: {standard input}: Assembler messages: {standard input}:359: Warning: setting incorrect section attributes for .rodata.vb2_hash_names {standard input}:369: Warning: setting incorrect section attributes for .rodata.vb2_sig_names This patch throws more ugly hacks at the problem to make it disappear. BRANCH=None BUG=None TEST=Build coreboot for both Arm and x86 boards, confirmed that error messages are gone and objdump shows intended section flags. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Iea93788a13e9fd14d6b5a16626294d5a4b0e5411 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2169480 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: Convert reboot-related errors to vboot2-styleYu-Ping Wu2020-04-288-84/+105
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Error codes are renamed as follows: VBERROR_SHUTDOWN_REQUESTED --> VB2_REQUEST_SHUTDOWN VBERROR_REBOOT_REQUIRED --> VB2_REQUEST_REBOOT VBERROR_EC_REBOOT_TO_SWITCH_RW --> VB2_REQUEST_REBOOT_EC_SWITCH_RW VBERROR_EC_REBOOT_TO_RO_REQUIRED --> VB2_REQUEST_REBOOT_EC_TO_RO VBERROR_KEEP_LOOPING --> VB2_REQUEST_UI_CONTINUE Since these are not really "errors", they're renamed to VB2_REQUEST_* instead, with larger values to separate from real errors. The old vboot1-style errors will be removed once the errors are renamed in coreboot and depthcharge. BRANCH=none BUG=b:124141368, chromium:988410 TEST=make runtests Change-Id: Ide1328f9c0f2803534fb3f1f1ecd16ad8ea36a4e Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2143030 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: Add screens for recovery using diskYu-Ping Wu2020-04-221-0/+4
| | | | | | | | | | | | | Add VB2_SCREEN_RECOVERY_DISK_STEP* to enum vb2_screen. BRANCH=none BUG=b:146399181 TEST=USE="menu_ui" emerge-nami depthcharge Change-Id: Ibfaeb25d00ee340adfb9f7de9188f20a947bae24 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2156701 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: Add broken screen to vb2_screenYu-Ping Wu2020-04-221-0/+2
| | | | | | | | | | | | | Add VB2_SCREEN_RECOVERY_BROKEN to enum vb2_screen for broken screen. BRANCH=none BUG=b:146399181 TEST=USE="menu_ui" emerge-nami depthcharge Change-Id: I7f535094de216157591eab9d17a8e4aa2fdd772e Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2156699 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: Add recovery select screen to vb2_screenYu-Ping Wu2020-04-222-6/+15
| | | | | | | | | | | | | | | | | | | Add VB2_SCREEN_RECOVERY_SELECT to enum vb2_screen for the recovery select screen. Also add arguments 'selected_item' and 'disabled_item_mask' to vb2ex_display_ui() for menu items, and rename argument 'locale' to 'locale_id'. BRANCH=none BUG=b:146399181 TEST=USE="menu_ui" emerge-nami depthcharge Cq-Depend: chromium:2124025 Change-Id: Ifff67ded8196288cdb3c1558c64c09b7ffc5011e Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2138876 Reviewed-by: Joel Kitching <kitching@chromium.org>
* 2crypto: Force exported const arrays to .rodataJulius Werner2020-04-221-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | Unfortunately, there is no way to define really immutable data in the C language. Making something 'const' is just a sign, not a cop, because in theory any code can just cast the const away. Compilers instead use sophisticated static analysis to determine what data is never written to by the code and put that into the .rodata (instead of .data) section. But for externally available global variables, they cannot do that (because the analyzer doesn't cross compilation units). Unfortunately some platforms in coreboot really care about everything being in .rodata (because they're accessing it in-place on flash), and some "benign" refactoring like making a const variable externally available can break that. There is no easy fix for that. So in this case, let's just go for the ugly fix of forcing the offending arrays into the right section. BRANCH=None BUG=None TEST=Built SIEMENS_MC_APL2 with CB:40503 and this patch. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ife508f98e3f8ed40a4488b5fe1967d00a62f347c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2157900 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* 2api: Add kernel version getter and make dev-signed check fail softJulius Werner2020-04-213-1/+15
