build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 )
Change subject: security/vboot: Add measured boot mode ......................................................................
Patch Set 58:
(13 comments)
https://review.coreboot.org/#/c/29547/58/src/lib/cbfs.c File src/lib/cbfs.c:
https://review.coreboot.org/#/c/29547/58/src/lib/cbfs.c@102 PS58, Line 102: size_t in_size, void *buffer, size_t buffer_size, uint32_t compression) line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/lib/cbfs.c@115 PS58, Line 115: if ((ENV_BOOTBLOCK || ENV_VERSTAGE) && !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES)) line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/lib/cbfs.c@257 PS58, Line 257: if (ENV_VERSTAGE && !IS_ENABLED(CONFIG_NO_XIP_EARLY_STAGES) && IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) { line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/security/vboot/Kconfig File src/security/vboot/Kconfig:
https://review.coreboot.org/#/c/29547/58/src/security/vboot/Kconfig@41 PS58, Line 41: Runtime data whitelist of cbfs filenames. Needs to be a comma seperated 'seperated' may be misspelled - perhaps 'separated'?
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_crtm.h File src/security/vboot/vboot_crtm.h:
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_crtm.h@49 PS58, Line 49: #if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR) line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c:
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_crtm.c@143 PS58, Line 143: if(find_runtime_data_string(name)) space required before the open parenthesis '('
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c File src/security/vboot/vboot_logic.c:
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c@98 PS58, Line 98: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON()
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c@10... PS58, Line 104: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON()
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c@28... PS58, Line 281: return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) || vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c@30... PS58, Line 308: if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && vboot_platform_is_resuming()) line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c@31... PS58, Line 319: if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !(ctx.flags & VB2_CONTEXT_S3_RESUME)) { line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c@32... PS58, Line 324: if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) line over 80 characters
https://review.coreboot.org/#/c/29547/58/src/security/vboot/vboot_logic.c@33... PS58, Line 333: if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) line over 80 characters