7 files changed, 532 insertions, 0 deletions
diff --git a/resources/depthcharge/patch/0001-arm-armv7-a-march-abi-flag-for-ARMv7-hardware.patch b/resources/depthcharge/patch/0001-arm-armv7-a-march-abi-flag-for-ARMv7-hardware.patch
new file mode 100644
index 0000000..f295a63
--- /dev/null
+++ b/resources/depthcharge/patch/0001-arm-armv7-a-march-abi-flag-for-ARMv7-hardware.patch
@@ -0,0 +1,30 @@
+From 095ae6281bb2d5bdab288fa042e5c4daa05c5ca3 Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Mon, 3 Aug 2015 14:39:42 +0200
+Subject: [PATCH 1/7] arm: armv7-a march abi flag for ARMv7 hardware
+
+Specifying the march is required to get depthcharge to build with e.g. the arm
+toolchain built by coreboot's crossgcc script. Without this flag, the toolchain
+will complain that some ARM mrc/mcr ASM instructions are not defined.
+
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ src/arch/arm/build_vars | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/arch/arm/build_vars b/src/arch/arm/build_vars
+index b2fce32..455e370 100644
+--- a/src/arch/arm/build_vars
++++ b/src/arch/arm/build_vars
+@@ -17,7 +17,7 @@
+ 
+ VB_FIRMWARE_ARCH=arm
+ ifeq ($(CONFIG_ARCH_ARM_V7),y)
+-ARCH_ABI_FLAGS += -mthumb
++ARCH_ABI_FLAGS += -mthumb -march=armv7-a
+ endif
+ 
+ ifeq ($(CONFIG_ARCH_ARM_V8),y)
+-- 
+1.9.1
+
diff --git a/resources/depthcharge/patch/0002-Coreboot-image-integration-removal.patch b/resources/depthcharge/patch/0002-Coreboot-image-integration-removal.patch
new file mode 100644
index 0000000..28ee21a
--- /dev/null
+++ b/resources/depthcharge/patch/0002-Coreboot-image-integration-removal.patch
@@ -0,0 +1,33 @@
+From 4e7d727edf1939904bc516d569ceef9e295f454c Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Mon, 3 Aug 2015 14:49:34 +0200
+Subject: [PATCH 2/7] Coreboot image integration removal
+
+There is no need to integrate the built depthcharge binary inside a coreboot
+image right after building it, coreboot will handle this on its own.
+
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ src/Makefile.inc | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/src/Makefile.inc b/src/Makefile.inc
+index a73785b..564dd13 100644
+--- a/src/Makefile.inc
++++ b/src/Makefile.inc
+@@ -77,12 +77,6 @@ $(eval $(call declare_bin,$1,$2 $$$$(VB_LIB),$3))
+ 
+ $1.payload: $1.elf
+ 	@printf "    PAYLOAD    $$(subst $$(obj)/,,$$@)\n"
+-	$$(Q)-rm -f $1.rom $1.bb
+-	$$(Q)dd if=/dev/zero of=$1.bb bs=512 count=1
+-	$$(Q)cbfstool $1.rom create -m $$(ARCH) -s 1024K -B $1.bb
+-	$$(Q)cbfstool $1.rom add-payload -f $$< -n dc.elf -c lzma
+-	$$(Q)cbfstool $1.rom extract -n dc.elf -f $$@
+-	$$(Q)rm -f $1.rom $1.bb
+ 
+ $(notdir $1)_unified: $1.bin $1.payload
+ PHONY += $(notdir $1)_unified
+-- 
+1.9.1
+
diff --git a/resources/depthcharge/patch/0003-DOTCONFIG-location-correction.patch b/resources/depthcharge/patch/0003-DOTCONFIG-location-correction.patch
new file mode 100644
index 0000000..af070de
--- /dev/null
+++ b/resources/depthcharge/patch/0003-DOTCONFIG-location-correction.patch
@@ -0,0 +1,29 @@
+From 72bb1a69cf6c0f58d3c1a8f6ba98334640818566 Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Sun, 9 Aug 2015 12:06:28 +0200
+Subject: [PATCH 3/7] DOTCONFIG location correction
+
+The configuration file doesn't have to be in src and HAVE_DOTCONFIG holds its
+current location.
