Martin Roth has submitted this change. ( https://review.coreboot.org/c/coreboot/+/59867 )

(

15 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: soc/amd/common: Add a config to keep signed AMD/PSP FW separately ......................................................................

soc/amd/common: Add a config to keep signed AMD/PSP FW separately

Enabling this config will put signed amd firmwares into SIGNED_AMDFW_[AB] region which is outside FW_MAIN_[AB]. Vboot only verifies FW_MAIN_[AB] so these regions will not be verified by vboot, instead the PSP will verify them.

As a result we have less to load and verify from SPI rom which means faster boot time.

BUG=b:206909680 TEST=Build Skyrim with modified fmap and Kconfig.

Change-Id: If4fd3cff11a38d82afb8c5ce379f1d1b5b9adfbf Signed-off-by: Kangheui Won khwon@chromium.org Signed-off-by: Karthikeyan Ramasubramanian kramasub@google.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/59867 Reviewed-by: Jon Murphy jpmurphy@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/amd/common/psp_verstage/Kconfig 1 file changed, 31 insertions(+), 0 deletions(-)

Approvals: build bot (Jenkins): Verified Jon Murphy: Looks good to me, approved

diff --git a/src/soc/amd/common/psp_verstage/Kconfig b/src/soc/amd/common/psp_verstage/Kconfig index 13dd716..526a4ae7 100644 --- a/src/soc/amd/common/psp_verstage/Kconfig +++ b/src/soc/amd/common/psp_verstage/Kconfig @@ -29,3 +29,9 @@ On SoCs where PSP uses A/B recovery layout, PSP support relative addressing from the start of the SPI ROM. Enable this config on SoCs where PSP supports relative addressing so that PSP verstage can pass the offset. + +config SEPARATE_SIGNED_PSPFW + def_bool n + help + Put signed AMD/PSP firmwares outside FW_MAIN_[AB] so vboot doesn't verify them, + and rely on PSP's verification.