.. SPDX-License-Identifier: GPL-2.0+ .. Copyright 2020 Google LLC .. sectionauthor:: Simon Glass <sjg@chromium.org> Running U-Boot with Chromium OS verified boot ============================================= Note: Once you use the source below you can obtain extra documentation with 'make htmldocs'. See the 'Internal Documentation' link, under 'Chromium OS-specific doc'. To obtain:: git clone https://github.com/sjg20/u-boot.git cd u-boot git checkout cros-2021.04 cd .. git clone https://chromium.googlesource.com/chromiumos/platform/vboot_reference cd vboot_reference git checkout 45964294 # futility: updater: Correct output version for Snow To build for sandbox:: UB=/tmp/b/chromeos_sandbox # U-Boot build directory cd u-boot make O=$UB chromeos_sandbox_defconfig make O=$UB -j20 -s VBOOT_SOURCE=/path/to/vboot_reference \ MAKEFLAGS_VBOOT=DEBUG=1 QUIET=1 Replace sandbox with another supported target. This produces $UB/image.bin which contains the firmware binaries in a SPI flash image. To run on sandbox:: CROS=~/cosarm IMG=$CROS/src/build/images/coral/latest/chromiumos_image.bin $UB/tpl/u-boot-tpl -d $UB/u-boot.dtb.out \ -L6 -c "host bind 0 $IMG; vboot go auto" \ -l -w -s state.dtb -r -n -m $UB/ram $UB/tpl/u-boot-tpl -d $UB/u-boot.dtb.out -L6 -l \ -c "host bind 0 $IMG; vboot go auto" -w -s $UB/state.dtb -r -n -m $UB/mem To run on other boards: - Install image.bin in the SPI flash of your device - Boot your system Sandbox ------- Most Chromium OS development with U-Boot is undertaken using sandbox. There is a sandbox target available (chromeos_sandbox) which allows running U-Boot on a Linux machine completion with emulations of the display, TPM, disk, etc. Running sandbox starts TPL, which contains the first phase of vboot, providing a device tree and binding a Chromium OS disk image for use to find kernels (any Chromium OS image will do). It also saves driver state between U-Boot phases into state.dtb and will automatically ensure that memory is shared between all phases. TPL will jump to SPL and then on to U-Boot proper. It is possible to run with debugging on, e.g.:: gdb --args $UB/tpl/u-boot-tpl -d .... Breakpoints can be set in any U-Boot phase. Overall this is a good debugging environment for new verified-boot features. Samus ----- Basic support is available for samus, using the chromeos_samus target. If you have an em100, use:: sudo em100 -s -c W25Q128FW -d $UB/image.bin -t -r to write the image and then boot samus (Power-Refresh). Boot flow --------- Verified boot starts in TPL, which selects the A or B SPL, which in turn selects the A or B U-Boot. Then this jumps to the selected kernel. If anything goes wrong, the device reboots and the recovery SPL and U-Boot are used instead. More details are available here: https://www.chromium.org/chromium-os/chromiumos-design-docs/firmware-boot-and-recovery New uclasses ------------ Several uclasses are provided in cros/: UCLASS_CROS_AUX_FW Chrome OS auxiliary firmware UCLASS_CROS_FWSTORE Chrome OS firmware storage UCLASS_CROS_NVDATA Chrome OS non-volatile data device UCLASS_CROS_VBOOT_EC Chrome OS vboot EC operations UCLASS_CROS_VBOOT_FLAG Chrome OS verified boot flag The existing UCLASS_CROS_EC is also used. Commands -------- A new 'vboot' command is provided to run particular vboot stages. The most useful command is 'vboot go auto', which continues where the last stage left off. Note that TPL and SPL do not supports commands as yet, so the vboot code is called directly from the SPL boot devices (BOOT_DEVICE_CROS_VBOOT). See cros_load_image_tpl() and cros_load_image_spl() which both call vboot_run_auto(). Config options -------------- The main option is CONFIG_CHROMEOS, which enables a wide array of other options so that the required features are present. Device-tree config ------------------ Various options are available which control the operation of verified boot. See cros/dts/bindings/config.txt for details. Most config is handled at run- time, although build-time config (with Kconfig) could also be added fairly easily. Porting to other hardware ------------------------- A basic port to samus (Chromebook Pixel 2015) is in a basic working state, using the chromeos_samus target. Patches will likely be forthcoming in early 2019. Ports to an ARM board and coreboot (for x86 Chromebooks) are in the dreaming state. Tests ----- Chromium OS firmware has a very limited set of tests. The tests that originally existed in U-Boot were not brought over to coreboot or depthcharge. The U-Boot tests ('make check') do operate, but at present there are no Chromium OS tests available. These will hopefully come together over time. Of course the above sandbox feature provides a sort of functional test and can detect problems that affect the flow or particular vboot features. U-Boot without Chromium OS verified boot ---------------------------------------- The following script can be used to boot a Chrome OS image on coral. It is defined as the boot command in mainline:: # Read the image header and obtain the address of the kernel # The offset 4f0 is defined by verified boot and may change for other # Chromebooks read mmc 2:2 100000 0 80; setexpr loader *001004f0; # Get the kernel size and calculate the number of blocks (0x200 bytes each) setexpr size *00100518; setexpr blocks $size / 200; # Read the full kernel and calculate the address of the setup block read mmc 2:2 100000 80 $blocks; setexpr setup $loader - 1000; # Locate the command line setexpr cmdline $loader - 2000; # Start the zboot process with the loaded kernel, setup block and cmdline zboot start 100000 0 0 0 $setup $cmdline; # Load the kernel, fix up the 'setup' block, dump information zboot load; zboot setup; zboot dump # Boot into Chrome OS zboot go 7 October 2018