Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38590 )
Change subject: vendorcode/eltan/security: Switch to vb2 vboot library ......................................................................
Patch Set 5:
(2 comments)
https://review.coreboot.org/c/coreboot/+/38590/2/src/vendorcode/eltan/securi... File src/vendorcode/eltan/security/verified_boot/vboot_check.c:
https://review.coreboot.org/c/coreboot/+/38590/2/src/vendorcode/eltan/securi... PS2, Line 17: #define NEED_VB20_INTERNALS /* Peeking into vb2_shared_data */
Is there a timeline from your side? […]
Understood, the issue is that we need to have the code for this project upstreamed.
Basically what we need to have is a way to add a public key to the workbuffer so this can be used for the signature verification. I haven't really found a public API to do this. Do you have suggestion? Or alternatively is it possible to make the api to do this public?
https://review.coreboot.org/c/coreboot/+/38590/5/src/vendorcode/eltan/securi... File src/vendorcode/eltan/security/verified_boot/vboot_check.c:
https://review.coreboot.org/c/coreboot/+/38590/5/src/vendorcode/eltan/securi... PS5, Line 162: vb2_digest_buffer
Uhh... […]
We verified the behavior. It turned out that the need for the "little-endian" hashes was caused by legacy in the scripts we used to create them. After correcting the scripts there is no need any longer to do this. The impact of the change is now handled in the script to generate the manifest containing the hashes.