security/vboot: Add option to run verstage before bootblock

For AMD's family 17h, verstage can run as a userspace app in the PSP
before the X86 is released. The flags for this have been made generic
to support any other future systems that might run verstage before
the main processor starts.

Although an attempt has been made to make things somewhat generic,
since this is the first and currently only chip to support verstage
before bootblock, there are a number of options which might ultimately
be needed which have currently been left out for simplicity.  Examples
of this are:
- PCI is not currently supported - this is currently just a given
instead of making a separate Kconfig option for it.
- The PSP uses an ARM v7 processor, so that's the only processor that
is getting updated for the verstage-before-bootblock option.

BUG=b:158124527
TEST=Build with following patches

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I4849777cb7ba9f90fe8428b82c21884d1e662b96
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>

1 files changed, 3 insertions, 1 deletions

diff --git a/src/security/vboot/misc.h b/src/security/vboot/misc.h
index 8af0c827a8..470102111e 100644
--- a/src/security/vboot/misc.h
+++ b/src/security/vboot/misc.h
@@ -57,7 +57,7 @@ static inline int verification_should_run(void)
 
 static inline int verstage_should_load(void)
 {
-	if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
+	if (CONFIG(VBOOT_SEPARATE_VERSTAGE) && !CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK))
 		return ENV_BOOTBLOCK;
 	else
 		return 0;
@@ -80,6 +80,8 @@ static inline int vboot_logic_executed(void)
 	} else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
 		/* Post-RAM stages are "after the romstage" */
 		return !ENV_ROMSTAGE_OR_BEFORE;
+	} else if (CONFIG(VBOOT_STARTS_BEFORE_BOOTBLOCK)) {
+		return !ENV_SEPARATE_VERSTAGE;
 	} else {
 		dead_code();
 	}