mb/facebook/fbg1701: Add public key to bootblock_verify_list

The public key was not verified during the verified boot operation.
This is now added. The items in the manifest are now fixed at 12 as
we always have the postcar stage.

BUG=N/A
TEST=tested on facebook fbg1701

Change-Id: I85fd391294db0ea796001720c2509f797be5aedf
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36504
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/mainboard/facebook/fbg1701/board_verified_boot.c

@@ -26,6 +26,10 @@ const verify_item_t bootblock_verify_list[] = {
 		{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
 		CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
 		MBOOT_PCR_INDEX_0 },
+	{ VERIFY_BLOCK, "PublicKey",
+		{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
+		CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
+		MBOOT_PCR_INDEX_0 },
 	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
 };
 #endif

src/mainboard/facebook/fbg1701/manifest.h

@@ -30,6 +30,6 @@
 #define HASH_IDX_LOGO		7
 #define HASH_IDX_DSDT		8
 #define HASH_IDX_POSTCAR_STAGE	9
-#define HASH_IDX_BOOTBLOCK	10 /* Should always be the last one */
-
+#define HASH_IDX_PUBLICKEY	10
+#define HASH_IDX_BOOTBLOCK	11 /* Should always be the last one */
 #endif

src/vendorcode/eltan/security/verified_boot/Kconfig

@@ -42,8 +42,7 @@ config VENDORCODE_ELTAN_VBOOT_MANIFEST
 
 config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS
 	int "Manifest Items"
-	default 11 if POSTCAR_STAGE
-	default 10
+	default 12
 
 config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE
 	int