| | | | | | | | | | | | | | | | | | | | | | | This patch adds a function to retrieve the kernel rollback version from secdata, which may be interesting to callers that have more advanced ways of retrieving bootable images and want to be able to spot check whether an image can be booted without passing the full thing to vboot. Also reduce the penalty from calling vb2api_is_developer_signed() out of turn from an immediate DIE() to an angry error message, to support a case in depthcharge where for all practical purposes the call should never happen too early, but the framework can't quite guarantee it. BRANCH=None BUG=b:153758197 TEST=None Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ic7c2fc62e1ba80f69f70421907b9686f0b3dae77 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2153592 Reviewed-by: Jes Klinke <jbk@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org> Tested-by: Jes Klinke <jbk@chromium.org>
* vboot: Add vb2api_phone_recovery_enabled() to vboot APIYu-Ping Wu2020-04-206-12/+65
| | | | | | | | | | | | | | | | | | | In order to implement a kill switch for phone recovery in recovery UI, add VB2_SECDATA_KERNEL_FLAGS to enum vb2_secdata_kernel_flags, and add VB2_SECDATA_KERNEL_FLAG_PHONE_RECOVERY_DISABLED to the flags to indicate whether to disable phone recovery. Set this flag to 1 in vb2api_kernel_phase1(). Also add vb2api_phone_recovery_enabled() to vboot API. BRANCH=none BUG=b:146399181, b:147744345 TEST=make runtests Change-Id: I65c8faa593f5f90dd762f0092058048983c5b3a2 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2131236 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: move recovery reason strings to vboot2 namespaceJoel Kitching2020-04-205-122/+222
| | | | | | | | | | | | | | | | | | | | Make recovery reason strings more widely available, and print them in kernel verification console messages. Note that we purposely do not print strings in firmware verification in order to avoid linking recovery reason strings into coreboot stages. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests TEST=trigger recovery, check console logs BRANCH=none Change-Id: Ica82a60075da53e4ad0a0403eb8a88685c3bdbd6 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2112321 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org>
* secdata: Initialize secdata kernel in vb2api_fw_phase1dnojiri2020-04-182-9/+7
| | | | | | | | | | | | | | | | | | | | | | | Currently, secdata kernel is initialized in vb2api_kernel_phase1. Since we'll be using secdata kernel in romstage for EFS2, it needs to be initialized earlier. This patch makes vb2api_fw_phase1 call vb2_secdata_kernel_init. Signed-off-by: dnojiri <dnojiri@chromium.org> BUG=b:147298634, chromium:1045217, b:148259137 BRANCH=none TEST=Verify Hmir is updated in romstage on Puff. Cq-Depend: chromium:2155377 Change-Id: I8a537126a952ecccc9cc496ce60fc6dc81541a8f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2153852 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Auto-Submit: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: remove some trailing spacesJoel Kitching2020-04-171-1/+1
| | | | | | | | | | | | | | BUG=b:124141368 TEST=none BRANCH=none Change-Id: I054e668d96e1c76d6ce464e182fd05d17ef3fca0 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2154342 Reviewed-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org>
* vboot: decouple EC/AUXFW sync from UIYu-Ping Wu2020-04-174-76/+45
| | | | | | | | | | | | | | | | | | | | | | | | | Since we don't always want to show a UI on EC sync (for example, in coreboot, where display hasn't been initialized), decouple vb2api_ec_sync() from VbDisplayScreen() by leaving screen display out of vboot and letting the caller (such as depthcharge) handle it. Similarly, stop calling screen display function from vb2api_auxfw_sync(). In order to display screen from depthcharge, it needs to know the locale. Therefore, add vb2api_get_locale() to vboot API, which returns the locale from nvdata. After this change, the constant EC_SLOW_UPDATE is no longer used, so remove it from Makefile. BRANCH=none BUG=chromium:1055125 TEST=make runtests Cq-Depend: chromium:2117776 Change-Id: I0e2e8ebdd26d48a2e94d36495c2e45a5734cdc5d Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2087016 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: remove VBERROR_TPM_SET_BOOT_MODE_STATE error codeJoel Kitching2020-04-175-21/+7
| | | | | | | | | | | | | | | | | | | | | | Since secdata and nvdata get/set functions no longer return error codes, and instead use VB2_ASSERT and VB2_DIE to abort on failure, vb2_enable_developer_mode no longer has any error code to return. Change the function return type to void, and remove checks around the function call. As a result, VBERROR_TPM_SET_BOOT_MODE_STATE becomes unused and we may remove it. Finally, move the USB_BOOT_ON_DEV logic (enable USB boot when on transition to dev mode) into vb2_enable_developer_mode. Also add unit tests. BUG=b:124141368, chromium:988410 TEST=make clean && make runtests BRANCH=none Change-Id: I286d9343c4c751ff24bf4c149a26fbe5306e383a Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2152212 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org>
