Amol N Sukerkar uploaded patch set #2 to this change.
src/security/vboot: When VBOOT Stage Verification is enabled,
boot ROMSTAGE and POSTCAR from Read-Only region.
When VBOOT Stage Verification is enabled, the root-of-trust is the
Read-Only image. So, move the ROMSTAGE and POSTCAR is Read-Only
region when CONFIG_VBOOT_STAGE_VERIFICATION is enabled. In this case,
POSTCAR triggers VBOOT Stage Authentication starting with RAMSTAGE and
RAMSTAGE authenticates PAYLOAD.
TEST=Create a coreboot.rom image by enabling CONFIG_VBOOT and
CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots
to authenticated payload and graphics is displayed via HDMI
and Display Port.
Change-Id: I6d4b7dbea62a92ca75d731c84b7c1402a207634a
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
M src/security/vboot/Makefile.inc
M src/security/vboot/vboot_loader.c
2 files changed, 19 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/32153/2
To view, visit change 32153. To unsubscribe, or for help writing mail filters, visit settings.