Hello Aaron Durbin,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/46645
to review the following change.
Change subject: vboot: Disable vboot functions in SMM ......................................................................
vboot: Disable vboot functions in SMM
SMM does not have access to CBMEM and therefore cannot access any persistent state like the vboot context. This makes it impossible to query vboot state like the developer mode switch or the currently active RW CBFS. However some code (namely the PC80 option table) does CBFS accesses in SMM. This is currently worked around by directly using cbfs_locate_file_in_region() with the COREBOOT region. By disabling vboot functions explicitly in SMM, we can get rid of that and use normal CBFS APIs in this code.
Signed-off-by: Julius Werner jwerner@chromium.org Change-Id: I4b1baa73681fc138771ad8384d12c0a04b605377 --- M src/security/vboot/vboot_common.h 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/45/46645/1
diff --git a/src/security/vboot/vboot_common.h b/src/security/vboot/vboot_common.h index f2cff65..e64f663 100644 --- a/src/security/vboot/vboot_common.h +++ b/src/security/vboot/vboot_common.h @@ -45,7 +45,7 @@ void verstage_mainboard_init(void);
/* Check boot modes */ -#if CONFIG(VBOOT) +#if CONFIG(VBOOT) && !ENV_SMM int vboot_developer_mode_enabled(void); int vboot_recovery_mode_enabled(void); int vboot_can_enable_udc(void);