| Age | Commit message (Collapse) | Author |
|---|
|
The vendorcode/eltan mboot and verified boot options only build if a
few other Kconfig options are defined.
Change-Id: Ie333d2fbf294e23ec01df06ee551e2d09541c744
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35954
Reviewed-by: Wim Vervoorn
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Create verified boot support, which includes verifiication of bootblock.
This feature use the vendorcode/eltan/security/lib.
cbfs_locator is used to init the verified boot support.
vendor_secure_prepare() and vendor_secure_locate() are used to preform the
required action in each stage.
The next lists will be used for verification:
* bootblock_verify_list
* postcar_verify_list
* romstage_verify_list
* ramstage_verify_list
BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701
Change-Id: If6c1423b0b4a309cefb7fe7a29d5100ba289e0b4
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30835
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
Create measured boot.
This feature uses the vendorcode/eltan/security/lib.
Measure boot can work with and without Verified boot enabled.
The function mb_measure() is starting point for the support. This
function will be called by the common Verified boot code.
BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701
Change-Id: I7f880a17e240515dd42d57383b5ddddf576985b0
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30833
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
cb_sha.c depends on C_ENVIRONMENT_BOOTBLOCK.
Include cb_sha.c unconditional since C_ENVIRONMENT_BOOTBLOCK is default for
chipsets.
BUG=N/A
TEST=Boot Linux 4.20 and verify logging on Facebook FBG-1701
Change-Id: If93195596efe7d8f298430e67eb1cf79804b96fc
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34667
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
|
|
Build error on missing vb2ex_printf() in bootblock stage
Add the file vboot_logic.c which contains the missing vb2ex_printf().
BUG=N/A
TEST=Boot Linux 4.20 and verify logging on Facebook FBG-1701
Change-Id: I3f649f3faf1e812d592e4981bc75698e2cad1cc8
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34666
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
|
|
To avoid confusion use VENDORCODE_ELTAN_VBOOT and
VENDORCODE_ELTAN_MBOOT config values.
Include verfied_boot and mboot subdirectories as CPPFLAGS when
measured boot or verified boot is enabled. This allows to generate
binary with measured boot enabled only.
BUG=N/A
TEST=Boot Linux 4.20 and verify logging on Facebook FBG-1701
Change-Id: Iaaf3c8cacbc8d2be7387264ca9c973e583871f0a
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33442
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Martin Roth <martinroth@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
digest from vb2_digest_bufer() does not contains the correct endian.
Create cb_sha_endian() which can convert the calculated digest into big endian
or little endian when required.
BUG=N/A
TEST=Created binary and verify logging on Facebok FBG-1701
Change-Id: If828bde54c79e836a5b05ff0447645d7e06e819a
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30831
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
|
This patch contains the general files for the vendorcode/eltan that has
been uploaded recently:
- Add eltan directory to vendorcode.
- Add documentation about the support in the vendorcode directories.
- Add the Makefile.inc and Kconfig for the vendorcode/eltan and
vendorcode/eltan/security.
BUG=N/A
TEST=Created verified binary and verify logging on Portwell PQ-M107
Change-Id: Ic1d5a21d40b6a31886777e8e9fe7b28c860f1a80
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30218
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
|
