From e778adae83d2ac4ab94aa10acceab328bbd3ea7b Mon Sep 17 00:00:00 2001
From: Randall Spangler <rspangler@chromium.org>
Date: Tue, 15 Jul 2014 16:14:21 -0700
Subject: Change VbExEc functions to take a devidx parameter

This will be used in subsequent CLs to support PD software sync.  For
now, only devidx=0 is used.

This changes the external vboot API, so must be checked in at the same
time as changes to the u-boot and depthcharge implementations.  For
now, those implementations should simply check if devidx=0 and fail if
it's not.

BUG=chrome-os-partner:30079
BRANCH=none
TEST=make runtests
CQ-DEPEND=CL:208195,CL:208196

Change-Id: Iad3be9d676ac224c4582669bcd67176b39f75c73
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/208210
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
---
 firmware/include/vboot_api.h        | 30 ++++++++++++++++++------------
 firmware/lib/include/vboot_kernel.h |  4 ++--
 firmware/lib/vboot_api_kernel.c     | 30 +++++++++++++++---------------
 firmware/stub/vboot_api_stub.c      | 20 ++++++++++----------
 tests/vboot_api_kernel2_tests.c     |  2 +-
 tests/vboot_api_kernel3_tests.c     | 20 ++++++++++----------
 tests/vboot_api_kernel4_tests.c     |  2 +-
 7 files changed, 57 insertions(+), 51 deletions(-)

diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h
index bb29bcf7..2e618dce 100644
--- a/firmware/include/vboot_api.h
+++ b/firmware/include/vboot_api.h
@@ -761,13 +761,19 @@ uint32_t VbExGetSwitches(uint32_t request_mask);
 /*****************************************************************************/
 /* Embedded controller (EC) */
 
+/*
+ * All these functions take a devidx parameter, which indicates which embedded
+ * processor the call applies to.  At present, only devidx=0 is valid, but
+ * upcoming CLs will add support for multiple devices.
+ */
+
 /**
  * This is called only if the system implements a keyboard-based (virtual)
  * developer switch. It must return true only if the system has an embedded
  * controller which is provably running in its RO firmware at the time the
  * function is called.
  */
-int VbExTrustEC(void);
+int VbExTrustEC(int devidx);
 
 /**
  * Check if the EC is currently running rewritable code.
@@ -775,50 +781,53 @@ int VbExTrustEC(void);
  * If the EC is in RO code, sets *in_rw=0.
  * If the EC is in RW code, sets *in_rw non-zero.
  * If the current EC image is unknown, returns error. */
-VbError_t VbExEcRunningRW(int *in_rw);
+VbError_t VbExEcRunningRW(int devidx, int *in_rw);
 
 /**
  * Request the EC jump to its rewritable code.  If successful, returns when the
  * EC has booting its RW code far enough to respond to subsequent commands.
  * Does nothing if the EC is already in its rewritable code.
  */
-VbError_t VbExEcJumpToRW(void);
+VbError_t VbExEcJumpToRW(int devidx);
 
 /**
  * Tell the EC to refuse another jump until it reboots. Subsequent calls to
  * VbExEcJumpToRW() in this boot will fail.
  */
-VbError_t VbExEcDisableJump(void);
+VbError_t VbExEcDisableJump(int devidx);
 
 /**
  * Read the SHA-256 hash of the rewriteable EC image.
  */
-VbError_t VbExEcHashRW(const uint8_t **hash, int *hash_size);
+VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size);
 
 /**
  * Get the expected contents of the EC image associated with the main firmware
  * specified by the "select" argument.
  */
-VbError_t VbExEcGetExpectedRW(enum VbSelectFirmware_t select,
+VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
                               const uint8_t **image, int *image_size);
 
 /**
  * Read the SHA-256 hash of the expected contents of the EC image associated
  * with the main firmware specified by the "select" argument.
  */
-VbError_t VbExEcGetExpectedRWHash(enum VbSelectFirmware_t select,
+VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
 		       const uint8_t **hash, int *hash_size);
 
 /**
  * Update the EC rewritable image.
  */
-VbError_t VbExEcUpdateRW(const uint8_t *image, int image_size);
+VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size);
 
 /**
  * Lock the EC code to prevent updates until the EC is rebooted.
  * Subsequent calls to VbExEcUpdateRW() this boot will fail.
  */
-VbError_t VbExEcProtectRW(void);
+VbError_t VbExEcProtectRW(int devidx);
+
+/*****************************************************************************/
+/* Misc */
 
