diff options
Diffstat (limited to 'resources/depthcharge')
7 files changed, 532 insertions, 0 deletions
diff --git a/resources/depthcharge/patch/0001-arm-armv7-a-march-abi-flag-for-ARMv7-hardware.patch b/resources/depthcharge/patch/0001-arm-armv7-a-march-abi-flag-for-ARMv7-hardware.patch new file mode 100644 index 0000000..f295a63 --- /dev/null +++ b/resources/depthcharge/patch/0001-arm-armv7-a-march-abi-flag-for-ARMv7-hardware.patch @@ -0,0 +1,30 @@ +From 095ae6281bb2d5bdab288fa042e5c4daa05c5ca3 Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Mon, 3 Aug 2015 14:39:42 +0200 +Subject: [PATCH 1/7] arm: armv7-a march abi flag for ARMv7 hardware + +Specifying the march is required to get depthcharge to build with e.g. the arm +toolchain built by coreboot's crossgcc script. Without this flag, the toolchain +will complain that some ARM mrc/mcr ASM instructions are not defined. + +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + src/arch/arm/build_vars | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/arch/arm/build_vars b/src/arch/arm/build_vars +index b2fce32..455e370 100644 +--- a/src/arch/arm/build_vars ++++ b/src/arch/arm/build_vars +@@ -17,7 +17,7 @@ + + VB_FIRMWARE_ARCH=arm + ifeq ($(CONFIG_ARCH_ARM_V7),y) +-ARCH_ABI_FLAGS += -mthumb ++ARCH_ABI_FLAGS += -mthumb -march=armv7-a + endif + + ifeq ($(CONFIG_ARCH_ARM_V8),y) +-- +1.9.1 + diff --git a/resources/depthcharge/patch/0002-Coreboot-image-integration-removal.patch b/resources/depthcharge/patch/0002-Coreboot-image-integration-removal.patch new file mode 100644 index 0000000..28ee21a --- /dev/null +++ b/resources/depthcharge/patch/0002-Coreboot-image-integration-removal.patch @@ -0,0 +1,33 @@ +From 4e7d727edf1939904bc516d569ceef9e295f454c Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Mon, 3 Aug 2015 14:49:34 +0200 +Subject: [PATCH 2/7] Coreboot image integration removal + +There is no need to integrate the built depthcharge binary inside a coreboot +image right after building it, coreboot will handle this on its own. + +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + src/Makefile.inc | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/src/Makefile.inc b/src/Makefile.inc +index a73785b..564dd13 100644 +--- a/src/Makefile.inc ++++ b/src/Makefile.inc +@@ -77,12 +77,6 @@ $(eval $(call declare_bin,$1,$2 $$$$(VB_LIB),$3)) + + $1.payload: $1.elf + @printf " PAYLOAD $$(subst $$(obj)/,,$$@)\n" +- $$(Q)-rm -f $1.rom $1.bb +- $$(Q)dd if=/dev/zero of=$1.bb bs=512 count=1 +- $$(Q)cbfstool $1.rom create -m $$(ARCH) -s 1024K -B $1.bb +- $$(Q)cbfstool $1.rom add-payload -f $$< -n dc.elf -c lzma +- $$(Q)cbfstool $1.rom extract -n dc.elf -f $$@ +- $$(Q)rm -f $1.rom $1.bb + + $(notdir $1)_unified: $1.bin $1.payload + PHONY += $(notdir $1)_unified +-- +1.9.1 + diff --git a/resources/depthcharge/patch/0003-DOTCONFIG-location-correction.patch b/resources/depthcharge/patch/0003-DOTCONFIG-location-correction.patch new file mode 100644 index 0000000..af070de --- /dev/null +++ b/resources/depthcharge/patch/0003-DOTCONFIG-location-correction.patch @@ -0,0 +1,29 @@ +From 72bb1a69cf6c0f58d3c1a8f6ba98334640818566 Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Sun, 9 Aug 2015 12:06:28 +0200 +Subject: [PATCH 3/7] DOTCONFIG location correction + +The configuration file doesn't have to be in src and HAVE_DOTCONFIG holds its +current location. + +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index a1a9d33..13305cd 100644 +--- a/Makefile ++++ b/Makefile +@@ -73,7 +73,7 @@ all: help + + else + +-include $(src)/.config ++include $(HAVE_DOTCONFIG) + + ifeq ($(CONFIG_ARCH_X86),y) + ARCH = x86 +-- +1.9.1 + diff --git a/resources/depthcharge/patch/0004-Adaptation-for-a-read-only-boot-path-when-no-vboot-h.patch b/resources/depthcharge/patch/0004-Adaptation-for-a-read-only-boot-path-when-no-vboot-h.patch new file mode 100644 index 0000000..890791b --- /dev/null +++ b/resources/depthcharge/patch/0004-Adaptation-for-a-read-only-boot-path-when-no-vboot-h.patch @@ -0,0 +1,132 @@ +From 5ad9900434045ea97c536c98cb514bdb43114c12 Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Sun, 9 Aug 2015 12:09:35 +0200 +Subject: [PATCH 4/7] Adaptation for a read-only boot path when no vboot + handoff data is found + +When no vboot handoff data is found, this makes the unified depthcharge build +attempt to follow the read-only boot path. + +vboot_select_firmware is called to grab the kernel key from the firmware header, +but it won't actually jump to a RW version of depthcharge. + +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + src/image/Makefile.inc | 1 + + src/image/startrw_stub.c | 34 ++++++++++++++++++++++++++++++++++ + src/vboot/main.c | 17 ++++++++++++++++- + src/vboot/util/commonparams-unified.c | 11 +++++++++-- + 4 files changed, 60 insertions(+), 3 deletions(-) + create mode 100644 src/image/startrw_stub.c + +diff --git a/src/image/Makefile.inc b/src/image/Makefile.inc +index 95aeda1..4b74c11 100644 +--- a/src/image/Makefile.inc ++++ b/src/image/Makefile.inc +@@ -18,6 +18,7 @@ + depthcharge-y += fmap.c + depthcharge-y += index.c + readonly-y += startrw.c ++unified-y += startrw_stub.c + + trampoline-y += load_elf.c + +diff --git a/src/image/startrw_stub.c b/src/image/startrw_stub.c +new file mode 100644 +index 0000000..8e40302 +--- /dev/null ++++ b/src/image/startrw_stub.c +@@ -0,0 +1,34 @@ ++/* ++ * Copyright 2012 Google Inc. ++ * ++ * See file CREDITS for list of people who contributed to this ++ * project. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of ++ * the License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but without any warranty; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, ++ * MA 02111-1307 USA ++ */ ++ ++#include <libpayload.h> ++#include <lzma.h> ++ ++#include "base/elf.h" ++#include "image/enter_trampoline.h" ++#include "image/startrw.h" ++#include "image/symbols.h" ++ ++int start_rw_firmware(const void *compressed_image, uint32_t size) ++{ ++ return 0; ++} +diff --git a/src/vboot/main.c b/src/vboot/main.c +index 7dc05f5..97a218d 100644 +--- a/src/vboot/main.c ++++ b/src/vboot/main.c +@@ -82,6 +82,20 @@ static int vboot_init_handoff() + return vboot_do_init_out_flags(vboot_handoff->init_params.out_flags); + } + ++static int vboot_init_ro() ++{ ++ // Set up the common param structure, clearing shared data. ++ if (common_params_init(1)) ++ return 1; ++ ++ // Initialize vboot. ++ if (vboot_init()) ++ return 1; ++ ++ // Select firmware. ++ return vboot_select_firmware(); ++} ++ + int main(void) + { + // Let the world know we're alive. +@@ -108,7 +122,8 @@ int main(void) + + // Set up the common param structure, not clearing shared data. + if (vboot_init_handoff()) +- halt(); ++ if (vboot_init_ro()) ++ halt(); + + /* Fastboot is only entered in recovery path */ + if (vboot_in_recovery()) +diff --git a/src/vboot/util/commonparams-unified.c b/src/vboot/util/commonparams-unified.c +index 10fcb93..575dcfd 100644 +--- a/src/vboot/util/commonparams-unified.c ++++ b/src/vboot/util/commonparams-unified.c +@@ -28,7 +28,14 @@ + int find_common_params(void **blob, int *size) + { + struct vboot_handoff *vboot_handoff = lib_sysinfo.vboot_handoff; +- *blob = &vboot_handoff->shared_data[0]; +- *size = ARRAY_SIZE(vboot_handoff->shared_data); ++ ++ if (vboot_handoff != NULL) { ++ *blob = &vboot_handoff->shared_data[0]; ++ *size = ARRAY_SIZE(vboot_handoff->shared_data); ++ } else { ++ *blob = shared_data_blob; ++ *size = sizeof(shared_data_blob); ++ } ++ + return 0; + } +-- +1.9.1 + diff --git a/resources/depthcharge/patch/0005-Proper-firmware-index-report-for-read-only-boot-path.patch b/resources/depthcharge/patch/0005-Proper-firmware-index-report-for-read-only-boot-path.patch new file mode 100644 index 0000000..d883cbd --- /dev/null +++ b/resources/depthcharge/patch/0005-Proper-firmware-index-report-for-read-only-boot-path.patch @@ -0,0 +1,70 @@ +From dce70fb042d91ba74359a6dfb519f31d77e2c328 Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Mon, 10 Aug 2015 20:24:50 +0200 +Subject: [PATCH 5/7] Proper firmware index report for read-only boot path + +When booting from a read-only boot path, the active firmware to report is RO. +This is detected with the lack of a vboot handoff pointer. + +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + src/vboot/crossystem/fdt.c | 2 +- + src/vboot/firmware_id.c | 6 +++++- + src/vboot/firmware_id.h | 1 + + 3 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/vboot/crossystem/fdt.c b/src/vboot/crossystem/fdt.c +index ca39dac..a79b192 100644 +--- a/src/vboot/crossystem/fdt.c ++++ b/src/vboot/crossystem/fdt.c +@@ -73,7 +73,7 @@ static int install_crossystem_data(DeviceTreeFixup *fixup, DeviceTree *tree) + nvstorage_flash_get_blob_size()); + } + +- int fw_index = vdat->firmware_index; ++ int fw_index = get_active_fw_index(vdat); + const char *fwid; + int fwid_size; + +diff --git a/src/vboot/firmware_id.c b/src/vboot/firmware_id.c +index 3662921..955bc84 100644 +--- a/src/vboot/firmware_id.c ++++ b/src/vboot/firmware_id.c +@@ -36,6 +36,7 @@ static struct fwid { + } fw_fmap_ops[] = { + {VDAT_RW_A, "RW_FWID_A", NULL, 0, "RW A: ID NOT FOUND"}, + {VDAT_RW_B, "RW_FWID_B", NULL, 0, "RW B: ID NOT FOUND"}, ++ {VDAT_RO, "RO_FRID", NULL, 0, "RO: ID NOT FOUND"}, + {VDAT_RECOVERY, "RO_FRID", NULL, 0, "RO: ID NOT FOUND"}, + }; + +@@ -130,10 +131,13 @@ static VbSharedDataHeader *get_vdat(void) + return NULL; + } + +-static inline int get_active_fw_index(VbSharedDataHeader *vdat) ++int get_active_fw_index(VbSharedDataHeader *vdat) + { + int fw_index = VDAT_UNKNOWN; + ++ if (lib_sysinfo.vboot_handoff == NULL) ++ return VDAT_RO; ++ + if (vdat) + fw_index = vdat->firmware_index; + +diff --git a/src/vboot/firmware_id.h b/src/vboot/firmware_id.h +index fb6f206..090e9d1 100644 +--- a/src/vboot/firmware_id.h ++++ b/src/vboot/firmware_id.h +@@ -49,6 +49,7 @@ int get_rwb_fw_size(void); + * Get firmware details for currently active fw type. It looks up vdat, + * identifies fw_index and returns appropriate id and size for that index. + */ ++int get_active_fw_index(VbSharedDataHeader *vdat); + const char *get_active_fw_id(void); + int get_active_fw_size(void); + +-- +1.9.1 + diff --git a/resources/depthcharge/patch/0006-fdt-nonvolatile-context-storage-report-to-mkbp-for-E.patch b/resources/depthcharge/patch/0006-fdt-nonvolatile-context-storage-report-to-mkbp-for-E.patch new file mode 100644 index 0000000..7b39db6 --- /dev/null +++ b/resources/depthcharge/patch/0006-fdt-nonvolatile-context-storage-report-to-mkbp-for-E.patch @@ -0,0 +1,30 @@ +From 9eb389b0273cf07add859cd162c1411d15806149 Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Mon, 10 Aug 2015 20:30:14 +0200 +Subject: [PATCH 6/7] fdt: nonvolatile-context-storage report to mkbp for EC NV + storage + +This allows old versions of crossystem to detect that it should use mosys to +access NV storage in case it is stored on the EC. + +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + src/vboot/crossystem/fdt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/vboot/crossystem/fdt.c b/src/vboot/crossystem/fdt.c +index a79b192..0487513 100644 +--- a/src/vboot/crossystem/fdt.c ++++ b/src/vboot/crossystem/fdt.c +@@ -56,7 +56,7 @@ static int install_crossystem_data(DeviceTreeFixup *fixup, DeviceTree *tree) + dt_add_string_prop(node, "nonvolatile-context-storage","nvram"); + } else if (CONFIG_NV_STORAGE_CROS_EC) { + dt_add_string_prop(node, +- "nonvolatile-context-storage", "cros-ec"); ++ "nonvolatile-context-storage", "mkbp"); + } else if (CONFIG_NV_STORAGE_DISK) { + dt_add_string_prop(node, "nonvolatile-context-storage", "disk"); + dt_add_u32_prop(node, "nonvolatile-context-lba", +-- +1.9.1 + diff --git a/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch new file mode 100644 index 0000000..4de5a67 --- /dev/null +++ b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch @@ -0,0 +1,208 @@ +From dc7421b033667ccbad3429e6ed118c849f3b05ca Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Tue, 11 Aug 2015 11:22:54 +0200 +Subject: [PATCH 7/7] vboot: Display callbacks for developer and recovery mode + screens + +We don't want to use bitmaps stored in GBB since they recommend the use of non- +free software (Chrome OS), so this implements a text-based interface instead. + +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + src/vboot/callbacks/display.c | 157 ++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 145 insertions(+), 12 deletions(-) + +diff --git a/src/vboot/callbacks/display.c b/src/vboot/callbacks/display.c +index efa0691..2341621 100644 +--- a/src/vboot/callbacks/display.c ++++ b/src/vboot/callbacks/display.c +@@ -84,9 +84,16 @@ void print_on_center(const char *msg) + print_string(msg); + } + +-VbError_t VbExDisplayScreen(uint32_t screen_type) ++VbError_t VbExDisplayScreen(uint32_t screen_type, VbNvContext *vnc) + { +- const char *msg = NULL; ++ unsigned int rows, cols; ++ uint32_t boot_signed_only = 0; ++ uint32_t boot_usb = 0; ++ const char *fw_id; ++ int fw_index; ++ void *blob = NULL; ++ int size = 0; ++ char *msg; + + /* + * Show the debug messages for development. It is a backup method +@@ -98,31 +105,157 @@ VbError_t VbExDisplayScreen(uint32_t screen_type) + video_console_clear(); + break; + case VB_SCREEN_DEVELOPER_WARNING: +- msg = "developer mode warning"; ++ video_console_clear(); ++ video_console_set_cursor(0, 0); ++ ++ if (vnc != NULL) { ++ VbNvGet(vnc, VBNV_DEV_BOOT_SIGNED_ONLY, ++ &boot_signed_only); ++ ++ VbNvGet(vnc, VBNV_DEV_BOOT_USB, &boot_usb); ++ } ++ ++ print_string( ++ "Welcome to developer mode!\n\n" ++ "Useful key combinations:\n" ++ "- Ctrl + H: Hold developer mode\n" ++ "- Ctrl + D: Continue booting\n"); ++ ++ if (boot_usb) ++ print_string("- Ctrl + U: Boot from external media\n"); ++ ++ print_string( ++ "- Ctrl + L: Boot from legacy media\n" ++ "- Ctrl + I: Show device information\n" ++ "- Space: Disable developer mode\n\n" ++ "This screen is shown for 3 seconds (if not held).