diff options
author | Frans Hendriks <fhendriks@eltan.com> | 2019-07-26 07:59:05 +0200 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2019-10-04 13:37:03 +0000 |
commit | 72b3c3c8383e4cef6e112d9fd2c990aaab1525b7 (patch) | |
tree | 3f57b7974dfcb5ce7fe23936a67c91a2b51547a9 /src/vendorcode/eltan/security/verified_boot/Makefile.inc | |
parent | 7c82dbcc51657806bf2117b214a490bca8eec2f8 (diff) |
vendorcode/eltan/security/verified_boot: Add verified boot support
Create verified boot support, which includes verifiication of bootblock.
This feature use the vendorcode/eltan/security/lib.
cbfs_locator is used to init the verified boot support.
vendor_secure_prepare() and vendor_secure_locate() are used to preform the
required action in each stage.
The next lists will be used for verification:
* bootblock_verify_list
* postcar_verify_list
* romstage_verify_list
* ramstage_verify_list
BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701
Change-Id: If6c1423b0b4a309cefb7fe7a29d5100ba289e0b4
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30835
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'src/vendorcode/eltan/security/verified_boot/Makefile.inc')
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/Makefile.inc | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/vendorcode/eltan/security/verified_boot/Makefile.inc b/src/vendorcode/eltan/security/verified_boot/Makefile.inc new file mode 100644 index 0000000000..3f6ba904c4 --- /dev/null +++ b/src/vendorcode/eltan/security/verified_boot/Makefile.inc @@ -0,0 +1,49 @@ +## +## This file is part of the coreboot project. +## +## Copyright (C) 2018-2019 Eltan B.V. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +ifneq ($(filter y,$(CONFIG_VENDORCODE_ELTAN_VBOOT) $(CONFIG_VENDORCODE_ELTAN_MBOOT)),) + +CPPFLAGS_common += -I$(src)/security/vboot + +bootblock-$(CONFIG_C_ENVIRONMENT_BOOTBLOCK) += vboot_check.c +postcar-y += vboot_check.c +romstage-y += vboot_check.c +ramstage-y += vboot_check.c + +ifeq ($(CONFIG_VENDORCODE_ELTAN_VBOOT),y) +cbfs-files-y += oemmanifest.bin +oemmanifest.bin-file := $(obj)/oemmanifest.bin +oemmanifest.bin-position := $(CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC) +oemmanifest.bin-type := raw + +$(obj)/oemmanifest.bin: +ifeq ($(CONFIG_VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST),y) + dd if=/dev/zero of=$@ seek=8 bs=$(CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE) count=$(CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS) +else # ($(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST),y) + dd if=/dev/zero of=$@ bs=$(CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE) count=$(CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS) +endif # ($(CONFIG_VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST),y) + +ifeq ($(CONFIG_VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST),y) +cbfs-files-y += vboot_public_key.bin +vboot_public_key.bin-file := $(obj)/vboot_public_key.bin +vboot_public_key.bin-position := $(CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION) +vboot_public_key.bin-type := raw + +$(obj)/vboot_public_key.bin: + dd if=/dev/zero of=$@ bs=$(CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE) count=1 +endif # ($(CONFIG_VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST),y) +endif # CONFIG_VENDORCODE_ELTAN_VBOOT + +endif # CONFIG_VENDORCODE_ELTAN_VBOOT or CONFIG_VENDORCODE_ELTAN_MBOOT |