5eda52a599
This patch adds a new CONFIG_VBOOT_GSCVD option that will be enabled by default for TPM_GOOGLE_TI50 devices. It makes the build system run the `futility gscvd` command to create a GSCVD (GSC verification data) which signs the CBFS trust anchor (bootblock and GBB). In order for this to work, boards will need to have an RO_GSCVD section in their FMAP, and production boards should override the CONFIG_VBOOT_GSC_BOARD_ID option with the correct ID for each variant. BUG=b:229015103 Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I1cf86e90b2687e81edadcefa5a8826b02fbc8b24 Reviewed-on: https://review.coreboot.org/c/coreboot/+/64707 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Yu-Ping Wu <yupingso@google.com> |
||
|---|---|---|
| .. | ||
| antirollback.h | ||
| bootmode.c | ||
| common.c | ||
| ec_sync.c | ||
| Kconfig | ||
| Makefile.inc | ||
| misc.h | ||
| mrc_cache_hash_tpm.c | ||
| mrc_cache_hash_tpm.h | ||
| secdata_mock.c | ||
| secdata_tpm.c | ||
| symbols.h | ||
| tpm_common.c | ||
| tpm_common.h | ||
| vbnv.c | ||
| vbnv.h | ||
| vbnv_cmos.c | ||
| vbnv_ec.c | ||
| vbnv_flash.c | ||
| vbnv_layout.h | ||
| vboot_common.c | ||
| vboot_common.h | ||
| vboot_lib.c | ||
| vboot_loader.c | ||
| vboot_logic.c | ||
| verstage.c | ||