1 /* SPDX-License-Identifier: GPL-2.0-only */
2
3 #include <console/cbmem_console.h>
4 #include <reset.h>
5 #include <security/tpm/tss_errors.h>
6 #include <security/vboot/misc.h>
7 #include <security/vboot/vboot_common.h>
8 #include <security/vboot/vbnv.h>
9 #include <vb2_api.h>
10
11 #include "antirollback.h"
12
save_secdata(struct vb2_context * ctx)13 static void save_secdata(struct vb2_context *ctx)
14 {
15 if (ctx->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED
16 && (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == TPM_SUCCESS)) {
17 printk(BIOS_INFO, "Saving secdata firmware\n");
18 antirollback_write_space_firmware(ctx);
19 ctx->flags &= ~VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED;
20 }
21
22 if (ctx->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED
23 && (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == TPM_SUCCESS)) {
24 printk(BIOS_INFO, "Saving secdata kernel\n");
25 antirollback_write_space_kernel(ctx);
26 ctx->flags &= ~VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
27 }
28 }
29
vboot_save_data(struct vb2_context * ctx)30 void vboot_save_data(struct vb2_context *ctx)
31 {
32 if (!verification_should_run() && !(ENV_RAMINIT && CONFIG(VBOOT_EARLY_EC_SYNC))) {
33 if (ctx->flags
34 & (VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED
35 | VB2_CONTEXT_SECDATA_KERNEL_CHANGED))
36 die("TPM writeback in " ENV_STRING "?");
37 } else {
38 save_secdata(ctx);
39 }
40
41 if (ctx->flags & VB2_CONTEXT_NVDATA_CHANGED) {
42 printk(BIOS_INFO, "Saving nvdata\n");
43 save_vbnv(ctx->nvdata);
44 ctx->flags &= ~VB2_CONTEXT_NVDATA_CHANGED;
45 }
46 }
47
48 /* Check if it is okay to enable USB Device Controller (UDC). */
vboot_can_enable_udc(void)49 int vboot_can_enable_udc(void)
50 {
51 /* Allow UDC in all vboot modes. */
52 if (!CONFIG(CHROMEOS) && CONFIG(VBOOT_ALWAYS_ALLOW_UDC))
53 return 1;
54
55 /* Always disable if not in developer mode */
56 if (!vboot_developer_mode_enabled())
57 return 0;
58 /* Enable if GBB flag is set */
59 if (vboot_is_gbb_flag_set(VB2_GBB_FLAG_ENABLE_UDC))
60 return 1;
61 /* Enable if VBNV flag is set */
62 if (vbnv_udc_enable_flag())
63 return 1;
64 /* Otherwise disable */
65 return 0;
66 }
67
68 /* ============================ VBOOT REBOOT ============================== */
vboot_platform_prepare_reboot(void)69 void __weak vboot_platform_prepare_reboot(void)
70 {
71 }
72
vboot_reboot(void)73 void vboot_reboot(void)
74 {
75 if (CONFIG(CONSOLE_CBMEM_DUMP_TO_UART))
76 cbmem_dump_console_to_uart();
77 vboot_platform_prepare_reboot();
78 board_reset();
79 }
80
vboot_save_and_reboot(struct vb2_context * ctx,uint8_t subcode)81 void vboot_save_and_reboot(struct vb2_context *ctx, uint8_t subcode)
82 {
83 printk(BIOS_INFO, "vboot: reboot requested (%#x)\n", subcode);
84 vboot_save_data(ctx);
85 vboot_reboot();
86 }
87
vboot_fail_and_reboot(struct vb2_context * ctx,uint8_t reason,uint8_t subcode)88 void vboot_fail_and_reboot(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
89 {
90 if (reason)
91 vb2api_fail(ctx, reason, subcode);
92
93 vboot_save_and_reboot(ctx, subcode);
94 }
95