GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
coreboot-kgpe-d16/src/security
History
Julius Werner 4a30d42c4a vboot: Disable vboot functions in SMM 
SMM does not have access to CBMEM and therefore cannot access any
persistent state like the vboot context. This makes it impossible to
query vboot state like the developer mode switch or the currently active
RW CBFS. However some code (namely the PC80 option table) does CBFS
accesses in SMM. This is currently worked around by directly using
cbfs_locate_file_in_region() with the COREBOOT region. By disabling
vboot functions explicitly in SMM, we can get rid of that and use normal
CBFS APIs in this code.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4b1baa73681fc138771ad8384d12c0a04b605377
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46645
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
 		2020-10-26 06:58:54 +00:00
..
intel sec/intel/txt: Split MTRR setup ASM code into a macro 2020-10-22 20:06:54 +00:00
lockdown lockdown: Add hint for how to check for lockdown support in boot log 2020-06-22 12:27:18 +00:00
memory src/security: Drop unneeded empty lines 2020-09-21 16:26:17 +00:00
tpm security/tpm/tspi/crtm: Add line break to debug messages 2020-10-26 06:47:20 +00:00
vboot vboot: Disable vboot functions in SMM 2020-10-26 06:58:54 +00:00
Kconfig
Makefile.inc