Change in coreboot[master]: mb/facebook/fbg1701: Align handling of bootblock and publickey - coreboot-gerrit

15 Nov 2019

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/36814 )
Change subject: mb/facebook/fbg1701: Align handling of bootblock and publickey
......................................................................
mb/facebook/fbg1701: Align handling of bootblock and publickey
The bootblock measurement was handled using the romstage_verify_list()
and the public_key in the mb_log_list. This is confusing as these are
both read-only items that should be handled in the same way.
Both will be handled in the romstage_verify_list().
BUG=N/A
TEST=tested on fbg1701
Change-Id: If05198deec85188f39a221a8b755798755afa5bb
Signed-off-by: Wim Vervoorn wvervoorn@eltan.com
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36814
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Frans Hendriks fhendriks@eltan.com
---
M src/mainboard/facebook/fbg1701/board_mboot.h
M src/mainboard/facebook/fbg1701/board_verified_boot.c
2 files changed, 10 insertions(+), 5 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Frans Hendriks: Looks good to me, approved

diff --git a/src/mainboard/facebook/fbg1701/board_mboot.h b/src/mainboard/facebook/fbg1701/board_mboot.h
index 5a23630..5cfb091 100644
--- a/src/mainboard/facebook/fbg1701/board_mboot.h
+++ b/src/mainboard/facebook/fbg1701/board_mboot.h
@@ -23,9 +23,5 @@
 #if CONFIG(VENDORCODE_ELTAN_VBOOT)
    { "oemmanifest.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_7, EV_NO_ACTION,
    	NULL },
-#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
-	{ "vboot_public_key.bin", CBFS_TYPE_RAW, MBOOT_PCR_INDEX_6,
-		EV_NO_ACTION, NULL },
-#endif
 #endif
 };
diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c
index bb5768f..09f4e67 100644
--- a/src/mainboard/facebook/fbg1701/board_verified_boot.c
+++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c
@@ -43,7 +43,10 @@
    { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
 };
-/* The items used by the romstage */
+/*
+ * The items used by the romstage. Bootblock and PublicKey are added here to make sure they
+ * are measured
+ */
 const verify_item_t romstage_verify_list[] = {
    { VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } },
    	HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 },
@@ -61,6 +64,12 @@
    	{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
    	CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
    	MBOOT_PCR_INDEX_0 },
+#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
+	{ VERIFY_BLOCK, "PublicKey",
+		{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
+		CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
+		MBOOT_PCR_INDEX_6 },
+#endif
    { VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
 };
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/36814
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If05198deec85188f39a221a8b755798755afa5bb
Gerrit-Change-Number: 36814
Gerrit-PatchSet: 5
Gerrit-Owner: Wim Vervoorn wvervoorn@eltan.com
Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Wim Vervoorn wvervoorn@eltan.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    