| Age | Commit message (Collapse) | Author |
|---|
|
Removed long lines from the verified_boot_check_buffer() function.
BUG=N/A
TEST=build
Change-Id: I2ea0ae82bd531355111d6b45c67bdc2b1759b7bc
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36849
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
The CBFS master header is a legacy structure that just conveys the same
information we already have from the FMAP these days. We're still
including it to support older CBFS implementations in some payloads, but
there's no need for coreboot itself to follow this indirection anymore.
This patch simplifies the default CBFS locator to just return the CBFS
offset and size from the FMAP directly.
Change-Id: I6b00dd7f276364d62fa1f637efbaee0e80607c49
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36688
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
This patch makes the CBFS default locator .locate() callback externally
available so that code which overrides cbfs_master_header_locator can
reuse or wrap it and doesn't have to copy&paste the whole thing. Use it
for the Eltan vendorcode implementation which previously did this.
Change-Id: I54dad5c8ea64ea0fc472217e275daa815736991e
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36797
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
The flags parameter of the tpm2_get_capability_pcrs() is used by
mboot_hash_extend_log().
BUGS=NA
TEST=Build
Change-Id: Ia718d27f21d41a5e16230c74ca402ea6099470b2
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36680
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
Change-Id: Id56a63a67b7eb70dce6687bb9c2734a711f611b3
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36635
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: I6ec5a33cd6a6342adfe73c050e0c376bbefad96a
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36634
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
We generally let garbage-collection take care of unused functions.
While at it, move some related variable declarations in to the
header file and declare them const like they should be.
Change-Id: I7c6fa15bd45f861f13b6123ccb14c55415e42bc7
Signed-off-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36632
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Align the eltan mboot support with coreboot tpm support to limit the amount of custom code.
We now only support SHA256 pcrs, only single a single digest will be handled in a call.
The pcr invalidation has been changed fixed values are now loaded while the correct algortihm is
selected.
BUG=N/A
TEST=tested on fbg1701
Change-Id: Id11389ca90c1e6121293353402a2dd464a2e6727
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36483
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
Correct debug ouput in tpm2_get_capability_pcrs.
BUG=N/A
TEST=build
Change-Id: Ibd12c9dc22980f21ecba204729c5da0d11618e12
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36484
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Corrected several layout issues in the mboot.c file.
BUG=N/A
TEST=build
Change-Id: I1599c7be075130345f018a08bede3eb849129a1c
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36485
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
Only use the custom hash routine when we need little endian.
Rename the function as well as it is little endian only now.
BUG=N/A
TEST=tested on fbg1701 board.
Change-Id: I037fa38c5961dab7a81e752c1685da2dc6b33d12
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36482
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
The vendorcode/eltan and vendorcode/eltan/security directories
were both adding the mboot and verified_boot Kconfigs.
BUG=N/A
TEST=build
Change-Id: I6b5f19b4660d60345391b7320ce42466fd2cc769
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36479
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
The public key was not verified during the verified boot operation.
This is now added. The items in the manifest are now fixed at 12 as
we always have the postcar stage.
BUG=N/A
TEST=tested on facebook fbg1701
Change-Id: I85fd391294db0ea796001720c2509f797be5aedf
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36504
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Start using the vb2 public key format and process the signature
verification using the vb2 routines. This allows us to use the
futility to prepare the keys and eliminates the need for custom
tools.
BUG=N/A
TEST=tested on fbg1701 board
Change-Id: Id5d28595bbfb1f5ca5bca0fcfb06134bb1143f25
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36480
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
Create verified boot support, which includes verifiication of bootblock.
This feature use the vendorcode/eltan/security/lib.
cbfs_locator is used to init the verified boot support.
vendor_secure_prepare() and vendor_secure_locate() are used to preform the
required action in each stage.
The next lists will be used for verification:
* bootblock_verify_list
* postcar_verify_list
* romstage_verify_list
* ramstage_verify_list
BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701
Change-Id: If6c1423b0b4a309cefb7fe7a29d5100ba289e0b4
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30835
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
Create measured boot.
This feature uses the vendorcode/eltan/security/lib.
Measure boot can work with and without Verified boot enabled.
The function mb_measure() is starting point for the support. This
function will be called by the common Verified boot code.
BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701
Change-Id: I7f880a17e240515dd42d57383b5ddddf576985b0
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30833
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
cb_sha.c depends on C_ENVIRONMENT_BOOTBLOCK.
Include cb_sha.c unconditional since C_ENVIRONMENT_BOOTBLOCK is default for
chipsets.
BUG=N/A
TEST=Boot Linux 4.20 and verify logging on Facebook FBG-1701
Change-Id: If93195596efe7d8f298430e67eb1cf79804b96fc
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34667
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
|
|
Build error on missing vb2ex_printf() in bootblock stage
Add the file vboot_logic.c which contains the missing vb2ex_printf().
BUG=N/A
TEST=Boot Linux 4.20 and verify logging on Facebook FBG-1701
Change-Id: I3f649f3faf1e812d592e4981bc75698e2cad1cc8
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34666
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
|
|
To avoid confusion use VENDORCODE_ELTAN_VBOOT and
VENDORCODE_ELTAN_MBOOT config values.
Include verfied_boot and mboot subdirectories as CPPFLAGS when
measured boot or verified boot is enabled. This allows to generate
binary with measured boot enabled only.
BUG=N/A
TEST=Boot Linux 4.20 and verify logging on Facebook FBG-1701
Change-Id: Iaaf3c8cacbc8d2be7387264ca9c973e583871f0a
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33442
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
digest from vb2_digest_bufer() does not contains the correct endian.
Create cb_sha_endian() which can convert the calculated digest into big endian
or little endian when required.
BUG=N/A
TEST=Created binary and verify logging on Facebok FBG-1701
Change-Id: If828bde54c79e836a5b05ff0447645d7e06e819a
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30831
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
This patch contains the general files for the vendorcode/eltan that has
been uploaded recently:
- Add eltan directory to vendorcode.
- Add documentation about the support in the vendorcode directories.
- Add the Makefile.inc and Kconfig for the vendorcode/eltan and
vendorcode/eltan/security.
BUG=N/A
TEST=Created verified binary and verify logging on Portwell PQ-M107
Change-Id: Ic1d5a21d40b6a31886777e8e9fe7b28c860f1a80
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30218
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
