Raul Rangel has submitted this change. ( https://review.coreboot.org/c/coreboot/+/68135 )
(
9 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: soc/amd: Add an optional unsigned section in PSP verstage ......................................................................
soc/amd: Add an optional unsigned section in PSP verstage
To enable RO CBFS verification in AMD platforms with PSP verstage, metadata hash for RO CBFS is kept as part of verstage. This means any updates to RO CBFS, before WP is enabled, requires updating the metadata hash in the verstage. Hence keep the metadata hash outside the signed range of PSP verstage. This means the metadata hash gets loaded as part of loading PSP verstage while still being excluded from the verification of PSP verstage.
This change keeps the metadata hash outside the PSP footer data. This will help to keep it outside the signed range of PSP verstage & aligned to 64 bytes.
BUG=b:227809919 TEST=Build and boot to OS in Skyrim with CBFS verification enabled with both x86 and PSP verstage.
Change-Id: I308223be8fbca1c0bec8c2e1c86ed65d9f91b966 Signed-off-by: Karthikeyan Ramasubramanian kramasub@google.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/68135 Reviewed-by: Julius Werner jwerner@chromium.org Reviewed-by: Raul Rangel rrangel@chromium.org Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld 1 file changed, 38 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Julius Werner: Looks good to me, approved Raul Rangel: Looks good to me, approved
diff --git a/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld b/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld index f386823..e0278ab 100644 --- a/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld +++ b/src/soc/amd/common/block/cpu/noncar/memlayout_psp_verstage.ld @@ -17,8 +17,14 @@ .text : { *(.text*) } .rodata : { *(.rodata*) }
- .data : { *(.data*) } - .data : { *(PSP_FOOTER_DATA) } + .data : { + *(.data*); + *(PSP_FOOTER_DATA); +#if CONFIG(CBFS_VERIFICATION) + *(.metadata_hash_anchor); + . = ALIGN(64); +#endif + }
_bss_start = .; .bss : { *(.bss*) }