aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch35
-rw-r--r--resources/libreboot/config/depthcharge/veyron_speedy/config9
-rw-r--r--resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch89
-rw-r--r--resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch (renamed from resources/libreboot/patch/chromebook/0002-chromeos-Allow-disabling-vboot-firmware-verification.patch)24
-rw-r--r--resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch68
-rwxr-xr-xresources/scripts/helpers/download/coreboot5
6 files changed, 45 insertions, 185 deletions
diff --git a/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch
index 4de5a674..ea061212 100644
--- a/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch
+++ b/resources/depthcharge/patch/0007-vboot-Display-callbacks-for-developer-and-recovery-m.patch
@@ -1,4 +1,4 @@
-From dc7421b033667ccbad3429e6ed118c849f3b05ca Mon Sep 17 00:00:00 2001
+From 541a3f09ecb062e3f0778eb9846732cfabcbfbba Mon Sep 17 00:00:00 2001
From: Paul Kocialkowski <contact@paulk.fr>
Date: Tue, 11 Aug 2015 11:22:54 +0200
Subject: [PATCH 7/7] vboot: Display callbacks for developer and recovery mode
@@ -9,14 +9,14 @@ free software (Chrome OS), so this implements a text-based interface instead.
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
---
- src/vboot/callbacks/display.c | 157 ++++++++++++++++++++++++++++++++++++++----
- 1 file changed, 145 insertions(+), 12 deletions(-)
+ src/vboot/callbacks/display.c | 168 +++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 156 insertions(+), 12 deletions(-)
diff --git a/src/vboot/callbacks/display.c b/src/vboot/callbacks/display.c
-index efa0691..2341621 100644
+index efa0691..b659f7b 100644
--- a/src/vboot/callbacks/display.c
+++ b/src/vboot/callbacks/display.c
-@@ -84,9 +84,16 @@ void print_on_center(const char *msg)
+@@ -84,9 +84,17 @@ void print_on_center(const char *msg)
print_string(msg);
}
@@ -27,6 +27,7 @@ index efa0691..2341621 100644
+ unsigned int rows, cols;
+ uint32_t boot_signed_only = 0;
+ uint32_t boot_usb = 0;
++ uint32_t boot_legacy = 0;
+ const char *fw_id;
+ int fw_index;
+ void *blob = NULL;
@@ -35,7 +36,7 @@ index efa0691..2341621 100644
/*
* Show the debug messages for development. It is a backup method
-@@ -98,31 +105,157 @@ VbError_t VbExDisplayScreen(uint32_t screen_type)
+@@ -98,31 +106,167 @@ VbError_t VbExDisplayScreen(uint32_t screen_type)
video_console_clear();
break;
case VB_SCREEN_DEVELOPER_WARNING:
@@ -48,34 +49,44 @@ index efa0691..2341621 100644
+ &boot_signed_only);
+
+ VbNvGet(vnc, VBNV_DEV_BOOT_USB, &boot_usb);
++ VbNvGet(vnc, VBNV_DEV_BOOT_LEGACY, &boot_legacy);
+ }
+
+ print_string(
+ "Welcome to developer mode!\n\n"
+ "Useful key combinations:\n"
+ "- Ctrl + H: Hold developer mode\n"
-+ "- Ctrl + D: Continue booting\n");
++ "- Ctrl + D: Boot from internal storage\n");
+
+ if (boot_usb)
+ print_string("- Ctrl + U: Boot from external media\n");
+
++ if (boot_legacy)
++ print_string("- Ctrl + L: Boot from legacy payload\n");
++
+ print_string(
-+ "- Ctrl + L: Boot from legacy media\n"
+ "- Ctrl + I: Show device information\n"
+ "- Space: Disable developer mode\n\n"
-+ "This screen is shown for 3 seconds (if not held).\n\n");
++ "This screen is shown for 3 seconds (if not held)."
++ "\n\n");
+
+ if (vnc != NULL) {
+ if (!boot_signed_only)
+ print_string(
-+ "Warning: this device will boot "
-+ "unsigned kernels!\n");
++ "Warning: this device will boot kernels"
++ " without verifying their signature!"