* vboot: Add VB2_ERROR_UI_MEMORY_ALLOC to vb2_error_tYu-Ping Wu2020-04-161-0/+3
| | | | | | | | | | | | | | Add VB2_ERROR_UI_MEMORY_ALLOC for memory allocation failure in UI. BRANCH=none BUG=b:146399181 TEST=emerge-nami vboot_reference Change-Id: Ib6d8ccbfe73f90297f400430b4ae1204adbf7ee4 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2152331 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: remove more unused pre-vboot1 and vboot1 error codesJoel Kitching2020-04-161-25/+0
| | | | | | | | | | | | | | BUG=b:124141368, chromium:988410 TEST=make clean && make runtests BRANCH=none Change-Id: I24c867af25726f84a4ada18477de66579975a383 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2150182 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: Remove VB2_SCREEN_TOUCHPAD_SYNC from vb2_screenYu-Ping Wu2020-04-141-2/+0
| | | | | | | | | | | | | | | The touchpad sync screen is rendered in kernel instead of firmware, so remove it from enum vb2_screen. BRANCH=none BUG=none TEST=USE="menu_ui" emerge-nami depthcharge Change-Id: I5929ecec51bee1aa36d6abf04bb733fde46ac29c Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2148552 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: clear recovery request in all boot modesJoel Kitching2020-04-142-9/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, recovery requests are only cleared when user initiates a manual recovery. This causes problems with two cases specifically: * Transient failures - The recovery request remains in the subcode field for some unknown period of time, and then erroneously gets promoted to the "recovery reason" the next time the user initiates a manual recovery request. * TRAIN_AND_REBOOT - The recovery request remains in the subcode field after training has completed. The next time a manual recovery request is initiated, the subcode is promoted and training occurs yet again. When finished, a reboot occurs and the user ends up back in the OS. Make two changes to deal with these cases: * Clear recovery request (including subcode) unconditionally for non-recovery boot modes. * Stop promoting TRAIN_AND_REBOOT subcodes. BUG=b:153157134, b:35576380 TEST=make clean && make runtests BRANCH=none Change-Id: I79f8fbed72a9d052b5ed5f70e9a2515136b6ef10 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2139335 Tested-by: Joel Kitching <kitching@chromium.org> Tested-by: Frank Wu <frank_wu@compal.corp-partner.google.com> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: Add a leading space before labelsYu-Ping Wu2020-04-092-2/+2
| | | | | | | | | | | | | | The following command is run: grep -rlE '^\w+:' firmware | xargs -l sed -i -E 's/^\w+:/ \0/g' BRANCH=none BUG=none TEST=emerge-nami vboot_reference Change-Id: I4dedd1107e71add07f51e32925757680e780c882 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2143017 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: Add VB2_ERROR_UI_INVALID_LOCALE to vb2_error_tYu-Ping Wu2020-04-071-0/+3
| | | | | | | | | | BRANCH=none BUG=b:146399181 TEST=USE="menu_ui" emerge-nami depthcharge Change-Id: I8c0e37adc4f37900a5e426f24a581befb07c6a34 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2137152
* vboot: Add firmware sync screens to vb2_screenYu-Ping Wu2020-04-071-1/+5
| | | | | | | | | | | | | Add VB2_SCREEN_FIRMWARE_SYNC and VB2_SCREEN_TOUCHPAD_SYNC screens to enum vb2_screen. BRANCH=none BUG=b:146399181 TEST=USE="menu_ui" emerge-nami depthcharge Change-Id: Iddcd77bb79be7a29346d82b70a8dbb82d0b33fcb Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2137151
* Rewrite algorithm type parsers and make them globally availableJulius Werner2020-04-066-138/+264
| | | | | | | | | | | | | | | | | | | | | There is some code strewn around between futility and the vb21-specific part of hostlib to allow parsing of textual algorithm names to vboot enums, but it is somewhat disorganized and not written in a super efficient way. This patch rewrites it and centralizes all the algorithm mapping stuff under 2crypto.c so it can be a single source of truth for all of vboot. (String parsing routines still need to stay in hostlib since not all firmware targets support things like stroul() and strcasecmp().) BRANCH=None BUG=None TEST=make runtests Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I719b2499992a6e4395a29231bc8b9a7680c5b174 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2099447 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* 2secdata_kernel: Fix debug messagesstabilize-sylas-13019.Bdnojiri2020-04-021-3/+3
