security/vboot: Allow files to go into only RW-A or RW-B region

The AMD firmware package created by amdfwtool contains pointers to the
various binaries and settings.  This means that we need different copies
of the package in each region.
This change allows for the different files in each of the 3 vboot
regions.

BUG=b:158124527
TEST=Build trembyle; see the correct versions of the files getting
built into the RW-A & RW-B regions.

Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I45ff69dbc2266a67e05597bbe721fbf95cf41777
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42822
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
This commit is contained in:
Martin Roth 2020-06-25 17:20:32 -06:00 committed by Martin Roth
parent 362eaf3f4c
commit 6303671189
2 changed files with 26 additions and 3 deletions

View File

@ -218,6 +218,22 @@ config RW_REGION_ONLY
Add a space delimited list of filenames that should only be in the Add a space delimited list of filenames that should only be in the
RW sections. RW sections.
config RWA_REGION_ONLY
string
default ""
depends on VBOOT_SLOTS_RW_AB
help
Add a space-delimited list of filenames that should only be in the
RW-A section.
config RWB_REGION_ONLY
string
default ""
depends on VBOOT_SLOTS_RW_AB
help
Add a space-delimited list of filenames that should only be in the
RW-B section.
config VBOOT_ENABLE_CBFS_FALLBACK config VBOOT_ENABLE_CBFS_FALLBACK
bool bool
default n default n

View File

@ -165,8 +165,9 @@ RW_PARTITIONS += FW_MAIN_B
endif endif
# Return the regions a specific file should be placed in. The files listed below and the ones # Return the regions a specific file should be placed in. The files listed below and the ones
# that are specified in CONFIG_RO_REGION_ONLY are only specified in the RO region. The files # that are specified in CONFIG_RO_REGION_ONLY, are only specified in the RO region. The files
# specified in the CONFIG_RW_REGION_ONLY are only placed in the RW regions. # specified in the CONFIG_RW_REGION_ONLY are placed in all RW regions. Files specified
# in CONFIG_RWA_REGION_ONLY or CONFIG_RWB_REGION_ONLY get placed only in those sections.
# All other files will be installed into RO and RW regions # All other files will be installed into RO and RW regions
# Use $(sort) to cut down on extra spaces that would be translated to commas # Use $(sort) to cut down on extra spaces that would be translated to commas
regions-for-file = $(subst $(spc),$(comma),$(sort \ regions-for-file = $(subst $(spc),$(comma),$(sort \
@ -184,10 +185,16 @@ regions-for-file = $(subst $(spc),$(comma),$(sort \
cmos.default \ cmos.default \
$(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \ $(call strip_quotes,$(CONFIG_RO_REGION_ONLY)) \
,$(1)),COREBOOT,\ ,$(1)),COREBOOT,\
$(if $(filter \
$(call strip_quotes,$(CONFIG_RWA_REGION_ONLY)) \
,$(1)), FW_MAIN_A, \
$(if $(filter \
$(call strip_quotes,$(CONFIG_RWB_REGION_ONLY)) \
,$(1)), FW_MAIN_B, \
$(if $(filter \ $(if $(filter \
$(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \ $(call strip_quotes,$(CONFIG_RW_REGION_ONLY)) \
,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \ ,$(1)), $(RW_PARTITIONS), $(VBOOT_PARTITIONS) ) \
))) )))))
CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID)) CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE)) CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))