diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2017-08-15 16:34:52 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-09-12 01:11:59 -0700 |
| commit | 4dcee1c545c31d288b23221d8e07bc452214ce7b (patch) | |
| tree | 1ddab11d51dcd5c0571f6f777b655ba333cd84e6 /include | |
| parent | a52cfbc80c060d9883aee9de4e764e0b250d184a (diff) | |
| download | chrome-ec-4dcee1c545c31d288b23221d8e07bc452214ce7b.tar.gz | |
EFS: Add support for early firmware selection
Chromebox ECs performs EFS: verifying firmware before the AP boots.
This patch updates host commands which are required for the EFS.
The change includes:
* Update EC_CMD_FLASH_REGION_INFO to accept EC_FLASH_REGION_UPDATE
* Update EC_CMD_VBOOT_HASH to accept EC_VBOOT_HASH_OFFSET_UPDATE
When EC_FLASHS_REGION_UPDATE is specified, EC_CMD_FLASH_REGION_INFO
returns the slot which currently is not hosting a running RW copy.
When EC_VBOOT_HASH_OFFSET_UPDATE is specified, EC_CMD_VBOOT_HASH
computs the hash of the update slot. This hash covers the entire
region, including the signature at the end.
This patch undefines CONFIG_CMD_USBMUX and CONFIG_CMD_TYPEC
for gru to create space.
BUG=b:65028930
BRANCH=none
CQ-DEPEND=CL:648071
TEST=On Fizz, verify:
1. RW_B is old and updated by soft sync. RW_B is activated and
executed after reboot. System continues to boot to OS.
2. RW_A is old and updated by soft sync. RW_A is activated and
executed after reboot. System continues to boot to OS.
Change-Id: I9ece907b764d07ce94054ba27996e048c665a80a
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/648448
Diffstat (limited to 'include')
| -rw-r--r-- | include/ec_commands.h | 26 | ||||
| -rw-r--r-- | include/flash.h | 25 | ||||
| -rw-r--r-- | include/system.h | 15 |
3 files changed, 62 insertions, 4 deletions
diff --git a/include/ec_commands.h b/include/ec_commands.h index 223a25fcbe..3eab0a8354 100644 --- a/include/ec_commands.h +++ b/include/ec_commands.h @@ -1381,16 +1381,29 @@ struct __ec_align4 ec_response_flash_protect { enum ec_flash_region { /* Region which holds read-only EC image */ EC_FLASH_REGION_RO = 0, - /* Region which holds rewritable EC image */ - EC_FLASH_REGION_RW, + /* + * Region which holds active RW image. 'Active' is different from + * 'running'. Active means 'scheduled-to-run'. Since RO image always + * scheduled to run, active/non-active applies only to RW images (for + * the same reason 'update' applies only to RW images. It's a state of + * an image on a flash. Running image can be RO, RW_A, RW_B but active + * image can only be RW_A or RW_B. In recovery mode, an active RW image + * doesn't enter 'running' state but it's still active on a flash. + */ + EC_FLASH_REGION_ACTIVE, /* * Region which should be write-protected in the factory (a superset of * EC_FLASH_REGION_RO) */ EC_FLASH_REGION_WP_RO, + /* Region which holds updatable (non-active) RW image */ + EC_FLASH_REGION_UPDATE, /* Number of regions */ EC_FLASH_REGION_COUNT, }; +/* 'RW' is vague if there are multiple RW images; we mean the active one, + * so the old constant is deprecated */ +#define EC_FLASH_REGION_RW EC_FLASH_REGION_ACTIVE struct __ec_align4 ec_params_flash_region_info { uint32_t region; /* enum ec_flash_region */ @@ -1951,8 +1964,13 @@ enum ec_vboot_hash_status { * If one of these is specified, the EC will automatically update offset and * size to the correct values for the specified image (RO or RW). */ -#define EC_VBOOT_HASH_OFFSET_RO 0xfffffffe -#define EC_VBOOT_HASH_OFFSET_RW 0xfffffffd +#define EC_VBOOT_HASH_OFFSET_RO 0xfffffffe +#define EC_VBOOT_HASH_OFFSET_ACTIVE 0xfffffffd +#define EC_VBOOT_HASH_OFFSET_UPDATE 0xfffffffc + +/* 'RW' is vague if there are multiple RW images; we mean the active one, + * so the old constant is deprecated */ +#define EC_VBOOT_HASH_OFFSET_RW EC_VBOOT_HASH_OFFSET_ACTIVE /*****************************************************************************/ /* diff --git a/include/flash.h b/include/flash.h index c769f5753d..d52f1f7ce7 100644 --- a/include/flash.h +++ b/include/flash.h @@ -102,6 +102,31 @@ enum flash_region { FLASH_REGION_COUNT }; +/** + * Get active slot + * + * Active slot contains an image which is being executed or will be executed + * after sysjump. + * + * @return Active slot index + */ +enum flash_rw_slot flash_get_active_slot(void); + +/** + * Get updatable (non-active) slot + * + * @return Updatable slot index + */ +enum flash_rw_slot flash_get_update_slot(void); + +/** + * Translate slot index to image index + * + * @param slot Slot index to convert. + * @return Image index converted from <slot> + */ +enum system_image_copy_t flash_slot_to_image(enum flash_rw_slot slot); + /*****************************************************************************/ /* Low-level methods, for use by flash_common. */ diff --git a/include/system.h b/include/system.h index 2a229a68ef..d44cb315b1 100644 --- a/include/system.h +++ b/include/system.h @@ -42,6 +42,7 @@ enum system_image_copy_t { SYSTEM_IMAGE_UNKNOWN = 0, SYSTEM_IMAGE_RO, SYSTEM_IMAGE_RW, + SYSTEM_IMAGE_RW_A = SYSTEM_IMAGE_RW, /* Some systems may have these too */ SYSTEM_IMAGE_RO_B, SYSTEM_IMAGE_RW_B, @@ -561,4 +562,18 @@ static inline void system_print_extended_version_info(void) */ int system_can_boot_ap(void); +enum flash_rw_slot { + /* Must be 0 and 1 because they are converted by 1 - slot_x. */ + FLASH_RW_SLOT_A = 0, + FLASH_RW_SLOT_B = 1, +}; + +/** + * Get flash offset of a RW slot + * + * @param slot Slot index to get the flash offset of. + * @return Flash offset of the slot specified by <slot> + */ +uint32_t flash_get_rw_offset(enum flash_rw_slot slot); + #endif /* __CROS_EC_SYSTEM_H */ |