Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32532 )
Change subject: security/vboot/vboot_crtm.c: Use ENV_ conditions for vboot_measure_cbfs_hook() ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/#/c/32532/2/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c:
https://review.coreboot.org/#/c/32532/2/src/security/vboot/vboot_crtm.c@142 PS2, Line 142: #if !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR && !ENV_SMM Don't you also need CONFIG(VBOOT_MEASURED_BOOT) just like it is done in vboot_crtm.h?
In fact, can we just add a #define VBOOT_USE_MEASURE_CBFS_HOOK or something similar that defines the same check(CONFIG(VBOOT_MEASURED_BOOT) && !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR && !ENV_SMM) and then use it at runtime where vboot_measure_cbfs_hook is called:
if (VBOOT_USE_MEASURE_CBFS_HOOK) if (vboot_measure_cbfs_hook(fh, name)) return -1;
Does that work?