 /* Args to VbExProtectFlash() */
 enum VbProtectFlash_t { VBPROTECT_RW_A, VBPROTECT_RW_B, VBPROTECT_RW_DEVKEY };
@@ -831,9 +840,6 @@ enum VbProtectFlash_t { VBPROTECT_RW_A, VBPROTECT_RW_B, VBPROTECT_RW_DEVKEY };
  */
 VbError_t VbExProtectFlash(enum VbProtectFlash_t region);
 
-/*****************************************************************************/
-/* Misc */
-
 /**
  * Check if the firmware needs to shut down the system.
  *
diff --git a/firmware/lib/include/vboot_kernel.h b/firmware/lib/include/vboot_kernel.h
index 2804434f..2c0f2cef 100644
--- a/firmware/lib/include/vboot_kernel.h
+++ b/firmware/lib/include/vboot_kernel.h
@@ -80,8 +80,8 @@ VbError_t VbBootDeveloper(VbCommonParams *cparams, LoadKernelParams *p);
 VbError_t VbBootRecovery(VbCommonParams *cparams, LoadKernelParams *p);
 
 /**
- * Sync EC firmware to expected version.
+ * Sync EC device <devidx> firmware to expected version.
  */
-VbError_t VbEcSoftwareSync(VbCommonParams *cparams);
+VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams);
 
 #endif  /* VBOOT_REFERENCE_VBOOT_KERNEL_H_ */
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index e137e6d4..2f54d672 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -534,7 +534,7 @@ VbError_t VbBootRecovery(VbCommonParams *cparams, LoadKernelParams *p)
 			    shared->flags & VBSD_HONOR_VIRT_DEV_SWITCH &&
 			    !(shared->flags & VBSD_BOOT_DEV_SWITCH_ON) &&
 			    (shared->flags & VBSD_BOOT_REC_SWITCH_ON) &&
-			    VbExTrustEC()) {
+			    VbExTrustEC(0)) {
                                 if (!(shared->flags &
 				      VBSD_BOOT_REC_SWITCH_VIRTUAL) &&
 				    VbExGetSwitches(
@@ -596,9 +596,9 @@ VbError_t VbBootRecovery(VbCommonParams *cparams, LoadKernelParams *p)
 /**
  * Wrapper around VbExEcProtectRW() which sets recovery reason on error.
  */
-static VbError_t EcProtectRW(void)
+static VbError_t EcProtectRW(int devidx)
 {
-	int rv = VbExEcProtectRW();
+	int rv = VbExEcProtectRW(devidx);
 
 	if (rv == VBERROR_EC_REBOOT_TO_RO_REQUIRED) {
 		VBDEBUG(("VbExEcProtectRW() needs reboot\n"));
@@ -609,7 +609,7 @@ static VbError_t EcProtectRW(void)
 	return rv;
 }
 
-VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
+VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
 {
 	VbSharedDataHeader *shared =
 		(VbSharedDataHeader *)cparams->shared_data_blob;
@@ -626,7 +626,7 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 	int i;
 
 	/* Determine whether the EC is in RO or RW */
-	rv = VbExEcRunningRW(&in_rw);
+	rv = VbExEcRunningRW(devidx, &in_rw);
 
 	if (shared->recovery_reason) {
 		/* Recovery mode; just verify the EC is in RO code */
@@ -672,11 +672,11 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 		}
 
 		/* Protect the RW flash and stay in EC-RO */
-		rv = EcProtectRW();
+		rv = EcProtectRW(devidx);
 		if (rv != VBERROR_SUCCESS)
 			return rv;
 
-		rv = VbExEcDisableJump();
+		rv = VbExEcDisableJump(devidx);
 		if (rv != VBERROR_SUCCESS) {
 			VBDEBUG(("VbEcSoftwareSync() - "
 				 "VbExEcDisableJump() returned %d\n", rv));
@@ -689,7 +689,7 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 	}
 
 	/* Get hash of EC-RW */
-	rv = VbExEcHashRW(&ec_hash, &ec_hash_size);
+	rv = VbExEcHashRW(devidx, &ec_hash, &ec_hash_size);
 	if (rv) {
 		VBDEBUG(("VbEcSoftwareSync() - "
 			 "VbExEcHashRW() returned %d\n", rv));
@@ -714,7 +714,7 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 	 * RO_NORMAL, so we know that the BIOS must be RW-A or RW-B, and
 	 * therefore the EC must match.
 	 */
-	rv = VbExEcGetExpectedRWHash(shared->firmware_index ?
+	rv = VbExEcGetExpectedRWHash(devidx, shared->firmware_index ?
 				 VB_SELECT_FIRMWARE_B : VB_SELECT_FIRMWARE_A,
 				 &rw_hash, &rw_hash_size);
 
