Bill XIE has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot ......................................................................
Patch Set 6:
(1 comment)
https://review.coreboot.org/c/coreboot/+/35077/5/src/lib/cbfs.c File src/lib/cbfs.c:
https://review.coreboot.org/c/coreboot/+/35077/5/src/lib/cbfs.c@330 PS5, Line 330: #if !CONFIG(VBOOT) && CONFIG(VBOOT_MEASURED_BOOT)
I'm not sure this prepare() callback is a good fit for this. […]
The only exact match of "bootblock_main()" is specific to soc/cavium, and every less-exact match is somehow platform-specific. For example, bootblock_main_with_timestamp() in lib/bootblock.c seems used on platforms with C_ENVIRONMENT_BOOTBLOCK selected, while platforms without C_ENVIRONMENT_BOOTBLOCK selected (including most x86 platforms prior to haswell) seem using a romcc-compiled bootblock from either src/arch/x86/bootblock_simple.c or bootblock_normal.c
We had better find a platform-independent location to hook measured_boot_init_crtm(), which is why I initially chose this prepare() callback.
Do you know a more platform-independent location for this?