From 70dca08f2559ac7d704a2fadc8af8adc992dc619 Mon Sep 17 00:00:00 2001 From: Frans Hendriks Date: Tue, 22 Dec 2020 14:34:23 +0100 Subject: vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR On Coffee Lake systems prog_locate_hook() is called with PROG_POSTCAR. For this reason the early check is not executed. Add check for prog->type == PROG_POSTCAR, but execute verified_boot_early_check() once. BUG = N/A TEST = Build and boot on Facebook FBG1701 and Intel CoffeeLake system Change-Id: Ia3bd36064bcc8176302834c1e46a225937d61c20 Signed-off-by: Frans Hendriks Reviewed-on: https://review.coreboot.org/c/coreboot/+/48852 Reviewed-by: Wim Vervoorn Tested-by: build bot (Jenkins) --- src/vendorcode/eltan/security/verified_boot/vboot_check.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/vendorcode') diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 824570e481..0de2f0af55 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -345,12 +345,17 @@ int verified_boot_should_run_oprom(struct rom_header *rom_header) int prog_locate_hook(struct prog *prog) { + static int initialized; + if (ENV_BOOTBLOCK) verified_boot_bootblock_check(); if (ENV_ROMSTAGE) { - if (prog->type == PROG_REFCODE) + if (!initialized && ((prog->type == PROG_REFCODE) || + (prog->type == PROG_POSTCAR))) { verified_boot_early_check(); + initialized = 1; + } if (CONFIG(POSTCAR_STAGE) && prog->type == PROG_POSTCAR) process_verify_list(postcar_verify_list); -- cgit v1.2.3