[S] Change in coreboot[master]: src/mb/facebook/fbg1701: Add config to additional list - coreboot-gerrit

25 Apr 2023

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/74752 )
Change subject: src/mb/facebook/fbg1701: Add config to additional list
......................................................................
src/mb/facebook/fbg1701: Add config to additional list
´config´ is removed from measure list (CB:74750)
Add 'config' to ram_stage_additional_list[] to have it measured and
verified.
BUG=NA
TEST=booting and verify log on facebook FBG1701
Change-Id: Id4119bc3a01e11f14a091facf81964d1a71092c1
Signed-off-by: Frans Hendriks fhendriks@eltan.com
---
M src/mainboard/facebook/fbg1701/board_verified_boot.c
M src/mainboard/facebook/fbg1701/manifest.h
M src/vendorcode/eltan/security/verified_boot/Kconfig
3 files changed, 25 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/52/74752/1

diff --git a/src/mainboard/facebook/fbg1701/board_verified_boot.c b/src/mainboard/facebook/fbg1701/board_verified_boot.c
index 8b644cb..4932964 100644
--- a/src/mainboard/facebook/fbg1701/board_verified_boot.c
+++ b/src/mainboard/facebook/fbg1701/board_verified_boot.c
@@ -60,6 +60,10 @@
  * romstage verify list
  */
 static const verify_item_t ram_stage_additional_list[] = {
+#if CONFIG(INCLUDE_CONFIG_FILE)
+	{ VERIFY_FILE, "config", { { NULL, CBFS_TYPE_RAW } },
+		HASH_IDX_CONFIG, MBOOT_PCR_INDEX_0 },
+#endif
    { VERIFY_FILE, OP_ROM_VBT, { { NULL, CBFS_TYPE_RAW } },
    	HASH_IDX_OPROM, MBOOT_PCR_INDEX_2 },
 #if CONFIG(BMP_LOGO)
diff --git a/src/mainboard/facebook/fbg1701/manifest.h b/src/mainboard/facebook/fbg1701/manifest.h
index b104354..141b83e 100644
--- a/src/mainboard/facebook/fbg1701/manifest.h
+++ b/src/mainboard/facebook/fbg1701/manifest.h
@@ -18,5 +18,6 @@
 #define HASH_IDX_DSDT		8
 #define HASH_IDX_POSTCAR_STAGE	9
 #define HASH_IDX_PUBLICKEY	10
-#define HASH_IDX_BOOTBLOCK	11 /* Should always be the last one */
+#define HASH_IDX_CONFIG	11
+#define HASH_IDX_BOOTBLOCK	12 /* Should always be the last one */
 #endif
diff --git a/src/vendorcode/eltan/security/verified_boot/Kconfig b/src/vendorcode/eltan/security/verified_boot/Kconfig
index 7741782..50638db 100644
--- a/src/vendorcode/eltan/security/verified_boot/Kconfig
+++ b/src/vendorcode/eltan/security/verified_boot/Kconfig
@@ -33,6 +33,7 @@
config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS
    int "Manifest Items"
+	default 13 if INCLUDE_CONFIG_FILE
    default 12
config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/74752
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Id4119bc3a01e11f14a091facf81964d1a71092c1
Gerrit-Change-Number: 74752
Gerrit-PatchSet: 1
Gerrit-Owner: Frans Hendriks fhendriks@eltan.com
Gerrit-MessageType: newchange



    