Attention is currently required from: Jason Glenesk, Raul Rangel, Martin Roth, Fred Reitberger, Felix Held.

Hello Jason Glenesk, Raul Rangel, Martin Roth, Fred Reitberger, Felix Held,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/74525

to look at the new patch set (#2).

Change subject: soc/amd/common/block/gfx: Re-add signature check for vbios cache ......................................................................

soc/amd/common/block/gfx: Re-add signature check for vbios cache

Commit c7b8809f155a ("soc/amd/common/block/gfx: Use TPM-stored hash for vbios cache validation") replaced checking the vbios signature (first two bytes) with checking against a TPM-stored hash, but there exists an edge case where the empty cache can be hashed and therefore never updated with the correct vbios data. To mitigate this, re-add the signature check to ensure that an empty cache will never be hashed to TPM.

BUG=b:255812886

BRANCH=skyrim

TEST=build/boot skyrim w/selective GOP enabled, flash full firmware image, ensure GOP driver is run until cache updated with valid data and hashed to TPM.

Change-Id: Id06a8cfaa44d346fb2eece53dcf74ee46f4a5352 Signed-off-by: Matt DeVillier matt.devillier@amd.corp-partner.google.com --- M src/soc/amd/common/block/graphics/graphics.c 1 file changed, 30 insertions(+), 2 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/74525/2