blob: 41b4f631835f5961d64e40361bd0d72be2925392 [file] [log] [blame]
Simon Glass8dfb1352021-03-15 18:11:20 +13001.. SPDX-License-Identifier: GPL-2.0+
2.. Copyright 2020 Google LLC
3.. sectionauthor:: Simon Glass <sjg@chromium.org>
Simon Glass5e73d3c2020-09-05 14:50:53 -06004
Simon Glass26784fc2017-05-31 17:57:24 -06005
Simon Glass8dfb1352021-03-15 18:11:20 +13006Running U-Boot with Chromium OS verified boot
7=============================================
Simon Glass26784fc2017-05-31 17:57:24 -06008
Simon Glass8dfb1352021-03-15 18:11:20 +13009To obtain::
Simon Glass26784fc2017-05-31 17:57:24 -060010
Simon Glass8dfb1352021-03-15 18:11:20 +130011 git clone https://github.com/sjg20/u-boot.git
Simon Glassa20a7b72019-01-30 20:51:20 -070012 cd u-boot
13 git checkout cros-master
Simon Glass26784fc2017-05-31 17:57:24 -060014
Simon Glass4872d932019-07-10 11:04:13 -060015 cd ..
16 git clone https://chromium.googlesource.com/chromiumos/platform/vboot_reference
17 cd vboot_reference
18 git checkout 45964294
19 # futility: updater: Correct output version for Snow
20
Simon Glass8dfb1352021-03-15 18:11:20 +130021To build for sandbox::
Simon Glass26784fc2017-05-31 17:57:24 -060022
Simon Glassa20a7b72019-01-30 20:51:20 -070023 UB=/tmp/b/chromeos_sandbox # U-Boot build directory
Simon Glass4872d932019-07-10 11:04:13 -060024 cd u-boot
25 make O=$UB chromeos_sandbox_defconfig
26 make O=$UB -j20 -s VBOOT_SOURCE=/path/to/vboot_reference \
Simon Glass8dfb1352021-03-15 18:11:20 +130027 MAKEFLAGS_VBOOT=DEBUG=1 QUIET=1
Simon Glass26784fc2017-05-31 17:57:24 -060028
Simon Glassa20a7b72019-01-30 20:51:20 -070029Replace sandbox with another supported target.
Simon Glass26784fc2017-05-31 17:57:24 -060030
Simon Glassa20a7b72019-01-30 20:51:20 -070031This produces $UB/image.bin which contains the firmware binaries in a SPI
32flash image.
Simon Glass26784fc2017-05-31 17:57:24 -060033
Simon Glass8dfb1352021-03-15 18:11:20 +130034To run on sandbox::
Simon Glass26784fc2017-05-31 17:57:24 -060035
Simon Glass8dfb1352021-03-15 18:11:20 +130036 CROS=~/cosarm
37 IMG=$CROS/src/build/images/coral/latest/chromiumos_image.bin
Simon Glassa20a7b72019-01-30 20:51:20 -070038 $UB/tpl/u-boot-tpl -d $UB/u-boot.dtb.out \
Simon Glass8dfb1352021-03-15 18:11:20 +130039 -L6 -c "host bind 0 $IMG; vboot go auto" \
40 -l -w -s state.dtb -r -n -m $UB/ram
41
42 $UB/tpl/u-boot-tpl -d $UB/u-boot.dtb.out -L6 -l \
43 -c "host bind 0 $IMG; vboot go auto" -w -s $UB/state.dtb -r -n -m $UB/mem
44
Simon Glass26784fc2017-05-31 17:57:24 -060045
Simon Glassa20a7b72019-01-30 20:51:20 -070046To run on other boards:
Simon Glass26784fc2017-05-31 17:57:24 -060047
Simon Glass8dfb1352021-03-15 18:11:20 +130048 - Install image.bin in the SPI flash of your device
49 - Boot your system
50
Simon Glass26784fc2017-05-31 17:57:24 -060051
Simon Glassa20a7b72019-01-30 20:51:20 -070052Sandbox
53-------
Simon Glass26784fc2017-05-31 17:57:24 -060054
Simon Glassa20a7b72019-01-30 20:51:20 -070055Most Chromium OS development with U-Boot is undertaken using sandbox. There is
56a sandbox target available (chromeos_sandbox) which allows running U-Boot on
57a Linux machine completion with emulations of the display, TPM, disk, etc.