++ "\n");
+
+ if (boot_usb)
+ print_string(
+ "Warning: this device will boot from "
+ "external media!\n");
+
++ if (boot_legacy)
++ print_string(
++ "Warning: this device will boot legacy "
++ "payloads!\n");
++
+ if (!boot_signed_only || boot_usb)
+ print_string("\n");
+ }
@@ -130,7 +141,7 @@ index efa0691..2341621 100644
+ print_string(
+ "Welcome to recovery mode!\n\n"
+ "Useful key combinations:\n"
-+ "- Ctrl + D: Enable developer mode\n\n");
++ "- Ctrl + D: Enable developer mode (if possible)\n\n");
+
+ if (screen_type == VB_SCREEN_RECOVERY_NO_GOOD)
+ print_on_center(
diff --git a/resources/libreboot/config/depthcharge/veyron_speedy/config b/resources/libreboot/config/depthcharge/veyron_speedy/config
index 81dcfab0..4abf2012 100644
--- a/resources/libreboot/config/depthcharge/veyron_speedy/config
+++ b/resources/libreboot/config/depthcharge/veyron_speedy/config
@@ -206,6 +206,7 @@ CONFIG_HEAP_SIZE=0x4000
# CONFIG_SOC_NVIDIA_TEGRA210 is not set
# CONFIG_SOC_QC_IPQ806X is not set
CONFIG_SOC_ROCKCHIP_RK3288=y
+# CONFIG_VBOOT_VERIFY_FIRMWARE is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5250 is not set
# CONFIG_CPU_SAMSUNG_EXYNOS5420 is not set
# CONFIG_SOC_UCB_RISCV is not set
@@ -285,14 +286,10 @@ CONFIG_CHROMEOS_RAMOOPS_RAM_SIZE=0x00100000
CONFIG_EC_SOFTWARE_SYNC=y
# CONFIG_VBOOT_EC_SLOW_UPDATE is not set
CONFIG_VIRTUAL_DEV_SWITCH=y
-# CONFIG_VBOOT_VERIFY_FIRMWARE is not set
# CONFIG_NO_TPM_RESUME is not set
# CONFIG_PHYSICAL_REC_SWITCH is not set
# CONFIG_LID_SWITCH is not set
# CONFIG_WIPEOUT_SUPPORTED is not set
-CONFIG_VBOOT_STARTS_IN_BOOTBLOCK=y
-CONFIG_SEPARATE_VERSTAGE=y
-CONFIG_RETURN_FROM_VERSTAGE=y
# CONFIG_UEFI_2_4_BINDING is not set
CONFIG_ARCH_ARM=y
CONFIG_ARCH_BOOTBLOCK_ARM=y
@@ -356,7 +353,6 @@ CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y
CONFIG_NATIVE_VGA_INIT_USE_EDID=y
# CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG is not set
# CONFIG_MULTIPLE_VGA_ADAPTERS is not set
-# CONFIG_SMBUS_HAS_AUX_CHANNELS is not set
# CONFIG_SPD_CACHE is not set
# CONFIG_PCI is not set
# CONFIG_PXE_ROM is not set
@@ -457,9 +453,6 @@ CONFIG_POST_DEVICE_NONE=y
# CONFIG_POST_DEVICE_PCI_PCIE is not set
# CONFIG_HAVE_ACPI_RESUME is not set
CONFIG_HAVE_HARD_RESET=y
-# CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set
-# CONFIG_HAVE_ROMSTAGE_NVRAM_CBFS_SPINLOCK is not set
-# CONFIG_HAVE_ROMSTAGE_MICROCODE_CBFS_SPINLOCK is not set
CONFIG_HAVE_MONOTONIC_TIMER=y
CONFIG_GENERIC_UDELAY=y
# CONFIG_TIMER_QUEUE is not set
diff --git a/resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch b/resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch
deleted file mode 100644
index f89b1606..00000000
--- a/resources/libreboot/patch/chromebook/0001-armv7-Word-sized-half-word-sized-memory-operations-f.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 9746b7bf27d4a3c7c0de78b26ec9f217887f4e7d Mon Sep 17 00:00:00 2001
-From: Paul Kocialkowski <contact@paulk.fr>
-Date: Tue, 22 Sep 2015 22:16:33 +0200
-Subject: [PATCH 1/2] armv7: Word-sized/half-word-sized memory operations for
- 32/16 bit read/write
-
-Some registers only allow word-sized or half-word-sized operations and will
-cause a data fault when accessed with byte-sized operations.
-However, the compiler may or may not break such an operation into smaller
-(byte-sized) chunks. Thus, we need to reliably perform word-sized operations for
-32 bit read/write and half-word-sized operations for 16 bit read/write.
-
-This is particularly the case on the rk3288 SRAM registers, where the watchdog
-tombstone is stored. Moving to GCC 5.2.0 introduced a change of strategy in the
-compiler, where a 32 bit read would be broken into byte-sized chunks, which
-caused a data fault when accessing the watchdog tombstone register.
