Michał Żygowski has uploaded this change for review.

View Change

Makefile.inc: assembly the Boot Guard manifests and add them to FIT

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Change-Id: I4e38c66bbb47af7bb5d18ea4714ecfdfa4481946
---
M Makefile.inc
1 file changed, 17 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/43404/1

diff --git a/Makefile.inc b/Makefile.inc
index 0701ddc..21d48d8 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -1148,6 +1148,23 @@
 	$(IFITTOOL) -f $@.tmp -a -n cpu_microcode_blob.bin -t 1 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) \
 	-r COREBOOT
 endif
+ifeq ($(CONFIG_INTEL_BOOTGUARD),y)
+ifeq ($(CONFIG_KM_BUILD),y)
+	$(IBPMTOOL) -f $@.tmp -B $(CONFIG_BPM_PRIV_KEY) -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) \
+	-K $(CONFIG_KM_PRIV_KEY) -i $(CONFIG_KM_KEY_ID) -S $(CONFIG_KM_SVN) -P $(CONFIG_KM_PM_VERSION) \
+	-e $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -n $$(($(CONFIG_DCACHE_RAM_SIZE)/0x1000)) \
+	-s $(CONFIG_BPM_SVN) -A $(CONFIG_ACM_SVN) -p $(CONFIG_BPM_PM_VERSION) -H -d
+else
+	$(IBPMTOOL) -f $@.tmp -B $(CONFIG_BPM_PRIV_KEY) -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE) \
+	-e $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -n $$(($(CONFIG_DCACHE_RAM_SIZE)/0x1000)) \
+	-s $(CONFIG_BPM_SVN) -A $(CONFIG_ACM_SVN) -p $(CONFIG_BPM_PM_VERSION) -H -d
+endif
+	$(CBFSTOOL) $@.tmp add -n boot_policy_manifest.bin -f $(CONFIG_BPM_FILE) -t raw -a 16
+	$(CBFSTOOL) $@.tmp add -n key_manifest.bin -f $(CONFIG_KM_FILE) -t raw -a 16
+	$(IFITTOOL) -r COREBOOT -a -n key_manifest.bin -t 11 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $@.tmp
+	$(IFITTOOL) -r COREBOOT -a -n boot_policy_manifest.bin -t 12 -s $(CONFIG_CPU_INTEL_NUM_FIT_ENTRIES) -f $@.tmp
+	$(IBPMTOOL) -D -b $(CONFIG_BPM_FILE) -k $(CONFIG_KM_FILE)
+endif
 	$(IFITTOOL) -f $@.tmp -D -r COREBOOT
 
 # Second FIT in TOP_SWAP bootblock

To view, visit change 43404. To unsubscribe, or for help writing mail filters, visit settings.