/* * Preserve Vboot NV data when clearing CMOS as it will * have been re-initialized already by Vboot firmware init. */ static void pch_cmos_init_preserve(int reset) { uint8_t vbnv[VBNV_BLOCK_SIZE]; if (reset) read_vbnv(vbnv); cmos_init(reset); if (reset) save_vbnv(vbnv); }
/** * Verify and select the firmware in the RW image * * TODO: Avoid loading a stage twice (once in hash_body & again in load_stage). * when per-stage verification is ready. */ void verstage_main(void) { struct vb2_context ctx; struct region_device fw_main; int rv; timestamp_add_now(TS_START_VBOOT); /* Set up context and work buffer */ vb2_init_work_context(&ctx); /* Read nvdata from a non-volatile storage. */ read_vbnv(ctx.nvdata); /* Set S3 resume flag if vboot should behave differently when selecting * which slot to boot. This is only relevant to vboot if the platform * does verification of memory init and thus must ensure it resumes with * the same slot that it booted from. */ if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) && vboot_platform_is_resuming()) ctx.flags |= VB2_CONTEXT_S3_RESUME; /* Read secdata from TPM. Initialize TPM if secdata not found. We don't * check the return value here because vb2api_fw_phase1 will catch * invalid secdata and tell us what to do (=reboot). */ timestamp_add_now(TS_START_TPMINIT); antirollback_read_space_firmware(&ctx); timestamp_add_now(TS_END_TPMINIT); if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) && get_developer_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; if (get_recovery_mode_switch()) { ctx.flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE; if (IS_ENABLED(CONFIG_VBOOT_DISABLE_DEV_ON_RECOVERY)) ctx.flags |= VB2_DISABLE_DEVELOPER_MODE; } if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE; if (IS_ENABLED(CONFIG_LID_SWITCH) && !get_lid_switch()) ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT; /* Do early init (set up secdata and NVRAM, load GBB) */ printk(BIOS_INFO, "Phase 1\n"); rv = vb2api_fw_phase1(&ctx); if (rv) { /* * If vb2api_fw_phase1 fails, check for return value. * If it is set to VB2_ERROR_API_PHASE1_RECOVERY, then continue * into recovery mode. * For any other error code, save context if needed and reboot. */ if (rv == VB2_ERROR_API_PHASE1_RECOVERY) { printk(BIOS_INFO, "Recovery requested (%x)\n", rv); save_if_needed(&ctx); extend_pcrs(&ctx); /* ignore failures */ timestamp_add_now(TS_END_VBOOT); return; } printk(BIOS_INFO, "Reboot reqested (%x)\n", rv); save_if_needed(&ctx); vboot_reboot(); } /* Determine which firmware slot to boot (based on NVRAM) */ printk(BIOS_INFO, "Phase 2\n"); rv = vb2api_fw_phase2(&ctx); if (rv) { printk(BIOS_INFO, "Reboot requested (%x)\n", rv); save_if_needed(&ctx); vboot_reboot(); } /* Try that slot (verify its keyblock and preamble) */ printk(BIOS_INFO, "Phase 3\n"); timestamp_add_now(TS_START_VERIFY_SLOT); rv = vb2api_fw_phase3(&ctx); timestamp_add_now(TS_END_VERIFY_SLOT); if (rv) { printk(BIOS_INFO, "Reboot requested (%x)\n", rv); save_if_needed(&ctx); vboot_reboot(); } printk(BIOS_INFO, "Phase 4\n"); rv = locate_firmware(&ctx, &fw_main); if (rv) die("Failed to read FMAP to locate firmware"); rv = hash_body(&ctx, &fw_main); save_if_needed(&ctx); if (rv) { printk(BIOS_INFO, "Reboot requested (%x)\n", rv); vboot_reboot(); } rv = extend_pcrs(&ctx); if (rv) { printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv); vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); save_if_needed(&ctx); vboot_reboot(); } /* Lock TPM */ rv = antirollback_lock_space_firmware(); if (rv) { printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv); vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0); save_if_needed(&ctx); vboot_reboot(); } /* Lock rec hash space if available. */ if (IS_ENABLED(CONFIG_VBOOT_HAS_REC_HASH_SPACE)) { rv = antirollback_lock_space_rec_hash(); if (rv) { printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n", rv); vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR, 0); save_if_needed(&ctx); vboot_reboot(); } } printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B'); vb2_set_selected_region(region_device_region(&fw_main)); timestamp_add_now(TS_END_VBOOT); }