\n\n"); ++ ++ if (vnc != NULL) { ++ if (!boot_signed_only) ++ print_string( ++ "Warning: this device will boot " ++ "unsigned kernels!\n"); ++ ++ if (boot_usb) ++ print_string( ++ "Warning: this device will boot from " ++ "external media!\n"); ++ ++ if (!boot_signed_only || boot_usb) ++ print_string("\n"); ++ } ++ ++ find_common_params(&blob, &size); ++ ++ if (blob != NULL) { ++ VbSharedDataHeader *vdat = (VbSharedDataHeader *) blob; ++ fw_index = get_active_fw_index(vdat); ++ fw_id = get_fw_id(fw_index); ++ ++ if (fw_id == NULL) ++ fw_id = "NOT FOUND"; ++ ++ print_string("Active firmware id: "); ++ print_string(fw_id); ++ ++ switch (fw_index) { ++ case VDAT_RW_A: ++ print_string(" (RW A)\n"); ++ break; ++ case VDAT_RW_B: ++ print_string(" (RW A)\n"); ++ break; ++ case VDAT_RO: ++ print_string(" (RO)\n"); ++ break; ++ default: ++ print_string(" (UNKNOWN)\n"); ++ break; ++ } ++ } + break; + case VB_SCREEN_DEVELOPER_EGG: +- msg = "easter egg"; ++ video_console_clear(); ++ print_on_center("Free as in Freedom!"); + break; + case VB_SCREEN_RECOVERY_REMOVE: +- msg = "remove inserted devices"; ++ video_console_clear(); ++ print_on_center( ++ "Please remove any external media before accessing " ++ "recovery screen."); + break; + case VB_SCREEN_RECOVERY_INSERT: +- msg = "insert recovery image"; +- break; + case VB_SCREEN_RECOVERY_NO_GOOD: +- msg = "insert image invalid"; ++ video_console_clear(); ++ print_string( ++ "Welcome to recovery mode!\n\n" ++ "Useful key combinations:\n" ++ "- Ctrl + D: Enable developer mode\n\n"); ++ ++ if (screen_type == VB_SCREEN_RECOVERY_NO_GOOD) ++ print_on_center( ++ "Invalid recovery media, please instert a " ++ "valid one."); ++ else ++ print_on_center( ++ "Please insert an external recovery media."); ++ break; ++ case VB_SCREEN_RECOVERY_TO_DEV: ++ video_console_clear(); ++ video_get_rows_cols(&rows, &cols); ++ ++ video_console_set_cursor(0, 0); ++ ++ print_string( ++ "Enabling developer mode will allow booting unsigned " ++ "kernels and booting from external media (when enabled " ++ "with crossystem).\n\n" ++ "Developer mode can be disabled via the developer mode " ++ "screen."); ++ ++ msg = "Developer mode will be enabled."; ++ video_console_set_cursor((cols - strlen(msg)) / 2, rows / 2); ++ print_string(msg); ++ ++ msg = "Press enter to confirm or escape to go back."; ++ video_console_set_cursor((cols - strlen(msg)) / 2, ++ rows / 2 + 2); ++ print_string(msg); ++ break; ++ case VB_SCREEN_DEVELOPER_TO_NORM: ++ video_console_clear(); ++ video_get_rows_cols(&rows, &cols); ++ ++ video_console_set_cursor(0, 0); ++ ++ print_string( ++ "Disabling developer mode will restrict boot to signed " ++ "kernels stored on internal memory only.\n\n" ++ "Developer mode can be enabled again via the recovery " ++ "mode screen."); ++ ++ msg = "Developer mode will be disabled."; ++ video_console_set_cursor((cols - strlen(msg)) / 2, rows / 2); ++ print_string(msg); ++ ++ msg = "Press enter to confirm or escape to go back."; ++ video_console_set_cursor((cols - strlen(msg)) / 2, ++ rows / 2 + 2); ++ print_string(msg); + break; + case VB_SCREEN_WAIT: +- msg = "wait for ec update"; ++ video_console_clear(); ++ print_on_center("Waiting for EC update..."); ++ break; ++ case VB_SCREEN_TO_NORM_CONFIRMED: ++ video_console_clear(); ++ print_on_center("Disabling developer mode."); + break; + default: + printf("Not a valid screen type: %d.\n", screen_type); + return VBERROR_INVALID_SCREEN_INDEX; + } + +- if (msg) +- print_on_center(msg); +- + return VBERROR_SUCCESS; + } + +-- +1.9.1 + |