Amol N Sukerkar has uploaded this change for review.

View Change

src/security/vboot: When VBOOT Stage Verification is enabled,
                    boot ROMSTAGE and POSTCAR from Read-Only region.

When VBOOT Stage Verification is enabled, the root-of-trust is the
Read-Only image. So, move the ROMSTAGE and POSTCAR is Read-Only
region. POSTCAR triggers VBOOT Stage Authentication starting with
RAMSTAGE. RAMSTAGE authenticates PAYLOAD.

TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and
     CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots
     to authenticated payload and graphics is displayed via HDMI
     and Display Port.

Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
M src/security/vboot/Makefile.inc
M src/security/vboot/vboot_loader.c
2 files changed, 19 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/32153/1
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index a65b066..1a6ca9f 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -211,6 +211,10 @@
 	$(if $(filter \
 		$(if $(filter y,$(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)),, \
 			%/romstage) \
+		$(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \
+			%/romstage, ) \
+		$(if $(filter y,$(CONFIG_VBOOT_STAGE_VERIFICATION)), \
+			%/postcar, ) \
 		mts \
 		%/verstage \
 		locales \
diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c
index b71178e..36f2a07 100644
--- a/src/security/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@@ -37,6 +37,16 @@
 	       CONFIG(VBOOT_SEPARATE_VERSTAGE),
 	       "return from verstage only makes sense for separate verstages");
 
+/* This helper decides if stage verification logic needs to be
+ * initiated or not. */
+static int stage_verification_should_run(void)
+{
+	if (CONFIG(VBOOT_STAGE_VERIFICATION))
+		return ENV_POSTCAR | ENV_RAMSTAGE;
+
+	return 0;
+}
+
 /* The stage loading code is compiled and entered from multiple stages. The
  * helper functions below attempt to provide more clarity on when certain
  * code should be called. */
@@ -141,6 +151,11 @@
 	if (!vboot_logic_executed())
 		return -1;
 
+	/* Do not initiate VBOOT Stage Verification until all the
+	 * stages from RO region are loaded */
+	if (!stage_verification_should_run())
+		return -1;
+
 	if (vboot_get_selected_region(&selected_region))
 		return -1;

To view, visit change 32153. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a
Gerrit-Change-Number: 32153
Gerrit-PatchSet: 1
Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar@intel.com>
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar@intel.com>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-MessageType: newchange