| | | | | | | | | | | BUG=none BRANCH=none TEST=Verified on Puff. Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: I7e33abcf0832f83530e94cc37117c03fe164bbdb Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2132716 Reviewed-by: Julius Werner <jwerner@chromium.org>
* ec_sync: Ignore NO_BOOT when GBB says DISABLE_EC_SOFTWARE_SYNCdnojiri2020-04-011-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently, there is a final guard in VbSelectAndLoadKernel to enforce NO_BOOT unconditionally. This makes a board with VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC unable to boot if Hmir != Heff because Hmir will never be synced. If a system doesn't boot, set_gbb_flags.sh can't be used to enable software sync. This patch skips the final guard if VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC is set. Signed-off-by: dnojiri <dnojiri@chromium.org> BUG=chromium:1045217 BRANCH=none TEST=make runtests Change-Id: I0c7f8c90cb0a6bb54ce30ef42e4d62554decb872 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2129107 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Auto-Submit: Daisuke Nojiri <dnojiri@chromium.org>
* ec_sync: Reset EC after updating Hmirdnojiri2020-04-012-0/+13
| | | | | | | | | | | | | | | | | | | | | | This patch makes vb2api_sync_ec reset EC whenever Hmir is update because the verification result should be revoked. When Hmir is corrupted, the system enters NO_BOOT mode (and EC stays in RO). Since Heff == Hexp, EC RW won't be updated but we need to reset EC so that EC can jump to RW by EFS2. Signed-off-by: dnojiri <dnojiri@chromium.org> BUG=chromium:1045217 BRANCH=none TEST=Verify firmware_SoftwareSync passes. Change-Id: I21887e212cfefedeadf4c146ecec290022bb2b34 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2122587 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Auto-Submit: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: Add a blinking cursor to the vendor promptMathew King2020-03-313-2/+35
| | | | | | | | | | | | | | | Add support to show a blinking cursor after the vendor data entry so that users can tell that an entry is required. BUG=b:138812835 TEST=Test on a Drallion device with an updated Depthcharge BRANCH=drallion Cq-Depend: chromium:2120311 Change-Id: I02073d92d02a4171f337f86f880d660eb5d8b6f1 Signed-off-by: Mathew King <mathewk@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2120310 Reviewed-by: Pranay Shoroff <pshoroff@google.com>
* vboot: stop using StrnAppend and Uint64ToStringJoel Kitching2020-03-3118-193/+37
| | | | | | | | | | | | | | | | | | | Use snprintf instead. Remove utility_string library. Also, prepare VbDisplayDebugInfo to handle 64-byte nvdata. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests TEST=boot with 16-byte nvdata, check <TAB> output (one line) TEST=boot with 64-byte nvdata, check <TAB> output (five lines) BRANCH=none Change-Id: If6c4b3a4e9fa7b71cb2d8ca7ccd37e4f36b97fd6 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:2122061 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2104880 Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
* firmware: Add VB2_TRY() helper macroYu-Ping Wu2020-03-3116-284/+147
| | | | | | | | | | | | | | | | | | | | | | | Add variadic macro VB2_TRY() to vboot2 APIs, which supports the following usage: - VB2_TRY(func_call()) - VB2_TRY(func_call(), ctx, recovery_reason) and will return the error code if func_call() failed. Also utilize the macro whenever possible throughout vboot. BRANCH=none BUG=chromium:1049032 TEST=make runtests TEST=emerge-nami coreboot coreboot-utils depthcharge -j Cq-Depend: chromium:2115423, chromium:2125616, chrome-internal:2817320 Change-Id: Ie5532a8beaa9372fa6fde0a68bda5ecb640087c4 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2084062 Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot: Implement dev mode boot options for menu UIstabilize-12997.BHsuan Ting Chen2020-03-233-2/+109
