Attention is currently required from: Vadim Bendebury, Julius Werner.
Yu-Ping Wu has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68057 )
Change subject: vboot: change name of the GCVD root pub key file ......................................................................
Patch Set 2:
(1 comment)
Commit Message:
https://review.coreboot.org/c/coreboot/+/68057/comment/f6520357_f521e067 PS2, Line 11: vboot reference I still see `tests/devkeys/arv_root.vbpubk` (and not `root_key_arv_root.vbpubk`) in vboot_reference. Could you elaborate?
Actually I don't think you need to modify anything here. The AP firmware is first signed by the dev keys (tests/devkeys/arv_root.vbpubk). Then, the official signing (by preMP/MP keys) is handled in `resign_firmware_payload()` in vboot_reference, which calls `futility gbb ...` to modify the root key in the GBB region. I think you just need to add another `futility gscvd ...` call right after that to update the `RO_GSCVD` region.