Simon Glass26784fc2017-05-31 17:57:24 -060058
Simon Glassa20a7b72019-01-30 20:51:20 -070059Running sandbox starts TPL, which contains the first phase of vboot, providing
60a device tree and binding a Chromium OS disk image for use to find kernels
61(any Chromium OS image will do). It also saves driver state between U-Boot
62phases into state.dtb and will automatically ensure that memory is shared
63between all phases. TPL will jump to SPL and then on to U-Boot proper.
Simon Glass26784fc2017-05-31 17:57:24 -060064
Simon Glass8dfb1352021-03-15 18:11:20 +130065It is possible to run with debugging on, e.g.::
Simon Glass26784fc2017-05-31 17:57:24 -060066
Simon Glassa20a7b72019-01-30 20:51:20 -070067 gdb --args $UB/tpl/u-boot-tpl -d ....
Simon Glass26784fc2017-05-31 17:57:24 -060068
Simon Glassa20a7b72019-01-30 20:51:20 -070069Breakpoints can be set in any U-Boot phase. Overall this is a good debugging
70environment for new verified-boot features.
Simon Glass26784fc2017-05-31 17:57:24 -060071
Simon Glass26784fc2017-05-31 17:57:24 -060072
Simon Glassa20a7b72019-01-30 20:51:20 -070073Samus
74-----
Simon Glass26784fc2017-05-31 17:57:24 -060075
Simon Glassa20a7b72019-01-30 20:51:20 -070076Basic support is available for samus, using the chromeos_samus target. If you
Simon Glass8dfb1352021-03-15 18:11:20 +130077have an em100, use::
Simon Glass26784fc2017-05-31 17:57:24 -060078
Simon Glassa20a7b72019-01-30 20:51:20 -070079 sudo em100 -s -c W25Q128FW -d $UB/image.bin -t -r
Simon Glass26784fc2017-05-31 17:57:24 -060080
Simon Glassa20a7b72019-01-30 20:51:20 -070081to write the image and then boot samus (Power-Refresh).
Simon Glass26784fc2017-05-31 17:57:24 -060082
Simon Glass26784fc2017-05-31 17:57:24 -060083
Simon Glassa20a7b72019-01-30 20:51:20 -070084Boot flow
85---------
Simon Glass26784fc2017-05-31 17:57:24 -060086
Simon Glassa20a7b72019-01-30 20:51:20 -070087Verified boot starts in TPL, which selects the A or B SPL, which in turn selects
88the A or B U-Boot. Then this jumps to the selected kernel. If anything goes
89wrong, the device reboots and the recovery SPL and U-Boot are used instead.
Simon Glass26784fc2017-05-31 17:57:24 -060090
Simon Glassa20a7b72019-01-30 20:51:20 -070091More details are available here:
Simon Glass26784fc2017-05-31 17:57:24 -060092
Simon Glassa20a7b72019-01-30 20:51:20 -070093 https://www.chromium.org/chromium-os/chromiumos-design-docs/firmware-boot-and-recovery
Simon Glass26784fc2017-05-31 17:57:24 -060094
95
Simon Glassa20a7b72019-01-30 20:51:20 -070096New uclasses
97------------
Simon Glass3421e002017-05-31 17:57:36 -060098
Simon Glassa20a7b72019-01-30 20:51:20 -070099Several uclasses are provided in cros/:
Simon Glass3421e002017-05-31 17:57:36 -0600100
Simon Glass8dfb1352021-03-15 18:11:20 +1300101UCLASS_CROS_AUX_FW
102 Chrome OS auxiliary firmware
103
104UCLASS_CROS_FWSTORE
105 Chrome OS firmware storage
106
107UCLASS_CROS_NVDATA
108 Chrome OS non-volatile data device
109
110UCLASS_CROS_VBOOT_EC
111 Chrome OS vboot EC operations
112
113UCLASS_CROS_VBOOT_FLAG
114 Chrome OS verified boot flag
Simon Glass3421e002017-05-31 17:57:36 -0600115
Simon Glassa20a7b72019-01-30 20:51:20 -0700116The existing UCLASS_CROS_EC is also used.
Simon Glass3421e002017-05-31 17:57:36 -0600117
Simon Glass3421e002017-05-31 17:57:36 -0600118
Simon Glassa20a7b72019-01-30 20:51:20 -0700119Commands
120--------
Simon Glass3421e002017-05-31 17:57:36 -0600121
Simon Glassa20a7b72019-01-30 20:51:20 -0700122A new 'vboot' command is provided to run particular vboot stages. The most
123useful command is 'vboot go auto', which continues where the last stage left
124off.
Simon Glass3421e002017-05-31 17:57:36 -0600125
Simon Glassa20a7b72019-01-30 20:51:20 -0700126Note that TPL and SPL do not supports commands as yet, so the vboot code is
127called directly from the SPL boot devices (BOOT_DEVICE_CROS_VBOOT). See
128cros_load_image_tpl() and cros_load_image_spl() which both call
129vboot_run_auto().
