GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/intel/cbnt/Makefile.inc: Improve build flow 

Using 'files_added::' is no longer needed as all files have already
been added to the build. This has the advantage of showing all final
entries in the FIT table and CBFS during the build process as adding
the bpm to cbfs and fit is moved earlier.

Change-Id: I22aa140202f0665b7095a01cb138af4986aa9ac3
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/56119
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit is contained in:
Arthur Heymans 2021-07-06 16:21:24 +02:00
parent 9cad23a504
commit 8ae248ea9c
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/security/intel/cbnt/Makefile.inc
View File

@ -47,11 +47,11 @@ $(CBNT_CFG): $(call strip_quotes, $(CONFIG_INTEL_CBNT_CBNT_PROV_CFG_FILE))
ifeq ($(CONFIG_INTEL_CBNT_GENERATE_BPM),y) ifeq ($(CONFIG_INTEL_CBNT_GENERATE_BPM),y)
ifeq ($(CONFIG_INTEL_CBNT_CBNT_PROV_BPM_USE_CFG_FILE),y) ifeq ($(CONFIG_INTEL_CBNT_CBNT_PROV_BPM_USE_CFG_FILE),y)
$(obj)/bpm_unsigned.bin: $(obj)/coreboot.rom $(CBNT_PROV) $(CBNT_CFG) $(obj)/bpm_unsigned.bin: $(obj)/coreboot.pre $(CBNT_PROV) $(CBNT_CFG)
printf " CBNT_PROV creating unsigned BPM using config file\n" printf " CBNT_PROV creating unsigned BPM using config file\n"
$(CBNT_PROV) bpm-gen $@ $< --config=$(CBNT_CFG) --cut $(CBNT_PROV) bpm-gen $@ $< --config=$(CBNT_CFG) --cut
else else
$(obj)/bpm_unsigned.bin: $(obj)/coreboot.rom $(CBNT_PROV) $(obj)/bpm_unsigned.bin: $(obj)/coreboot.pre $(CBNT_PROV) set_fit_ptr
printf " CBNT_PROV creating unsigned BPM\n" printf " CBNT_PROV creating unsigned BPM\n"
$(CBNT_PROV) bpm-gen $@ $< --revision=$(CONFIG_INTEL_CBNT_BPM_REVISION) \ $(CBNT_PROV) bpm-gen $@ $< --revision=$(CONFIG_INTEL_CBNT_BPM_REVISION) \
--svn=$(CONFIG_INTEL_CBNT_BPM_SVN) \ --svn=$(CONFIG_INTEL_CBNT_BPM_SVN) \
@ -86,11 +86,14 @@ $(obj)/bpm.bin: $(obj)/bpm_unsigned.bin $(CBNT_PROV) $(call strip_quotes, $(CONF
$(CBNT_PROV) bpm-sign $< $@ $(CONFIG_INTEL_CBNT_BPM_PRIV_KEY_FILE) "" $(CBNT_PROV) bpm-sign $< $@ $(CONFIG_INTEL_CBNT_BPM_PRIV_KEY_FILE) ""
# Add BPM at the end of the build when all files have been added # Add BPM at the end of the build when all files have been added
files_added:: $(obj)/bpm.bin $(IFITTOOL) $(call add_intermediate, add_bpm, $(obj)/bpm.bin)
printf " CBNT Adding BPM\n" printf " CBNT Adding BPM\n"
$(CBFSTOOL) $(obj)/coreboot.rom add -f $< -n boot_policy_manifest.bin -a 0x10 -t raw -$(CBFSTOOL) $< remove -n boot_policy_manifest.bin 2>/dev/null
$(CBFSTOOL) $< add -f $(obj)/bpm.bin -n boot_policy_manifest.bin -a 0x10 -t raw
$(call add_intermediate, fit_bpm, set_fit_ptr add_bpm $(IFITTOOL))
printf " IFITTOOL Adding BPM\n" printf " IFITTOOL Adding BPM\n"
$(IFITTOOL) -r COREBOOT -a -n boot_policy_manifest.bin -t 12 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $(obj)/coreboot.rom $(IFITTOOL) -r COREBOOT -a -n boot_policy_manifest.bin -t 12 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $<
endif # CONFIG_INTEL_CBNT_BPM_ONLY_UNSIGNED endif # CONFIG_INTEL_CBNT_BPM_ONLY_UNSIGNED