Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32153
Change subject: src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region. ......................................................................
src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region.
When VBOOT Stage Verification is enabled, the root-of-trust is the Read-Only image. So, move the ROMSTAGE and POSTCAR is Read-Only region. POSTCAR triggers VBOOT Stage Authentication starting with RAMSTAGE. RAMSTAGE authenticates PAYLOAD.
TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port.
Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a Signed-off-by: Sukerkar, Amol N amol.n.sukerkar@intel.com --- M src/security/vboot/Makefile.inc M src/security/vboot/vboot_loader.c 2 files changed, 19 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/32153/1
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc index a65b066..1a6ca9f 100644 --- a/src/security/vboot/Makefile.inc +++ b/src/security/vboot/Makefile.inc @@ -211,6 +211,10 @@ $(if $(filter \ $(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \ %/romstage) \ + $(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \ + %/romstage, ) \ + $(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \ + %/postcar, ) \ mts \ %/verstage \ locales \ diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index b71178e..36f2a07 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -37,6 +37,16 @@ CONFIG(VBOOT_SEPARATE_VERSTAGE), "return from verstage only makes sense for separate verstages");
+/* This helper decides if stage verification logic needs to be + * initiated or not. */ +static int stage_verification_should_run(void) +{ + if (CONFIG(VBOOT_STAGE_VERIFICATION)) + return ENV_POSTCAR | ENV_RAMSTAGE; + + return 0; +} + /* The stage loading code is compiled and entered from multiple stages. The * helper functions below attempt to provide more clarity on when certain * code should be called. */ @@ -141,6 +151,11 @@ if (!vboot_logic_executed()) return -1;
+ /* Do not initiate VBOOT Stage Verification until all the + * stages from RO region are loaded */ + if (!stage_verification_should_run()) + return -1; + if (vboot_get_selected_region(&selected_region)) return -1;