src/security/vboot/vboot_common.c

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2
   3 #include <console/cbmem_console.h>
   4 #include <reset.h>
   5 #include <security/tpm/tss_errors.h>
   6 #include <security/vboot/misc.h>
   7 #include <security/vboot/vboot_common.h>
   8 #include <security/vboot/vbnv.h>
   9 #include <vb2_api.h>
  10
  11 #include "antirollback.h"
  12
  13 static void save_secdata(struct vb2_context *ctx)
  14 {
  15         if (ctx->flags & VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED
  16             && (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == TPM_SUCCESS)) {
  17                 printk(BIOS_INFO, "Saving secdata firmware\n");
  18                 antirollback_write_space_firmware(ctx);
  19                 ctx->flags &= ~VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED;
  20         }
  21
  22         if (ctx->flags & VB2_CONTEXT_SECDATA_KERNEL_CHANGED
  23             && (CONFIG(VBOOT_MOCK_SECDATA) || tlcl_lib_init() == TPM_SUCCESS)) {
  24                 printk(BIOS_INFO, "Saving secdata kernel\n");
  25                 antirollback_write_space_kernel(ctx);
  26                 ctx->flags &= ~VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
  27         }
  28 }
  29
  30 void vboot_save_data(struct vb2_context *ctx)
  31 {
  32         if (!verification_should_run() && !(ENV_RAMINIT && CONFIG(VBOOT_EARLY_EC_SYNC))) {
  33                 if (ctx->flags
  34                     & (VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED
  35                        | VB2_CONTEXT_SECDATA_KERNEL_CHANGED))
  36                         die("TPM writeback in " ENV_STRING "?");
  37         } else {
  38                 save_secdata(ctx);
  39         }
  40
  41         if (ctx->flags & VB2_CONTEXT_NVDATA_CHANGED) {
  42                 printk(BIOS_INFO, "Saving nvdata\n");
  43                 save_vbnv(ctx->nvdata);
  44                 ctx->flags &= ~VB2_CONTEXT_NVDATA_CHANGED;
  45         }
  46 }
  47
  48 /* Check if it is okay to enable USB Device Controller (UDC). */
  49 int vboot_can_enable_udc(void)
  50 {
  51         /* Allow UDC in all vboot modes. */
  52         if (!CONFIG(CHROMEOS) && CONFIG(VBOOT_ALWAYS_ALLOW_UDC))
  53                 return 1;
  54
  55         /* Always disable if not in developer mode */
  56         if (!vboot_developer_mode_enabled())
  57                 return 0;
  58         /* Enable if GBB flag is set */
  59         if (vboot_is_gbb_flag_set(VB2_GBB_FLAG_ENABLE_UDC))
  60                 return 1;
  61         /* Enable if VBNV flag is set */
  62         if (vbnv_udc_enable_flag())
  63                 return 1;
  64         /* Otherwise disable */
  65         return 0;
  66 }
  67
  68 /* ============================ VBOOT REBOOT ============================== */
  69 void __weak vboot_platform_prepare_reboot(void)
  70 {
  71 }
  72
  73 void vboot_reboot(void)
  74 {
  75         if (CONFIG(CONSOLE_CBMEM_DUMP_TO_UART))
  76                 cbmem_dump_console_to_uart();
  77         vboot_platform_prepare_reboot();
  78         board_reset();
  79 }
  80
  81 void vboot_save_and_reboot(struct vb2_context *ctx, uint8_t subcode)
  82 {
  83         printk(BIOS_INFO, "vboot: reboot requested (%#x)\n", subcode);
  84         vboot_save_data(ctx);
  85         vboot_reboot();
  86 }
  87
  88 void vboot_fail_and_reboot(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
  89 {
  90         if (reason)
  91                 vb2api_fail(ctx, reason, subcode);
  92
  93         vboot_save_and_reboot(ctx, subcode);
  94 }