Mathew King has uploaded this change for review.
southbridge/intel: Add config option to validate firmware descriptor
Add new config option to validate the Intel firmware descriptor against
the fmap layout. This will prevent a firmware descriptor from being used
that could corrupt regions of the bootimage in certian circumstances.
BUG=chromium:992215
TEST=Coming
Change-Id: I9e8bb20485e96026cd594cf4e9d6b11b2bf20e1f
Signed-off-by: Mathew King <mathewk@chromium.org>
---
M src/southbridge/intel/common/Kconfig
M src/southbridge/intel/common/firmware/Makefile.inc
2 files changed, 12 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/16/34816/1
diff --git a/src/southbridge/intel/common/Kconfig b/src/southbridge/intel/common/Kconfig
index c3bd90d..6b7b5e6 100644
--- a/src/southbridge/intel/common/Kconfig
+++ b/src/southbridge/intel/common/Kconfig
@@ -54,6 +54,13 @@
This config states descriptor mode is *required* for the platform to
function properly, or to function at all.
+config VALIDATE_INTEL_DESCRIPTOR
+ def_bool n if INTEL_DESCRIPTOR_MODE_CAPABLE
+ help
+ This config enables validating the Intel firmware descriptor against the
+ fmap layout. If the firmware descriptor layout does not match the fmap
+ then the bootimage cannot be built.
+
config INTEL_CHIPSET_LOCKDOWN
depends on HAVE_INTEL_CHIPSET_LOCKDOWN && HAVE_SMI_HANDLER && !CHROMEOS
#ChromeOS's payload seems to handle finalization on its on.
diff --git a/src/southbridge/intel/common/firmware/Makefile.inc b/src/southbridge/intel/common/firmware/Makefile.inc
index 898ab60..3b14f75 100644
--- a/src/southbridge/intel/common/firmware/Makefile.inc
+++ b/src/southbridge/intel/common/firmware/Makefile.inc
@@ -35,6 +35,11 @@
printf " DD Adding Intel Firmware Descriptor\n"
dd if=$(IFD_BIN_PATH) \
of=$(obj)/coreboot.pre conv=notrunc >/dev/null 2>&1
+ifeq ($(CONFIG_VALIDATE_INTEL_DESCRIPTOR),y)
+ $(objutil)/ifdtool/ifdtool \
+ $(IFDTOOL_USE_CHIPSET) \
+ -t $(obj)/coreboot.pre
+endif
ifeq ($(CONFIG_HAVE_ME_BIN),y)
printf " IFDTOOL me.bin -> coreboot.pre\n"
$(objutil)/ifdtool/ifdtool \
To view, visit change 34816. To unsubscribe, or for help writing mail filters, visit settings.