From 8ae248ea9c9b6031695e421d0eee4300647a31d7 Mon Sep 17 00:00:00 2001
From: Arthur Heymans <arthur@aheymans.xyz>
Date: Tue, 6 Jul 2021 16:21:24 +0200
Subject: [PATCH] security/intel/cbnt/Makefile.inc: Improve build flow

Using 'files_added::' is no longer needed as all files have already
been added to the build. This has the advantage of showing all final
entries in the FIT table and CBFS during the build process as adding
the bpm to cbfs and fit is moved earlier.

Change-Id: I22aa140202f0665b7095a01cb138af4986aa9ac3
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56119
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
---
 src/security/intel/cbnt/Makefile.inc | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/security/intel/cbnt/Makefile.inc b/src/security/intel/cbnt/Makefile.inc
index a520696118..9a29fa69b9 100644
--- a/src/security/intel/cbnt/Makefile.inc
+++ b/src/security/intel/cbnt/Makefile.inc
@@ -47,11 +47,11 @@ $(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE))
 
 ifeq ($(CONFIG_INTEL_CBNT_GENERATE_BPM),y)
 ifeq ($(CONFIG_INTEL_CBNT_CBNT_PROV_BPM_USE_CFG_FILE),y)
-$(obj)/bpm_unsigned.bin: $(obj)/coreboot.rom $(CBNT_PROV) $(CBNT_CFG)
+$(obj)/bpm_unsigned.bin: $(obj)/coreboot.pre $(CBNT_PROV) $(CBNT_CFG)
 	printf "    CBNT_PROV    creating unsigned BPM using config file\n"
 	$(CBNT_PROV) bpm-gen $@ $< --config=$(CBNT_CFG) --cut
 else
-$(obj)/bpm_unsigned.bin: $(obj)/coreboot.rom $(CBNT_PROV)
+$(obj)/bpm_unsigned.bin: $(obj)/coreboot.pre $(CBNT_PROV) set_fit_ptr
 	printf "    CBNT_PROV    creating unsigned BPM\n"
 	$(CBNT_PROV) bpm-gen $@ $< --revision=$(CONFIG_INTEL_CBNT_BPM_REVISION) \
 				 --svn=$(CONFIG_INTEL_CBNT_BPM_SVN) \
@@ -86,11 +86,14 @@ $(obj)/bpm.bin: $(obj)/bpm_unsigned.bin $(CBNT_PROV) $(call strip_quotes, $(CONF
 	$(CBNT_PROV) bpm-sign $< $@ $(CONFIG_INTEL_CBNT_BPM_PRIV_KEY_FILE) ""
 
 # Add BPM at the end of the build when all files have been added
-files_added:: $(obj)/bpm.bin $(IFITTOOL)
+$(call add_intermediate, add_bpm, $(obj)/bpm.bin)
 	printf "    CBNT       Adding BPM\n"
-	$(CBFSTOOL) $(obj)/coreboot.rom add -f $< -n boot_policy_manifest.bin -a 0x10 -t raw
+	-$(CBFSTOOL) $< remove -n boot_policy_manifest.bin 2>/dev/null
+	$(CBFSTOOL) $< add -f $(obj)/bpm.bin -n boot_policy_manifest.bin -a 0x10 -t raw
+
+$(call add_intermediate, fit_bpm, set_fit_ptr add_bpm $(IFITTOOL))
 	printf "    IFITTOOL   Adding BPM\n"
-	$(IFITTOOL) -r COREBOOT -a -n boot_policy_manifest.bin -t 12 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $(obj)/coreboot.rom
+	$(IFITTOOL) -r COREBOOT -a -n boot_policy_manifest.bin -t 12 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $<
 
 endif # CONFIG_INTEL_CBNT_BPM_ONLY_UNSIGNED