@@ -752,7 +752,7 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 	 */
 	if (need_update || !rw_hash) {
 		/* Get expected EC-RW image */
-		rv = VbExEcGetExpectedRW(shared->firmware_index ?
+		rv = VbExEcGetExpectedRW(devidx, shared->firmware_index ?
 					 VB_SELECT_FIRMWARE_B :
 					 VB_SELECT_FIRMWARE_A,
 					 &expected, &expected_size);
@@ -826,7 +826,7 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 			VbDisplayScreen(cparams, VB_SCREEN_WAIT, 0, &vnc);
 		}
 
-		rv = VbExEcUpdateRW(expected, expected_size);
+		rv = VbExEcUpdateRW(devidx, expected, expected_size);
 
 		if (rv != VBERROR_SUCCESS) {
 			VBDEBUG(("VbEcSoftwareSync() - "
@@ -854,13 +854,13 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 	}
 
 	/* Protect EC-RW flash */
-	rv = EcProtectRW();
+	rv = EcProtectRW(devidx);
 	if (rv != VBERROR_SUCCESS)
 		return rv;
 
 	/* Tell EC to jump to its RW image */
 	VBDEBUG(("VbEcSoftwareSync() jumping to EC-RW\n"));
-	rv = VbExEcJumpToRW();
+	rv = VbExEcJumpToRW(devidx);
 
 	if (rv != VBERROR_SUCCESS) {
 		VBDEBUG(("VbEcSoftwareSync() - "
@@ -881,7 +881,7 @@ VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
 
 	VBDEBUG(("VbEcSoftwareSync() jumped to EC-RW\n"));
 
-	rv = VbExEcDisableJump();
+	rv = VbExEcDisableJump(devidx);
 	if (rv != VBERROR_SUCCESS) {
 		VBDEBUG(("VbEcSoftwareSync() - "
 			"VbExEcDisableJump() returned %d\n", rv));
@@ -938,7 +938,7 @@ VbError_t VbSelectAndLoadKernel(VbCommonParams *cparams,
 	/* Do EC software sync if necessary */
 	if ((shared->flags & VBSD_EC_SOFTWARE_SYNC) &&
 	    !(cparams->gbb->flags & GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC)) {
-		retval = VbEcSoftwareSync(cparams);
+		retval = VbEcSoftwareSync(0, cparams);
 		if (retval != VBERROR_SUCCESS)
 			goto VbSelectAndLoadKernel_exit;
 	}
diff --git a/firmware/stub/vboot_api_stub.c b/firmware/stub/vboot_api_stub.c
index b11a7fe1..c9ecd9df 100644
--- a/firmware/stub/vboot_api_stub.c
+++ b/firmware/stub/vboot_api_stub.c
@@ -84,36 +84,36 @@ VbError_t VbExDecompress(void *inbuf, uint32_t in_size,
 	return VBERROR_SUCCESS;
 }
 
-int VbExTrustEC(void)
+int VbExTrustEC(int devidx)
 {
 	return 1;
 }
 
-VbError_t VbExEcRunningRW(int *in_rw)
+VbError_t VbExEcRunningRW(int devidx, int *in_rw)
 {
 	*in_rw = 0;
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcJumpToRW(void)
+VbError_t VbExEcJumpToRW(int devidx)
 {
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcRebootToRO(void)
+VbError_t VbExEcRebootToRO(int devidx)
 {
 	/* Nothing to reboot, so all we can do is return failure. */
 	return VBERROR_UNKNOWN;
 }
 
-VbError_t VbExEcDisableJump(void)
+VbError_t VbExEcDisableJump(int devidx)
 {
 	return VBERROR_SUCCESS;
 }
 
 #define SHA256_HASH_SIZE 32
 
-VbError_t VbExEcHashRW(const uint8_t **hash, int *hash_size)
+VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size)
 {
 	static const uint8_t fake_hash[32] = {1, 2, 3, 4};
 
