From 0bb4f0c766649758abd6f8faaaadf868fcb01917 Mon Sep 17 00:00:00 2001
From: Wim Vervoorn <wvervoorn@eltan.com>
Date: Wed, 13 Nov 2019 16:52:22 +0100
Subject: mb/facebook/fbg1701: Only verify the publickey when needed

The public key should only be validated if the manifest is signed.

BUG=N/A
TEST=testedd on fbg1701

Change-Id: I703ed442e0b1926859f593ce9ca84133013224ea
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36816
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
---
 src/mainboard/facebook/fbg1701/board_verified_boot.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/mainboard')

diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c
index 7421a14e67..685515bbca 100644
--- a/src/mainboard/facebook/fbg1701/board_verified_boot.c
+++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c
@@ -25,10 +25,12 @@ const verify_item_t bootblock_verify_list[] = {
 		{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
 		CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
 		MBOOT_PCR_INDEX_0 },
+#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
 	{ VERIFY_BLOCK, "PublicKey",
 		{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
 		CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
 		MBOOT_PCR_INDEX_0 },
+#endif
 	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
 };
 
-- 
cgit v1.2.3