Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37654 )
Change subject: eltan/verified_boot: include vboot21 code directly ......................................................................
Patch Set 2:
Patch Set 2:
Can you point to locatoin where I can find details about the vboot 2.1 deprecation? (I have not access to google issuetracker and permission denied on chromium bugs.
eltan verified boot uses keys generated by futility. Will 2.1 support removed from futility also?
Hi Frans,
Sorry about that -- I've made the Chromium bug public now (it had no good reason to be private in the first place):
https://bugs.chromium.org/p/chromium/issues/detail?id=968464
We've been discussing for a while now what to do with all of these different vboot versions (1, 2, 2.0, 2.1). 2.1 code was never completed, and never publicized in the vboot API (through vb2_api.h), so we believe it makes more sense to remove that code, and coalesce 1 + 2 + 2.0.
The current plan would be to keep support for signing 2.1 structs in futility.
Would this be an acceptable solution for Eltan verified boot? We are trying to deprecate this code from the vboot_reference codebase, and it is very tricky when coreboot starts using vboot internal functions and data structures. For example, vb2_workbuf was never meant to be used externally. The only functions that should be used are advertised in vb2_api.h, and have the prefix vb2api_, with the exception being functions imported via vb2_sha.h, which use the prefix vb2_.