Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34343 )
Change subject: configs/config.facebook_fbg1701: Add config file ......................................................................
Patch Set 7:
(1 comment)
https://review.coreboot.org/c/coreboot/+/34343/7/configs/config.facebook_fbg... File configs/config.facebook_fbg1701:
https://review.coreboot.org/c/coreboot/+/34343/7/configs/config.facebook_fbg... PS7, Line 8: CONFIG_VENDORCODE_ELTAN_VBOOT=y
Enabling vboot also requires the public key to be available in order to build. […]
Please provide a "dev" key. Ideally something at the absolutely bottom end of the parameter space (e.g. smallest possible key size) to make sure using that key in a real build looks as ridiculous as it is :-)
Another idea I had is to build a transient key on every build, but that interferes with reproducible builds which can create issues down the road (there are ideas to be able to assert that a commit doesn't change the resulting binaries and have jenkins test that)