+
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index a1a9d33..13305cd 100644
+--- a/Makefile
++++ b/Makefile
+@@ -73,7 +73,7 @@ all: help
+ 
+ else
+ 
+-include $(src)/.config
++include $(HAVE_DOTCONFIG)
+ 
+ ifeq ($(CONFIG_ARCH_X86),y)
+ ARCH = x86
+-- 
+1.9.1
+
diff --git a/resources/depthcharge/patch/0004-Adaptation-for-a-read-only-boot-path-when-no-vboot-h.patch b/resources/depthcharge/patch/0004-Adaptation-for-a-read-only-boot-path-when-no-vboot-h.patch
new file mode 100644
index 0000000..890791b
--- /dev/null
+++ b/resources/depthcharge/patch/0004-Adaptation-for-a-read-only-boot-path-when-no-vboot-h.patch
@@ -0,0 +1,132 @@
+From 5ad9900434045ea97c536c98cb514bdb43114c12 Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Sun, 9 Aug 2015 12:09:35 +0200
+Subject: [PATCH 4/7] Adaptation for a read-only boot path when no vboot
+ handoff data is found
+
+When no vboot handoff data is found, this makes the unified depthcharge build
+attempt to follow the read-only boot path.
+
+vboot_select_firmware is called to grab the kernel key from the firmware header,
+but it won't actually jump to a RW version of depthcharge.
+
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ src/image/Makefile.inc                |  1 +
+ src/image/startrw_stub.c              | 34 ++++++++++++++++++++++++++++++++++
+ src/vboot/main.c                      | 17 ++++++++++++++++-
+ src/vboot/util/commonparams-unified.c | 11 +++++++++--
+ 4 files changed, 60 insertions(+), 3 deletions(-)
+ create mode 100644 src/image/startrw_stub.c
+
+diff --git a/src/image/Makefile.inc b/src/image/Makefile.inc
+index 95aeda1..4b74c11 100644
+--- a/src/image/Makefile.inc
++++ b/src/image/Makefile.inc
+@@ -18,6 +18,7 @@
+ depthcharge-y += fmap.c
+ depthcharge-y += index.c
+ readonly-y += startrw.c
++unified-y += startrw_stub.c
+ 
+ trampoline-y += load_elf.c
+ 
+diff --git a/src/image/startrw_stub.c b/src/image/startrw_stub.c
+new file mode 100644
+index 0000000..8e40302
+--- /dev/null
++++ b/src/image/startrw_stub.c
+@@ -0,0 +1,34 @@
++/*
++ * Copyright 2012 Google Inc.
++ *
++ * See file CREDITS for list of people who contributed to this
++ * project.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of
++ * the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but without any warranty; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
++ * MA 02111-1307 USA
++ */
++
++#include <libpayload.h>
++#include <lzma.h>
++
++#include "base/elf.h"
++#include "image/enter_trampoline.h"
++#include "image/startrw.h"
++#include "image/symbols.h"
++
++int start_rw_firmware(const void *compressed_image, uint32_t size)
++{
++	return 0;
++}
+diff --git a/src/vboot/main.c b/src/vboot/main.c
+index 7dc05f5..97a218d 100644
+--- a/src/vboot/main.c
++++ b/src/vboot/main.c
+@@ -82,6 +82,20 @@ static int vboot_init_handoff()
+ 	return vboot_do_init_out_flags(vboot_handoff->init_params.out_flags);
+ }
+ 
++static int vboot_init_ro()
++{
++	// Set up the common param structure, clearing shared data.
++	if (common_params_init(1))
++		return 1;
++
++	// Initialize vboot.
++	if (vboot_init())
++		return 1;
++
++	// Select firmware.
++	return vboot_select_firmware();
++}
++
+ int main(void)
+ {
+ 	// Let the world know we're alive.
+@@ -108,7 +122,8 @@ int main(void)
+ 
+ 	// Set up the common param structure, not clearing shared data.
