summaryrefslogtreecommitdiff
path: root/src/security/vboot/Makefile.mk
AgeCommit message (Collapse)Author
2024-08-02security/vboot: Include new gbb flag to enforce CSE syncDinesh Gehlot
This patch adds a GBB flag to coreboot, which, when enabled, enforces CSE sync even if the current CSE version matches the version in CBFS. The CSME sync GBB and flag are designed to enhance autotest functionalities and are not intended or recommended for use in developing any other features. BUG=b:353053317 TEST=futility gbb --help Cq-Depend: chromium:5718196 Change-Id: I6352959e1e898a90b4c6e12a22f8d6513f90ded9 Signed-off-by: Dinesh Gehlot <digehlot@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/83685 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Subrata Banik <subratabanik@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-03-28security/vboot: extract secdata_tpm{1,2}.cSergii Dmytruk
Most of the original secdata_tpm.c was TPM2-specific implementation. Just moving the code around, with trivial tweaks: - drop now unnecessary #ifdef directives from _factory_initialize_tpm() - drop leading underscore from _factory_initialize_tpm{1,2}() (external identifiers should not start with an underscore in C) - drop unused <security/vboot/tpm_common.h> include and sub-includes of tss.h which should be considered its part (so this isn't an indirect inclusion) - fixed formatting of RETURN_ON_FAILURE() which didn't have slashes aligned no matter what tab width was used Change-Id: I0090b748d7d3b2d76a941b87b5885682fd81c4fc Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/81415 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-02-24vboot: Enable new arm64 SIMD crypto accelerationJulius Werner
This patch passes the correct flag to vboot to enable SIMD crypto acceleration on arm64 devices. This uses a core part of the ISA and should thus be supported on all arm64 SoCs -- so we normally always want it enabled, but there should still be a Kconfig in case a SoC wants to use the hwcrypto interface for its own (off-CPU) crypto acceleration engine instead. (You could also disable it to save a small amount of code size at the cost of speed, if necessary.) Change-Id: I3820bd6b7505202b7edb6768385ce5deb18777a4 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/80710 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com>
2024-01-24device, security: Rename Makefiles from .inc to .mkMartin Roth
The .inc suffix is confusing to various tools as it's not specific to Makefiles. This means that editors don't recognize the files, and don't open them with highlighting and any other specific editor functionality. This issue is also seen in the release notes generation script where Makefiles get renamed before running cloc. Signed-off-by: Martin Roth <gaumless@gmail.com> Change-Id: I41f8a9b5d1bdb647a915da1a5e95161b2e34df28 Reviewed-on: https://review.coreboot.org/c/coreboot/+/80082 Reviewed-by: Michael Niewöhner <foss@mniewoehner.de> Reviewed-by: Maximilian Brune <maximilian.brune@9elements.com> Reviewed-by: Felix Singer <service+coreboot-gerrit@felixsinger.de> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-20 20:49:08 +0000