[coreboot-gerrit] Change in coreboot[master]: security/vboot: Intruduce CONFIG_VBOOT_LIB to control vboot library.

17 Dec 2019

Bill XIE has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/37787 )
Change subject: security/vboot: Intruduce CONFIG_VBOOT_LIB to control vboot library.
......................................................................
security/vboot: Intruduce CONFIG_VBOOT_LIB to control vboot library.
As discussed in CB:35077, since both measured boot and verified boot
depends on vboot library, it had better build and link the vboot
library less conditionally. Only the actual verification stuff should
be conditional on CONFIG_VBOOT.
Change-Id: Ia1907a11c851ee45a70582e02bdbe08fb18cc6a4
Signed-off-by: Bill XIE persmule@hardenedlinux.org
---
M src/security/vboot/Kconfig
M src/security/vboot/Makefile.inc
2 files changed, 42 insertions(+), 35 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/87/37787/1

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index a829443..353c46c 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -15,9 +15,13 @@
menu "Verified Boot (vboot)"
+config VBOOT_LIB
+	bool
+
 config VBOOT
    bool "Verify firmware with vboot."
    default n
+	select VBOOT_LIB
    select VBOOT_MOCK_SECDATA if !TPM1 && !TPM2
    depends on !MISSING_BOARD_RESET
    help
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index 5292bd1..99cf08c 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -14,6 +14,43 @@
 ## GNU General Public License for more details.
 ##
+ifeq ($(CONFIG_VBOOT_LIB),y)
+
+vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\
+		       $(patsubst $(src)/%.h,$(top)/$(src)/%.h,\
+		       $(filter-out -I$(obj),$(1))))
+
+# call with $1 = stage name to create rules for building the library
+# for the stage and adding it to the stage's set of object files.
+define vboot-for-stage
+VBOOT_LIB_$(1) = $(obj)/external/vboot_reference-$(1)/vboot_fw.a
+VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$(CPPFLAGS_$(1)))
+VBOOT_CFLAGS_$(1) += $$(CFLAGS_$(1))
+VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$($(1)-c-ccopts))
+VBOOT_CFLAGS_$(1) += -I$(abspath $(obj)) -Wno-missing-prototypes
+VBOOT_CFLAGS_$(1) += -DVBOOT_DEBUG
+
+$$(VBOOT_LIB_$(1)): $(obj)/config.h
+	printf "    MAKE       $(subst $(obj)/,,$(@))\n"
+	+FIRMWARE_ARCH=$$(ARCHDIR-$$(ARCH-$(1)-y)) \
+	CC="$$(CC_$(1))" \
+	CFLAGS="$$(VBOOT_CFLAGS_$(1))" VBOOT2="y" \
+	$(MAKE) -C $(VBOOT_SOURCE) \
+		BUILD=$$(abspath $$(dir $$(VBOOT_LIB_$(1)))) \
+		V=$(V) \
+		fwlib
+
+$(1)-srcs += $$(VBOOT_LIB_$(1))
+
+endef # vboot-for-stage
+
+CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include
+
+$(eval $(call vboot-for-stage,bootblock))
+$(eval $(call vboot-for-stage,romstage))
+$(eval $(call vboot-for-stage,ramstage))
+$(eval $(call vboot-for-stage,postcar))
+
 ifeq ($(CONFIG_VBOOT),y)
bootblock-y += bootmode.c
@@ -95,41 +132,6 @@
romstage-$(CONFIG_FSP2_0_USES_TPM_MRC_HASH) += mrc_cache_hash_tpm.c
-vboot-fixup-includes = $(patsubst -I%,-I$(top)/%,\
-		       $(patsubst $(src)/%.h,$(top)/$(src)/%.h,\
-		       $(filter-out -I$(obj),$(1))))
-
-# call with $1 = stage name to create rules for building the library
-# for the stage and adding it to the stage's set of object files.
-define vboot-for-stage
-VBOOT_LIB_$(1) = $(obj)/external/vboot_reference-$(1)/vboot_fw.a
-VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$(CPPFLAGS_$(1)))
-VBOOT_CFLAGS_$(1) += $$(CFLAGS_$(1))
-VBOOT_CFLAGS_$(1) += $$(call vboot-fixup-includes,$$($(1)-c-ccopts))
-VBOOT_CFLAGS_$(1) += -I$(abspath $(obj)) -Wno-missing-prototypes
-VBOOT_CFLAGS_$(1) += -DVBOOT_DEBUG
-
-$$(VBOOT_LIB_$(1)): $(obj)/config.h
-	printf "    MAKE       $(subst $(obj)/,,$(@))\n"
-	+FIRMWARE_ARCH=$$(ARCHDIR-$$(ARCH-$(1)-y)) \
-	CC="$$(CC_$(1))" \
-	CFLAGS="$$(VBOOT_CFLAGS_$(1))" VBOOT2="y" \
-	$(MAKE) -C $(VBOOT_SOURCE) \
-		BUILD=$$(abspath $$(dir $$(VBOOT_LIB_$(1)))) \
-		V=$(V) \
-		fwlib
-
-$(1)-srcs += $$(VBOOT_LIB_$(1))
-
-endef # vboot-for-stage
-
-CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include
-
-$(eval $(call vboot-for-stage,bootblock))
-$(eval $(call vboot-for-stage,romstage))
-$(eval $(call vboot-for-stage,ramstage))
-$(eval $(call vboot-for-stage,postcar))
-
 ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
$(eval $(call vboot-for-stage,verstage))
@@ -328,3 +330,4 @@
 endif
endif # CONFIG_VBOOT
+endif # CONFIG_VBOOT_LIB
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/37787
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ia1907a11c851ee45a70582e02bdbe08fb18cc6a4
Gerrit-Change-Number: 37787
Gerrit-PatchSet: 1
Gerrit-Owner: Bill XIE persmule@hardenedlinux.org
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-MessageType: newchange



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/vboot: Intruduce CONFIG_VBOOT_LIB to control vboot library.