diff options
author | Lee Leahy <leroy.p.leahy@intel.com> | 2017-01-04 08:34:01 -0800 |
---|---|---|
committer | Lee Leahy <leroy.p.leahy@intel.com> | 2017-03-16 04:10:25 +0100 |
commit | 28c3f23b4627966b2112feaedc228977c4425a87 (patch) | |
tree | 7727942ea6f6086ca671966d774d2321e791b67b /src/mainboard/intel/galileo/Kconfig | |
parent | 1b39f176a9bbce85791440745dcbdad629b79373 (diff) |
mainboard/intel/galileo: Add vboot support
Add the necessary files and changes to support vboot.
TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield
1. Obtain and install a SparkFun CryptoShield.
https://www.sparkfun.com/products/13183
2. Edit src/mainboard/intel/galileo/Kconfig to select
VBOOT_WITH_CRYPTO_SHIELD
3. Use make menuconfig to update the config values and select a
payload that will fit. I used SeaBIOS which does not boot.
4. Build coreboot
5. Use the command file below to generate the signed coreboot image.
6. Flash build/coreboot.rom onto the Galileo board
7. The test is successful if verstage detects that it needs recovery
after Phase 1. This is expected because the image does not contain
the GBB section.
8. Flash build/coreboot.signed.bin onto the Galileo board
9. The test is successful if verstage reaches Phase 4 and selects SLOT
A to load the rest of the files.
commands:
gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob
dd conv=fdatasync ibs=4096 obs=4096 count=1553 \
if=build/coreboot.rom of=build/coreboot.signed.rom
dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \
of=build/coreboot.signed.rom
dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \
count=368 if=build/coreboot.rom of=build/coreboot.signed.rom
gbb_utility \
--set --hwid='Galileo' \
-r $PWD/keys/recovery_key.vbpubk \
-k $PWD/keys/root_key.vbpubk \
build/coreboot.signed.rom
3rdparty/vboot/scripts/image_signing/sign_firmware.sh \
build/coreboot.signed.rom \
$PWD/keys \
build/coreboot.signed.rom
Change-Id: I02eb0ef647cd34c13a5fe8be0bdbe1bb38524d0c
Signed-off-by: Lee Leahy <leroy.p.leahy@intel.com>
Reviewed-on: https://review.coreboot.org/18821
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/mainboard/intel/galileo/Kconfig')
-rw-r--r-- | src/mainboard/intel/galileo/Kconfig | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/mainboard/intel/galileo/Kconfig b/src/mainboard/intel/galileo/Kconfig index e941448b48..f31ca5e9f7 100644 --- a/src/mainboard/intel/galileo/Kconfig +++ b/src/mainboard/intel/galileo/Kconfig @@ -1,7 +1,7 @@ ## ## This file is part of the coreboot project. ## -## Copyright (C) 2015-2016 Intel Corp. +## Copyright (C) 2015-2017 Intel Corp. ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -147,4 +147,36 @@ config FSP_DEBUG_ALL FSP_CALLS_AND_STATUS, FSP_HEADER, POSTCAR_CONSOLE and VERIFY_HOBS or FSP 1.1 DISPLAY_FSP_ENTRY_POINTS +config VBOOT_WITH_CRYPTO_SHIELD + bool "Verified boot using the Crypto Shield board" + default n + select COLLECT_TIMESTAMPS + select I2C_TPM + select MAINBOARD_HAS_I2C_TPM_ATMEL + select SEPARATE_VERSTAGE + select VBOOT + select VBOOT_STARTS_IN_BOOTBLOCK + select VBOOT_SOFT_REBOOT_WORKAROUND + select VBOOT_VBNV_CMOS + help + Perform a verified boot using the TPM on the Crypto Shield board. + +config DRIVER_TPM_I2C_ADDR + hex "Address of the I2C TPM chip" + depends on VBOOT_WITH_CRYPTO_SHIELD + default 0x29 + help + I2C address of the TPM chip on the Crypto Shield board. + +config FMDFILE + string "FMAP description file in fmd format" + depends on VBOOT + default "src/mainboard/$(CONFIG_MAINBOARD_DIR)/vboot.fmd" + help + The build system creates a default FMAP from ROM_SIZE and CBFS_SIZE, + but in some cases more complex setups are required. + + When an FMD descriptionn file is specified, the build system uses it + instead of creating a default FMAP file. + endif # BOARD_INTEL_QUARK |