diff options
-rw-r--r-- | resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch | 35 | ||||
-rw-r--r-- | resources/libreboot/config/depthcharge/veyron_speedy/config | 9 | ||||
-rw-r--r-- | resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch | 89 | ||||
-rw-r--r-- | resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch (renamed from resources/libreboot/patch/chromebook/0002-chromeos-Allow-disabling-vboot-firmware-verification.patch) | 24 | ||||
-rw-r--r-- | resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch | 68 | ||||
-rwxr-xr-x | resources/scripts/helpers/download/coreboot | 5 |
6 files changed, 45 insertions, 185 deletions
diff --git a/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch index 4de5a67..ea06121 100644 --- a/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch +++ b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch @@ -1,4 +1,4 @@ -From dc7421b033667ccbad3429e6ed118c849f3b05ca Mon Sep 17 00:00:00 2001 +From 541a3f09ecb062e3f0778eb9846732cfabcbfbba Mon Sep 17 00:00:00 2001 From: Paul Kocialkowski <contact@paulk.fr> Date: Tue, 11 Aug 2015 11:22:54 +0200 Subject: [PATCH 7/7] vboot: Display callbacks for developer and recovery mode @@ -9,14 +9,14 @@ free software (Chrome OS), so this implements a text-based interface instead. Signed-off-by: Paul Kocialkowski <contact@paulk.fr> --- - src/vboot/callbacks/display.c | 157 ++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 145 insertions(+), 12 deletions(-) + src/vboot/callbacks/display.c | 168 +++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 156 insertions(+), 12 deletions(-) diff --git a/src/vboot/callbacks/display.c b/src/vboot/callbacks/display.c -index efa0691..2341621 100644 +index efa0691..b659f7b 100644 --- a/src/vboot/callbacks/display.c +++ b/src/vboot/callbacks/display.c -@@ -84,9 +84,16 @@ void print_on_center(const char *msg) +@@ -84,9 +84,17 @@ void print_on_center(const char *msg) print_string(msg); } @@ -27,6 +27,7 @@ index efa0691..2341621 100644 + unsigned int rows, cols; + uint32_t boot_signed_only = 0; + uint32_t boot_usb = 0; ++ uint32_t boot_legacy = 0; + const char *fw_id; + int fw_index; + void *blob = NULL; @@ -35,7 +36,7 @@ index efa0691..2341621 100644 /* * Show the debug messages for development. It is a backup method -@@ -98,31 +105,157 @@ VbError_t VbExDisplayScreen(uint32_t screen_type) +@@ -98,31 +106,167 @@ VbError_t VbExDisplayScreen(uint32_t screen_type) video_console_clear(); break; case VB_SCREEN_DEVELOPER_WARNING: @@ -48,34 +49,44 @@ index efa0691..2341621 100644 + &boot_signed_only); + + VbNvGet(vnc, VBNV_DEV_BOOT_USB, &boot_usb); ++ VbNvGet(vnc, VBNV_DEV_BOOT_LEGACY, &boot_legacy); + } + + print_string( + "Welcome to developer mode!\n\n" + "Useful key combinations:\n" + "- Ctrl + H: Hold developer mode\n" -+ "- Ctrl + D: Continue booting\n"); ++ "- Ctrl + D: Boot from internal storage\n"); + + if (boot_usb) + print_string("- Ctrl + U: Boot from external media\n"); + ++ if (boot_legacy) ++ print_string("- Ctrl + L: Boot from legacy payload\n"); ++ + print_string( -+ "- Ctrl + L: Boot from legacy media\n" + "- Ctrl + I: Show device information\n" + "- Space: Disable developer mode\n\n" -+ "This screen is shown for 3 seconds (if not held).\n\n"); ++ "This screen is shown for 3 seconds (if not held)." ++ "\n\n"); + + if (vnc != NULL) { + if (!boot_signed_only) + print_string( -+ "Warning: this device will boot " -+ "unsigned kernels!\n"); ++ "Warning: this device will boot kernels" ++ " without verifying their signature!" ++ "\n"); + + if (boot_usb) + print_string( + "Warning: this device will boot from " + "external media!\n"); + ++ if (boot_legacy) ++ print_string( ++ "Warning: this device will boot legacy " ++ "payloads!