mb/facebook/fbg1701: Only verify the publickey when needed

The public key should only be validated if the manifest is signed.

BUG=N/A
TEST=testedd on fbg1701

Change-Id: I703ed442e0b1926859f593ce9ca84133013224ea
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36816
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
This commit is contained in:
Wim Vervoorn 2019-11-13 16:52:22 +01:00 committed by Patrick Georgi
parent f4a304722a
commit 0bb4f0c766
1 changed files with 2 additions and 0 deletions

View File

@ -25,10 +25,12 @@ const verify_item_t bootblock_verify_list[] = {
{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
MBOOT_PCR_INDEX_0 },
#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
{ VERIFY_BLOCK, "PublicKey",
{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
MBOOT_PCR_INDEX_0 },
#endif
{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};