GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mb/facebook/fbg1701: Remove C_ENV_BOOTBLOCK_SIZE 

Remove the use of C_ENV_BOOTBLOCK_SIZE. Verify the bootblock by reading
the CBFS file instead of directly accessing the datablock.

BUG=None
BRANCH=None
TEST=tested on facebook fbg1701

Change-Id: I4254d681525327c7eec18832586818e9c4e8eb22
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41694
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-by: Kyösti Mälkki <kyosti.malkki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Kyösti Mälkki 2020-05-25 06:45:08 +03:00 committed by Patrick Georgi
parent 9657fc2bd9
commit ad2eb28c10
2 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/mainboard/facebook/fbg1701/board_verified_boot.c
View File

@ -8,10 +8,8 @@
const verify_item_t bootblock_verify_list[] = { const verify_item_t bootblock_verify_list[] = {
{ VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } }, { VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } },
HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 }, HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 },
{ VERIFY_BLOCK, "BootBlock", { VERIFY_FILE, BOOTBLOCK, { { NULL, CBFS_TYPE_BOOTBLOCK } },
{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 },
CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
MBOOT_PCR_INDEX_0 },
#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) #if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
{ VERIFY_BLOCK, "PublicKey", { VERIFY_BLOCK, "PublicKey",
{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
@ -34,10 +32,8 @@ const verify_item_t romstage_verify_list[] = {
MBOOT_PCR_INDEX_1 }, MBOOT_PCR_INDEX_1 },
{ VERIFY_FILE, "spd.bin", { { NULL, CBFS_TYPE_SPD } }, { VERIFY_FILE, "spd.bin", { { NULL, CBFS_TYPE_SPD } },
HASH_IDX_SPD0, MBOOT_PCR_INDEX_1 }, HASH_IDX_SPD0, MBOOT_PCR_INDEX_1 },
{ VERIFY_BLOCK, "BootBlock", { VERIFY_FILE, BOOTBLOCK, { { NULL, CBFS_TYPE_BOOTBLOCK } },
{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 },
CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
MBOOT_PCR_INDEX_0 },
#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) #if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
{ VERIFY_BLOCK, "PublicKey", { VERIFY_BLOCK, "PublicKey",
{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,

1
src/mainboard/facebook/fbg1701/board_verified_boot.h
View File

@ -6,6 +6,7 @@
#include <vboot_check.h> #include <vboot_check.h>
/* Define the items to be measured or verified */ /* Define the items to be measured or verified */
#define BOOTBLOCK (const char *)"bootblock"
#define FSP (const char *)"fsp.bin" #define FSP (const char *)"fsp.bin"
#define CMOS_LAYOUT (const char *)"cmos_layout.bin" #define CMOS_LAYOUT (const char *)"cmos_layout.bin"
#define RAMSTAGE (const char *)CONFIG_CBFS_PREFIX"/ramstage" #define RAMSTAGE (const char *)CONFIG_CBFS_PREFIX"/ramstage"