+ 	if (vboot_init_handoff())
+-		halt();
++		if (vboot_init_ro())
++			halt();
+ 
+ 	/* Fastboot is only entered in recovery path */
+ 	if (vboot_in_recovery())
+diff --git a/src/vboot/util/commonparams-unified.c b/src/vboot/util/commonparams-unified.c
+index 10fcb93..575dcfd 100644
+--- a/src/vboot/util/commonparams-unified.c
++++ b/src/vboot/util/commonparams-unified.c
+@@ -28,7 +28,14 @@
+ int find_common_params(void **blob, int *size)
+ {
+ 	struct vboot_handoff *vboot_handoff = lib_sysinfo.vboot_handoff;
+-	*blob = &vboot_handoff->shared_data[0];
+-	*size = ARRAY_SIZE(vboot_handoff->shared_data);
++
++	if (vboot_handoff != NULL) {
++		*blob = &vboot_handoff->shared_data[0];
++		*size = ARRAY_SIZE(vboot_handoff->shared_data);
++	} else {
++		*blob = shared_data_blob;
++		*size = sizeof(shared_data_blob);
++	}
++
+ 	return 0;
+ }
+-- 
+1.9.1
+
diff --git a/resources/depthcharge/patch/0005-Proper-firmware-index-report-for-read-only-boot-path.patch b/resources/depthcharge/patch/0005-Proper-firmware-index-report-for-read-only-boot-path.patch
new file mode 100644
index 0000000..d883cbd
--- /dev/null
+++ b/resources/depthcharge/patch/0005-Proper-firmware-index-report-for-read-only-boot-path.patch
@@ -0,0 +1,70 @@
+From dce70fb042d91ba74359a6dfb519f31d77e2c328 Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Mon, 10 Aug 2015 20:24:50 +0200
+Subject: [PATCH 5/7] Proper firmware index report for read-only boot path
+
+When booting from a read-only boot path, the active firmware to report is RO.
+This is detected with the lack of a vboot handoff pointer.
+
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ src/vboot/crossystem/fdt.c | 2 +-
+ src/vboot/firmware_id.c    | 6 +++++-
+ src/vboot/firmware_id.h    | 1 +
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/vboot/crossystem/fdt.c b/src/vboot/crossystem/fdt.c
+index ca39dac..a79b192 100644
+--- a/src/vboot/crossystem/fdt.c
++++ b/src/vboot/crossystem/fdt.c
+@@ -73,7 +73,7 @@ static int install_crossystem_data(DeviceTreeFixup *fixup, DeviceTree *tree)
+ 				nvstorage_flash_get_blob_size());
+ 	}
+ 
+-	int fw_index = vdat->firmware_index;
++	int fw_index = get_active_fw_index(vdat);
+ 	const char *fwid;
+ 	int fwid_size;
+ 
+diff --git a/src/vboot/firmware_id.c b/src/vboot/firmware_id.c
+index 3662921..955bc84 100644
+--- a/src/vboot/firmware_id.c
++++ b/src/vboot/firmware_id.c
+@@ -36,6 +36,7 @@ static struct fwid {
+ } fw_fmap_ops[] = {
+ 	{VDAT_RW_A, "RW_FWID_A", NULL, 0, "RW A: ID NOT FOUND"},
+ 	{VDAT_RW_B, "RW_FWID_B", NULL, 0, "RW B: ID NOT FOUND"},
++	{VDAT_RO, "RO_FRID", NULL, 0, "RO: ID NOT FOUND"},
+ 	{VDAT_RECOVERY, "RO_FRID", NULL, 0, "RO: ID NOT FOUND"},
+ };
+ 
+@@ -130,10 +131,13 @@ static VbSharedDataHeader *get_vdat(void)
+ 	return NULL;
+ }
+ 
+-static inline int get_active_fw_index(VbSharedDataHeader *vdat)
++int get_active_fw_index(VbSharedDataHeader *vdat)
+ {
+ 	int fw_index = VDAT_UNKNOWN;
+ 
++	if (lib_sysinfo.vboot_handoff == NULL)
++		return VDAT_RO;
++
+ 	if (vdat)
+ 		fw_index = vdat->firmware_index;
+ 
+diff --git a/src/vboot/firmware_id.h b/src/vboot/firmware_id.h
+index fb6f206..090e9d1 100644
+--- a/src/vboot/firmware_id.h
++++ b/src/vboot/firmware_id.h
+@@ -49,6 +49,7 @@ int get_rwb_fw_size(void);
+  * Get firmware details for currently active fw type. It looks up vdat,
+  * identifies fw_index and returns appropriate id and size for that index.
+  */
++int get_active_fw_index(VbSharedDataHeader *vdat);
+ const char *get_active_fw_id(void);
+ int get_active_fw_size(void);
+ 
+-- 
+1.9.1
+
diff --git a/resources/depthcharge/patch/0006-fdt-nonvolatile-context-storage-report-to-mkbp-for-E.patch b/resources/depthcharge/patch/0006-fdt-nonvolatile-context-storage-report-to-mkbp-for-E.patch
new file mode 100644
index 0000000..7b39db6
--- /dev/null
+++ b/resources/depthcharge/patch/0006-fdt-nonvolatile-context-storage-report-to-mkbp-for-E.patch
@@ -0,0 +1,30 @@
+From 9eb389b0273cf07add859cd162c1411d15806149 Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Mon, 10 Aug 2015 20:30:14 +0200
+Subject: [PATCH 6/7] fdt: nonvolatile-context-storage report to mkbp for EC NV
+ storage
+
+This allows old versions of crossystem to detect that it should use mosys to
+access NV storage in case it is stored on the EC.
