[v2,22/30] x86: Use CONFIG_CHROMEOS_VBOOT for verified boot

Message ID	20201022030303.584490-21-sjg@chromium.org
State	Superseded
Delegated to:	Bin Meng
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Simon Glass <sjg@chromium.org> To: U-Boot Mailing List <u-boot@lists.denx.de> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>, Bernhard Messerklinger <bernhard.messerklinger@br-automation.com>, Wolfgang Wallner <wolfgang.wallner@br-automation.com>, Walter Lozano <walter.lozano@collabora.com>, Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com> Subject: [PATCH v2 22/30] x86: Use CONFIG_CHROMEOS_VBOOT for verified boot Date: Wed, 21 Oct 2020 21:02:55 -0600 Message-Id: <20201022030303.584490-21-sjg@chromium.org> In-Reply-To: <20201022030303.584490-1-sjg@chromium.org> References: <20201022030303.584490-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	x86: Allow Coral to boot into Chrome OS \| expand [v2,00/30] x86: Allow Coral to boot into Chrome OS [v2,01/30] Add an assembly guard around linux/bitops.h [v2,02/30] x86: apl: Add core init for the SoC [v2,03/30] x86: Add a layout for Chrome OS verified boot [v2,04/30] x86: Add support for private files [v2,05/30] x86: Allow writing tables to fail [v2,06/30] x86: acpi: Store the ACPI context in global_data [v2,07/30] x86: Don't bother clearing global NVS [v2,08/30] x86: coral: Drop the duplicate PCIe settings [v2,09/30] x86: Add SMBIOS info for Coral [v2,11/30] x86: Use if instead of #ifdef in write_tables() [v2,12/30] x86: Allow putting some tables in the bloblist [v2,13/30] x86: nhlt: Correct output of bytes and 16-bit data [v2,14/30] x86: nhlt: Fix a few bugs in the table generation [v2,15/30] x86: Show the interrupt pointer with 'irqinfo' [v2,16/30] x86: sound: Correct error handling [v2,17/30] acpi: Correct reset handling in acpi_device_add_power_res() [v2,18/30] x86: acpi: Allow the SSDT to be empty [v2,19/30] x86: acpi: Put the generated code first in DSDT [v2,20/30] acpi: Don't reset the tables with every new generation [v2,21/30] x86: Define the Chrome OS GNVS region [v2,22/30] x86: Use CONFIG_CHROMEOS_VBOOT for verified boot [v2,23/30] x86: Set up Chrome OS to boot into developer mode [v2,24/30] x86: Boot coral into Chrome OS by default [v2,25/30] x86: fsp: Convert fsp_dram to use log_debug() [v2,26/30] x86: Silence some logging statements [v2,27/30] x86: acpi: Include the TPMv1 table only if needed [v2,28/30] x86: acpi: Don't show the UART address by default [v2,29/30] x86: pinctrl: Silence the warning when a pin is not found [v2,30/30] x86: fsp: Adjust calculations for MTRR range and DRAM top

Message ID

20201022030303.584490-21-sjg@chromium.org

State

Superseded

Delegated to:

Bin Meng

Headers

From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Bernhard Messerklinger <bernhard.messerklinger@br-automation.com>,
 Wolfgang Wallner <wolfgang.wallner@br-automation.com>,
 Walter Lozano <walter.lozano@collabora.com>,
 Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>
Subject: [PATCH v2 22/30] x86: Use CONFIG_CHROMEOS_VBOOT for verified boot
Date: Wed, 21 Oct 2020 21:02:55 -0600
Message-Id: <20201022030303.584490-21-sjg@chromium.org>
In-Reply-To: <20201022030303.584490-1-sjg@chromium.org>
References: <20201022030303.584490-1-sjg@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

x86: Allow Coral to boot into Chrome OS | expand

Commit Message

Simon Glass Oct. 22, 2020, 3:02 a.m. UTC

At present CONFIG_CHROMEOS is used to determine whether verified boot is
in use. The code to implement that is not in U-Boot mainline.

However, it is useful to be able to boot a Chromebook in developer mode
in U-Boot mainline without needing the verified boot code.

