From b71181adc336625ee6ecae7a46c6926cb7c3c28c Mon Sep 17 00:00:00 2001
From: Frans Hendriks <fhendriks@eltan.com>
Date: Fri, 4 Oct 2019 14:06:33 +0200
Subject: device/pci_device.c: Use verified boot to check oprom

Before oprom is executed, no check is performed if rom passes verification.
Add call to verified_boot_should_run_oprom() to verify the oprom.

verified_boot_should_run_oprom() expects and rom address as input pointer.
*rom is added as input parameter to should_run_oprom() which must be parsed
to verified_boot_should_run_oprom()..

BUG=N/A
TEST=Created verified binary and verify logging on Facebook FBG1701

Change-Id: Iec5092e85d34940ea3a3bb1192ea49f3bc3e5b27
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30810
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
---
 src/include/device/pci_rom.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/include')

diff --git a/src/include/device/pci_rom.h b/src/include/device/pci_rom.h
index a4aa52aa09..82f3c40005 100644
--- a/src/include/device/pci_rom.h
+++ b/src/include/device/pci_rom.h
@@ -47,4 +47,5 @@ void pci_rom_ssdt(struct device *device);
 
 u32 map_oprom_vendev(u32 vendev);
 
+int verified_boot_should_run_oprom(struct rom_header *rom_header);
 #endif
-- 
cgit v1.2.3