soc/amd/common: Add a config to keep signed AMD/PSP FW separately

Enabling this config will put signed amd firmwares into SIGNED_AMDFW_[AB] region which is outside FW_MAIN_[AB]. Vboot only verifies FW_MAIN_[AB] so these regions will not be verified by vboot, instead the PSP will verify them. As a result we have less to load and verify from SPI rom which means faster boot time. BUG=b:206909680 TEST=Build Skyrim with modified fmap and Kconfig. Change-Id: If4fd3cff11a38d82afb8c5ce379f1d1b5b9adfbf Signed-off-by: Kangheui Won <khwon@chromium.org> Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/59867 Reviewed-by: Jon Murphy <jpmurphy@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2022-08-25 15:53:27 -06:00 · 2022-08-25 15:53:27 -06:00 · bb31562e9e
parent 3c164e13e7
commit bb31562e9e
1 changed files with 6 additions and 0 deletions
--- a/src/soc/amd/common/psp_verstage/Kconfig
+++ b/src/soc/amd/common/psp_verstage/Kconfig
@ -29,3 +29,9 @@ config PSP_SUPPORTS_EFS2_RELATIVE_ADDR
 	  On SoCs where PSP uses A/B recovery layout, PSP support relative addressing
 	  from the start of the SPI ROM. Enable this config on SoCs where PSP supports
 	  relative addressing so that PSP verstage can pass the offset.
+
+config SEPARATE_SIGNED_PSPFW
+	def_bool n
+	help
+	  Put signed AMD/PSP firmwares outside FW_MAIN_[AB] so vboot doesn't verify them,
+	  and rely on PSP's verification.