| | | | | | | | | | | | | | | | | | | | | | | Add dev default boot retrieval and dev boot related allowance check api in 2misc along with their tests in vb2_misc_tests: - vb2_get_dev_boot_target - vb2_dev_boot_allowed - vb2_dev_boot_legacy_allowed - vb2_dev_boot_usb_allowed Implement parts of vb2_developer_menu functionalities along with tests: - Retrieve the default boot option. - Try to boot with the specified option. BRANCH=none BUG=b:146399181, chromium:1033815 TEST=USE="menu_ui" emerge-nami vboot_reference depthcharge TEST=make runtests Change-Id: Ie82076f93b86ba5abe26a9e3e25076892684855d Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2094508 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: remove compression_type constantsJoel Kitching2020-03-231-8/+0
| | | | | | | | | | | | | | | | These are no longer needed after CL:367882. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Change-Id: I267d20054778a6565dc1ed0687ed0d2afa928463 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2108752 Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot: remove VbExRegionRead vestigesJoel Kitching2020-03-231-7/+0
| | | | | | | | | | | | | | | | API was originally removed in CL:852798. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Change-Id: I29c0b642dbac80b5c8c7eceaf108843467a90be4 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2108751 Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot: Introduce menu UIHsuan Ting Chen2020-03-214-3/+120
| | | | | | | | | | | | | | | | | | | | | | | | | According to crbug.com/1033815, add files for MENU_UI: - 2ui.{c,h} for entry point functions called by kernel selection. - vb2_ui_tests.c for tests (normal boot included). There are three entry points: vb2_developer_menu(), vb2_broken_recovery_menu(), and vb2_manual_recovery_menu(). Only infinite loop for this CL, others will be added in separate CLs. BRANCH=none BUG=b:146399181,chromium:1033815 TEST=USE="legacy_clamshell_ui" emerge-nami vboot_reference depthcharge TEST=USE="legacy_menu_ui" emerge-nami vboot_reference depthcharge TEST=USE="menu_ui" emerge-nami vboot_reference depthcharge TEST=make runtests Cq-Depend: chromium:2043102 Change-Id: I5a23eb006754b5ff08eb42bcd5021374995eab40 Signed-off-by: Hsuan Ting Chen <roccochen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2087557 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Yu-Ping Wu <yupingso@chromium.org>
* vboot: Fix fuzzer buildManoj Gupta2020-03-191-0/+1
| | | | | | | | | | | | | | | | | | | | LLD is complaining about the symbol vb2_check_padding present in a discarded section. This is caused by multiple defintions of vb2_check_padding being present (fuzzers & 2rsa.c) and the definition in 2rsa.c also being used in the same file. Fix by marking vb2_check_padding as weak. BUG=chromium:1062665 TEST=Fuzzer builds work BRANCH=none Signed-off-by: Manoj Gupta <manojgupta@google.com> Change-Id: Id1e2b69cdb35cbd127ba57881a70fc352ea2450a Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2108483 Tested-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
* vboot: create 2kernel.c for kernel-related functionsJoel Kitching2020-03-095-184/+216
| | | | | | | | | | | | | | | | | | | | | | | Create 2kernel.c for kernel-related functions (including both internal and API-facing). Relocate functions which are currently in active use from lib20/api_kernel.c to 2lib/2kernel.c. Create vb2_kernel_tests.c and move appropriate tests there. Tests for vb2_normal_boot (previously VbBootNormal) will be added in a subsequent CL. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Change-Id: I153ea318ba238b7b30bf871105388437f63075d1 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2091126 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org>
* vboot: stop setting VBSD_BOOT_FIRMWARE_WP_ENABLEDJoel Kitching2020-03-062-5/+2
| | | | | | | | | | | | | | | | | | wpsw_boot is being deprecated in favour of using wpsw_cur. Remove the wp_enabled argument from vb2api_export_vbsd and stop setting VBSD_BOOT_FIRMWARE_WP_ENABLED in VBSD. BUG=b:124141368, chromium:950273 TEST=make clean && make runtests BRANCH=none Change-Id: Ib3c7f43b5fb2af519bca93d5bbd95db5eff241a3 Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:2088434 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2087141 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* Revert "vboot: Add screen types for upcoming UI revamp"Yu-Ping Wu2020-03-061-22/+0
| | | | | | | | | | | | | | | | | This reverts commit 1df08718b7c18a0454240f78bdb80359116fc295. CL:1968268 added screen types to enum VbScreenType_t for menu UI, but we later decided to create a separate enum for that as part of vboot2 APIs. Hence, remove these screen types that are not used in legacy UIs. BRANCH=none BUG=b:146399181 TEST=emerge-nami vboot_reference Change-Id: Id86fcac257894148c82d54d27a8720ecb6b23af6 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2089049 Reviewed-by: Joel Kitching <kitching@chromium.org>
