Amol N Sukerkar has uploaded this change for review.

View Change

src/include/cbfs.h: Added prototype for function to verify a stage after it has been loaded into DRAM

This support enables a user to implement a stage verification mechanism
AFTER the stage has been loaded into DRAM. This feature is currently
used by VBOOT_STAGE_VERIFICATION

TEST=Create a coreboot.rom image which has keyblock and VBLOCK
     with VBOOT version 2.1 structures. This is done by enabling
     CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots
     to authenticated payload.

Change-Id: I8702f00186db568316e04ffb87fd1439a27bdb6e
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
M src/include/cbfs.h
1 file changed, 6 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/50/32150/1
diff --git a/src/include/cbfs.h b/src/include/cbfs.h
index 85e25b3..d24fe58 100644
--- a/src/include/cbfs.h
+++ b/src/include/cbfs.h
@@ -2,6 +2,7 @@
  * This file is part of the coreboot project.
  *
  * Copyright 2015 Google Inc.
+ * Copyright 2019 Intel Corp.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -90,4 +91,9 @@
 	int (*locate)(struct cbfs_props *props);
 };
 
+/* This function can be used to implement any secure boot mechanism to
+ * verify the stage AFTER it is loaded into DRAM */
+void verify_stage_if_required(const struct region_device *rdev);
+
 #endif
+

To view, visit change 32150. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I8702f00186db568316e04ffb87fd1439a27bdb6e
Gerrit-Change-Number: 32150
Gerrit-PatchSet: 1
Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar@intel.com>
Gerrit-MessageType: newchange