\n"); ++ + if (!boot_signed_only || boot_usb) + print_string("\n"); + } @@ -130,7 +141,7 @@ index efa0691..2341621 100644 + print_string( + "Welcome to recovery mode!\n\n" + "Useful key combinations:\n" -+ "- Ctrl + D: Enable developer mode\n\n"); ++ "- Ctrl + D: Enable developer mode (if possible)\n\n"); + + if (screen_type == VB_SCREEN_RECOVERY_NO_GOOD) + print_on_center( diff --git a/resources/libreboot/config/depthcharge/veyron_speedy/config b/resources/libreboot/config/depthcharge/veyron_speedy/config index 81dcfab..4abf201 100644 --- a/resources/libreboot/config/depthcharge/veyron_speedy/config +++ b/resources/libreboot/config/depthcharge/veyron_speedy/config @@ -206,6 +206,7 @@ CONFIG_HEAP_SIZE=0x4000 # CONFIG_SOC_NVIDIA_TEGRA210 is not set # CONFIG_SOC_QC_IPQ806X is not set CONFIG_SOC_ROCKCHIP_RK3288=y +# CONFIG_VBOOT_VERIFY_FIRMWARE is not set # CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set # CONFIG_CPU_SAMSUNG_EXYNOS5420 is not set # CONFIG_SOC_UCB_RISCV is not set @@ -285,14 +286,10 @@ CONFIG_CHROMEOS_RAMOOPS_RAM_SIZE=0x00100000 CONFIG_EC_SOFTWARE_SYNC=y # CONFIG_VBOOT_EC_SLOW_UPDATE is not set CONFIG_VIRTUAL_DEV_SWITCH=y -# CONFIG_VBOOT_VERIFY_FIRMWARE is not set # CONFIG_NO_TPM_RESUME is not set # CONFIG_PHYSICAL_REC_SWITCH is not set # CONFIG_LID_SWITCH is not set # CONFIG_WIPEOUT_SUPPORTED is not set -CONFIG_VBOOT_STARTS_IN_BOOTBLOCK=y -CONFIG_SEPARATE_VERSTAGE=y -CONFIG_RETURN_FROM_VERSTAGE=y # CONFIG_UEFI_2_4_BINDING is not set CONFIG_ARCH_ARM=y CONFIG_ARCH_BOOTBLOCK_ARM=y @@ -356,7 +353,6 @@ CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y CONFIG_NATIVE_VGA_INIT_USE_EDID=y # CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG is not set # CONFIG_MULTIPLE_VGA_ADAPTERS is not set -# CONFIG_SMBUS_HAS_AUX_CHANNELS is not set # CONFIG_SPD_CACHE is not set # CONFIG_PCI is not set # CONFIG_PXE_ROM is not set @@ -457,9 +453,6 @@ CONFIG_POST_DEVICE_NONE=y # CONFIG_POST_DEVICE_PCI_PCIE is not set # CONFIG_HAVE_ACPI_RESUME is not set CONFIG_HAVE_HARD_RESET=y -# CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set -# CONFIG_HAVE_ROMSTAGE_NVRAM_CBFS_SPINLOCK is not set -# CONFIG_HAVE_ROMSTAGE_MICROCODE_CBFS_SPINLOCK is not set CONFIG_HAVE_MONOTONIC_TIMER=y CONFIG_GENERIC_UDELAY=y # CONFIG_TIMER_QUEUE is not set diff --git a/resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch b/resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch deleted file mode 100644 index f89b160..0000000 --- a/resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 9746b7bf27d4a3c7c0de78b26ec9f217887f4e7d Mon Sep 17 00:00:00 2001 -From: Paul Kocialkowski <contact@paulk.fr> -Date: Tue, 22 Sep 2015 22:16:33 +0200 -Subject: [PATCH 1/2] armv7: Word-sized/half-word-sized memory operations for - 32/16 bit read/write - -Some registers only allow word-sized or half-word-sized operations and will -cause a data fault when accessed with byte-sized operations. -However, the compiler may or may not break such an operation into smaller -(byte-sized) chunks. Thus, we need to reliably perform word-sized operations for -32 bit read/write and half-word-sized operations for 16 bit read/write. - -This is particularly the case on the rk3288 SRAM registers, where the watchdog -tombstone is stored. Moving to GCC 5.2.0 introduced a change of strategy in the -compiler, where a 32 bit read would be broken into byte-sized chunks, which -caused a data fault when accessing the watchdog tombstone register. - -The definitions for byte-sized memory operations are also adapted to stay -consistent with the rest. - -Change-Id: I1fb3fc139e0a813acf9d70f14386a9603c9f9ede -Signed-off-by: Paul Kocialkowski <contact@paulk.fr> ---- - src/arch/arm/include/armv7/arch/io.h | 21 +++++++++++++++------ - 1 file changed, 15 insertions(+), 6 deletions(-) - -diff --git a/src/arch/arm/include/armv7/arch/io.h b/src/arch/arm/include/armv7/arch/io.h -index 9d06003..94cb131 100644 ---- a/src/arch/arm/include/armv7/arch/io.h -+++ b/src/arch/arm/include/armv7/arch/io.h -@@ -29,40 +29,49 @@ - - static inline uint8_t read8(const void *addr) - { -+ uint8_t val; -+ - dmb(); -- return *(volatile uint8_t *)addr; -+ asm volatile ("ldrb %0, [%1]" : "=r" (val) : "r" (addr) : "memory"); -+ return val; - } - - static inline uint16_t read16(const void *addr) - { -+ uint16_t val; -+ - dmb(); -- return *(volatile uint16_t *)addr; -+ asm volatile ("ldrh %0, [%1]" : "=r" (val) : "r" (addr) : "memory"); -+ return val; - } - - static inline uint32_t read32(const void *addr) - { -+ uint32_t val; -+ - dmb(); -- return *(volatile uint32_t *)addr; -+ asm volatile ("ldr %0, [%1]" : "=r" (val) : "r" (addr) : "memory"); -+ return val; - } - - static inline void write8(void *addr, uint8_t val) - { - dmb(); -- *(volatile uint8_t *)addr = val; -+ asm volatile ("strb %0, [%1]" : : "r" (val), "r" (addr) : "memory"); - dmb(); - } - - static inline void write16(void *addr, uint16_t val) - { - dmb(); -- *(volatile uint16_t *)addr = val; -+ asm volatile ("strh %0, [%1]" : : "r" (val), "r" (addr) : "memory"); - dmb(); - } - - static inline void write32(void *addr, uint32_t val) - { - dmb(); -- *(volatile uint32_t *)addr = val; -+ asm volatile ("str %0, [%1]" : : "r" (val), "r" (addr) : "memory"); - dmb(); - } - --- -1.9.1 - diff --git a/resources/libreboot/patch/chromebook/0002-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch index bed24b1..f268922 100644 --- a/resources/libreboot/patch/chromebook/0002-chromeos-Allow-disabling-vboot-firmware-verification.patch +++ b/resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch @@ -1,8 +1,8 @@ -From d0e6324693214c51e707928e26571ecc9ab8ee03 Mon Sep 17 00:00:00 2001 +From 2178bea1fbef28afbb9ffa2d95673407fac1907e Mon Sep 17 00:00:00 2001 From: Paul Kocialkowski <contact@paulk.fr> Date: Sun, 9 Aug 2015 10:23:38 +0200 -Subject: [PATCH 2/2] chromeos: Allow disabling vboot firmware verification - when ChromeOS is enabled +Subject: [PATCH] chromeos: Allow disabling vboot firmware verification when + ChromeOS is enabled Some ChromeOS bindings might be wanted without using vboot verification, for instance to boot up depthcharge from the version of Coreboot installed in the @@ -21,9 +21,10 @@ Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb Signed-off-by: Paul Kocialkowski <contact@paulk.fr> --- src/lib/bootmode.c | 2 ++ + src/soc/rockchip/rk3288/Kconfig | 2 +- src/vendorcode/google/chromeos/Kconfig | 2 +- src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++ - 3 files changed, 7 insertions(+), 1 deletion(-) + 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c index f2ff72a..13c0130 100644 @@ -40,6 +41,19 @@ index f2ff72a..13c0130 100644 /* By default always initialize display. */ return 1; +diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig +index bc484e3..74a63e7 100644 +--- a/src/soc/rockchip/rk3288/Kconfig ++++ b/src/soc/rockchip/rk3288/Kconfig +@@ -35,7 +35,7 @@ config SOC_ROCKCHIP_RK3288 + + if SOC_ROCKCHIP_RK3288 + +-config CHROMEOS ++config VBOOT_VERIFY_FIRMWARE + select VBOOT_STARTS_IN_BOOTBLOCK + select SEPARATE_VERSTAGE + select RETURN_FROM_VERSTAGE diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 8309d19..694e0d7 100644 --- a/src/vendorcode/google/chromeos/Kconfig @@ -61,7 +75,7 @@ index 8309d19..694e0d7 100644 depends on HAVE_HARD_RESET help diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig -index 33c33a5..5bd8b54 100644 +index 930b009..610a847 100644 --- a/src/vendorcode/google/chromeos/vboot2/Kconfig +++ b/src/vendorcode/google/chromeos/vboot2/Kconfig @@ -16,6 +16,8 @@ diff --git