diff options
| -rw-r--r-- | QcomModulePkg/Application/LinuxLoader/LinuxLoader.c | 31 | ||||
| -rw-r--r-- | QcomModulePkg/Include/Library/BootLinux.h | 4 | ||||
| -rw-r--r-- | QcomModulePkg/Library/BootLib/BootLib.inf | 1 | ||||
| -rw-r--r-- | QcomModulePkg/Library/BootLib/BootLinux.c | 85 | ||||
| -rw-r--r-- | QcomModulePkg/Library/BootLib/UpdateCmdLine.c | 5 | ||||
| -rw-r--r-- | QcomModulePkg/QcomModulePkg.dsc | 3 | ||||
| -rw-r--r-- | makefile | 2 |
7 files changed, 124 insertions, 7 deletions
diff --git a/QcomModulePkg/Application/LinuxLoader/LinuxLoader.c b/QcomModulePkg/Application/LinuxLoader/LinuxLoader.c index ebfad5dc62..224bf0b960 100644 --- a/QcomModulePkg/Application/LinuxLoader/LinuxLoader.c +++ b/QcomModulePkg/Application/LinuxLoader/LinuxLoader.c @@ -173,6 +173,37 @@ EFI_STATUS EFIAPI LinuxLoaderEntry(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABL BootStatsSetTimeStamp(BS_BL_START); // Initialize verified boot & Read Device Info + Status = ReadWriteDeviceInfo(READ_CONFIG, (UINT8 *)&DevInfo, sizeof(DevInfo)); + if (Status != EFI_SUCCESS) + { + DEBUG((EFI_D_ERROR, "Unable to Read Device Info: %r\n", Status)); + return Status; + } + + if (CompareMem(DevInfo.magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE)) + { + DEBUG((EFI_D_ERROR, "Device Magic does not match\n")); + CopyMem(DevInfo.magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE); + if (IsSecureBootEnabled()) + { + DevInfo.is_unlocked = FALSE; + DevInfo.is_unlock_critical = FALSE; + } + else + { + DevInfo.is_unlocked = TRUE; + DevInfo.is_unlock_critical = TRUE; + } + DevInfo.is_charger_screen_enabled = FALSE; + DevInfo.verity_mode = TRUE; + Status = ReadWriteDeviceInfo(WRITE_CONFIG, (UINT8 *)&DevInfo, sizeof(DevInfo)); + if (Status != EFI_SUCCESS) + { + DEBUG((EFI_D_ERROR, "Unable to Write Device Info: %r\n", Status)); + return Status; + } + } + Status = ReadWriteDeviceInfo(READ_CONFIG, &DevInfo, sizeof(DevInfo)); if (Status != EFI_SUCCESS) { diff --git a/QcomModulePkg/Include/Library/BootLinux.h b/QcomModulePkg/Include/Library/BootLinux.h index 5ff3089ea1..36b732d105 100644 --- a/QcomModulePkg/Include/Library/BootLinux.h +++ b/QcomModulePkg/Include/Library/BootLinux.h @@ -45,6 +45,7 @@ #include <Library/TimerLib.h> #include <Library/PrintLib.h> #include <Library/CacheMaintenanceLib.h> +#include <Library/DrawUI.h> #include <PiDxe.h> #include <Protocol/BlockIo.h> #include <Protocol/SimpleFileSystem.h> @@ -52,6 +53,7 @@ #include <Protocol/SerialIo.h> #include <Protocol/FirmwareVolume2.h> #include <Protocol/LoadedImage.h> +#include <Protocol/EFIVerifiedBoot.h> #include <Guid/FileSystemInfo.h> #include <Guid/FileInfo.h> #include <Guid/Gpt.h> @@ -75,7 +77,7 @@ typedef VOID (*LINUX_KERNEL)(UINTN ParametersBase, UINTN Reserved0, UINTN Reserved1, UINTN Reserved2); -VOID BootLinux(VOID *ImageBuffer, UINT32 ImageSize, DeviceInfo *DevInfo, CHAR8 *pname); +EFI_STATUS BootLinux(VOID *ImageBuffer, UINT32 ImageSize, DeviceInfo *DevInfo, CHAR8 *pname); EFI_STATUS LaunchApp(IN UINTN Argc, IN CHAR8 **Argv); #endif diff --git a/QcomModulePkg/Library/BootLib/BootLib.inf