+
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ src/vboot/crossystem/fdt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/vboot/crossystem/fdt.c b/src/vboot/crossystem/fdt.c
+index a79b192..0487513 100644
+--- a/src/vboot/crossystem/fdt.c
++++ b/src/vboot/crossystem/fdt.c
+@@ -56,7 +56,7 @@ static int install_crossystem_data(DeviceTreeFixup *fixup, DeviceTree *tree)
+ 		dt_add_string_prop(node, "nonvolatile-context-storage","nvram");
+ 	} else if (CONFIG_NV_STORAGE_CROS_EC) {
+ 		dt_add_string_prop(node,
+-				"nonvolatile-context-storage", "cros-ec");
++				"nonvolatile-context-storage", "mkbp");
+ 	} else if (CONFIG_NV_STORAGE_DISK) {
+ 		dt_add_string_prop(node, "nonvolatile-context-storage", "disk");
+ 		dt_add_u32_prop(node, "nonvolatile-context-lba",
+-- 
+1.9.1
+
diff --git a/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch
new file mode 100644
index 0000000..4de5a67
--- /dev/null
+++ b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch
@@ -0,0 +1,208 @@
+From dc7421b033667ccbad3429e6ed118c849f3b05ca Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Tue, 11 Aug 2015 11:22:54 +0200
+Subject: [PATCH 7/7] vboot: Display callbacks for developer and recovery mode
+ screens
+
+We don't want to use bitmaps stored in GBB since they recommend the use of non-
+free software (Chrome OS), so this implements a text-based interface instead.
+
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ src/vboot/callbacks/display.c | 157 ++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 145 insertions(+), 12 deletions(-)
+
+diff --git a/src/vboot/callbacks/display.c b/src/vboot/callbacks/display.c
+index efa0691..2341621 100644
+--- a/src/vboot/callbacks/display.c
++++ b/src/vboot/callbacks/display.c
+@@ -84,9 +84,16 @@ void print_on_center(const char *msg)
+ 	print_string(msg);
+ }
+ 
+-VbError_t VbExDisplayScreen(uint32_t screen_type)
++VbError_t VbExDisplayScreen(uint32_t screen_type, VbNvContext *vnc)
+ {
+-	const char *msg = NULL;
++	unsigned int rows, cols;
++	uint32_t boot_signed_only = 0;
++	uint32_t boot_usb = 0;
++	const char *fw_id;
++	int fw_index;
++	void *blob = NULL;
++	int size = 0;
++	char *msg;
+ 
+ 	/*
+ 	 * Show the debug messages for development. It is a backup method
+@@ -98,31 +105,157 @@ VbError_t VbExDisplayScreen(uint32_t screen_type)
+ 		video_console_clear();
+ 		break;
+ 	case VB_SCREEN_DEVELOPER_WARNING:
+-		msg = "developer mode warning";
++		video_console_clear();
++		video_console_set_cursor(0, 0);
++
++		if (vnc != NULL) {
++			VbNvGet(vnc, VBNV_DEV_BOOT_SIGNED_ONLY,
++				&boot_signed_only);
++
++			VbNvGet(vnc, VBNV_DEV_BOOT_USB, &boot_usb);
++		}
++
++		print_string(
++			"Welcome to developer mode!\n\n"
++			"Useful key combinations:\n"
++			"- Ctrl + H: Hold developer mode\n"
++			"- Ctrl + D: Continue booting\n");
++
++		if (boot_usb)
++			print_string("- Ctrl + U: Boot from external media\n");
++
++		print_string(
++			"- Ctrl + L: Boot from legacy media\n"
++			"- Ctrl + I: Show device information\n"
++			"- Space: Disable developer mode\n\n"
++			"This screen is shown for 3 seconds (if not held).\n\n");
++
++		if (vnc != NULL) {
++			if (!boot_signed_only)
++				print_string(
++					"Warning: this device will boot "
++					"unsigned kernels!\n");
++
++			if (boot_usb)
++				print_string(
++					"Warning: this device will boot from "
++					"external media!\n");
++
++			if (!boot_signed_only || boot_usb)