To allow this, use CONFIG_CHROMEOS_VBOOT to indicate that verified boot
should be used, and CONFIG_CHROMEOS to indicate that the board supports
Chrome OS. That allows us to define CONFIG_CHROMEOS on coral.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v2:
- Define CONFIG_CHROMEOS_VBOOT in the Kconfig too
- Correct a bisect build error

 Kconfig                            | 17 +++++++++++++++++
 arch/x86/cpu/apollolake/acpi.c     |  3 ++-
 arch/x86/dts/chromebook_coral.dts  |  2 +-
 arch/x86/dts/chromebook_samus.dts  |  2 +-
 arch/x86/include/asm/intel_gnvs.h  |  3 ---
 arch/x86/lib/tpl.c                 |  2 +-
 configs/chromebook_coral_defconfig |  3 ++-
 7 files changed, 24 insertions(+), 8 deletions(-)

Comments

Bin Meng Nov. 3, 2020, 7:47 a.m. UTC | #1

On Thu, Oct 22, 2020 at 11:03 AM Simon Glass <sjg@chromium.org> wrote:
>
> At present CONFIG_CHROMEOS is used to determine whether verified boot is
> in use. The code to implement that is not in U-Boot mainline.
>
> However, it is useful to be able to boot a Chromebook in developer mode
> in U-Boot mainline without needing the verified boot code.
>
> To allow this, use CONFIG_CHROMEOS_VBOOT to indicate that verified boot
> should be used, and CONFIG_CHROMEOS to indicate that the board supports
> Chrome OS. That allows us to define CONFIG_CHROMEOS on coral.
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>
> Changes in v2:
> - Define CONFIG_CHROMEOS_VBOOT in the Kconfig too
> - Correct a bisect build error
>
>  Kconfig                            | 17 +++++++++++++++++
>  arch/x86/cpu/apollolake/acpi.c     |  3 ++-
>  arch/x86/dts/chromebook_coral.dts  |  2 +-
>  arch/x86/dts/chromebook_samus.dts  |  2 +-
>  arch/x86/include/asm/intel_gnvs.h  |  3 ---
>  arch/x86/lib/tpl.c                 |  2 +-
>  configs/chromebook_coral_defconfig |  3 ++-
>  7 files changed, 24 insertions(+), 8 deletions(-)
>

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

diff --git a/Kconfig b/Kconfig
index 837b2f517ae..569cda5ba97 100644
--- a/Kconfig
+++ b/Kconfig
@@ -759,6 +759,23 @@  config ARCH_FIXUP_FDT_MEMORY
 	  used for booting OS with different memory setup where the part of
 	  the memory location should be used for different purpose.
 
+config CHROMEOS
+	bool "Support booting Chrome OS"
+	help
+	  Chrome OS requires U-Boot to set up a table indicating the boot mode
+	  (e.g. Developer mode) and a few other things. Enable this if you are
+	  booting on a Chromebook to avoid getting an error about an invalid
+	  firmware ID.
+
+config CHROMEOS_VBOOT
+	bool "Support Chrome OS verified boot"
+	help
+	  This is intended to enable the full Chrome OS verified boot support
+	  in U-Boot. It is not actually implemented in the U-Boot source code
+	  at present, so this option is always set to 'n'. It allows
+	  distinguishing between booting Chrome OS in a basic way (developer
+	  mode) and a full boot.
+
 endmenu		# Boot images
 
 source "api/Kconfig"
diff --git a/arch/x86/cpu/apollolake/acpi.c b/arch/x86/cpu/apollolake/acpi.c
index 69b544f0d98..5af8a181b1e 100644
--- a/arch/x86/cpu/apollolake/acpi.c
+++ b/arch/x86/cpu/apollolake/acpi.c
@@ -75,7 +75,8 @@  int acpi_create_gnvs(struct acpi_global_nvs *gnvs)
 
 	/* TODO(sjg@chromium.org): Add the console log to gnvs->cbmc */
 
-#ifdef CONFIG_CHROMEOS
+/* Disable this code until a later patch */
+#if 0
 	/* Initialise Verified Boot data */
 	chromeos_init_acpi(&gnvs->chromeos);
 	gnvs->chromeos.vbt2 = ACTIVE_ECFW_RO;
diff --git a/arch/x86/dts/chromebook_coral.dts b/arch/x86/dts/chromebook_coral.dts
index 92f70b13dd7..43f4b33da1b 100644
--- a/arch/x86/dts/chromebook_coral.dts
+++ b/arch/x86/dts/chromebook_coral.dts
@@ -9,7 +9,7 @@ 
 /include/ "rtc.dtsi"
 /include/ "tsc_timer.dtsi"
 
