Hello Aaron Durbin, Subrata Banik, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/32153
to look at the new patch set (#2).
Change subject: src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region. ......................................................................
src/security/vboot: When VBOOT Stage Verification is enabled, boot ROMSTAGE and POSTCAR from Read-Only region.
When VBOOT Stage Verification is enabled, the root-of-trust is the Read-Only image. So, move the ROMSTAGE and POSTCAR is Read-Only region when CONFIG_VBOOT_STAGE_VERIFICATION is enabled. In this case, POSTCAR triggers VBOOT Stage Authentication starting with RAMSTAGE and RAMSTAGE authenticates PAYLOAD.
TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload and graphics is displayed via HDMI and Display Port.
Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a Signed-off-by: Sukerkar, Amol N amol.n.sukerkar@intel.com --- M src/security/vboot/Makefile.inc M src/security/vboot/vboot_loader.c 2 files changed, 19 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/32153/2