diff options
author | Michał Żygowski <michal.zygowski@3mdeb.com> | 2023-04-11 16:01:14 +0200 |
---|---|---|
committer | Matt DeVillier <matt.devillier@amd.corp-partner.google.com> | 2023-12-04 15:56:16 +0000 |
commit | a87ab39817ce15ad88243ae3be830016a0f7d714 (patch) | |
tree | 7eb2c68b6f1aa444089e59db17caa088812376a6 /src/include/cpu | |
parent | 7f991b3a907ae44682bfa8a068d71930656b34d2 (diff) |
security/vboot: Add Kconfig option to clear recovery request
For ChromeOS platform the recovery reason is cleared in
vb2api_kernel_phase2 which is probably not called by any non-ChromeOS
system. It results in the platform being stuck in recovery mode, e.g.
when RW firmware verification fails. Even if the RW partition is
flashed with correctly signed image, the persistent non-zero recovery
reason will prevent vboot from attempting the RW partition check.
Use the newly exposed vb2api_clear_recovery and
VBOOT_CLEAR_RECOVERY_IN_RAMSTAGE Kconfig option to clear the recovery
reason and save it immediately to the VBNV. The idea is to let
non-ChromeOS coreboot platform to clear the recovery reason when
needed.
TEST=Clear the recovery reason in mainboard_final function right
before payload jump when RW partition is corrupted and RW partition is
valid. In case it is corrupted, the platform stays in recovery mode,
when valid the platform boots from RW partition. Tested on MSI PRO
Z690-A DDR4.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I7ffaf3e8f61a28a68c9802c184961b1b9bf9d617
Reviewed-on: https://review.coreboot.org/c/coreboot/+/74343
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/include/cpu')
0 files changed, 0 insertions, 0 deletions