Wim Vervoorn has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/36504 )
Change subject: mb/facebook/fbg1701: Add public key to verification ......................................................................
mb/facebook/fbg1701: Add public key to verification
The public key was not verified during the verfied boot operation. This is now added. The key is measured to PCR0.
BUG=N/A TEST=tested on facebook fbg1701
Change-Id: I85fd391294db0ea796001720c2509f797be5aedf Signed-off-by: Wim Vervoorn wvervoorn@eltan.com --- M src/mainboard/facebook/fbg1701/board_verified_boot.c M src/mainboard/facebook/fbg1701/manifest.h M src/vendorcode/eltan/security/verified_boot/Kconfig 3 files changed, 7 insertions(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/36504/1
diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c index 24e7037..1ccb0b8e 100644 --- a/src/mainboard/facebook/fbg1701/board_verified_boot.c +++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c @@ -26,6 +26,10 @@ { { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1, CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK, MBOOT_PCR_INDEX_0 }, + { VERIFY_BLOCK, "PublicKey", + { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION, + CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY, + MBOOT_PCR_INDEX_0 }, { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 } }; #endif diff --git a/src/mainboard/facebook/fbg1701/manifest.h b/src/mainboard/facebook/fbg1701/manifest.h index 5a583f4..5fa86ed 100644 --- a/src/mainboard/facebook/fbg1701/manifest.h +++ b/src/mainboard/facebook/fbg1701/manifest.h @@ -30,6 +30,6 @@ #define HASH_IDX_LOGO 7 #define HASH_IDX_DSDT 8 #define HASH_IDX_POSTCAR_STAGE 9 -#define HASH_IDX_BOOTBLOCK 10 /* Should always be the last one */ - +#define HASH_IDX_PUBLICKEY 10 +#define HASH_IDX_BOOTBLOCK 11 /* Should always be the last one */ #endif diff --git a/src/vendorcode/eltan/security/verified_boot/Kconfig b/src/vendorcode/eltan/security/verified_boot/Kconfig index d9e989f..ab254c4 100644 --- a/src/vendorcode/eltan/security/verified_boot/Kconfig +++ b/src/vendorcode/eltan/security/verified_boot/Kconfig @@ -42,8 +42,7 @@
config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS int "Manifest Items" - default 11 if POSTCAR_STAGE - default 10 + default 12
config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE int