summaryrefslogtreecommitdiff
path: root/src/security/vboot/common.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/vboot/common.c')
-rw-r--r--src/security/vboot/common.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c
index 7f1aee1820..17039330a6 100644
--- a/src/security/vboot/common.c
+++ b/src/security/vboot/common.c
@@ -63,8 +63,16 @@ int vboot_locate_firmware(struct vb2_context *ctx, struct region_device *fw)
if (ret)
return ret;
- /* Truncate area to the size that was actually signed by vboot. */
- return rdev_chain(fw, fw, 0, vb2api_get_firmware_size(ctx));
+ /*
+ * Truncate area to the size that was actually signed by vboot.
+ * It is only required for old verification mechanism calculating full body hash.
+ * New verification mechanism uses signature with zero data size, so truncation
+ * is not possible.
+ */
+ if (!CONFIG(VBOOT_CBFS_INTEGRATION))
+ return rdev_chain(fw, fw, 0, vb2api_get_firmware_size(ctx));
+
+ return 0;
}
static void vboot_setup_cbmem(int unused)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 08:53:44 +0000