mb/facebook/fbg1701: Align handling of bootblock and publickey

The bootblock measurement was handled using the romstage_verify_list()
and the public_key in the mb_log_list. This is confusing as these are
both read-only items that should be handled in the same way.
Both will be handled in the romstage_verify_list().

BUG=N/A
TEST=tested on fbg1701

Change-Id: If05198deec85188f39a221a8b755798755afa5bb
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>

src/mainboard/facebook/fbg1701/board_mboot.h

@@ -23,9 +23,5 @@ const mboot_measure_item_t mb_log_list[] = {
 #if CONFIG(VENDORCODE_ELTAN_VBOOT)
 	{ "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION,
 		NULL },
-#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
-	{ "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6,
-		EV_NO_ACTION, NULL },
-#endif
 #endif
 };

src/mainboard/facebook/fbg1701/board_verified_boot.c

@@ -43,7 +43,10 @@ static const verify_item_t ram_stage_additional_list[] = {
 	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
 };
 
-/* The items used by the romstage */
+/*
+ * The items used by the romstage. Bootblock and PublicKey are added here to make sure they
+ * are measured
+ */
 const verify_item_t romstage_verify_list[] = {
 	{ VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } },
 		HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 },
@@ -61,6 +64,12 @@ const verify_item_t romstage_verify_list[] = {
 		{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
 		CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
 		MBOOT_PCR_INDEX_0 },
+#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
+	{ VERIFY_BLOCK, "PublicKey",
+		{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
+		CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
+		MBOOT_PCR_INDEX_6 },
+#endif
 	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
 };