++				print_string("\n");
++		}
++
++		find_common_params(&blob, &size);
++
++		if (blob != NULL) {
++			VbSharedDataHeader *vdat = (VbSharedDataHeader *) blob;
++			fw_index = get_active_fw_index(vdat);
++			fw_id = get_fw_id(fw_index);
++
++			if (fw_id == NULL)
++				fw_id = "NOT FOUND";
++
++			print_string("Active firmware id: ");
++			print_string(fw_id);
++
++			switch (fw_index) {
++				case VDAT_RW_A:
++					print_string(" (RW A)\n");
++					break;
++				case VDAT_RW_B:
++					print_string(" (RW A)\n");
++					break;
++				case VDAT_RO:
++					print_string(" (RO)\n");
++					break;
++				default:
++					print_string(" (UNKNOWN)\n");
++					break;
++			}
++		}
+ 		break;
+ 	case VB_SCREEN_DEVELOPER_EGG:
+-		msg = "easter egg";
++		video_console_clear();
++		print_on_center("Free as in Freedom!");
+ 		break;
+ 	case VB_SCREEN_RECOVERY_REMOVE:
+-		msg = "remove inserted devices";
++		video_console_clear();
++		print_on_center(
++			"Please remove any external media before accessing "
++			"recovery screen.");
+ 		break;
+ 	case VB_SCREEN_RECOVERY_INSERT:
+-		msg = "insert recovery image";
+-		break;
+ 	case VB_SCREEN_RECOVERY_NO_GOOD:
+-		msg = "insert image invalid";
++		video_console_clear();
++		print_string(
++			"Welcome to recovery mode!\n\n"
++			"Useful key combinations:\n"
++			"- Ctrl + D: Enable developer mode\n\n");
++
++		if (screen_type == VB_SCREEN_RECOVERY_NO_GOOD)
++			print_on_center(
++				"Invalid recovery media, please instert a "
++				"valid one.");
++		else
++			print_on_center(
++				"Please insert an external recovery media.");
++		break;
++	case VB_SCREEN_RECOVERY_TO_DEV:
++		video_console_clear();
++		video_get_rows_cols(&rows, &cols);
++
++		video_console_set_cursor(0, 0);
++
++		print_string(
++			"Enabling developer mode will allow booting unsigned "
++			"kernels and booting from external media (when enabled "
++			"with crossystem).\n\n"
++			"Developer mode can be disabled via the developer mode "
++			"screen.");
++
++		msg = "Developer mode will be enabled.";
++		video_console_set_cursor((cols - strlen(msg)) / 2, rows / 2);
++		print_string(msg);
++
++		msg = "Press enter to confirm or escape to go back.";
++		video_console_set_cursor((cols - strlen(msg)) / 2,
++					 rows / 2 + 2);
++		print_string(msg);
++		break;
++	case VB_SCREEN_DEVELOPER_TO_NORM:
++		video_console_clear();
++		video_get_rows_cols(&rows, &cols);
++
++		video_console_set_cursor(0, 0);
++
++		print_string(
++			"Disabling developer mode will restrict boot to signed "
++			"kernels stored on internal memory only.\n\n"
++			"Developer mode can be enabled again via the recovery "
++			"mode screen.");
++
++		msg = "Developer mode will be disabled.";
++		video_console_set_cursor((cols - strlen(msg)) / 2, rows / 2);
++		print_string(msg);
++
++		msg = "Press enter to confirm or escape to go back.";
++		video_console_set_cursor((cols - strlen(msg)) / 2,
++					 rows / 2 + 2);
++		print_string(msg);
+ 		break;
+ 	case VB_SCREEN_WAIT:
+-		msg = "wait for ec update";
++		video_console_clear();
++		print_on_center("Waiting for EC update...");
++		break;
++	case VB_SCREEN_TO_NORM_CONFIRMED:
++		video_console_clear();
++		print_on_center("Disabling developer mode.");
+ 		break;
+ 	default:
+ 		printf("Not a valid screen type: %d.\n", screen_type);
+ 		return VBERROR_INVALID_SCREEN_INDEX;
+ 	}
+ 
+-	if (msg)
+-		print_on_center(msg);
+-
+ 	return VBERROR_SUCCESS;
+ }
+ 
+-- 
+1.9.1
+