erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security/vboot: Introduce VBOOT_EC_SYNC_ESOL Kconfig option

Browse source 
This change introduces a new Kconfig option `VBOOT_EC_SYNC_ESOL`.
This config can be used to enable the display of early sign-of-life
(eSOL) during EC software sync whenever supported. When this config
is enabled, the EC sync must be performed later from the SoC code
(mainboard_romstage_entry() function) in order to display the eSOL
screen.

This change also adds a hook function vboot_show_ec_sync_esol()
to be run before performing the EC firmware image update during the EC
sync when `VBOOT_EARLY_EC_SYNC` is enabled. This function needs to be
implemented in SoC code when `VBOOT_EC_SYNC_ESOL` is enabled to display
the eSOL and notify the users about the firmware update.

AP log during EC firmware update in romstage:

```
[DEBUG]  Google Chrome EC: version:
[DEBUG]  	ro: pujjo-15217.861.0
[DEBUG]  	rw: pujjo-15217.861.0
[DEBUG]    running image: 1
[DEBUG]  FMAP: area FW_MAIN_A found @ 3a2000 (2312128 bytes)
[INFO ]  MMAP window: SPI flash base=0x3a0000, Host base=0xff3a0000, Size=0xc60000
[INFO ]  CBFS: Found 'ecrw.hash' @0x7f8c0 size 0x20 in mcache @0xfef97708
[INFO ]  VB2:vb2_digest_init() 32 bytes, hash algo 2, HW acceleration enabled
[INFO ]  VB2:check_ec_hash() Hexp RW(active): 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  VB2:check_ec_hash()            Hmir: 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  EC took 1124us to calculate image hash
[INFO ]  VB2:check_ec_hash() Heff RW(active): 8d111297eb53ba2289d256a769409bcbba4cf5b488fea97e40edcc9342a0f77f
[INFO ]  VB2:check_ec_hash() Heff != Hexp. Schedule update
[INFO ]  VB2:sync_ec() select_rw=RW(active)
[INFO ]  VB2:update_ec() Updating RW(active)...
[INFO ]  CBFS: Found 'ecrw' @0x1a9f80 size 0x40000 in mcache @0xfef97a9c
[INFO ]  VB2:vb2_digest_init() 262144 bytes, hash algo 2, HW acceleration enabled
[INFO ]  CBFS: Found 'ecrw.hash' @0x7f8c0 size 0x20 in mcache @0xfef97708
[INFO ]  VB2:vb2_digest_init() 32 bytes, hash algo 2, HW acceleration enabled
[INFO ]  VB2:check_ec_hash() Hexp RW(active): 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  VB2:check_ec_hash()            Hmir: 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[WARN ]  ec_hash_image: No valid hash (status=0 size=0). Computing...
[INFO ]  EC took 482169us to calculate image hash
[INFO ]  VB2:check_ec_hash() Heff RW(active): 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  VB2:update_ec() Updated RW(active) successfully
[INFO ]  VB2:sync_ec() Rebooting to jump to new EC-RW
[INFO ]  VB2:vb2api_ec_sync() ec_sync_phase2(ctx) returned 0x1004
[INFO ]  EC Reboot requested. Doing cold reboot
```

BUG=b:412210635
TEST=Able to perform successful EC sync when `VBOOT_EARLY_EC_SYNC` is
selected.

Change-Id: Id853c73b54942ab35d4e3f019c1eddf4449c8d3c
Signed-off-by: Pranava Y N <pranavayn@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87668
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Pranava Y N 2025-05-14 12:50:45 +05:30 committed by Matt DeVillier
commit ac4503d0dd
3 changed files with 23 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/security/vboot/Kconfig
View file

@ -286,6 +286,14 @@ config VBOOT_EARLY_EC_SYNC
significantly impact boot time, as this operation will be performed significantly impact boot time, as this operation will be performed
later in the boot flow if it is disabled here. later in the boot flow if it is disabled here.
config VBOOT_EC_SYNC_ESOL
bool
default n
depends on VBOOT_EARLY_EC_SYNC && CHROMEOS_ENABLE_ESOL
help
Enables the display of early sign-of-life (eSOL) when the EC is slow
to update its firmware to inform the user that the update is happening.
config VBOOT_EC_EFS config VBOOT_EC_EFS
bool "Early firmware selection (EFS) EC" bool "Early firmware selection (EFS) EC"
default n default n

1
src/security/vboot/ec_sync.c
View file

@ -518,6 +518,7 @@ vb2_error_t vb2ex_ec_disable_jump(void)
*/ */
vb2_error_t vb2ex_ec_update_image(enum vb2_firmware_selection select) vb2_error_t vb2ex_ec_update_image(enum vb2_firmware_selection select)
{ {
vboot_show_ec_sync_esol();
return ec_update_image(select); return ec_update_image(select);
} }

14
src/security/vboot/vboot_common.h
View file

@ -74,6 +74,20 @@ static inline const struct cbfs_boot_device *vboot_get_cbfs_boot_device(void)
} }
#endif #endif
/*
* This function is called before updating the EC firmware image.
* This API must be implemented in the SoC/mainboard code to enable
* early sign-of-life (eSOL) during EC firmware update.
*/
#if CONFIG(VBOOT_EC_SYNC_ESOL)
void vboot_show_ec_sync_esol(void);
#else
static inline void vboot_show_ec_sync_esol(void)
{
/* nop */
}
#endif
void vboot_save_data(struct vb2_context *ctx); void vboot_save_data(struct vb2_context *ctx);
/* /*