/*
* This functions sets the TCPA log namespace
* for the cbfs file (region) lookup.
*/
static int create_tcpa_metadata(const struct region_device *rdev,
const char *cbfs_name, char log_string[TCPA_PCR_HASH_NAME])
{
int i;
struct region_device fmap;
const static char *fmap_cbfs_names[] = {
"COREBOOT",
"FW_MAIN_A",
"FW_MAIN_B",
"RW_LEGACY"};
for (i = 0; i < ARRAY_SIZE(fmap_cbfs_names); i++) {
if (fmap_locate_area_as_rdev(fmap_cbfs_names[i], &fmap) == 0) {
if (region_is_subregion(region_device_region(&fmap),
region_device_region(rdev))) {
snprintf(log_string, TCPA_PCR_HASH_NAME,
"FMAP: %s CBFS: %s",
fmap_cbfs_names[i], cbfs_name);
return 0;
}
}
}
return -1;
}
int boot_device_wp_region(struct region_device *rd,
const enum bootdev_prot_type type)
{
uint32_t ctrlr_pr;
/* Ensure boot device has been initialized at least once. */
boot_device_init();
const struct spi_flash *boot_dev = boot_device_spi_flash();
if (boot_dev == NULL)
return -1;
if (type == MEDIA_WP) {
if (spi_flash_is_write_protected(boot_dev,
region_device_region(rd)) != 1) {
return spi_flash_set_write_protected(boot_dev,
region_device_region(rd), true,
SPI_WRITE_PROTECTION_REBOOT);
}
/* Already write protected */
return 0;
}
switch (type) {
case CTRLR_WP:
ctrlr_pr = WRITE_PROTECT;
break;
case CTRLR_RP:
ctrlr_pr = READ_PROTECT;
break;
case CTRLR_RWP:
ctrlr_pr = READ_WRITE_PROTECT;
break;
default:
return -1;
}
return spi_flash_ctrlr_protect_region(boot_dev,
region_device_region(rd), ctrlr_pr);
}
/**
* Verify and select the firmware in the RW image
*
* TODO: Avoid loading a stage twice (once in hash_body & again in load_stage).
* when per-stage verification is ready.
*/
void verstage_main(void)
{
struct vb2_context ctx;
struct region_device fw_main;
int rv;
timestamp_add_now(TS_START_VBOOT);
/* Set up context and work buffer */
vb2_init_work_context(&ctx);
/* Read nvdata from a non-volatile storage. */
read_vbnv(ctx.nvdata);
/* Set S3 resume flag if vboot should behave differently when selecting
* which slot to boot. This is only relevant to vboot if the platform
* does verification of memory init and thus must ensure it resumes with
* the same slot that it booted from. */
if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) &&
IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) &&
vboot_platform_is_resuming())
ctx.flags |= VB2_CONTEXT_S3_RESUME;
/* Read secdata from TPM. Initialize TPM if secdata not found. We don't
* check the return value here because vb2api_fw_phase1 will catch
* invalid secdata and tell us what to do (=reboot). */
timestamp_add_now(TS_START_TPMINIT);
antirollback_read_space_firmware(&ctx);
timestamp_add_now(TS_END_TPMINIT);
if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) &&
get_developer_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
if (get_recovery_mode_switch()) {
ctx.flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE;
if (IS_ENABLED(CONFIG_VBOOT_DISABLE_DEV_ON_RECOVERY))
ctx.flags |= VB2_DISABLE_DEVELOPER_MODE;
}
if (IS_ENABLED(CONFIG_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE;
if (IS_ENABLED(CONFIG_LID_SWITCH) && !get_lid_switch())
ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT;
/* Do early init (set up secdata and NVRAM, load GBB) */
printk(BIOS_INFO, "Phase 1\n");
rv = vb2api_fw_phase1(&ctx);
if (rv) {
/*
* If vb2api_fw_phase1 fails, check for return value.
* If it is set to VB2_ERROR_API_PHASE1_RECOVERY, then continue
* into recovery mode.
* For any other error code, save context if needed and reboot.
*/
if (rv == VB2_ERROR_API_PHASE1_RECOVERY) {
printk(BIOS_INFO, "Recovery requested (%x)\n", rv);
save_if_needed(&ctx);
extend_pcrs(&ctx); /* ignore failures */
timestamp_add_now(TS_END_VBOOT);
return;
}
printk(BIOS_INFO, "Reboot reqested (%x)\n", rv);
save_if_needed(&ctx);
vboot_reboot();
}
/* Determine which firmware slot to boot (based on NVRAM) */
printk(BIOS_INFO, "Phase 2\n");
rv = vb2api_fw_phase2(&ctx);
if (rv) {
printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
save_if_needed(&ctx);
vboot_reboot();
}
/* Try that slot (verify its keyblock and preamble) */
printk(BIOS_INFO, "Phase 3\n");
timestamp_add_now(TS_START_VERIFY_SLOT);
rv = vb2api_fw_phase3(&ctx);
timestamp_add_now(TS_END_VERIFY_SLOT);
if (rv) {
printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
save_if_needed(&ctx);
vboot_reboot();
}
printk(BIOS_INFO, "Phase 4\n");
rv = locate_firmware(&ctx, &fw_main);
if (rv)
die("Failed to read FMAP to locate firmware");
rv = hash_body(&ctx, &fw_main);
save_if_needed(&ctx);
if (rv) {
printk(BIOS_INFO, "Reboot requested (%x)\n", rv);
vboot_reboot();
}
rv = extend_pcrs(&ctx);
if (rv) {
printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv);
vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv);
save_if_needed(&ctx);
vboot_reboot();
}
/* Lock TPM */
rv = antirollback_lock_space_firmware();
if (rv) {
printk(BIOS_INFO, "Failed to lock TPM (%x)\n", rv);
vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_L_ERROR, 0);
save_if_needed(&ctx);
vboot_reboot();
}
/* Lock rec hash space if available. */
if (IS_ENABLED(CONFIG_VBOOT_HAS_REC_HASH_SPACE)) {
rv = antirollback_lock_space_rec_hash();
if (rv) {
printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n",
rv);
vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR,
0);
save_if_needed(&ctx);
vboot_reboot();
}
}
printk(BIOS_INFO, "Slot %c is selected\n", is_slot_a(&ctx) ? 'A' : 'B');
vb2_set_selected_region(region_device_region(&fw_main));
timestamp_add_now(TS_END_VBOOT);
}
