Amol N Sukerkar uploaded patch set #2 to this change.

View Change

src/security/vboot: When VBOOT Stage Verification is enabled,
                    boot ROMSTAGE and POSTCAR from Read-Only region.

When VBOOT Stage Verification is enabled, the root-of-trust is the
Read-Only image. So, move the ROMSTAGE and POSTCAR is Read-Only
region when CONFIG_VBOOT_STAGE_VERIFICATION is enabled. In this case,
POSTCAR triggers VBOOT Stage Authentication starting with RAMSTAGE and
RAMSTAGE authenticates PAYLOAD.

TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and
     CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots
     to authenticated payload and graphics is displayed via HDMI
     and Display Port.

Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
M src/security/vboot/Makefile.inc
M src/security/vboot/vboot_loader.c
2 files changed, 19 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/32153/2

To view, visit change 32153. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a
Gerrit-Change-Number: 32153
Gerrit-PatchSet: 2
Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar@intel.com>
Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org>
Gerrit-Reviewer: Amol N Sukerkar <amol.n.sukerkar@intel.com>
Gerrit-Reviewer: Martin Roth <martinroth@google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi@google.com>
Gerrit-Reviewer: Subrata Banik <subrata.banik@intel.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-MessageType: newpatchset