Simon Glass3421e002017-05-31 17:57:36 -0600130
Simon Glass3421e002017-05-31 17:57:36 -0600131
Simon Glassa20a7b72019-01-30 20:51:20 -0700132Config options
133--------------
Simon Glass3421e002017-05-31 17:57:36 -0600134
Simon Glassa20a7b72019-01-30 20:51:20 -0700135The main option is CONFIG_CHROMEOS, which enables a wide array of other options
136so that the required features are present.
Simon Glass3421e002017-05-31 17:57:36 -0600137
Simon Glass3421e002017-05-31 17:57:36 -0600138
Simon Glassa20a7b72019-01-30 20:51:20 -0700139Device-tree config
140------------------
Simon Glass3421e002017-05-31 17:57:36 -0600141
Simon Glassa20a7b72019-01-30 20:51:20 -0700142Various options are available which control the operation of verified boot.
143See cros/dts/bindings/config.txt for details. Most config is handled at run-
144time, although build-time config (with Kconfig) could also be added fairly
145easily.
Simon Glass3421e002017-05-31 17:57:36 -0600146
Simon Glass3421e002017-05-31 17:57:36 -0600147
Simon Glassa20a7b72019-01-30 20:51:20 -0700148Porting to other hardware
149-------------------------
Simon Glass3421e002017-05-31 17:57:36 -0600150
Simon Glassa20a7b72019-01-30 20:51:20 -0700151A basic port to samus (Chromebook Pixel 2015) is in a basic working state,
152using the chromeos_samus target. Patches will likely be forthcoming in early
1532019. Ports to an ARM board and coreboot (for x86 Chromebooks) are in the
154dreaming state.
Simon Glass3421e002017-05-31 17:57:36 -0600155
Simon Glass26784fc2017-05-31 17:57:24 -0600156
Simon Glassa20a7b72019-01-30 20:51:20 -0700157Tests
158-----
Simon Glass26784fc2017-05-31 17:57:24 -0600159
Simon Glassa20a7b72019-01-30 20:51:20 -0700160Chromium OS firmware has a very limited set of tests. The tests that originally
161existed in U-Boot were not brought over to coreboot or depthcharge.
Simon Glass26784fc2017-05-31 17:57:24 -0600162
Simon Glassa20a7b72019-01-30 20:51:20 -0700163The U-Boot tests ('make check') do operate, but at present there are no
164Chromium OS tests available. These will hopefully come together over time. Of
165course the above sandbox feature provides a sort of functional test and can
Simon Glass0167f192020-09-05 14:50:52 -0600166detect problems that affect the flow or particular vboot features.
Simon Glass26784fc2017-05-31 17:57:24 -0600167
168
Simon Glass5e73d3c2020-09-05 14:50:53 -0600169U-Boot without Chromium OS verified boot
170----------------------------------------
171
Simon Glass8dfb1352021-03-15 18:11:20 +1300172The following script can be used to boot a Chrome OS image on coral::
Simon Glass5e73d3c2020-09-05 14:50:53 -0600173
174 # Read the image header and obtain the address of the kernel
175 # The offset 4f0 is defined by verified boot and may change for other
176 # Chromebooks
177 read mmc 2:2 100000 0 80; setexpr loader *001004f0;
178
179 # Get the kernel size and calculate the number of blocks (0x200 bytes each)
180 setexpr size *00100518; setexpr blocks $size / 200;
181
182 # Read the full kernel and calculate the address of the setup block
183 read mmc 2:2 100000 80 $blocks; setexpr setup $loader - 1000;
184
185 # Locate the command line
186 setexpr cmdline $loader - 2000;
187
188 # Start the zboot process with the loaded kernel, setup block and cmdline
189 zboot start 100000 0 0 0 $setup $cmdline;
190
191 # Load the kernel, fix up the 'setup' block, dump information
192 zboot load; zboot setup; zboot dump
193
194 # Boot into Chrome OS
195 zboot go
196
197
Simon Glassa20a7b72019-01-30 20:51:20 -0700198TO DO
199-----
Simon Glass26784fc2017-05-31 17:57:24 -0600200
Simon Glass0167f192020-09-05 14:50:52 -0600201Get the full ACPI tables working with Coral
Simon Glass26784fc2017-05-31 17:57:24 -0600202
Simon Glass26784fc2017-05-31 17:57:24 -0600203
Simon Glassa20a7b72019-01-30 20:51:20 -07002047 October 2018