From e4240f3e01a2bd0093d9a2a63e61319d65655e7b Mon Sep 17 00:00:00 2001 From: Wim Vervoorn Date: Wed, 13 Nov 2019 16:41:00 +0100 Subject: [PATCH] mb/facebook/fbg1701: Align handling of bootblock and publickey The bootblock measurement was handled using the romstage_verify_list() and the public_key in the mb_log_list. This is confusing as these are both read-only items that should be handled in the same way. Both will be handled in the romstage_verify_list(). BUG=N/A TEST=tested on fbg1701 Change-Id: If05198deec85188f39a221a8b755798755afa5bb Signed-off-by: Wim Vervoorn Reviewed-on: https://review.coreboot.org/c/coreboot/+/36814 Tested-by: build bot (Jenkins) Reviewed-by: Frans Hendriks --- src/mainboard/facebook/fbg1701/board_mboot.h | 4 ---- src/mainboard/facebook/fbg1701/board_verified_boot.c | 11 ++++++++++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/mainboard/facebook/fbg1701/board_mboot.h b/src/mainboard/facebook/fbg1701/board_mboot.h index 5a23630570..5cfb091451 100644 --- a/src/mainboard/facebook/fbg1701/board_mboot.h +++ b/src/mainboard/facebook/fbg1701/board_mboot.h @@ -23,9 +23,5 @@ const mboot_measure_item_t mb_log_list[] = { #if CONFIG(VENDORCODE_ELTAN_VBOOT) { "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION, NULL }, -#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) - { "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6, - EV_NO_ACTION, NULL }, -#endif #endif }; diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c index bb5768fdc1..09f4e6791e 100644 --- a/src/mainboard/facebook/fbg1701/board_verified_boot.c +++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c @@ -43,7 +43,10 @@ static const verify_item_t ram_stage_additional_list[] = { { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } }; -/* The items used by the romstage */ +/* + * The items used by the romstage. Bootblock and PublicKey are added here to make sure they + * are measured + */ const verify_item_t romstage_verify_list[] = { { VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } }, HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 }, @@ -61,6 +64,12 @@ const verify_item_t romstage_verify_list[] = { { { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1, CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 }, +#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST) + { VERIFY_BLOCK, "PublicKey", + { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, + CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY, + MBOOT_PCR_INDEX_6 }, +#endif { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } };