From 27940f891678dae975b68f2fc729ad7348192af3 Mon Sep 17 00:00:00 2001
From: Daisuke Nojiri <dnojiri@chromium.org>
Date: Thu, 19 Jun 2014 19:09:47 -0700
Subject: [PATCH] vboot2: add verstage

Verstage will host vboot2 for firmware verification.
It's a stage in the sense that it has its own set of toolchains, compiler flags,
and includes. This allows us to easily add object files as needed. But
it's directly linked to bootblock. This allows us to avoid code
duplication for stage loading and jumping (e.g. cbfs driver) for the boards
where bootblock has to run in a different architecture (e.g. Tegra124).
To avoid name space conflict, verstage symbols are prefixed with verstage_.

TEST=Built with VBOOT2_VERIFY_FIRMWARE on/off. Booted Nyan Blaze.
BUG=None
BRANCH=none
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Iad57741157ec70426c676e46c5855e6797ac1dac
Reviewed-on: https://chromium-review.googlesource.com/204376
Reviewed-by: Randall Spangler <rspangler@chromium.org>
---
 Makefile.inc                                | 9 ++++++++-
 src/arch/arm/Kconfig                        | 4 ++++
 src/arch/arm/Makefile.inc                   | 6 ++++--
 src/arch/arm/armv7/Kconfig                  | 3 +++
 src/soc/nvidia/tegra124/Kconfig             | 1 +
 src/soc/nvidia/tegra124/Makefile.inc        | 2 ++
 src/soc/nvidia/tegra124/bootblock.c         | 9 ++++++++-
 src/soc/nvidia/tegra124/verstage.c          | 9 +++++++++
 src/soc/nvidia/tegra124/verstage.h          | 2 ++
 src/vendorcode/google/chromeos/Kconfig      | 8 ++++++++
 src/vendorcode/google/chromeos/Makefile.inc | 9 +++++++++
 toolchain.inc                               | 2 +-
 12 files changed, 59 insertions(+), 5 deletions(-)
 create mode 100644 src/soc/nvidia/tegra124/verstage.c
 create mode 100644 src/soc/nvidia/tegra124/verstage.h

diff --git a/Makefile.inc b/Makefile.inc
index 9d220b1c13..f98a61b25e 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -60,7 +60,7 @@ subdirs-y += site-local
 
 #######################################################################
 # Add source classes and their build options
-classes-y := ramstage romstage bootblock smm smmstub cpu_microcode rmodules
+classes-y := ramstage romstage bootblock smm smmstub cpu_microcode rmodules verstage
 
 #######################################################################
 # Helper functions for ramstage postprocess
@@ -101,6 +101,8 @@ ramstage-postprocess=$(foreach d,$(sort $(dir $(1))), \
 	$(eval $(d)ramstage.o: $(call files-in-dir,$(d),$(1)); $$(LINK) -o $$@ -r $$^ ) \
 	$(eval ramstage-objs:=$(d)ramstage.o $(filter-out $(call files-in-dir,$(d),$(1)),$(ramstage-objs))))
 
+verstage-c-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
+verstage-S-ccopts:=-D__PRE_RAM__ -D__VER_STAGE__
 romstage-c-ccopts:=-D__PRE_RAM__
 romstage-S-ccopts:=-D__PRE_RAM__
 ifeq ($(CONFIG_TRACE),y)
@@ -131,6 +133,7 @@ endif
 
 ramstage-c-deps:=$$(OPTION_TABLE_H)
 romstage-c-deps:=$$(OPTION_TABLE_H)
+verstage-c-deps:=$$(OPTION_TABLE_H)
 bootblock-c-deps:=$$(OPTION_TABLE_H)
 
 #######################################################################
@@ -309,6 +312,10 @@ $(obj)/%.romstage.o $(abspath $(obj))/%.romstage.o: $(obj)/%.c $(obj)/config.h $
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_romstage) -MMD $(CFLAGS_romstage) $(romstage-c-ccopts) -c -o $@ $<
 
+$(obj)/%.verstage.o $(abspath $(obj))/%.verstage.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
+	@printf "    CC         $(subst $(obj)/,,$(@))\n"
+	$(CC_verstage) -MMD $(CFLAGS_verstage) $(verstage-c-ccopts) -c -o $@ $<
+
 $(obj)/%.bootblock.o $(abspath $(obj))/%.bootblock.o: $(obj)/%.c $(obj)/config.h $(OPTION_TABLE_H)
 	@printf "    CC         $(subst $(obj)/,,$(@))\n"
 	$(CC_bootblock) -MMD $(CFLAGS_bootblock) $(bootblock-c-ccopts) -c -o $@ $<
diff --git a/src/arch/arm/Kconfig b/src/arch/arm/Kconfig
index da2a9f5167..bab486cbea 100644
--- a/src/arch/arm/Kconfig
+++ b/src/arch/arm/Kconfig
@@ -5,6 +5,10 @@ config ARCH_BOOTBLOCK_ARM
 	default n
 	select ARCH_ARM
 
+config ARCH_VERSTAGE_ARM
+  bool
+  default n
+
 config ARCH_ROMSTAGE_ARM
 	bool
 	default n
diff --git a/src/arch/arm/Makefile.inc b/src/arch/arm/Makefile.inc
index 9f2f591df3..dd4b203e09 100644
--- a/src/arch/arm/Makefile.inc
+++ b/src/arch/arm/Makefile.inc
@@ -55,12 +55,14 @@ bootblock-y += memset.S
 bootblock-y += memcpy.S
 bootblock-y += memmove.S
 
-$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs) $(obj)/config.h
+$(objcbfs)/bootblock.debug: $(src)/arch/arm/bootblock.ld $(obj)/ldoptions $$(bootblock-objs) $$(VERSTAGE_LIB) $(obj)/config.h
 	@printf "    LINK       $(subst $(obj)/,,$(@))\n"
 ifeq ($(CONFIG_COMPILER_LLVM_CLANG),y)
 	$(LD_bootblock) -nostdlib -m armelf_linux_eabi --gc-sections -static -o $@ -L$(obj) $< -T $(src)/arch/arm/bootblock.ld
 else
-	$(CC_bootblock) $(CFLAGS_bootblock) -nostdlib -Wl,--gc-sections -static -o $@ -L$(obj) -T $(src)/arch/arm/bootblock.ld -Wl,--start-group $(bootblock-objs) -Wl,--end-group
+	# This is based on the assumption that bootblock and verstage are compatible
+	# from the linker's perspective.
+	$(CC_bootblock) $(CFLAGS_bootblock) -nostdlib -Wl,--gc-sections -static -o $@ -L$(obj) -T $(src)/arch/arm/bootblock.ld -Wl,--start-group $(bootblock-objs) $(VERSTAGE_LIB) -Wl,--end-group
 endif
 
 endif
diff --git a/src/arch/arm/armv7/Kconfig b/src/arch/arm/armv7/Kconfig
index 4f4d28d609..180ea4db39 100644
--- a/src/arch/arm/armv7/Kconfig
+++ b/src/arch/arm/armv7/Kconfig
@@ -1,6 +1,9 @@
 config ARCH_BOOTBLOCK_ARM_V7
 	def_bool n
 	select ARCH_BOOTBLOCK_ARM
+config ARCH_VERSTAGE_ARM_V7
+	def_bool n
+	select ARCH_VERSTAGE_ARM
 config ARCH_ROMSTAGE_ARM_V7
 	def_bool n
 	select ARCH_ROMSTAGE_ARM
diff --git a/src/soc/nvidia/tegra124/Kconfig b/src/soc/nvidia/tegra124/Kconfig
index 67fc498150..7fc04757e5 100644
--- a/src/soc/nvidia/tegra124/Kconfig
+++ b/src/soc/nvidia/tegra124/Kconfig
@@ -8,6 +8,7 @@ config SOC_NVIDIA_TEGRA124
 	select DYNAMIC_CBMEM
 	select ARM_BOOTBLOCK_CUSTOM
 	select ARCH_BOOTBLOCK_ARM_V4
+	select ARCH_VERSTAGE_ARM_V7
 	select ARCH_ROMSTAGE_ARM_V7
 	select ARCH_RAMSTAGE_ARM_V7
 	select ARM_LPAE
diff --git a/src/soc/nvidia/tegra124/Makefile.inc b/src/soc/nvidia/tegra124/Makefile.inc
index 99c29010d1..80f7894500 100644
--- a/src/soc/nvidia/tegra124/Makefile.inc
+++ b/src/soc/nvidia/tegra124/Makefile.inc
@@ -22,6 +22,8 @@ ifeq ($(CONFIG_BOOTBLOCK_CONSOLE),y)
 bootblock-$(CONFIG_CONSOLE_SERIAL_UART) += uart.c
 endif
 