* EFS: Implement EFS2 and NO_BOOT modeDaisuke Nojiri2020-03-058-32/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | EFS v1 allowed Chromeboxes to verify RW without AP. EFS v2 will bring the benefts to Chromebooks, which are: - Reduce RO dependency and presence. Allow more code to be updated in the fields. - Remove jumptag and workarounds needed for late sysjump. Major imporvements over v1 are: - No A/B slot required. - No signature in RW or public key in RO. - Rollback-attack protection. For battery-equipped devices, additional benefts are: - Immediate boot on drained battery. - Support recovery mode regardless of battery condition. - Faster charge in S5/G3. EC-Cr50 communication is based on the shared UART (go/ec-cr50-comm). EFS2 is documented in go/ec-efs2. BUG=chromium:1020578,chromium:1045217 TEST=Boot Helios in NORMAL/RECOVERY/NO_BOOT mode. TEST=Verify EC is updated by software sync in Depthcharge. Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: Ie07e6f6ce46c0955a6a0adf595633e65c4ffe724 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1901868
* Add vb2_secdata_kernel_v10dnojiri2020-03-057-36/+288
| | | | | | | | | | | | | This patch adds vb2_secdata_kernel_v10. It has ec_hash field to support EFS2. The secdata kernel APIs continue to support v0.2. BUG=chromium:1045217 TEST=emerge-hatch depthcharge TEST=make runtests Change-Id: I18d5097ed799e790a2742d54c25c89a7559cbcb2 Signed-off-by: dnojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2041695
* Increase VB2_CONTEXT_MAX_SIZEdnojiri2020-03-051-2/+3
| | | | | | | | | | | | | | | This patch increases VB2_CONTEXT_MAX_SIZE to 384 to accommodate the new secdata_kernel v1.0 in vb2_context. BUG=chromium:1045217 TEST=emerge-hatch depthcharge TEST=make runtests Signed-off-by: dnojiri <dnojiri@chromium.org> Change-Id: I1df3b7a4383a45104a05a06a47cec3677dc44005 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2041694 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: Set VB2_SD_STATUS_EC_SYNC_COMPLETE in shared data statusstabilize-12951.BYu-Ping Wu2020-03-031-3/+3
| | | | | | | | | | | | | | | | CL:1877066 introduced shared data status VB2_SD_STATUS_EC_SYNC_COMPLETE, but incorrectly saved it in shared data flags. BRANCH=hatch BUG=chromium:1057517 TEST=make runtests Change-Id: Idc993304760c419f80c6b160b30763142cf47234 Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2082756 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Julius Werner <jwerner@chromium.org>
* vboot: Convert more UI errors to vboot2-styleYu-Ping Wu2020-03-021-7/+9
| | | | | | | | | | | | | | | | | | | | | | Error codes are renamed as follows: VBERROR_INVALID_BMPFV --> VB2_ERROR_UI_INVALID_ARCHIVE VBERROR_NO_IMAGE_PRESENT --> VB2_ERROR_UI_MISSING_IMAGE Also remove unnecessary paddings 0x1000 for UI errors. BRANCH=none BUG=b:124141368, chromium:988410 TEST=emerge-nami depthcharge Cq-Depend: chromium:2082833 Change-Id: I8b7743d9ceecde6c9e3e88109422a99594ad6aab Signed-off-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2082759 Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: remove NEED_VB20_INTERNALSJoel Kitching2020-03-021-20/+0
| | | | | | | | | | | | | | | | | Since the name is somewhat inaccurate, and since we want to make it slightly clearer that it should not be used, remove NEED_VB20_INTERNALS in favour of directly using a separate header file. The new header file is called vb2_internals_please_do_not_use.h. BUG=b:124141368, chromium:957880 TEST=make clean && make runtests BRANCH=none Change-Id: Icf67eed2d9ae3448387f6c1fbae1501ff6fa5d52 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2055601 Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
* vboot: move vboot_test.h to private namespaceJoel Kitching2020-02-271-0/+0
| | | | | | | | | | | | BUG=b:124141368 TEST=make clean && make runtests BRANCH=none Change-Id: I48b390be1d7d9d4e17caddb883eed6eda3bd4ae6 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2073212 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: clean up vboot_struct.hJoel Kitching2020-02-274-329/+245
