Dinesh Gehlot has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/83685?usp=email )
Change subject: src: Include new gbb flag to enforce cse sync ......................................................................
src: Include new gbb flag to enforce cse sync
This patch adds a GBB flag to coreboot, which, when enabled, enforces CSME sync even if the current CSME version matches the version in CBFS.
BUG=b:353053317 TEST=futility gbb --help
Cq-Depend: chromium:5718196 Change-Id: I6352959e1e898a90b4c6e12a22f8d6513f90ded9 Signed-off-by: Dinesh Gehlot digehlot@google.com --- M src/security/vboot/Kconfig M src/security/vboot/Makefile.mk 2 files changed, 5 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/85/83685/1
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index e30e8ee..e6abf18 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -451,6 +451,10 @@ bool "Enable USB Device Controller" default n
+config GBB_FLAG_FORCE_CSME_SYNC + bool "Enforce CSE Sync" + default n + endmenu # GBB
menu "Vboot Keys" diff --git a/src/security/vboot/Makefile.mk b/src/security/vboot/Makefile.mk index 48a6c9d..591976a 100644 --- a/src/security/vboot/Makefile.mk +++ b/src/security/vboot/Makefile.mk @@ -265,6 +265,7 @@ $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY),0x4000) \ $(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FWMP),0x8000) \ $(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_UDC),0x10000) \ + $(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_CSME_SYNC),0x20000) \ )
ifneq ($(CONFIG_GBB_BMPFV_FILE),)