-
-The definitions for byte-sized memory operations are also adapted to stay
-consistent with the rest.
-
-Change-Id: I1fb3fc139e0a813acf9d70f14386a9603c9f9ede
-Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
----
- src/arch/arm/include/armv7/arch/io.h | 21 +++++++++++++++------
- 1 file changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/src/arch/arm/include/armv7/arch/io.h b/src/arch/arm/include/armv7/arch/io.h
-index 9d06003..94cb131 100644
---- a/src/arch/arm/include/armv7/arch/io.h
-+++ b/src/arch/arm/include/armv7/arch/io.h
-@@ -29,40 +29,49 @@
-
- static inline uint8_t read8(const void *addr)
- {
-+ uint8_t val;
-+
- dmb();
-- return *(volatile uint8_t *)addr;
-+ asm volatile ("ldrb %0, [%1]" : "=r" (val) : "r" (addr) : "memory");
-+ return val;
- }
-
- static inline uint16_t read16(const void *addr)
- {
-+ uint16_t val;
-+
- dmb();
-- return *(volatile uint16_t *)addr;
-+ asm volatile ("ldrh %0, [%1]" : "=r" (val) : "r" (addr) : "memory");
-+ return val;
- }
-
- static inline uint32_t read32(const void *addr)
- {
-+ uint32_t val;
-+
- dmb();
-- return *(volatile uint32_t *)addr;
-+ asm volatile ("ldr %0, [%1]" : "=r" (val) : "r" (addr) : "memory");
-+ return val;
- }
-
- static inline void write8(void *addr, uint8_t val)
- {
- dmb();
-- *(volatile uint8_t *)addr = val;
-+ asm volatile ("strb %0, [%1]" : : "r" (val), "r" (addr) : "memory");
- dmb();
- }
-
- static inline void write16(void *addr, uint16_t val)
- {
- dmb();
-- *(volatile uint16_t *)addr = val;
-+ asm volatile ("strh %0, [%1]" : : "r" (val), "r" (addr) : "memory");
- dmb();
- }
-
- static inline void write32(void *addr, uint32_t val)
- {
- dmb();
-- *(volatile uint32_t *)addr = val;
-+ asm volatile ("str %0, [%1]" : : "r" (val), "r" (addr) : "memory");
- dmb();
- }
-
---
-1.9.1
-
diff --git a/resources/libreboot/patch/chromebook/0002-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch
index bed24b19..f268922a 100644
--- a/resources/libreboot/patch/chromebook/0002-chromeos-Allow-disabling-vboot-firmware-verification.patch
+++ b/resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch
@@ -1,8 +1,8 @@
-From d0e6324693214c51e707928e26571ecc9ab8ee03 Mon Sep 17 00:00:00 2001
+From 2178bea1fbef28afbb9ffa2d95673407fac1907e Mon Sep 17 00:00:00 2001
From: Paul Kocialkowski <contact@paulk.fr>
Date: Sun, 9 Aug 2015 10:23:38 +0200
-Subject: [PATCH 2/2] chromeos: Allow disabling vboot firmware verification
- when ChromeOS is enabled
+Subject: [PATCH] chromeos: Allow disabling vboot firmware verification when
+ ChromeOS is enabled
Some ChromeOS bindings might be wanted without using vboot verification, for
instance to boot up depthcharge from the version of Coreboot installed in the
@@ -21,9 +21,10 @@ Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
---
src/lib/bootmode.c | 2 ++
+ src/soc/rockchip/rk3288/Kconfig | 2 +-
src/vendorcode/google/chromeos/Kconfig | 2 +-
src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++
- 3 files changed, 7 insertions(+), 1 deletion(-)
+ 4 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c
index f2ff72a..13c0130 100644
@@ -40,6 +41,19 @@ index f2ff72a..13c0130 100644
/* By default always initialize display. */
return 1;
+diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig
+index bc484e3..74a63e7 100644
+--- a/src/soc/rockchip/rk3288/Kconfig
++++ b/src/soc/rockchip/rk3288/Kconfig
+@@ -35,7 +35,7 @@ config SOC_ROCKCHIP_RK3288
+
+ if SOC_ROCKCHIP_RK3288
+
+-config CHROMEOS
++config VBOOT_VERIFY_FIRMWARE
+ select VBOOT_STARTS_IN_BOOTBLOCK
+ select SEPARATE_VERSTAGE
+ select RETURN_FROM_VERSTAGE
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 8309d19..694e0d7 100644
--- a/src/vendorcode/google/chromeos/Kconfig
@@ -61,7 +75,7 @@ index 8309d19..694e0d7 100644
depends on HAVE_HARD_RESET
help
diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig
-index 33c33a5..5bd8b54 100644
+index 930b009..610a847 100644
--- a/src/vendorcode/google/chromeos/vboot2/Kconfig
+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig
@@ -16,6 +16,8 @@
diff --git a/resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch
deleted file mode 100644
index 6df76360..00000000
--- a/resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From a5dba25113e8bd989b74763baabd7a07931fa314 Mon Sep 17 00:00:00 2001
-From: Paul Kocialkowski <contact@paulk.fr>
-Date: Sun, 9 Aug 2015 10:23:38 +0200
-Subject: [PATCH 9/9] chromeos: Allow disabling vboot firmware verification
- when ChromeOS is enabled
-
-Some ChromeOS bindings might be wanted without using vboot verification, for
-instance to boot up depthcharge from the version of Coreboot installed in the
-write-protected part of the SPI flash (without jumping to a RW firmware).