+verstage-y += verstage.c
+
 romstage-y += cbfs.c
 romstage-y += cbmem.c
 romstage-y += clock.c
diff --git a/src/soc/nvidia/tegra124/bootblock.c b/src/soc/nvidia/tegra124/bootblock.c
index b33eef11ce..4b58d5032e 100644
--- a/src/soc/nvidia/tegra124/bootblock.c
+++ b/src/soc/nvidia/tegra124/bootblock.c
@@ -24,10 +24,13 @@
 #include <console/console.h>
 #include <soc/clock.h>
 #include <soc/nvidia/tegra/apbmisc.h>
-
 #include "pinmux.h"
 #include "power.h"
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+#include "verstage.h"
+#endif
+
 void main(void)
 {
 	void *entry;
@@ -73,7 +76,11 @@ void main(void)
 	power_enable_cpu_rail();
 	power_ungate_cpu();
 
+#if CONFIG_VBOOT2_VERIFY_FIRMWARE
+	entry = (void *)verstage_vboot_main;
+#else
 	entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, "fallback/romstage");
+#endif
 
 	if (entry)
 		clock_cpu0_config_and_reset(entry);
diff --git a/src/soc/nvidia/tegra124/verstage.c b/src/soc/nvidia/tegra124/verstage.c
new file mode 100644
index 0000000000..234a89d0b2
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.c
@@ -0,0 +1,9 @@
+#include "verstage.h"
+
+/**
+ * Stage entry point
+ */
+void vboot_main(void)
+{
+	for(;;);
+}
diff --git a/src/soc/nvidia/tegra124/verstage.h b/src/soc/nvidia/tegra124/verstage.h
new file mode 100644
index 0000000000..a0bac347c6
--- /dev/null
+++ b/src/soc/nvidia/tegra124/verstage.h
@@ -0,0 +1,2 @@
+void vboot_main(void);
+void verstage_vboot_main(void);
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index f2076b3ad7..b9cd436e15 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -82,6 +82,14 @@ config VBOOT_VERIFY_FIRMWARE
 	  Enabling VBOOT_VERIFY_FIRMWARE will use vboot to verify the ramstage
 	  and boot loader.
 
+config VBOOT2_VERIFY_FIRMWARE
+  bool "Firmware Verification with vboot2"
+  default n
+  depends on CHROMEOS
+  help
+	  Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
+	  and boot loader.
+
 config EC_SOFTWARE_SYNC
 	bool "Enable EC software sync"
 	default n
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index 5902dc1ed2..3f70453c0e 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -104,3 +104,12 @@ $(VB_LIB):
 		fwlib
 
 endif
+
+ifeq ($(CONFIG_VBOOT2_VERIFY_FIRMWARE),y)
+VERSTAGE_LIB = $(obj)/vendorcode/google/chromeos/verstage.a
+$(VERSTAGE_LIB): $$(verstage-objs)
+	@printf "    AR         $(subst $(obj)/,,$(@))\n"
+	$(AR_verstage) rc $@.tmp $(verstage-objs)
+	@printf "    OBJCOPY    $(subst $(obj)/,,$(@))\n"
+	$(OBJCOPY_verstage) --prefix-symbols=verstage_ $@.tmp $@
+endif
\ No newline at end of file
diff --git a/toolchain.inc b/toolchain.inc
index cae389cd72..3c59ab537c 100644
--- a/toolchain.inc
+++ b/toolchain.inc
@@ -25,7 +25,7 @@ ARCH_TO_TOOLCHAIN_X86_32 := x86_32
 ARCH_TO_TOOLCHAIN_ARM    := arm
 ARCH_TO_TOOLCHAIN_ARM64  := arm64
 
-COREBOOT_STANDARD_STAGES := bootblock romstage ramstage
+COREBOOT_STANDARD_STAGES := bootblock verstage romstage ramstage
 
 ARCHDIR-i386      := x86
 ARCHDIR-arm       := arm