diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 66bcc1ed6f..ea1f73889a 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -107,21 +107,6 @@ config VBOOT_STARTS_IN_ROMSTAGE memory initialization). This implies that vboot working data is allocated in CBMEM. -config VBOOT_MIGRATE_WORKING_DATA - bool - default y if CACHE_AS_RAM - depends on !VBOOT_STARTS_IN_ROMSTAGE - help - In order to make vboot data structures available downstream, - migrate verified boot working data to CBMEM after CBMEM comes - online, when VBOOT_STARTS_IN_BOOTBLOCK is employed. This should - always be enabled on x86 architectures to migrate data from CAR - before losing access in ramstage, and should almost always be - disabled in SRAM architectures, where access to SRAM is usually - retained. Any SRAM platform where the original location of the - VBOOT_WORKBUF region becomes inaccessible in later stages should - manually select this option. - config VBOOT_MOCK_SECDATA bool "Mock secdata for firmware verification" default n diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c index bd72683e00..626fbc52a4 100644 --- a/src/security/vboot/common.c +++ b/src/security/vboot/common.c @@ -117,13 +117,12 @@ int vboot_is_slot_selected(void) return reg->size > 0; } -#if CONFIG(VBOOT_MIGRATE_WORKING_DATA) +#if CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) /* * For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot * verification occurs before CBMEM is brought online, using pre-RAM. * In order to make vboot data structures available downstream, copy - * vboot_working_data from SRAM/CAR into CBMEM on platforms where this - * memory later becomes unavailable. + * vboot_working_data from SRAM/CAR into CBMEM. */ static void vboot_migrate_cbmem(int unused) { @@ -140,7 +139,7 @@ static void vboot_migrate_cbmem(int unused) memcpy(wd_cbmem, wd_preram, cbmem_size); } ROMSTAGE_CBMEM_INIT_HOOK(vboot_migrate_cbmem) -#elif CONFIG(VBOOT_STARTS_IN_ROMSTAGE) +#else static void vboot_setup_cbmem(int unused) { struct vboot_working_data *wd_cbmem = diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index 9e2cd00404..af4a3fd880 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -26,9 +26,6 @@ _Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) + CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1, "vboot must either start in bootblock or romstage (not both!)"); -_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) || - !CONFIG(VBOOT_MIGRATE_WORKING_DATA), - "no need to migrate working data after CBMEM is already up!"); _Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) || CONFIG(VBOOT_STARTS_IN_BOOTBLOCK), "stand-alone verstage must start in (i.e. after) bootblock"); diff --git a/src/soc/qualcomm/qcs405/Kconfig b/src/soc/qualcomm/qcs405/Kconfig index e24993a2f0..aa867c2f25 100644 --- a/src/soc/qualcomm/qcs405/Kconfig +++ b/src/soc/qualcomm/qcs405/Kconfig @@ -19,7 +19,6 @@ config VBOOT select VBOOT_SEPARATE_VERSTAGE select VBOOT_RETURN_FROM_VERSTAGE select VBOOT_STARTS_IN_BOOTBLOCK - select VBOOT_MIGRATE_WORKING_DATA config QCS405_BLSP_SPI bool diff --git a/src/soc/qualcomm/sdm845/Kconfig b/src/soc/qualcomm/sdm845/Kconfig index f6268c95ba..459a4411b2 100644 --- a/src/soc/qualcomm/sdm845/Kconfig +++ b/src/soc/qualcomm/sdm845/Kconfig @@ -19,7 +19,6 @@ config VBOOT select VBOOT_RETURN_FROM_VERSTAGE select VBOOT_MUST_REQUEST_DISPLAY select VBOOT_STARTS_IN_BOOTBLOCK - select VBOOT_MIGRATE_WORKING_DATA config SDM845_QSPI bool diff --git a/src/soc/rockchip/rk3399/Kconfig b/src/soc/rockchip/rk3399/Kconfig index 897a5979d4..83fc437073 100644 --- a/src/soc/rockchip/rk3399/Kconfig +++ b/src/soc/rockchip/rk3399/Kconfig @@ -17,7 +17,6 @@ config SOC_ROCKCHIP_RK3399 if SOC_ROCKCHIP_RK3399 config VBOOT - select VBOOT_MIGRATE_WORKING_DATA select VBOOT_SEPARATE_VERSTAGE select VBOOT_RETURN_FROM_VERSTAGE select VBOOT_MUST_REQUEST_DISPLAY