-
-Vboot firmware verification is still selected by default when ChromeOS is
-enabled, but this allows more flexibility since vboot firmware verification is
-no longer a hard requirement for ChromeOS (that this particular use case still
-allows booting ChromeOS).
-
-In the future, it would make sense to have all the separate components that
-CONFIG_CHROMEOS enables have their own config options, so that they can be
-enabled separately.
-
-Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb
-Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
----
- src/vendorcode/google/chromeos/Kconfig | 2 +-
- src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++
- 2 files changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
-index 8309d19..694e0d7 100644
---- a/src/vendorcode/google/chromeos/Kconfig
-+++ b/src/vendorcode/google/chromeos/Kconfig
-@@ -31,7 +31,6 @@ config CHROMEOS
- select BOOTMODE_STRAPS
- select ELOG
- select COLLECT_TIMESTAMPS
-- select VBOOT_VERIFY_FIRMWARE
- help
- Enable ChromeOS specific features like the GPIO sub table in
- the coreboot table. NOTE: Enabling this option on an unsupported
-@@ -129,6 +128,7 @@ config VIRTUAL_DEV_SWITCH
-
- config VBOOT_VERIFY_FIRMWARE
- bool "Verify firmware with vboot."
-+ default y if CHROMEOS
- default n
- depends on HAVE_HARD_RESET
- help
-diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig
-index 930b009..610a847 100644
---- a/src/vendorcode/google/chromeos/vboot2/Kconfig
-+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig
-@@ -16,6 +16,8 @@
- ## Foundation, Inc.
- ##
-
-+if VBOOT_VERIFY_FIRMWARE
-+
- config VBOOT_STARTS_IN_BOOTBLOCK
- bool "Vboot starts verifying in bootblock"
- default n
-@@ -133,3 +135,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER
- ram to allocate the vboot work buffer. That means vboot verification
- is after memory init and requires main memory to back the work
- buffer.
-+
-+endif # VBOOT_VERIFY_FIRMWARE
---
-1.9.1
-
diff --git a/resources/scripts/helpers/download/coreboot b/resources/scripts/helpers/download/coreboot
index b97171a1..332f1327 100755
--- a/resources/scripts/helpers/download/coreboot
+++ b/resources/scripts/helpers/download/coreboot
@@ -54,7 +54,7 @@ git submodule update --init --checkout -- 3rdparty/vboot/
cd "3rdparty/vboot/"
# reset vboot to last known good revision
-git reset --hard 82db93d5fc924860e4f1fb4cf24f29b5b335a480
+git reset --hard fbf631c845c08299f0bcbae3f311c5807d34c0d6
# Patch vboot
# ------------------------------------------------------------------------------
@@ -131,8 +131,7 @@ git am "../resources/libreboot/patch/misc/0008-lenovo-t500-Add-clone-of-Lenovo-T
# Chromebook:
printf "chromeos: Allow disabling vboot firmware verification when ChromeOS is enabled\n"
-git am "../resources/libreboot/patch/misc/0009-chromeos-Allow-disabling-vboot-firmware-verification.patch"
-# git fetch http://review.coreboot.org/coreboot refs/changes/43/11143/2 && git cherry-pick FETCH_HEAD
+git am "../resources/libreboot/patch/chromebook/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch"
# KGPE-D16 patches
# new versions can be found at https://raptorengineeringinc.com/coreboot/kgpe-d16-status.php