[coreboot-gerrit] Change in coreboot[master]: security/vboot: Add a dedicated flag for building of vboot library

18 Dec 2019


      Bill XIE has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37787 )
Change subject: security/vboot: Add a dedicated flag for building of vboot library
......................................................................
Patch Set 4:
(5 comments)
...
Patch Set 4:
(5 comments)
Another naming option would be to use:
VBOOT (or VBOOT_LIB) - include the vboot library functions
VBOOT_VERIFY_FIRMWARE - enable firmware verification
What do you think?
I would rather keep the VBOOT flag, for I don't know how to efficiently and correctly change hundreds of its appearance around the whole coreboot tree.
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Kconfig 
File src/security/vboot/Kconfig:
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Kconfig@... 
PS4, Line 18: config
...
Also need to add: […]
Done
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Kconfig@... 
PS4, Line 19: bool
...
Please add a string description here, as well as a "help" description.
"help" description added, but VBOOT_LIB is designed as a hidden flag for other visible flags (e.g. VBOOT and future TSPI_MEASURED_BOOT in CB:35077) to select, so flag description will be omitted to keep this flag hidden from menu.
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... 
File src/security/vboot/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... 
PS4, Line 46: 
            : CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include
...
Note that I just removed this line in: […]
Removed.
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... 
PS4, Line 53:
...
I'd prefer to just end the ifeq block here. […]
Done
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... 
PS4, Line 137: $(eval $(call vboot-for-stage,verstage))
...
Should this move up as well?  Or are we guaranteed that VBOOT_SEPARATE_VERSTAGE will only be enabled […]
I believe verstage is introduced for verified boot.
Besides, VBOOT_SEPARATE_VERSTAGE is available only when VBOOT is set.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/37787
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ia1907a11c851ee45a70582e02bdbe08fb18cc6a4
Gerrit-Change-Number: 37787
Gerrit-PatchSet: 4
Gerrit-Owner: Bill XIE persmule@hardenedlinux.org
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-Reviewer: Bill XIE persmule@hardenedlinux.org
Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com
Gerrit-Reviewer: Joel Kitching kitching@google.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Wim Vervoorn wvervoorn@eltan.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Wed, 18 Dec 2019 10:28:15 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Joel Kitching kitching@google.com
Gerrit-MessageType: comment

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/vboot: Add a dedicated flag for building of vboot library