diff options
author | Mary Ruthven <mruthven@chromium.org> | 2021-11-09 17:19:04 -0600 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-11-18 04:51:41 +0000 |
commit | 0c491fb217c697cc28068fe37e01578e08d4e779 (patch) | |
tree | c06ca9bdde6b4a790761a6ce8d26217f1e0f26dd /common | |
parent | 2b0ffc52c765b99c7ca4e41c0a77bc8c73115a71 (diff) | |
download | chrome-ec-0c491fb217c697cc28068fe37e01578e08d4e779.tar.gz |
common: remove vboot/vboot.c
cr5? boards don't use CONFIG_VBOOT_EFS remove vboot to make reverts
easier.
BUG=b:200823466
TEST=make buildall -j
Change-Id: I20c86652ab1209bd814a774743b13d231f30de62
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3273435
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'common')
-rw-r--r-- | common/build.mk | 1 | ||||
-rw-r--r-- | common/vboot/vboot.c | 254 |
2 files changed, 0 insertions, 255 deletions
diff --git a/common/build.mk b/common/build.mk index 2d572b2d13..8f40ef963b 100644 --- a/common/build.mk +++ b/common/build.mk @@ -123,7 +123,6 @@ common-$(CONFIG_U2F)+=u2f.o common-$(CONFIG_USB_CONSOLE_STREAM)+=usb_console_stream.o common-$(CONFIG_USB_I2C)+=usb_i2c.o common-$(CONFIG_USB_PD_LOGGING)+=event_log.o pd_log.o -common-$(CONFIG_VBOOT_EFS)+=vboot/vboot.o common-$(CONFIG_VBOOT_HASH)+=sha256.o vboot_hash.o common-$(CONFIG_VOLUME_BUTTONS)+=button.o common-$(CONFIG_VSTORE)+=vstore.o diff --git a/common/vboot/vboot.c b/common/vboot/vboot.c deleted file mode 100644 index fad338229f..0000000000 --- a/common/vboot/vboot.c +++ /dev/null @@ -1,254 +0,0 @@ -/* Copyright 2017 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -/* - * Verify and jump to a RW image if power supply is not sufficient. - */ - -#include "battery.h" -#include "charge_manager.h" -#include "chipset.h" -#include "clock.h" -#include "console.h" -#include "flash.h" -#include "hooks.h" -#include "host_command.h" -#include "rsa.h" -#include "rwsig.h" -#include "sha256.h" -#include "shared_mem.h" -#include "system.h" -#include "usb_pd.h" -#include "vboot.h" -#include "vb21_struct.h" - -#define CPRINTS(format, args...) cprints(CC_VBOOT,"VB " format, ## args) -#define CPRINTF(format, args...) cprintf(CC_VBOOT,"VB " format, ## args) - -static int has_matrix_keyboard(void) -{ - return 0; -} - -static int is_efs_supported(void) -{ -#ifdef CONFIG_VBOOT_EFS - return 1; -#else - return 0; -#endif -} - -static int is_low_power_ap_boot_supported(void) -{ - return 0; -} - -static int verify_slot(enum system_image_copy_t slot) -{ - const struct vb21_packed_key *vb21_key; - const struct vb21_signature *vb21_sig; - const struct rsa_public_key *key; - const uint8_t *sig; - const uint8_t *data; - int len; - int rv; - - CPRINTS("Verifying %s", system_image_copy_t_to_string(slot)); - - vb21_key = (const struct vb21_packed_key *)( - CONFIG_MAPPED_STORAGE_BASE + - CONFIG_EC_PROTECTED_STORAGE_OFF + - CONFIG_RO_PUBKEY_STORAGE_OFF); - rv = vb21_is_packed_key_valid(vb21_key); - if (rv) { - CPRINTS("Invalid key (%d)", rv); - return EC_ERROR_VBOOT_KEY; - } - key = (const struct rsa_public_key *) - ((const uint8_t *)vb21_key + vb21_key->key_offset); - - if (slot == SYSTEM_IMAGE_RW_A) { - data = (const uint8_t *)(CONFIG_MAPPED_STORAGE_BASE + - CONFIG_EC_WRITABLE_STORAGE_OFF + - CONFIG_RW_A_STORAGE_OFF); - vb21_sig = (const struct vb21_signature *)( - CONFIG_MAPPED_STORAGE_BASE + - CONFIG_EC_WRITABLE_STORAGE_OFF + - CONFIG_RW_A_SIGN_STORAGE_OFF); - } else { - data = (const uint8_t *)(CONFIG_MAPPED_STORAGE_BASE + - CONFIG_EC_WRITABLE_STORAGE_OFF + - CONFIG_RW_B_STORAGE_OFF); - vb21_sig = (const struct vb21_signature *)( - CONFIG_MAPPED_STORAGE_BASE + - CONFIG_EC_WRITABLE_STORAGE_OFF + - CONFIG_RW_B_SIGN_STORAGE_OFF); - } - - rv = vb21_is_signature_valid(vb21_sig, vb21_key); - if (rv) { - CPRINTS("Invalid signature (%d)", rv); - return EC_ERROR_INVAL; - } - sig = (const uint8_t *)vb21_sig + vb21_sig->sig_offset; - len = vb21_sig->data_size; - - if (vboot_is_padding_valid(data, len, - CONFIG_RW_SIZE - CONFIG_RW_SIG_SIZE)) { - CPRINTS("Invalid padding"); - return EC_ERROR_INVAL; - } - - rv = vboot_verify(data, len, key, sig); - if (rv) { - CPRINTS("Invalid data (%d)", rv); - return EC_ERROR_INVAL; - } - - CPRINTS("Verified %s", system_image_copy_t_to_string(slot)); - - return EC_SUCCESS; -} - -static enum ec_status hc_verify_slot(struct host_cmd_handler_args *args) -{ - const struct ec_params_efs_verify *p = args->params; - enum system_image_copy_t slot; - - switch (p->region) { - case EC_FLASH_REGION_ACTIVE: - slot = system_get_active_copy(); - break; - case EC_FLASH_REGION_UPDATE: - slot = system_get_update_copy(); - break; - default: - return EC_RES_INVALID_PARAM; - } - return verify_slot(slot) ? EC_RES_ERROR : EC_RES_SUCCESS; -} -DECLARE_HOST_COMMAND(EC_CMD_EFS_VERIFY, hc_verify_slot, EC_VER_MASK(0)); - -static int verify_and_jump(void) -{ - enum system_image_copy_t slot; - int rv; - - /* 1. Decide which slot to try */ - slot = system_get_active_copy(); - - /* 2. Verify the slot */ - rv = verify_slot(slot); - if (rv) { - if (rv == EC_ERROR_VBOOT_KEY) - /* Key error. The other slot isn't worth trying. */ - return rv; - slot = system_get_update_copy(); - /* TODO(chromium:767050): Skip reading key again. */ - rv = verify_slot(slot); - if (rv) - /* Both slots failed */ - return rv; - - /* Proceed with the other slot. If this slot isn't expected, AP - * will catch it and request recovery after a few attempts. */ - if (system_set_active_copy(slot)) - CPRINTS("Failed to activate %s", - system_image_copy_t_to_string(slot)); - } - - /* 3. Jump (and reboot) */ - rv = system_run_image_copy(slot); - CPRINTS("Failed to jump (%d)", rv); - - return rv; -} - -/* Request more power: charging battery or more powerful AC adapter */ -static void request_power(void) -{ - CPRINTS("%s", __func__); -} - -static void request_recovery(void) -{ - CPRINTS("%s", __func__); - led_critical(); -} - -static int is_manual_recovery(void) -{ - return host_is_event_set(EC_HOST_EVENT_KEYBOARD_RECOVERY); -} - -static int pd_comm_enabled; - -int vboot_need_pd_comm(void) -{ - return pd_comm_enabled; -} - -void vboot_main(void) -{ - CPRINTS("Main"); - - if (system_is_in_rw()) { - /* - * We come here and immediately return. LED shows power shortage - * but it will be immediately corrected if the adapter can - * provide enough power. - */ - CPRINTS("Already in RW. Wait for power..."); - request_power(); - return; - } - - if (!(flash_get_protect() & EC_FLASH_PROTECT_GPIO_ASSERTED)) { - /* - * If hardware WP is disabled, PD communication is enabled. - * We can return and wait for more power. - * Note: If software WP is disabled, we still perform EFS even - * though PD communication is enabled. - */ - CPRINTS("HW-WP not asserted."); - request_power(); - return; - } - - if (is_manual_recovery()) { - CPRINTS("Manual recovery"); - if (battery_is_present() || has_matrix_keyboard()) { - request_power(); - return; - } - /* We don't request_power because we don't want to assume all - * devices support a non type-c charger. We open up a security - * hole by allowing EC-RO to do PD negotiation but attackers - * don't gain meaningful advantage on devices without a matrix - * keyboard */ - CPRINTS("Enable PD comm"); - pd_comm_enabled = 1; - return; - } - - if (!is_efs_supported()) { - if (is_low_power_ap_boot_supported()) - /* If a device supports this feature, AP's boot power - * threshold should be set low. That will let EC-RO - * boot AP and softsync take care of RW verification. */ - return; - request_power(); - return; - } - - clock_enable_module(MODULE_FAST_CPU, 1); - /* If successful, this won't return. */ - verify_and_jump(); - clock_enable_module(MODULE_FAST_CPU, 0); - - /* Failed to jump. Need recovery. */ - request_recovery(); -} |