View Change
1 comment:
File src/lib/cbfs.c:
Patch Set #5, Line 330: #if !CONFIG(VBOOT) && CONFIG(VBOOT_MEASURED_BOOT)
The latest revision can basically work with C_ENVIRONMENT_BOOTBLOCK.
Now the problem is that the bootblock on some platform is too small to contain the code to initialize crtm. I believe that is why a separate verstage is necessary on such platform. One path is to leave measured boot dependent on verified boot on these platform, another could be initializing crtm on romstage with a cbfs locator for those platforms as patchset 5 did. Repurposing verstage may also be possible, but it is beyond my ability. Which path do you prefer? Or is there any better ideas?
To view, visit change 35077. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Gerrit-Change-Number: 35077
Gerrit-PatchSet: 33
Gerrit-Owner: Bill XIE <persmule@hardenedlinux.org>
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Bill XIE <persmule@hardenedlinux.org>
Gerrit-Reviewer: Julius Werner <jwerner@chromium.org>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Gerrit-Reviewer: Werner Zeh <werner.zeh@siemens.com>
Gerrit-Reviewer: Wim Vervoorn <wvervoorn@eltan.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Frans Hendriks <fhendriks@eltan.com>
Gerrit-CC: Joel Kitching <kitching@google.com>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-CC: Shawn C <citypw@hardenedlinux.org>
Gerrit-Comment-Date: Fri, 20 Dec 2019 16:33:18 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Julius Werner <jwerner@chromium.org>
Comment-In-Reply-To: Bill XIE <persmule@hardenedlinux.org>
Gerrit-MessageType: comment