a/resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch deleted file mode 100644 index 6df7636..0000000 --- a/resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch +++ /dev/null @@ -1,68 +0,0 @@ -From a5dba25113e8bd989b74763baabd7a07931fa314 Mon Sep 17 00:00:00 2001 -From: Paul Kocialkowski <contact@paulk.fr> -Date: Sun, 9 Aug 2015 10:23:38 +0200 -Subject: [PATCH 9/9] chromeos: Allow disabling vboot firmware verification - when ChromeOS is enabled - -Some ChromeOS bindings might be wanted without using vboot verification, for -instance to boot up depthcharge from the version of Coreboot installed in the -write-protected part of the SPI flash (without jumping to a RW firmware). - -Vboot firmware verification is still selected by default when ChromeOS is -enabled, but this allows more flexibility since vboot firmware verification is -no longer a hard requirement for ChromeOS (that this particular use case still -allows booting ChromeOS). - -In the future, it would make sense to have all the separate components that -CONFIG_CHROMEOS enables have their own config options, so that they can be -enabled separately. - -Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb -Signed-off-by: Paul Kocialkowski <contact@paulk.fr> ---- - src/vendorcode/google/chromeos/Kconfig | 2 +- - src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++ - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig -index 8309d19..694e0d7 100644 ---- a/src/vendorcode/google/chromeos/Kconfig -+++ b/src/vendorcode/google/chromeos/Kconfig -@@ -31,7 +31,6 @@ config CHROMEOS - select BOOTMODE_STRAPS - select ELOG - select COLLECT_TIMESTAMPS -- select VBOOT_VERIFY_FIRMWARE - help - Enable ChromeOS specific features like the GPIO sub table in - the coreboot table. NOTE: Enabling this option on an unsupported -@@ -129,6 +128,7 @@ config VIRTUAL_DEV_SWITCH - - config VBOOT_VERIFY_FIRMWARE - bool "Verify firmware with vboot." -+ default y if CHROMEOS - default n - depends on HAVE_HARD_RESET - help -diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig -index 930b009..610a847 100644 ---- a/src/vendorcode/google/chromeos/vboot2/Kconfig -+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig -@@ -16,6 +16,8 @@ - ## Foundation, Inc. - ## - -+if VBOOT_VERIFY_FIRMWARE -+ - config VBOOT_STARTS_IN_BOOTBLOCK - bool "Vboot starts verifying in bootblock" - default n -@@ -133,3 +135,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER - ram to allocate the vboot work buffer. That means vboot verification - is after memory init and requires main memory to back the work - buffer. -+ -+endif # VBOOT_VERIFY_FIRMWARE --- -1.9.1 - diff --git a/resources/scripts/helpers/download/coreboot b/resources/scripts/helpers/download/coreboot index b97171a..332f132 100755 --- a/resources/scripts/helpers/download/coreboot +++ b/resources/scripts/helpers/download/coreboot @@ -54,7 +54,7 @@ git submodule update --init --checkout -- 3rdparty/vboot/ cd "3rdparty/vboot/" # reset vboot to last known good revision -git reset --hard 82db93d5fc924860e4f1fb4cf24f29b5b335a480 +git reset --hard fbf631c845c08299f0bcbae3f311c5807d34c0d6 # Patch vboot # ------------------------------------------------------------------------------ @@ -131,8 +131,7 @@ git am "../resources/libreboot/patch/misc/0008-lenovo-t500-Add-clone-of-Lenovo-T # Chromebook: printf "chromeos: Allow disabling vboot firmware verification when ChromeOS is enabled\n" -git am "../resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch" -# git fetch http://review.coreboot.org/coreboot refs/changes/43/11143/2 && git cherry-pick FETCH_HEAD +git am "../resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch" # KGPE-D16 patches # new versions can be found at https://raptorengineeringinc.com/coreboot/kgpe-d16-status.php |