summaryrefslogtreecommitdiff
path: root/payloads
diff options
context:
space:
mode:
Diffstat (limited to 'payloads')
-rw-r--r--payloads/libpayload/libcbfs/cbfs.c5
-rw-r--r--payloads/libpayload/vboot/Kconfig7
2 files changed, 11 insertions, 1 deletions
diff --git a/payloads/libpayload/libcbfs/cbfs.c b/payloads/libpayload/libcbfs/cbfs.c
index 08e312a08d..0cee9145df 100644
--- a/payloads/libpayload/libcbfs/cbfs.c
+++ b/payloads/libpayload/libcbfs/cbfs.c
@@ -90,8 +90,11 @@ static bool cbfs_file_hash_mismatch(const void *buffer, size_t size,
ERROR("'%s' does not have a file hash!\n", mdata->h.filename);
return true;
}
- if (vb2_hash_verify(cbfs_hwcrypto_allowed(), buffer, size, hash) != VB2_SUCCESS) {
+ vb2_error_t rv = vb2_hash_verify(cbfs_hwcrypto_allowed(), buffer, size, hash);
+ if (rv != VB2_SUCCESS) {
ERROR("'%s' file hash mismatch!\n", mdata->h.filename);
+ if (CONFIG(LP_VBOOT_CBFS_INTEGRATION) && !vboot_recovery_mode_enabled())
+ vboot_fail_and_reboot(vboot_get_context(), VB2_RECOVERY_FW_BODY, rv);
return true;
}
diff --git a/payloads/libpayload/vboot/Kconfig b/payloads/libpayload/vboot/Kconfig
index 3b02155fc3..25ca35ea19 100644
--- a/payloads/libpayload/vboot/Kconfig
+++ b/payloads/libpayload/vboot/Kconfig
@@ -9,6 +9,13 @@ config VBOOT_LIB
if VBOOT_LIB
+config VBOOT_CBFS_INTEGRATION
+ bool "Enable vboot and CBFS integration"
+ default n
+ depends on CBFS_VERIFICATION
+ help
+ Say yes to request reboot on CBFS file hash mismatch in non-recovery mode.
+
config VBOOT_TPM2_MODE
bool "TPM2 Mode"
default y
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 20:11:28 +0000