diff options
| author | Wim Vervoorn <wvervoorn@eltan.com> | 2019-11-13 16:41:00 +0100 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2019-11-15 10:50:55 +0000 |
| commit | e4240f3e01a2bd0093d9a2a63e61319d65655e7b (patch) | |
| tree | 8faecfa985f909331f5d19456c585a07796c6cac | |
| parent | ffe4eba38065d5acb8e74ceb3bddd21f1a0a9005 (diff) | |
mb/facebook/fbg1701: Align handling of bootblock and publickey
The bootblock measurement was handled using the romstage_verify_list()
and the public_key in the mb_log_list. This is confusing as these are
both read-only items that should be handled in the same way.
Both will be handled in the romstage_verify_list().
BUG=N/A
TEST=tested on fbg1701
Change-Id: If05198deec85188f39a221a8b755798755afa5bb
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
| -rw-r--r-- | src/mainboard/facebook/fbg1701/board_mboot.h | 4 | ||||
| -rw-r--r-- | src/mainboard/facebook/fbg1701/board_verified_boot.c | 11 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/mainboard/facebook/fbg1701/board_mboot.h b/src/mainboard/facebook/fbg1701/board_mboot.h index 5a23630570..5cfb091451 100644 --- a/src/mainboard/facebook/fbg1701/board_mboot.h +++ b/src/mainboard/facebook/fbg1701/board_mboot.h @@ -23,9 +23,5 @@ const mboot_measure_item_t mb_log_list[] = { #if CONFIG(VENDORCODE_ELTAN_VBOOT) { "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION, NULL }, -#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) - { "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6, - EV_NO_ACTION, NULL }, -#endif #endif }; diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c index bb5768fdc1..09f4e6791e 100644 --- a/src/mainboard/facebook/fbg1701/board_verified_boot.c +++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c @@ -43,7 +43,10 @@ static const verify_item_t ram_stage_additional_list[] = { { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } }; -/* The items used by the romstage */ +/* + * The items used by the romstage. Bootblock and PublicKey are added here to make sure they + * are measured + */ const verify_item_t romstage_verify_list[] = { { VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } }, HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 }, @@ -61,6 +64,12 @@ const verify_item_t romstage_verify_list[] = { { { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1, CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 }, +#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) + { VERIFY_BLOCK, "PublicKey", + { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, + CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY, + MBOOT_PCR_INDEX_6 }, +#endif { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } }; |