1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
From 1122f7a00ad7b9cab11a548ed2ba24536bfc194e Mon Sep 17 00:00:00 2001
From: Paul Kocialkowski <contact@paulk.fr>
Date: Sun, 9 Aug 2015 10:23:38 +0200
Subject: [PATCH 4/4] chromeos: Allow disabling vboot firmware verification
when ChromeOS is enabled
Some ChromeOS bindings might be wanted without using vboot verification, for
instance to boot up depthcharge from the version of Coreboot installed in the
write-protected part of the SPI flash (without jumping to a RW firmware).
Vboot firmware verification is still selected by default when ChromeOS is
enabled, but this allows more flexibility since vboot firmware verification is
no longer a hard requirement for ChromeOS (that this particular use case still
allows booting ChromeOS).
In the future, it would make sense to have all the separate components that
CONFIG_CHROMEOS enables have their own config options, so that they can be
enabled separately.
Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
---
src/lib/bootmode.c | 2 ++
src/soc/rockchip/rk3288/Kconfig | 2 +-
src/vendorcode/google/chromeos/Kconfig | 4 +---
src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c
index 15f7a5a..e4be29e 100644
--- a/src/lib/bootmode.c
+++ b/src/lib/bootmode.c
@@ -76,8 +76,10 @@ void gfx_set_init_done(int done)
int display_init_required(void)
{
/* For Chrome OS always honor vboot_skip_display_init(). */
+#if CONFIG_VBOOT_VERIFY_FIRMWARE
if (IS_ENABLED(CONFIG_CHROMEOS))
return !vboot_skip_display_init();
+#endif
/* By default always initialize display. */
return 1;
diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig
index 65e6dc3..7947514 100644
--- a/src/soc/rockchip/rk3288/Kconfig
+++ b/src/soc/rockchip/rk3288/Kconfig
@@ -31,7 +31,7 @@ config SOC_ROCKCHIP_RK3288
if SOC_ROCKCHIP_RK3288
-config CHROMEOS
+config VBOOT_VERIFY_FIRMWARE
select VBOOT_STARTS_IN_BOOTBLOCK
select SEPARATE_VERSTAGE
select RETURN_FROM_VERSTAGE
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index d2a42a1..4068419 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -27,7 +27,6 @@ config CHROMEOS
select BOOTMODE_STRAPS
select ELOG if SPI_FLASH
select COLLECT_TIMESTAMPS
- select VBOOT_VERIFY_FIRMWARE
select MULTIPLE_CBFS_INSTANCES
help
Enable ChromeOS specific features like the GPIO sub table in
@@ -96,7 +95,6 @@ config CHROMEOS_RAMOOPS_RAM_SIZE
config EC_SOFTWARE_SYNC
bool "Enable EC software sync"
default n
- depends on VBOOT_VERIFY_FIRMWARE
help
EC software sync is a mechanism where the AP helps the EC verify its
firmware similar to how vboot verifies the main system firmware. This
@@ -120,12 +118,12 @@ config VBOOT_OPROM_MATTERS
config VIRTUAL_DEV_SWITCH
bool "Virtual developer switch support"
default n
- depends on VBOOT_VERIFY_FIRMWARE
help
Whether this platform has a virtual developer switch.
config VBOOT_VERIFY_FIRMWARE
bool "Verify firmware with vboot."
+ default y if CHROMEOS
default n
depends on HAVE_HARD_RESET
help
diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig
index 7580d8d..141b636 100644
--- a/src/vendorcode/google/chromeos/vboot2/Kconfig
+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig
@@ -12,6 +12,8 @@
## GNU General Public License for more details.
##
+if VBOOT_VERIFY_FIRMWARE
+
config VBOOT_STARTS_IN_BOOTBLOCK
bool "Vboot starts verifying in bootblock"
default n
@@ -78,3 +80,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER
ram to allocate the vboot work buffer. That means vboot verification
is after memory init and requires main memory to back the work
buffer.
+
+endif # VBOOT_VERIFY_FIRMWARE
--
2.8.0
|