From d8b150f0d578a5182ce11698906776c0d1d448e9 Mon Sep 17 00:00:00 2001
From: Mathew King <mathewk@chromium.org>
Date: Fri, 9 Aug 2019 10:55:37 -0600
Subject: southbridge/intel: Add config option to validate firmware descriptor

Add new config option to validate the Intel firmware descriptor against
the fmap layout. This will prevent a firmware descriptor from being used
that could corrupt regions of the bootimage in certian circumstances.

BUG=chromium:992215
TEST=Build firmware image with mismached decriptor and fmp
     Without VALIDATE_INTEL_DESCRIPTOR set firmware builds
     With VALIDATE_INTEL_DESCRIPTOR set error is shown with mismached
     regions

Change-Id: I9e8bb20485e96026cd594cf4e9d6b11b2bf20e1f
Signed-off-by: Mathew King <mathewk@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34816
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
---
 src/southbridge/intel/common/firmware/Makefile.inc | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/southbridge/intel/common/firmware')

diff --git a/src/southbridge/intel/common/firmware/Makefile.inc b/src/southbridge/intel/common/firmware/Makefile.inc
index e7060361bd..5f3212f487 100644
--- a/src/southbridge/intel/common/firmware/Makefile.inc
+++ b/src/southbridge/intel/common/firmware/Makefile.inc
@@ -45,6 +45,11 @@ add_intel_firmware: $(obj)/coreboot.pre $(IFDTOOL)
 	printf "    DD         Adding Intel Firmware Descriptor\n"
 	dd if=$(IFD_BIN_PATH) \
 		of=$(obj)/coreboot.pre conv=notrunc >/dev/null 2>&1
+ifeq ($(CONFIG_VALIDATE_INTEL_DESCRIPTOR),y)
+	$(objutil)/ifdtool/ifdtool \
+		$(IFDTOOL_USE_CHIPSET) \
+		-t $(obj)/coreboot.pre
+endif
 ifeq ($(CONFIG_HAVE_ME_BIN),y)
 	printf "    IFDTOOL    me.bin -> coreboot.pre\n"
 	$(objutil)/ifdtool/ifdtool \
-- 
cgit v1.2.3