b/QcomModulePkg/Library/BootLib/BootLib.inf index eedb15adf3..236c5dfa25 100644 --- a/QcomModulePkg/Library/BootLib/BootLib.inf +++ b/QcomModulePkg/Library/BootLib/BootLib.inf @@ -81,6 +81,7 @@ TimerLib BaseStackCheckLib MemoryAllocationLib + UefiHiiServicesLib [Guids] gEfiFileInfoGuid diff --git a/QcomModulePkg/Library/BootLib/BootLinux.c b/QcomModulePkg/Library/BootLib/BootLinux.c index b4c15b3475..1b47e63686 100644 --- a/QcomModulePkg/Library/BootLib/BootLinux.c +++ b/QcomModulePkg/Library/BootLib/BootLinux.c @@ -30,11 +30,14 @@ * */ +#include <Library/VerifiedBootMenu.h> #include "BootLinux.h" #include "BootStats.h" -VOID BootLinux(VOID *ImageBuffer, UINT32 ImageSize, DeviceInfo *deviceinfo, CHAR8 *pname) +STATIC BOOLEAN VerifiedBootEnbled(); + +EFI_STATUS BootLinux (VOID *ImageBuffer, UINT32 ImageSize, DeviceInfo *DevInfo, CHAR8 *pname) { EFI_STATUS Status; @@ -63,6 +66,65 @@ VOID BootLinux(VOID *ImageBuffer, UINT32 ImageSize, DeviceInfo *deviceinfo, CHAR STATIC UINT32* CmdLine; STATIC UINTN BaseMemory; UINT64 Time; + boot_state_t BootState = BOOT_STATE_MAX; + QCOM_VERIFIEDBOOT_PROTOCOL *VbIntf; + device_info_vb_t DevInfo_vb; + STATIC CHAR8 StrPartition[MAX_PNAME_LENGTH]; + + if (VerifiedBootEnbled()) + { + Status = gBS->LocateProtocol(&gEfiQcomVerifiedBootProtocolGuid, NULL, (VOID **) &VbIntf); + if (Status != EFI_SUCCESS) + { + DEBUG((EFI_D_ERROR, "Unable to locate VB protocol: %r\n", Status)); + return Status; + } + DevInfo_vb.is_unlocked = DevInfo->is_unlocked; + DevInfo_vb.is_unlock_critical = DevInfo->is_unlock_critical; + Status = VbIntf->VBDeviceInit(VbIntf, (device_info_vb_t *)&DevInfo_vb); + if (Status != EFI_SUCCESS) + { + DEBUG((EFI_D_ERROR, "Error during VBDeviceInit: %r\n", Status)); + return Status; + } + + AsciiStrnCpy(StrPartition, "/", MAX_PNAME_LENGTH); + AsciiStrnCat(StrPartition, pname, MAX_PNAME_LENGTH); + + Status = VbIntf->VBVerifyImage(VbIntf, StrPartition, (UINT8 *) ImageBuffer, ImageSize, &BootState); + if (Status != EFI_SUCCESS && BootState == BOOT_STATE_MAX) + { + DEBUG((EFI_D_ERROR, "VBVerifyImage failed with: %r\n", Status)); + return Status; + } + + DEBUG((EFI_D_VERBOSE, "Boot State is : %d\n", BootState)); + switch (BootState) + { + case RED: + DisplayVerifiedBootMenu(DISPLAY_MENU_RED); + MicroSecondDelay(5000000); + ShutdownDevice(); + break; + case YELLOW: + DisplayVerifiedBootMenu(DISPLAY_MENU_YELLOW); + MicroSecondDelay(5000000); + break; + case ORANGE: + DisplayVerifiedBootMenu(DISPLAY_MENU_ORANGE); + MicroSecondDelay(5000000); + break; + default: + break; + } + + Status = VbIntf->VBSendRot(VbIntf); + if (Status != EFI_SUCCESS) + { + DEBUG((EFI_D_ERROR, "Error sending Rot : %r\n", Status)); + return Status; + } + } KernelSize = ((boot_img_hdr*)(ImageBuffer))->kernel_size; RamdiskSize = ((boot_img_hdr*)(ImageBuffer))->ramdisk_size; @@ -132,7 +194,7 @@ VOID BootLinux(VOID *ImageBuffer, UINT32 ImageSize, DeviceInfo *deviceinfo, CHAR /*Updates the command line from boot image, appends device serial no., baseband information, etc *Called before ShutdownUefiBootServices as it uses some boot service functions*/ CmdLine[BOOT_ARGS_SIZE-1] = '\0'; - Final_CmdLine = update_cmdline ((CHAR8*)CmdLine, pname, deviceinfo); + Final_CmdLine = update_cmdline ((CHAR8*)CmdLine, pname, DevInfo); // appended device tree void *dtb; @@ -161,7 +223,16 @@ VOID BootLinux(VOID *ImageBuffer, UINT32 ImageSize, DeviceInfo *deviceinfo, CHAR } } - DEBUG((EFI_D_ERROR, "\nShutting Down UEFI Boot Services ...