diff options
author | Karthikeyan Ramasubramanian <kramasub@google.com> | 2022-09-29 11:04:14 -0600 |
---|---|---|
committer | Raul Rangel <rrangel@chromium.org> | 2022-10-26 15:59:10 +0000 |
commit | ab82a9f9b4826ef6449cc5920c1e6c5b2c262aef (patch) | |
tree | c3cca4ab5cceb577974ae8424e65db5734bd07f5 /src/soc/amd/common/block/cpu/noncar | |
parent | f19e461f4f9704ed10b218813c68b611c75cf8e0 (diff) |
soc/amd: Add an optional unsigned section in PSP verstage
To enable RO CBFS verification in AMD platforms with PSP verstage,
metadata hash for RO CBFS is kept as part of verstage. This means any
updates to RO CBFS, before WP is enabled, requires updating the
metadata hash in the verstage. Hence keep the metadata hash outside the
signed range of PSP verstage. This means the metadata hash gets loaded
as part of loading PSP verstage while still being excluded from the
verification of PSP verstage.
This change keeps the metadata hash outside the PSP footer data. This
will help to keep it outside the signed range of PSP verstage & aligned
to 64 bytes.
BUG=b:227809919
TEST=Build and boot to OS in Skyrim with CBFS verification enabled with
both x86 and PSP verstage.
Change-Id: I308223be8fbca1c0bec8c2e1c86ed65d9f91b966
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68135
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/soc/amd/common/block/cpu/noncar')
-rw-r--r-- | src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld b/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld index f38682339a..e0278abfc8 100644 --- a/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld +++ b/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld @@ -17,8 +17,14 @@ SECTIONS .text : { *(.text*) } .rodata : { *(.rodata*) } - .data : { *(.data*) } - .data : { *(PSP_FOOTER_DATA) } + .data : { + *(.data*); + *(PSP_FOOTER_DATA); +#if CONFIG(CBFS_VERIFICATION) + *(.metadata_hash_anchor); + . = ALIGN(64); +#endif + } _bss_start = .; .bss : { *(.bss*) } |