From 5619ea2b982003b23bdeb48890981605a6201d67 Mon Sep 17 00:00:00 2001 From: Frans Hendriks Date: Thu, 7 Apr 2022 11:56:19 +0200 Subject: src/mb/facebook/fbg1701: Verify FSP and SPD binaries in bootblock romstage uses FSP and SPD before these are verified. Verify the FSP and SPD binaries in bootblock and measure these in romstage. BUG=N/A TEST=Boot Facebook FBG1701 and check log for FSP and SPD verified in bootblock. Change-Id: I061affa5111fb14d69a8459575e0c72f71b1a1aa Signed-off-by: Frans Hendriks Reviewed-on: https://review.coreboot.org/c/coreboot/+/63446 Reviewed-by: Erik van den Bogaert Reviewed-by: Angel Pons Tested-by: build bot (Jenkins) --- src/mainboard/facebook/fbg1701/board_verified_boot.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c index 5fbcf2c033..8b644cbef1 100644 --- a/src/mainboard/facebook/fbg1701/board_verified_boot.c +++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c @@ -2,7 +2,8 @@ #include "board_verified_boot.h" -/* The items verified by the bootblock, the bootblock will not measure the +/* + * The items verified by the bootblock, the bootblock will not measure the * items to the TPM */ const verify_item_t bootblock_verify_list[] = { @@ -10,6 +11,10 @@ const verify_item_t bootblock_verify_list[] = { HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 }, { VERIFY_FILE, BOOTBLOCK, { { NULL, CBFS_TYPE_BOOTBLOCK } }, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 }, + { VERIFY_FILE, FSP, { { NULL, CBFS_TYPE_FSP } }, HASH_IDX_FSP, + MBOOT_PCR_INDEX_1 }, + { VERIFY_FILE, "spd.bin", { { NULL, CBFS_TYPE_SPD } }, + HASH_IDX_SPD0, MBOOT_PCR_INDEX_1 }, #if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) { VERIFY_BLOCK, "PublicKey", { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, @@ -20,7 +25,7 @@ const verify_item_t bootblock_verify_list[] = { }; /* - * The items used by the romstage. Bootblock and PublicKey are added here to make sure they + * The items used by the romstage. Items verified by bootblock are added here to make sure they * are measured */ const verify_item_t romstage_verify_list[] = { -- cgit v1.2.3