vboot: Plumb the two disk sizes and 'gpt on device' param through
To support an external GPT, disks have two new attributes:
- A binary flag indicating whether the GPT is in the same address
space as the payloads or a separate one.
- The number of sectors of the streaming portion of storage, as
opposed to the portion containing the GPT.
These have been added elsewhere to GptData (in cgptlib) and BlockDev
(in depthcharge). This patch adds the plumbing between those, including
in the DiskInfo interface between the firmware and vboot.
BUG=chromium:425677
BRANCH=none
TEST=Interactively wrote the GPT with cgpt and observed the following
boot with depthcharge to read the GPT from SPI and then read from
the proper locations in NAND flash.
make runalltests passes.
Signed-off-by: Dan Ehrenberg <dehrenberg@chromium.org>
Change-Id: I5a77e417aea8ee9442d18c200d1b073aa5375ecf
Reviewed-on: https://chromium-review.googlesource.com/228943
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h
index 526c1e4..853a34a 100644
--- a/firmware/include/vboot_api.h
+++ b/firmware/include/vboot_api.h
@@ -553,14 +553,35 @@
* when processing read-only recovery image.
*/
+/*
+ * Disks are used in two ways:
+ * - As a random-access device to read and write the GPT
+ * - As a streaming device to read the kernel
+ * These are implemented differently on raw NAND vs eMMC/SATA/USB
+ * - On eMMC/SATA/USB, both of these refer to the same underlying
+ * storage, so they have the same size and LBA size. In this case,
+ * the GPT should not point to the same address as itself.
+ * - On raw NAND, the GPT is held on a portion of the SPI flash.
+ * Random access GPT operations refer to the SPI and streaming
+ * operations refer to NAND. The GPT may therefore point into
+ * the same offsets as itself.
+ * These types are distinguished by the following flag and VbDiskInfo
+ * has separate fields to describe the random-access ("GPT") and
+ * streaming aspects of the disk. If a disk is random-access (i.e.
+ * not raw NAND) then these fields are equal.
+ */
+#define VB_DISK_FLAG_EXTERNAL_GPT 0x00000004
+
/* Information on a single disk */
typedef struct VbDiskInfo {
/* Disk handle */
VbExDiskHandle_t handle;
- /* Size of a LBA sector in bytes */
+ /* Size of a random-access LBA sector in bytes */
uint64_t bytes_per_lba;
- /* Number of LBA sectors on the device */
+ /* Number of random-access LBA sectors on the device */
uint64_t lba_count;
+ /* Number of streaming sectors on the device */
+ uint64_t streaming_lba_count;
/* Flags (see VB_DISK_FLAG_* constants) */
uint32_t flags;
/*
@@ -602,6 +623,9 @@
* Read lba_count LBA sectors, starting at sector lba_start, from the disk,
* into the buffer.
*
+ * This is used for random access to the GPT. It does not (necessarily) access
+ * the streaming portion of the device.
+ *
* If the disk handle is invalid (for example, the handle refers to a disk
* which as been removed), the function must return error but must not
* crash.
@@ -613,6 +637,9 @@
* Write lba_count LBA sectors, starting at sector lba_start, to the disk, from
* the buffer.
*
+ * This is used for random access to the GPT. It does not (necessarily) access
+ * the streaming portion of the device.
+ *
* If the disk handle is invalid (for example, the handle refers to a disk
* which as been removed), the function must return error but must not
* crash.
@@ -633,10 +660,9 @@
*
* @return Error code, or VBERROR_SUCCESS.
*
- * lba_start and lba_count are subject to disk type-dependent alignment
- * restrictions. An invalid value will lead to an error code. In particular,
- * on raw NAND devices, lba_start and lba_count must be page-aligned after
- * subtracting the offset of the GPT.
+ * This is used for access to the streaming portion of the device, and does
+ * not (necessarily) access the GPT. The size of the content addressed is within
+ * streaming_lba_count.
*/
VbError_t VbExStreamOpen(VbExDiskHandle_t handle, uint64_t lba_start,
uint64_t lba_count, VbExStream_t *stream_ptr);
@@ -650,10 +676,6 @@
*
* @return Error code, or VBERROR_SUCCESS. Failure to read as much data as
* requested is an error.
- *
- * bytes is subject to disk type-dependent alignment restrictions. An invalid
- * value will lead to an error code. In particular, on raw NAND devices, bytes
- * must be a page multiple.