@@ -122,7 +122,7 @@ VbError_t VbExEcHashRW(const uint8_t **hash, int *hash_size)
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcGetExpectedRW(enum VbSelectFirmware_t select,
+VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
                               const uint8_t **image, int *image_size)
 {
 	static uint8_t fake_image[64] = {5, 6, 7, 8};
@@ -131,7 +131,7 @@ VbError_t VbExEcGetExpectedRW(enum VbSelectFirmware_t select,
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcGetExpectedRWHash(enum VbSelectFirmware_t select,
+VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
 				  const uint8_t **hash, int *hash_size)
 {
 	static const uint8_t fake_hash[32] = {1, 2, 3, 4};
@@ -141,12 +141,12 @@ VbError_t VbExEcGetExpectedRWHash(enum VbSelectFirmware_t select,
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcUpdateRW(const uint8_t *image, int image_size)
+VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size)
 {
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbExEcProtectRW(void)
+VbError_t VbExEcProtectRW(int devidx)
 {
 	return VBERROR_SUCCESS;
 }
diff --git a/tests/vboot_api_kernel2_tests.c b/tests/vboot_api_kernel2_tests.c
index 9dd15ef3..7ecf02f8 100644
--- a/tests/vboot_api_kernel2_tests.c
+++ b/tests/vboot_api_kernel2_tests.c
@@ -158,7 +158,7 @@ VbError_t VbExDiskFreeInfo(VbDiskInfo *infos,
 	return VBERROR_SUCCESS;
 }
 
-int VbExTrustEC(void)
+int VbExTrustEC(int devidx)
 {
 	return trust_ec;
 }
diff --git a/tests/vboot_api_kernel3_tests.c b/tests/vboot_api_kernel3_tests.c
index 49bc7aad..32a35eca 100644
--- a/tests/vboot_api_kernel3_tests.c
+++ b/tests/vboot_api_kernel3_tests.c
@@ -112,42 +112,42 @@ uint32_t VbExIsShutdownRequested(void)
 	return 0;
 }
 
-int VbExTrustEC(void)
+int VbExTrustEC(int devidx)
 {
 	return trust_ec;
 }
 
-VbError_t VbExEcRunningRW(int *in_rw)
+VbError_t VbExEcRunningRW(int devidx, int *in_rw)
 {
 	*in_rw = mock_in_rw;
 	return in_rw_retval;
 }
 
-VbError_t VbExEcProtectRW(void)
+VbError_t VbExEcProtectRW(int devidx)
 {
 	ec_protected = 1;
 	return protect_retval;
 }
 
-VbError_t VbExEcDisableJump(void)
+VbError_t VbExEcDisableJump(int devidx)
 {
 	return run_retval;
 }
 
-VbError_t VbExEcJumpToRW(void)
+VbError_t VbExEcJumpToRW(int devidx)
 {
 	ec_run_image = 1;
 	return run_retval;
 }
 
-VbError_t VbExEcHashRW(const uint8_t **hash, int *hash_size)
+VbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size)
 {
 	*hash = mock_ec_hash;
 	*hash_size = mock_ec_hash_size;
 	return mock_ec_hash_size ? VBERROR_SUCCESS : VBERROR_SIMULATED;
 }
 
-VbError_t VbExEcGetExpectedRW(enum VbSelectFirmware_t select,
+VbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select,
                               const uint8_t **image, int *image_size)
 {
 	static uint8_t fake_image[64] = {5, 6, 7, 8};
@@ -156,7 +156,7 @@ VbError_t VbExEcGetExpectedRW(enum VbSelectFirmware_t select,
 	return get_expected_retval;
 }
 
-VbError_t VbExEcGetExpectedRWHash(enum VbSelectFirmware_t select,
+VbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select,
 				  const uint8_t **hash, int *hash_size)
 {
 	*hash = want_ec_hash;
@@ -174,7 +174,7 @@ uint8_t *internal_SHA256(const uint8_t *data, uint64_t len, uint8_t *digest)
 	return digest;
 }
 
-VbError_t VbExEcUpdateRW(const uint8_t *image, int image_size)
+VbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size)
 {
 	ec_updated = 1;
 	return update_retval;
@@ -193,7 +193,7 @@ static void test_ssync(VbError_t retval, int recovery_reason, const char *desc)
 {
 	uint32_t u;
 
-	TEST_EQ(VbEcSoftwareSync(&cparams), retval, desc);
+	TEST_EQ(VbEcSoftwareSync(0, &cparams), retval, desc);
 	VbNvGet(VbApiKernelGetVnc(), VBNV_RECOVERY_REQUEST, &u);
 	TEST_EQ(u, recovery_reason, "  recovery reason");
 }
diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c
index bb827024..6cdd91b7 100644
--- a/tests/vboot_api_kernel4_tests.c
+++ b/tests/vboot_api_kernel4_tests.c
@@ -77,7 +77,7 @@ VbError_t VbExNvStorageWrite(const uint8_t *buf)
 	return VBERROR_SUCCESS;
 }
 
-VbError_t VbEcSoftwareSync(VbCommonParams *cparams)
+VbError_t VbEcSoftwareSync(int devidx, VbCommonParams *cparams)
 {
 	return ecsync_retval;
 }
-- 
cgit v1.2.1