Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/38590 )
Change subject: vendorcode/eltan/security: Switch to vb2 vboot library ......................................................................
Patch Set 6:
(2 comments)
Thanks for your work on this, Wim. This is a move in the right direction, allowing us to remove the fwlib21 target. On the other hand, it just shifts our pain point to another area -- namely, now you are using vboot2 internals instead of vboot2.1 internals. That means we *still* need to keep NEED_VB20_INTERNALS around, a macro we plan to deprecate within the next month or so.
https://review.coreboot.org/c/coreboot/+/38590/2/src/vendorcode/eltan/securi... File src/vendorcode/eltan/security/verified_boot/vboot_check.c:
https://review.coreboot.org/c/coreboot/+/38590/2/src/vendorcode/eltan/securi... PS2, Line 17: #define NEED_VB20_INTERNALS /* Peeking into vb2_shared_data */
Understood, the issue is that we need to have the code for this project upstreamed. […]
Julius has made some good points here. Could we know more about where vboot falls short of covering Eltan verified boot requirements?
https://review.coreboot.org/c/coreboot/+/38590/6/src/vendorcode/eltan/securi... File src/vendorcode/eltan/security/verified_boot/vboot_check.c:
https://review.coreboot.org/c/coreboot/+/38590/6/src/vendorcode/eltan/securi... PS6, Line 17: /* Peeking into vb2_shared_data */ May as well delete this comment since that's not the only thing you're doing here.