-#ifdef CONFIG_CHROMEOS
+#ifdef CONFIG_CHROMEOS_VBOOT
 #include "chromeos-x86.dtsi"
 #include "flashmap-x86-ro.dtsi"
 #include "flashmap-16mb-rw.dtsi"
diff --git a/arch/x86/dts/chromebook_samus.dts b/arch/x86/dts/chromebook_samus.dts
index 772ea5c91be..d8e04a66985 100644
--- a/arch/x86/dts/chromebook_samus.dts
+++ b/arch/x86/dts/chromebook_samus.dts
@@ -9,7 +9,7 @@ 
 /include/ "rtc.dtsi"
 /include/ "tsc_timer.dtsi"
 
-#ifdef CONFIG_CHROMEOS
+#ifdef CONFIG_CHROMEOS_VBOOT
 #include "chromeos-x86.dtsi"
 #include "flashmap-x86-ro.dtsi"
 #include "flashmap-8mb-rw.dtsi"
diff --git a/arch/x86/include/asm/intel_gnvs.h b/arch/x86/include/asm/intel_gnvs.h
index 632307427cd..7f9f101371c 100644
--- a/arch/x86/include/asm/intel_gnvs.h
+++ b/arch/x86/include/asm/intel_gnvs.h
@@ -85,9 +85,6 @@  struct __packed acpi_global_nvs {
 	u8	unused2[0x1000 - 0x100];	/* Pad out to 4096 bytes */
 #endif
 };
-
-#ifdef CONFIG_CHROMEOS
 check_member(acpi_global_nvs, chromeos, GNVS_CHROMEOS_ACPI_OFFSET);
-#endif
 
 #endif /* _INTEL_GNVS_H_ */
diff --git a/arch/x86/lib/tpl.c b/arch/x86/lib/tpl.c
index 6f7eb43a172..15b0212d190 100644
--- a/arch/x86/lib/tpl.c
+++ b/arch/x86/lib/tpl.c
@@ -75,7 +75,7 @@  void board_init_f_r(void)
 
 u32 spl_boot_device(void)
 {
-	return IS_ENABLED(CONFIG_CHROMEOS) ? BOOT_DEVICE_CROS_VBOOT :
+	return IS_ENABLED(CONFIG_CHROMEOS_VBOOT) ? BOOT_DEVICE_CROS_VBOOT :
 		BOOT_DEVICE_SPI_MMAP;
 }
 
diff --git a/configs/chromebook_coral_defconfig b/configs/chromebook_coral_defconfig
index af0397ff1f4..827974f7fcf 100644
--- a/configs/chromebook_coral_defconfig
+++ b/configs/chromebook_coral_defconfig
@@ -2,9 +2,9 @@  CONFIG_X86=y
 CONFIG_SYS_TEXT_BASE=0x1110000
 CONFIG_SYS_MALLOC_F_LEN=0x3d00
 CONFIG_NR_DRAM_BANKS=8
+CONFIG_MAX_CPUS=8
 CONFIG_SPL_DM_SPI=y
 CONFIG_SPL_TEXT_BASE=0xfef10000
-CONFIG_MAX_CPUS=8
 CONFIG_SPL_SYS_MALLOC_F_LEN=0xf000
 CONFIG_BOOTSTAGE_STASH_ADDR=0xfef00000
 CONFIG_DEBUG_UART_BOARD_INIT=y
@@ -21,6 +21,7 @@  CONFIG_INTEL_CAR_CQOS=y
 CONFIG_X86_OFFSET_U_BOOT=0xffd00000
 CONFIG_X86_OFFSET_SPL=0xffe80000
 CONFIG_INTEL_GENERIC_WIFI=y
+CONFIG_CHROMEOS=y
 CONFIG_BOOTSTAGE=y
 CONFIG_SPL_BOOTSTAGE=y
 CONFIG_TPL_BOOTSTAGE=y

[v2,22/30] x86: Use CONFIG_CHROMEOS_VBOOT for verified boot

Commit Message

Comments

Patch