From 3e9061e27c62f6e1ca2ae79e5be3a9792ee5127e Mon Sep 17 00:00:00 2001 From: Wim Vervoorn Date: Thu, 31 Oct 2019 10:28:28 +0100 Subject: mb/facebook/fbg1701: Add public key to bootblock_verify_list The public key was not verified during the verified boot operation. This is now added. The items in the manifest are now fixed at 12 as we always have the postcar stage. BUG=N/A TEST=tested on facebook fbg1701 Change-Id: I85fd391294db0ea796001720c2509f797be5aedf Signed-off-by: Wim Vervoorn Reviewed-on: https://review.coreboot.org/c/coreboot/+/36504 Reviewed-by: Frans Hendriks Reviewed-by: Patrick Georgi Tested-by: build bot (Jenkins) --- src/mainboard/facebook/fbg1701/board_verified_boot.c | 4 ++++ src/mainboard/facebook/fbg1701/manifest.h | 4 ++-- src/vendorcode/eltan/security/verified_boot/Kconfig | 3 +-- 3 files changed, 7 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c index 24e70378f9..1ccb0b8ea3 100644 --- a/src/mainboard/facebook/fbg1701/board_verified_boot.c +++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c @@ -26,6 +26,10 @@ const verify_item_t bootblock_verify_list[] = { { { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1, CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 }, + { VERIFY_BLOCK, "PublicKey", + { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, + CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY, + MBOOT_PCR_INDEX_0 }, { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } }; #endif diff --git a/src/mainboard/facebook/fbg1701/manifest.h b/src/mainboard/facebook/fbg1701/manifest.h index 5a583f47ec..caf9e5ecd6 100644 --- a/src/mainboard/facebook/fbg1701/manifest.h +++ b/src/mainboard/facebook/fbg1701/manifest.h @@ -30,6 +30,6 @@ #define HASH_IDX_LOGO 7 #define HASH_IDX_DSDT 8 #define HASH_IDX_POSTCAR_STAGE 9 -#define HASH_IDX_BOOTBLOCK 10 /* Should always be the last one */ - +#define HASH_IDX_PUBLICKEY 10 +#define HASH_IDX_BOOTBLOCK 11 /* Should always be the last one */ #endif diff --git a/src/vendorcode/eltan/security/verified_boot/Kconfig b/src/vendorcode/eltan/security/verified_boot/Kconfig index d9e989f2b2..ab254c48d9 100644 --- a/src/vendorcode/eltan/security/verified_boot/Kconfig +++ b/src/vendorcode/eltan/security/verified_boot/Kconfig @@ -42,8 +42,7 @@ config VENDORCODE_ELTAN_VBOOT_MANIFEST config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS int "Manifest Items" - default 11 if POSTCAR_STAGE - default 10 + default 12 config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE int -- cgit v1.2.3