| | | | | | | | | | | | | | | | | | | | | | It only needs to contain VbSharedDataHeader definition, and it can be made private to vboot_reference now. Move kernel verification-related structs to vboot_kernel.h. Also, since the related constants VBSD_LF_CHECK_* are being removed in this CL, deprecate the RO_INVALID_RW_CHECK_MIN recovery reason, which was originally dismantled in CL:1863624. BUG=b:124141368, chromium:1038260 TEST=make clean && make runtests BRANCH=none Change-Id: Ie6937cda6c3ba987031ba770ec9f1fb0ffa9cf3a Cq-Depend: chromium:2070292, chromium:2073461, chrome-internal:2634199 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2066302 Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org>
* vboot: eradicate vboot1 data structures from kernel verificationJoel Kitching2020-02-278-67/+68
| | | | | | | | | | | | | | | | | | | VbSelectAndLoadKernel no longer takes a vboot1-style VBSD data structure. Conversion of vboot 2->1 data structure is moved into an API function called vb2api_export_vbsd() for use by depthcharge. VbSharedDataHeader type is now opaque to the caller, and only a raw data buffer is exposed. BUG=b:124141368, chromium:1038260 TEST=make clean && make runtests BRANCH=none Change-Id: Id11f663f6e3296e947c519581d428b0c8fb60be5 Cq-Depend: chromium:2056343 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2054270 Reviewed-by: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: Add mockable attribute to some overridden functionsManoj Gupta2020-02-266-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | A newer clang version has an optimization that is breaking vboot_reference unit tests. The root cause appears to be: Many functions inside unit tests are supposed to override the functions defined in the main library but the main library functions are not defined as weak. Fix by marking some of the overridden function by test_mockable which is already used for some of the functions. This is similar to a prior bug 723906 where unit tests were broken after binutils upgrade. BUG=chromium:1055151 TEST=unit tests passed with ToT clang Change-Id: Ib9f16e1af59632b6a82411656ebba75e26b5d211 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2069806 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Joel Kitching <kitching@chromium.org> Tested-by: Manoj Gupta <manojgupta@chromium.org> Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
* vboot: rename VbExGetSwitches to vb2ex_physical_presence_pressedstabilize-volteer-12931.BJoel Kitching2020-02-265-34/+26
| | | | | | | | | | | | | | | | | | The only purpose of this function is to get the physical presence switch. Rename it appropriately, and migrate function header into 2api.h. BUG=b:124141368, chromium:1035761 TEST=Build locally BRANCH=none Change-Id: Ice3e3a362ca2d2e3aa18c60a129f67d5139daf04 Cq-Depend: chromium:2069629 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2069628 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Yu-Ping Wu <yupingso@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: clear recovery request subcode when recovery UI is reachedEric Lai2020-02-231-0/+1
| | | | | | | | | | | | | | | | | CL:2044954 moved clear recovery request into vboot_api_kernel. We'd like to leave the subcode so that we can pipe it through as a UMA statistic. But it's breaking FAFT at the moment. Unconditionally clear it until we have a more detailed design. BUG=b:124141368, b:35576380 TEST=make clean && make runtests BRANCH=none Change-Id: Ib90c746779ca58e0d0100bb0b42a29c2b5a100dd Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2063198 Reviewed-by: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: EricR Lai <ericr_lai@compal.corp-partner.google.com>
* vboot: use vboot2 for storing kernel rollback versionsJoel Kitching2020-02-193-16/+14
| | | | | | | | | | | | | | | | | | | | | Migrate to using vboot2 shared data fields for storing kernel rollback versions: kernel_version_tpm_start(1) --> kernel_version_secdata(2) kernel_version_tpm(1) --> kernel_version(2) kernel_version_lowest(1) --> [removed] Also remove VBSD from tests which no longer need it. BUG=b:124141368, chromium:1038260 TEST=make clean && make runtests BRANCH=none Change-Id: I26c2ccede5fba52e1477b625ef5fc6181f60aadf Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2053179 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
* vboot: remove previous name VB2_NV_OPROM_NEEDEDJoel Kitching2020-02-191-3/+0
| | | | | | | | | | | | | | | | As part of go/vboot2-oprom-cleanup, VB2_NV_OPROM_NEEDED was renamed to VB2_NV_DISPLAY_REQUEST. Remove the old name since it is no longer in use. BUG=b:124141368, b:124192753, chromium:948529 TEST=make clean && make runtests BRANCH=none Change-Id: I72fb652043936f310e595eacadf6ad3f911187b0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2059505 Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org>
View Lorry Controller Status