diff options
-rw-r--r-- | src/mainboard/facebook/fbg1701/board_mboot.h | 4 | ||||
-rw-r--r-- | src/mainboard/facebook/fbg1701/board_verified_boot.c | 11 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/mainboard/facebook/fbg1701/board_mboot.h b/src/mainboard/facebook/fbg1701/board_mboot.h index 5a23630570..5cfb091451 100644 --- a/src/mainboard/facebook/fbg1701/board_mboot.h +++ b/src/mainboard/facebook/fbg1701/board_mboot.h @@ -23,9 +23,5 @@ const mboot_measure_item_t mb_log_list[] = { #if CONFIG(VENDORCODE_ELTAN_VBOOT) { "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION, NULL }, -#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) - { "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6, - EV_NO_ACTION, NULL }, -#endif #endif }; diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c index bb5768fdc1..09f4e6791e 100644 --- a/src/mainboard/facebook/fbg1701/board_verified_boot.c +++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c @@ -43,7 +43,10 @@ static const verify_item_t ram_stage_additional_list[] = { { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } }; -/* The items used by the romstage */ +/* + * The items used by the romstage. Bootblock and PublicKey are added here to make sure they + * are measured + */ const verify_item_t romstage_verify_list[] = { { VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } }, HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 }, @@ -61,6 +64,12 @@ const verify_item_t romstage_verify_list[] = { { { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1, CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 }, +#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) + { VERIFY_BLOCK, "PublicKey", + { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, + CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY, + MBOOT_PCR_INDEX_6 }, +#endif { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } }; |