From ac4503d0ddafecac8a219dd53f7606ce81827c39 Mon Sep 17 00:00:00 2001
From: Pranava Y N <pranavayn@google.com>
Date: Wed, 14 May 2025 12:50:45 +0530
Subject: [PATCH] security/vboot: Introduce VBOOT_EC_SYNC_ESOL Kconfig option

This change introduces a new Kconfig option `VBOOT_EC_SYNC_ESOL`.
This config can be used to enable the display of early sign-of-life
(eSOL) during EC software sync whenever supported. When this config
is enabled, the EC sync must be performed later from the SoC code
(mainboard_romstage_entry() function) in order to display the eSOL
screen.

This change also adds a hook function vboot_show_ec_sync_esol()
to be run before performing the EC firmware image update during the EC
sync when `VBOOT_EARLY_EC_SYNC` is enabled. This function needs to be
implemented in SoC code when `VBOOT_EC_SYNC_ESOL` is enabled to display
the eSOL and notify the users about the firmware update.

AP log during EC firmware update in romstage:

```
[DEBUG]  Google Chrome EC: version:
[DEBUG]  	ro: pujjo-15217.861.0
[DEBUG]  	rw: pujjo-15217.861.0
[DEBUG]    running image: 1
[DEBUG]  FMAP: area FW_MAIN_A found @ 3a2000 (2312128 bytes)
[INFO ]  MMAP window: SPI flash base=0x3a0000, Host base=0xff3a0000, Size=0xc60000
[INFO ]  CBFS: Found 'ecrw.hash' @0x7f8c0 size 0x20 in mcache @0xfef97708
[INFO ]  VB2:vb2_digest_init() 32 bytes, hash algo 2, HW acceleration enabled
[INFO ]  VB2:check_ec_hash() Hexp RW(active): 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  VB2:check_ec_hash()            Hmir: 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  EC took 1124us to calculate image hash
[INFO ]  VB2:check_ec_hash() Heff RW(active): 8d111297eb53ba2289d256a769409bcbba4cf5b488fea97e40edcc9342a0f77f
[INFO ]  VB2:check_ec_hash() Heff != Hexp. Schedule update
[INFO ]  VB2:sync_ec() select_rw=RW(active)
[INFO ]  VB2:update_ec() Updating RW(active)...
[INFO ]  CBFS: Found 'ecrw' @0x1a9f80 size 0x40000 in mcache @0xfef97a9c
[INFO ]  VB2:vb2_digest_init() 262144 bytes, hash algo 2, HW acceleration enabled
[INFO ]  CBFS: Found 'ecrw.hash' @0x7f8c0 size 0x20 in mcache @0xfef97708
[INFO ]  VB2:vb2_digest_init() 32 bytes, hash algo 2, HW acceleration enabled
[INFO ]  VB2:check_ec_hash() Hexp RW(active): 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  VB2:check_ec_hash()            Hmir: 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[WARN ]  ec_hash_image: No valid hash (status=0 size=0). Computing...
[INFO ]  EC took 482169us to calculate image hash
[INFO ]  VB2:check_ec_hash() Heff RW(active): 62d1d55d26f33bd01a3676656148bedacf44189c81b195ec5488499074fe9bb0
[INFO ]  VB2:update_ec() Updated RW(active) successfully
[INFO ]  VB2:sync_ec() Rebooting to jump to new EC-RW
[INFO ]  VB2:vb2api_ec_sync() ec_sync_phase2(ctx) returned 0x1004
[INFO ]  EC Reboot requested. Doing cold reboot
```

BUG=b:412210635
TEST=Able to perform successful EC sync when `VBOOT_EARLY_EC_SYNC` is
selected.

Change-Id: Id853c73b54942ab35d4e3f019c1eddf4449c8d3c
Signed-off-by: Pranava Y N <pranavayn@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/87668
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/security/vboot/Kconfig        |  8 ++++++++
 src/security/vboot/ec_sync.c      |  1 +
 src/security/vboot/vboot_common.h | 14 ++++++++++++++
 3 files changed, 23 insertions(+)

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 7e291e0c70..ef7c24d879 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -286,6 +286,14 @@ config VBOOT_EARLY_EC_SYNC
 	  significantly impact boot time, as this operation will be performed
 	  later in the boot flow if it is disabled here.
 
+config VBOOT_EC_SYNC_ESOL
+	bool
+	default n
+	depends on VBOOT_EARLY_EC_SYNC && CHROMEOS_ENABLE_ESOL
+	help
+	  Enables the display of early sign-of-life (eSOL) when the EC is slow
+	  to update its firmware to inform the user that the update is happening.
+
 config VBOOT_EC_EFS
 	bool "Early firmware selection (EFS) EC"
 	default n
diff --git a/src/security/vboot/ec_sync.c b/src/security/vboot/ec_sync.c
index ac65dbd189..47c21c7c23 100644
--- a/src/security/vboot/ec_sync.c
+++ b/src/security/vboot/ec_sync.c
@@ -518,6 +518,7 @@ vb2_error_t vb2ex_ec_disable_jump(void)
  */
 vb2_error_t vb2ex_ec_update_image(enum vb2_firmware_selection select)
 {
+	vboot_show_ec_sync_esol();
 	return ec_update_image(select);
 }
 
diff --git a/src/security/vboot/vboot_common.h b/src/security/vboot/vboot_common.h
index 2399bf30ce..3e8e2edebd 100644
--- a/src/security/vboot/vboot_common.h
+++ b/src/security/vboot/vboot_common.h
@@ -74,6 +74,20 @@ static inline const struct cbfs_boot_device *vboot_get_cbfs_boot_device(void)
 }
 #endif
 
+/*
+ * This function is called before updating the EC firmware image.
+ * This API must be implemented in the SoC/mainboard code to enable
+ * early sign-of-life (eSOL) during EC firmware update.
+ */
+#if CONFIG(VBOOT_EC_SYNC_ESOL)
+void vboot_show_ec_sync_esol(void);
+#else
+static inline void vboot_show_ec_sync_esol(void)
+{
+	/* nop */
+}
+#endif
+
 void vboot_save_data(struct vb2_context *ctx);
 
 /*