Wim Vervoorn has uploaded this change for review.
mb/facebook/fbg1701: Add public key to verification
The public key was not verified during the verfied boot operation.
This is now added. The key is measured to PCR0.
BUG=N/A
TEST=tested on facebook fbg1701
Change-Id: I85fd391294db0ea796001720c2509f797be5aedf
Signed-off-by: Wim Vervoorn <wvervoorn@eltan.com>
---
M src/mainboard/facebook/fbg1701/board_verified_boot.c
M src/mainboard/facebook/fbg1701/manifest.h
M src/vendorcode/eltan/security/verified_boot/Kconfig
3 files changed, 7 insertions(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/04/36504/1
diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c
index 24e7037..1ccb0b8e 100644
--- a/src/mainboard/facebook/fbg1701/board_verified_boot.c
+++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c
@@ -26,6 +26,10 @@
{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
MBOOT_PCR_INDEX_0 },
+ { VERIFY_BLOCK, "PublicKey",
+ { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
+ CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
+ MBOOT_PCR_INDEX_0 },
{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};
#endif
diff --git a/src/mainboard/facebook/fbg1701/manifest.h b/src/mainboard/facebook/fbg1701/manifest.h
index 5a583f4..5fa86ed 100644
--- a/src/mainboard/facebook/fbg1701/manifest.h
+++ b/src/mainboard/facebook/fbg1701/manifest.h
@@ -30,6 +30,6 @@
#define HASH_IDX_LOGO 7
#define HASH_IDX_DSDT 8
#define HASH_IDX_POSTCAR_STAGE 9
-#define HASH_IDX_BOOTBLOCK 10 /* Should always be the last one */
-
+#define HASH_IDX_PUBLICKEY 10
+#define HASH_IDX_BOOTBLOCK 11 /* Should always be the last one */
#endif
diff --git a/src/vendorcode/eltan/security/verified_boot/Kconfig b/src/vendorcode/eltan/security/verified_boot/Kconfig
index d9e989f..ab254c4 100644
--- a/src/vendorcode/eltan/security/verified_boot/Kconfig
+++ b/src/vendorcode/eltan/security/verified_boot/Kconfig
@@ -42,8 +42,7 @@
config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS
int "Manifest Items"
- default 11 if POSTCAR_STAGE
- default 10
+ default 12
config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE
int
To view, visit change 36504. To unsubscribe, or for help writing mail filters, visit settings.