diff options
| author | Yuval Peress <peress@chromium.org> | 2021-02-25 22:23:02 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-02-26 23:46:36 +0000 |
| commit | a464b4de0a54387300f336c629ad63125915b4ee (patch) | |
| tree | 2460458dff69a1d8e412beb308473376db8d0545 /zephyr | |
| parent | 8a5a03850faabdc12c4d9b7552071c444c709ea0 (diff) | |
| download | chrome-ec-a464b4de0a54387300f336c629ad63125915b4ee.tar.gz | |
zephyr: efs2: Enable EFS2 for volteer
Enable efs2 running at boot for volteer using the
CONFIG_PLATFORM_EC_VBOOT flag. When enabled, prior to starting any
tasks, the RO image will compute the hash of the RW image and send
it to the cr50 for verification. Note that the cr50 verification will
fail right now until we update chromeos-bootimage-0.0.3.ebuild's
add_ec() function to compute the hash using the zephyr build's output.
This final change will be needed because zmake does not produce
build/${BOARD}/R(O|W)/ec.R(O|W).flat
BRANCH=none
BUG=b:164421798
TEST=zmake testall
TEST=build volteer, flash, see TX data to cr50 and correct response.
Signed-off-by: Yuval Peress <peress@chromium.org>
Change-Id: I2c8b3f726a843297cec3fc08306d8edaaa1999f7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2721498
Commit-Queue: Keith Short <keithshort@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
Diffstat (limited to 'zephyr')
| -rw-r--r-- | zephyr/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | zephyr/Kconfig | 11 | ||||
| -rw-r--r-- | zephyr/app/ec/main.c | 18 | ||||
| -rw-r--r-- | zephyr/projects/delbin/prj.conf | 2 | ||||
| -rw-r--r-- | zephyr/projects/kohaku/prj.conf | 2 | ||||
| -rw-r--r-- | zephyr/shim/include/config_chip.h | 6 |
6 files changed, 37 insertions, 4 deletions
diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt index 790443fd19..d5b3ed8ddc 100644 --- a/zephyr/CMakeLists.txt +++ b/zephyr/CMakeLists.txt @@ -347,5 +347,7 @@ zephyr_sources_ifdef(CONFIG_PLATFORM_EC_VBOOT_HASH zephyr_sources_ifdef(CONFIG_PLATFORM_EC_VOLUME_BUTTONS "${PLATFORM_EC}/common/button.c") +zephyr_sources_ifdef(CONFIG_PLATFORM_EC_VBOOT "${PLATFORM_EC}/common/vboot/efs2.c") + zephyr_sources_ifdef(CONFIG_PLATFORM_EC_VSTORE "${PLATFORM_EC}/common/vstore.c") diff --git a/zephyr/Kconfig b/zephyr/Kconfig index 2393b228d4..366e15c04b 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -118,6 +118,17 @@ config PLATFORM_EC_BRINGUP - And more! You can search the codebase for CONFIG_BRINGUP to see all of the features this flag will toggle. +config PLATFORM_EC_VBOOT + bool "Enable Chromium OS verified boot" + default y if !SOC_POSIX + help + Enables Early Firmware Selection v2 (EFS2) verified boot. When booting + a Chromium OS image we're actually packing both an RO image and an RW + image into flash. The RO image is loaded first. EFS2 runs at boot and + verifies the integrity of the RW image by sending a hash of the image + to the Google Security Chip (GSC). Once the GSC verifies the hash, + EFS2 calls sysjump and reboot the EC using the RW image. + config PLATFORM_EC_BOARD_VERSION bool "Support the notion of board version" default y diff --git a/zephyr/app/ec/main.c b/zephyr/app/ec/main.c index f1b3d24c69..a2cf64a424 100644 --- a/zephyr/app/ec/main.c +++ b/zephyr/app/ec/main.c @@ -31,10 +31,6 @@ void main(void) init_reset_log(); } - if (IS_ENABLED(CONFIG_PLATFORM_EC_WATCHDOG)) { - watchdog_init(); - } - if (IS_ENABLED(HAS_TASK_KEYSCAN)) { keyboard_scan_init(); } @@ -45,6 +41,20 @@ void main(void) } } + if (IS_ENABLED(CONFIG_PLATFORM_EC_VBOOT)) { + /* + * For RO, it behaves as follows: + * In recovery, it enables PD communication and returns. + * In normal boot, it verifies and jumps to RW. + * For RW, it returns immediately. + */ + vboot_main(); + } + + if (IS_ENABLED(CONFIG_PLATFORM_EC_WATCHDOG)) { + watchdog_init(); + } + /* Call init hooks before main tasks start */ if (IS_ENABLED(CONFIG_PLATFORM_EC_HOOKS)) { hook_notify(HOOK_INIT); diff --git a/zephyr/projects/delbin/prj.conf b/zephyr/projects/delbin/prj.conf index 03ab4d41b3..e52e451622 100644 --- a/zephyr/projects/delbin/prj.conf +++ b/zephyr/projects/delbin/prj.conf @@ -7,6 +7,8 @@ CONFIG_PLATFORM_EC=y CONFIG_SHIMMED_TASKS=y CONFIG_PLATFORM_EC_BRINGUP=y +CONFIG_PLATFORM_EC_VBOOT=n + CONFIG_ESPI=y CONFIG_PLATFORM_EC_ESPI_VW_SLP_S4=y diff --git a/zephyr/projects/kohaku/prj.conf b/zephyr/projects/kohaku/prj.conf index c87fd50403..df78a7210b 100644 --- a/zephyr/projects/kohaku/prj.conf +++ b/zephyr/projects/kohaku/prj.conf @@ -9,6 +9,8 @@ CONFIG_SHIMMED_TASKS=y CONFIG_ESPI=y CONFIG_I2C=y +CONFIG_PLATFORM_EC_VBOOT=n + # Power sequencing CONFIG_AP=y CONFIG_AP_X86_INTEL_CML=y diff --git a/zephyr/shim/include/config_chip.h b/zephyr/shim/include/config_chip.h index 792a6fabcb..660e57f9c6 100644 --- a/zephyr/shim/include/config_chip.h +++ b/zephyr/shim/include/config_chip.h @@ -1185,6 +1185,12 @@ enum battery_type { #if (CONFIG_WATCHDOG_PERIOD_MS) < ((HOOK_TICK_INTERVAL_MS) * 2) #error "CONFIG_WATCHDOG_PERIOD_MS must be at least 2x HOOK_TICK_INTERVAL_MS" #endif +#endif /* CONFIG_PLATFORM_EC_WATCHDOG_PERIOD_MS */ + +#undef CONFIG_VBOOT_EFS +#undef CONFIG_VBOOT_EFS2 +#ifdef CONFIG_PLATFORM_EC_VBOOT +#define CONFIG_VBOOT_EFS2 #endif #endif /* __CROS_EC_CONFIG_CHIP_H */ |