GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Kconfig.cbfs_verification: Update TOCTOU_SAFETY combination with VBOOT 

Now that VBOOT_CBFS_INTEGRATION exists, it is possible to use
TOCTOU_SAFETY with VBOOT.

Change-Id: I9f84574f611ec397060404c61e71312009d92ba7
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78915
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
This commit is contained in:
Julius Werner 2023-11-06 16:59:42 -08:00
parent ca71588620
commit c7120e38e7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib/Kconfig.cbfs_verification
View File

@ -25,7 +25,7 @@ config TOCTOU_SAFETY
depends on !NO_FMAP_CACHE depends on !NO_FMAP_CACHE
depends on !NO_CBFS_MCACHE depends on !NO_CBFS_MCACHE
depends on !USE_OPTION_TABLE && !FSP_CAR # Known to access CBFS before CBMEM init depends on !USE_OPTION_TABLE && !FSP_CAR # Known to access CBFS before CBMEM init
depends on !VBOOT # TODO: can only allow this once vboot fully integrated depends on !VBOOT || VBOOT_CBFS_INTEGRATION
depends on NO_XIP_EARLY_STAGES depends on NO_XIP_EARLY_STAGES
help help
Say yes here to eliminate time-of-check vs. time-of-use vulnerabilities Say yes here to eliminate time-of-check vs. time-of-use vulnerabilities