security/vboot: Decouple measured boot from verified boot

Currently, those who want to use measured boot implemented within
VBOOT should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.

As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.

This change allows those who do not want to use the verified boot
scheme implemented by VBOOT as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within VBOOT library to
measure the boot process.

currently in this change it is done before the C_ENVIRONMENT bootblock
loads romstage if bootblock has enough space (greater than 32KiB,
controlled by flag TPM_CRTM_INIT_OUTSIDE_BOOTBLOCK), otherwise, CRTM
is initialized in romstage with a cbfs_locator hook, or along with
vboot if it is enabled.

TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().

Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
---
M src/arch/x86/car.ld
M src/cpu/amd/agesa/Kconfig
M src/cpu/amd/pi/Kconfig
M src/cpu/intel/slot_1/Kconfig
M src/cpu/intel/socket_441/Kconfig
M src/cpu/intel/socket_m/Kconfig
M src/drivers/pc80/tpm/Makefile.inc
M src/include/bootmode.h
M src/include/memlayout.h
M src/include/symbols.h
M src/lib/bootblock.c
M src/lib/cbfs.c
M src/mainboard/aopen/dxplplusu/Kconfig
M src/mainboard/emulation/qemu-i440fx/Kconfig
M src/mainboard/emulation/qemu-q35/Kconfig
M src/mainboard/portwell/m107/Kconfig
M src/mainboard/siemens/mc_apl1/variants/mc_apl2/Kconfig
M src/mainboard/siemens/mc_apl1/variants/mc_apl4/Kconfig
M src/mainboard/siemens/mc_apl1/variants/mc_apl5/Kconfig
M src/mainboard/siemens/mc_apl1/variants/mc_apl6/Kconfig
M src/security/tpm/Kconfig
M src/security/tpm/Makefile.inc
R src/security/tpm/tspi/crtm.c
R src/security/tpm/tspi/crtm.h
M src/security/tpm/tspi/log.c
M src/security/tpm/tspi/tspi.c
M src/security/vboot/Kconfig
M src/security/vboot/Makefile.inc
M src/security/vboot/symbols.h
M src/security/vboot/vboot_common.h
M src/security/vboot/vboot_logic.c
M src/soc/amd/common/block/acpi/acpi.c
M src/soc/cavium/cn81xx/include/soc/memlayout.ld
M src/soc/intel/apollolake/Kconfig
M src/soc/intel/baytrail/pmutil.c
M src/soc/intel/braswell/Kconfig
M src/soc/intel/braswell/pmutil.c
M src/soc/intel/broadwell/pmutil.c
M src/soc/intel/common/block/pmc/pmclib.c
M src/soc/intel/denverton_ns/Kconfig
M src/soc/intel/icelake/Kconfig
M src/soc/intel/quark/Kconfig
M src/soc/mediatek/mt8173/include/soc/memlayout.ld
M src/soc/mediatek/mt8183/include/soc/memlayout.ld
M src/soc/nvidia/tegra124/include/soc/memlayout.ld
M src/soc/nvidia/tegra210/include/soc/memlayout.ld
M src/soc/samsung/exynos5250/include/soc/memlayout.ld
M src/southbridge/intel/common/pmbase.c
M src/vendorcode/eltan/security/verified_boot/vboot_check.c
49 files changed, 251 insertions(+), 127 deletions(-)