EFS: Implement EFS2 and NO_BOOT mode
EFS v1 allowed Chromeboxes to verify RW without AP. EFS v2 will bring
the benefts to Chromebooks, which are:
- Reduce RO dependency and presence. Allow more code to be updated
in the fields.
- Remove jumptag and workarounds needed for late sysjump.
Major imporvements over v1 are:
- No A/B slot required.
- No signature in RW or public key in RO.
- Rollback-attack protection.
For battery-equipped devices, additional benefts are:
- Immediate boot on drained battery.
- Support recovery mode regardless of battery condition.
- Faster charge in S5/G3.
EC-Cr50 communication is based on the shared UART (go/ec-cr50-comm).
EFS2 is documented in go/ec-efs2.
BUG=chromium:1020578,chromium:1045217
TEST=Boot Helios in NORMAL/RECOVERY/NO_BOOT mode.
TEST=Verify EC is updated by software sync in Depthcharge.
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Ie07e6f6ce46c0955a6a0adf595633e65c4ffe724
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1901868
10 files changed
