diff options
author | Julius Werner <jwerner@chromium.org> | 2022-05-19 14:37:21 -0700 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2022-06-21 12:31:48 +0000 |
commit | 5eda52a599e9dac2f51de3738c9da0a8d96ee17a (patch) | |
tree | 67b54142260c70a1433538ebf2a8ed42c8b3d88f /src/soc/intel/elkhartlake/reset.c | |
parent | 600856dec27dcb32687c8d0098a92822024c7f2c (diff) |
security/vboot: Add support for GSCVD (Google "RO verification")
This patch adds a new CONFIG_VBOOT_GSCVD option that will be enabled by
default for TPM_GOOGLE_TI50 devices. It makes the build system run the
`futility gscvd` command to create a GSCVD (GSC verification data) which
signs the CBFS trust anchor (bootblock and GBB). In order for this to
work, boards will need to have an RO_GSCVD section in their FMAP, and
production boards should override the CONFIG_VBOOT_GSC_BOARD_ID option
with the correct ID for each variant.
BUG=b:229015103
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I1cf86e90b2687e81edadcefa5a8826b02fbc8b24
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64707
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Diffstat (limited to 'src/soc/intel/elkhartlake/reset.c')
0 files changed, 0 insertions, 0 deletions