chromeos: Create GBB at build time

The GBB contains hardware-specific data plus some configuration. The
latter isn't supported by this change yet and will come later.

The fields that are supported (hardware ID, bmpfv, vboot keys) are
configurable through Kconfig and point to Chrome OS-style default (eg.
developer keys).

While adding vboot keys, the two keys used to sign RW regions are also
added to Kconfig, even if not yet used.

Change-Id: Icfba6061ca83182df560cd36052fbb257826d4b0
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: https://review.coreboot.org/13558
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
This commit is contained in:
Patrick Georgi 2016-02-02 14:43:56 +01:00 committed by Patrick Georgi
parent 4505787724
commit 0db0e61f64
2 changed files with 76 additions and 0 deletions

View file

@ -168,5 +168,49 @@ config HAVE_REGULATORY_DOMAIN
source src/vendorcode/google/chromeos/vboot2/Kconfig
menu "GBB configuration"
config GBB_HWID
string "Hardware ID"
default "NOCONF HWID"
config GBB_BMPFV_FILE
string "Path to bmpfv image"
depends on GBB_HAVE_BMPFV
default ""
endmenu # GBB
menu "Vboot Keys"
config VBOOT_ROOT_KEY
string "Root key (public)"
default "3rdparty/vboot/tests/devkeys/root_key.vbpubk"
config VBOOT_RECOVERY_KEY
string "Recovery key (public)"
default "3rdparty/vboot/tests/devkeys/recovery_key.vbpubk"
config VBOOT_FIRMWARE_PRIVKEY
string "Firmware key (private)"
default "3rdparty/vboot/tests/devkeys/firmware_data_key.vbprivk"
config VBOOT_KERNEL_KEY
string "Kernel subkey (public)"
default "3rdparty/vboot/tests/devkeys/kernel_subkey.vbpubk"
config VBOOT_KEYBLOCK
string "Keyblock to use for the RW regions"
default "3rdparty/vboot/tests/devkeys/firmware.keyblock"
config VBOOT_KEYBLOCK_VERSION
int "Keyblock version number"
default 1
config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
hex "Keyblock preamble flags"
default 0
endmenu # Keys
endif # CHROMEOS
endmenu

View file

@ -51,3 +51,35 @@ CFLAGS_common += -DMOCK_TPM=0
endif
subdirs-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot2
CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
ifneq ($(CONFIG_GBB_BMPFV_FILE),)
$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
@printf " CREATE GBB (with BMPFV)\n"
$(CBFSTOOL) $< read -r GBB -f $(obj)/gbb.stub.tmp
$(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract $(call file-size,$(obj)/gbb.stub.tmp) 0x2180),0x1000 $@.tmp
rm -f $(obj)/gbb.stub.tmp
mv $@.tmp $@
else
$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
@printf " CREATE GBB (without BMPFV)\n"
$(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
mv $@.tmp $@
endif
$(obj)/gbb.region: $(obj)/gbb.stub
@printf " SETUP GBB\n"
cp $< $@.tmp
$(FUTILITY) gbb_utility -s \
--hwid="$(CONFIG_GBB_HWID)" \
--rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
--recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
--flags=0 \
$@.tmp
mv $@.tmp $@
build_complete:: $(obj)/gbb.region
@printf " WRITE GBB\n"
$(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -f $<