Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/37787 )
Change subject: security/vboot: Add a dedicated flag for building of vboot library ......................................................................
Patch Set 4:
(5 comments)
Another naming option would be to use:
VBOOT (or VBOOT_LIB) - include the vboot library functions VBOOT_VERIFY_FIRMWARE - enable firmware verification
What do you think?
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Kconfig File src/security/vboot/Kconfig:
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Kconfig@... PS4, Line 18: config Also need to add:
depends on !VENDORCODE_ELTAN_VBOOT && !VENRDORCODE_ELTAN_MBOOT
Adding fhendriks for comment.
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Kconfig@... PS4, Line 19: bool Please add a string description here, as well as a "help" description.
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... File src/security/vboot/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... PS4, Line 46: : CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include Note that I just removed this line in: https://review.coreboot.org/c/coreboot/+/37786
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... PS4, Line 53: I'd prefer to just end the ifeq block here. We can rely on the Kconfig logic to give us a valid combination of VBOOT_LIB and VBOOT config variables.
https://review.coreboot.org/c/coreboot/+/37787/4/src/security/vboot/Makefile... PS4, Line 137: $(eval $(call vboot-for-stage,verstage)) Should this move up as well? Or are we guaranteed that VBOOT_SEPARATE_VERSTAGE will only be enabled when VBOOT is enabled?