*/
VbError_t VbExStreamRead(VbExStream_t stream, uint32_t bytes, void *buffer);
diff --git a/firmware/lib/include/load_kernel_fw.h b/firmware/lib/include/load_kernel_fw.h
index a710ee5..bd816d6 100644
--- a/firmware/lib/include/load_kernel_fw.h
+++ b/firmware/lib/include/load_kernel_fw.h
@@ -42,6 +42,10 @@
uint64_t bytes_per_lba;
/* Last addressable lba sector on current device */
uint64_t ending_lba;
+ /* Random-access GPT size */
+ uint64_t gpt_lba_count;
+ /* External GPT */
+ uint8_t external_gpt; /* 1 = external, 0 = internal */
/* Destination buffer for kernel (normally at 0x100000) */
void *kernel_buffer;
/* Size of kernel buffer in bytes */
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 0609b55..942dbcc 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -88,7 +88,7 @@
*/
if (512 != disk_info[i].bytes_per_lba ||
32 > disk_info[i].lba_count ||
- get_info_flags != disk_info[i].flags) {
+ get_info_flags != (disk_info[i].flags & ~VB_DISK_FLAG_EXTERNAL_GPT)) {
VBDEBUG((" skipping: bytes_per_lba=%" PRIu64
" lba_count=%" PRIu64 " flags=0x%x\n",
disk_info[i].bytes_per_lba,
@@ -98,7 +98,9 @@
}
p->disk_handle = disk_info[i].handle;
p->bytes_per_lba = disk_info[i].bytes_per_lba;
- p->ending_lba = disk_info[i].lba_count - 1;
+ p->ending_lba = disk_info[i].streaming_lba_count - 1;
+ p->gpt_lba_count = disk_info[i].lba_count;
+ p->external_gpt = disk_info[i].flags & VB_DISK_FLAG_EXTERNAL_GPT;
retval = LoadKernel(p, cparams);
VBDEBUG(("VbTryLoadKernel() LoadKernel() = %d\n", retval));
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 62e6296..740e1f2 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -116,9 +116,9 @@
/* Read GPT data */
gpt.sector_bytes = (uint32_t)blba;
gpt.drive_sectors = params->ending_lba + 1;
- /* TODO: Set stored_on_device and gpt_drive_sectors appropriately */
- gpt.stored_on_device = GPT_STORED_ON_DEVICE;
- gpt.gpt_drive_sectors = gpt.drive_sectors;
+ gpt.gpt_drive_sectors = params->gpt_lba_count;
+ gpt.stored_on_device = params->external_gpt ? GPT_STORED_OFF_DEVICE
+ : GPT_STORED_ON_DEVICE;
if (0 != AllocAndReadGptData(params->disk_handle, &gpt)) {
VBDEBUG(("Unable to read GPT data\n"));
shcall->check_result = VBSD_LKC_CHECK_GPT_READ_ERROR;
diff --git a/futility/cmd_verify_kernel.c b/futility/cmd_verify_kernel.c
index f5ee2e0..0240ec3 100644
--- a/futility/cmd_verify_kernel.c
+++ b/futility/cmd_verify_kernel.c
@@ -96,6 +96,8 @@
params.disk_handle = (VbExDiskHandle_t)1;
params.bytes_per_lba = 512;
params.ending_lba = disk_bytes / 512 - 1;
+ params.gpt_lba_count = params.ending_lba + 1;
+ params.external_gpt = 0;
params.kernel_buffer_size = 16 * 1024 * 1024;
params.kernel_buffer = malloc(params.kernel_buffer_size);
diff --git a/tests/vboot_api_kernel_tests.c b/tests/vboot_api_kernel_tests.c
index bccad0d..e31cf8b 100644
--- a/tests/vboot_api_kernel_tests.c
+++ b/tests/vboot_api_kernel_tests.c
@@ -229,6 +229,7 @@
mock_disks[num_disks].bytes_per_lba =
t->disks_to_provide[i].bytes_per_lba;
mock_disks[num_disks].lba_count =
+ mock_disks[num_disks].streaming_lba_count =
t->disks_to_provide[i].lba_count;
mock_disks[num_disks].flags =
t->disks_to_provide[i].flags;
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index c546ed1..4866a6d 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -151,6 +151,7 @@
lkp.gbb_size = sizeof(gbb_data);
lkp.bytes_per_lba = 512;
lkp.ending_lba = 1023;
+ lkp.gpt_lba_count = 1024;
lkp.kernel_buffer = kernel_buffer;
lkp.kernel_buffer_size = sizeof(kernel_buffer);
lkp.disk_handle = (VbExDiskHandle_t)1;
@@ -541,6 +542,11 @@
TEST_EQ(LoadKernel(&lkp, &cparams), VBERROR_NO_KERNEL_FOUND,
"Bad GPT");
+ ResetMocks();
+ lkp.gpt_lba_count = 0;
+ TEST_EQ(LoadKernel(&lkp, &cparams), VBERROR_NO_KERNEL_FOUND,
+ "GPT size = 0");
+
/* This causes the stream open call to fail */
ResetMocks();
lkp.disk_handle = NULL;
diff --git a/utility/load_kernel_test.c b/utility/load_kernel_test.c
index 8e6c519..63dfc71 100644
--- a/utility/load_kernel_test.c
+++ b/utility/load_kernel_test.c
@@ -205,6 +205,7 @@
}
fseek(image_file, 0, SEEK_END);
lkp.ending_lba = (ftell(image_file) / LBA_BYTES) - 1;
+ lkp.gpt_lba_count = lkp.ending_lba + 1;
rewind(image_file);
printf("Ending LBA: %" PRIu64 "\n", lkp.ending_lba);
