mb/facebook/fbg1701: Only verify the publickey when needed

The public key should only be validated if the manifest is signed. BUG=N/A TEST=testedd on fbg1701 Change-Id: I703ed442e0b1926859f593ce9ca84133013224ea Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36816 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
2019-11-13 16:52:22 +01:00 · 2019-11-13 16:52:22 +01:00 · 0bb4f0c766
parent f4a304722a
commit 0bb4f0c766
1 changed files with 2 additions and 0 deletions
--- a/src/mainboard/facebook/fbg1701/board_verified_boot.c
+++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c
@ -25,10 +25,12 @@ const verify_item_t bootblock_verify_list[] = {
 		{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
 		CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
 		MBOOT_PCR_INDEX_0 },
+#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
 	{ VERIFY_BLOCK, "PublicKey",
 		{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
 		CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
 		MBOOT_PCR_INDEX_0 },
+#endif
 	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
 };