Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/43404 )
Change subject: Makefile.inc: assembly the Boot Guard manifests and add them to FIT ......................................................................
Makefile.inc: assembly the Boot Guard manifests and add them to FIT
Signed-off-by: Michał Żygowski michal.zygowski@3mdeb.com Change-Id: I4e38c66bbb47af7bb5d18ea4714ecfdfa4481946 --- M Makefile.inc 1 file changed, 17 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/43404/1
diff --git a/Makefile.inc b/Makefile.inc index 0701ddc..21d48d8 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -1148,6 +1148,23 @@ $(IFITTOOL) -f $@.tmp -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \ -r COREBOOT endif +ifeq ($(CONFIG_INTEL_BOOTGUARD),y) +ifeq ($(CONFIG_KM_BUILD),y) + $(IBPMTOOL) -f $@.tmp -B $(CONFIG_BPM_PRIV_KEY) -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) \ + -K $(CONFIG_KM_PRIV_KEY) -i $(CONFIG_KM_KEY_ID) -S $(CONFIG_KM_SVN) -P $(CONFIG_KM_PM_VERSION) \ + -e $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -n $$(($(CONFIG_DCACHE_RAM_SIZE)/0x1000)) \ + -s $(CONFIG_BPM_SVN) -A $(CONFIG_ACM_SVN) -p $(CONFIG_BPM_PM_VERSION) -H -d +else + $(IBPMTOOL) -f $@.tmp -B $(CONFIG_BPM_PRIV_KEY) -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) \ + -e $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -n $$(($(CONFIG_DCACHE_RAM_SIZE)/0x1000)) \ + -s $(CONFIG_BPM_SVN) -A $(CONFIG_ACM_SVN) -p $(CONFIG_BPM_PM_VERSION) -H -d +endif + $(CBFSTOOL) $@.tmp add -n boot_policy_manifest.bin -f $(CONFIG_BPM_FILE) -t raw -a 16 + $(CBFSTOOL) $@.tmp add -n key_manifest.bin -f $(CONFIG_KM_FILE) -t raw -a 16 + $(IFITTOOL) -r COREBOOT -a -n key_manifest.bin -t 11 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $@.tmp + $(IFITTOOL) -r COREBOOT -a -n boot_policy_manifest.bin -t 12 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $@.tmp + $(IBPMTOOL) -D -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) +endif $(IFITTOOL) -f $@.tmp -D -r COREBOOT
# Second FIT in TOP_SWAP bootblock