From 9f8ac64baef21dc0be7d1b54c998561dcced0d89 Mon Sep 17 00:00:00 2001 From: Shelley Chen Date: Fri, 16 Oct 2020 12:20:16 -0700 Subject: mrc_cache: Add config MRC_SAVE_HASH_IN_TPM Use this config to specify whether we want to save a hash of the MRC_CACHE in the TPM NVRAM space. Replace all uses of FSP2_0_USES_TPM_MRC_HASH with MRC_SAVE_HASH_IN_TPM and remove the FSP2_0_USES_TPM_MRC_HASH config. Note that TPM1 platforms will not select MRC_SAVE_HASH_IN_TPM as none of them use FSP2.0 and have recovery MRC_CACHE. BUG=b:150502246 BRANCH=None TEST=emerge-nami coreboot chromeos-bootimage Change-Id: Ic5ffcdba27cb1f09c39c3835029c8d9cc3453af1 Signed-off-by: Shelley Chen Reviewed-on: https://review.coreboot.org/c/coreboot/+/46509 Tested-by: build bot (Jenkins) Reviewed-by: Furquan Shaikh --- src/security/vboot/Kconfig | 1 + src/security/vboot/Makefile.inc | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'src/security') diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index ee8d36ae7b..094cbb9642 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -159,6 +159,7 @@ config VBOOT_ALWAYS_ALLOW_UDC config VBOOT_HAS_REC_HASH_SPACE bool + default y if MRC_SAVE_HASH_IN_TPM && HAS_RECOVERY_MRC_CACHE default n help Set this option to indicate to vboot that recovery data hash space diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index e92396d926..d4dabe2493 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -118,7 +118,7 @@ romstage-y += common.c ramstage-y += common.c postcar-y += common.c -romstage-$(CONFIG_FSP2_0_USES_TPM_MRC_HASH) += mrc_cache_hash_tpm.c +romstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) -- cgit v1.2.3