\n\n")); + if (VerifiedBootEnbled()){ + DEBUG((EFI_D_INFO, "Sending Milestone Call\n")); + Status = VbIntf->VBSendMilestone(VbIntf); + if (Status != EFI_SUCCESS) + { + DEBUG((EFI_D_INFO, "Error sending milestone call to TZ\n")); + return Status; + } + } + DEBUG((EFI_D_INFO, "\nShutting Down UEFI Boot Services ...\n\n")); /*Shut down UEFI boot services*/ Status = ShutdownUefiBootServices (); @@ -188,3 +259,11 @@ Exit: // Only be here if we fail to start Linux ASSERT(0); } + +STATIC BOOLEAN VerifiedBootEnbled() +{ +#ifdef VERIFIED_BOOT + return TRUE; +#endif + return FALSE; +} diff --git a/QcomModulePkg/Library/BootLib/UpdateCmdLine.c b/QcomModulePkg/Library/BootLib/UpdateCmdLine.c index 7a66b91f34..13485fe331 100644 --- a/QcomModulePkg/Library/BootLib/UpdateCmdLine.c +++ b/QcomModulePkg/Library/BootLib/UpdateCmdLine.c @@ -69,6 +69,7 @@ CHAR8 display_cmdline[MAX_DISPLAY_CMD_LINE]; UINTN display_cmdline_len = sizeof(display_cmdline); #if VERIFIED_BOOT +DeviceInfo DevInfo; STATIC CONST CHAR8 *verity_mode = " androidboot.veritymode="; STATIC CONST CHAR8 *verified_state = " androidboot.verifiedbootstate="; STATIC struct verified_boot_verity_mode vbvm[] = @@ -234,12 +235,12 @@ UINT8 *update_cmdline(CONST CHAR8 * cmdline, CHAR8 *pname, DeviceInfo *devinfo) have_cmdline = 1; } #if VERIFIED_BOOT - if ((device.verity_mode != 0) && (device.verity_mode != 1)) + if ((DevInfo.verity_mode != 0) && (DevInfo.verity_mode != 1)) { DEBUG((EFI_D_ERROR, "Devinfo partition possibly corrupted!!!. Please erase devinfo partition to continue booting.\n")); ASSERT(0); } - cmdline_len += AsciiStrLen(verity_mode) + AsciiStrLen(vbvm[device.verity_mode]); + cmdline_len += AsciiStrLen(verity_mode) + AsciiStrLen(vbvm[DevInfo.verity_mode].name); #endif cmdline_len += AsciiStrLen(bootdev_cmdline); diff --git a/QcomModulePkg/QcomModulePkg.dsc b/QcomModulePkg/QcomModulePkg.dsc index 48627f7568..f695230b8f 100644 --- a/QcomModulePkg/QcomModulePkg.dsc +++ b/QcomModulePkg/QcomModulePkg.dsc @@ -85,6 +85,9 @@ GCC:*_*_AARCH64_ARCHCC_FLAGS == -mtune=cortex-a53 -w GCC:*_*_AARCH64_ARCHPP_FLAGS == GCC:*_*_AARCH64_DLINK_FLAGS = -Ttext=0x0 + !if $(VERIFIED_BOOT) + GCC:*_*_*_CC_FLAGS = -DVERIFIED_BOOT + !endif [PcdsFixedAtBuild.common] @@ -35,7 +35,7 @@ EDK_TOOLS_BIN: ABL_FV_IMG: EDK_TOOLS_BIN @. ./edksetup.sh BaseTools && \ - build -p $(WORKSPACE)/QcomModulePkg/QcomModulePkg.dsc -a AARCH64 -t $(TARGET_TOOLS) -b $(TARGET) -D ABL_OUT_DIR=$(ANDROID_PRODUCT_OUT) -j build_modulepkg.log $* + build -p $(WORKSPACE)/QcomModulePkg/QcomModulePkg.dsc -a AARCH64 -t $(TARGET_TOOLS) -b $(TARGET) -D ABL_OUT_DIR=$(ANDROID_PRODUCT_OUT) -D VERIFIED_BOOT=$(VERIFIED_BOOT) -j build_modulepkg.log $* cp $(BUILD_ROOT)/FV/FVMAIN_COMPACT.Fv $(ABL_FV_IMG) ABL_FV_ELF: ABL_FV_IMG |