Paul Kocialkowski (contact@paulk.fr) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/11143

-gerrit

commit cad659a2f605df651841d052e2d7d2984be6553a Author: Paul Kocialkowski contact@paulk.fr Date: Sun Aug 9 10:23:38 2015 +0200

chromeos: Allow disabling vboot firmware verification when ChromeOS is enabled

Some ChromeOS bindings might be wanted without using vboot verification, for instance to boot up depthcharge from the version of Coreboot installed in the write-protected part of the SPI flash (without jumping to a RW firmware).

Vboot firmware verification is still selected by default when ChromeOS is enabled, but this allows more flexibility since vboot firmware verification is no longer a hard requirement for ChromeOS (that this particular use case still allows booting ChromeOS).

In the future, it would make sense to have all the separate components that CONFIG_CHROMEOS enables have their own config options, so that they can be enabled separately.

Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb Signed-off-by: Paul Kocialkowski contact@paulk.fr --- src/vendorcode/google/chromeos/Kconfig | 2 +- src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 8309d19..694e0d7 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -31,7 +31,6 @@ config CHROMEOS select BOOTMODE_STRAPS select ELOG select COLLECT_TIMESTAMPS - select VBOOT_VERIFY_FIRMWARE help Enable ChromeOS specific features like the GPIO sub table in the coreboot table. NOTE: Enabling this option on an unsupported @@ -129,6 +128,7 @@ config VIRTUAL_DEV_SWITCH

config VBOOT_VERIFY_FIRMWARE bool "Verify firmware with vboot." + default y if CHROMEOS default n depends on HAVE_HARD_RESET help diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig index c5c46e5..736dee6 100644 --- a/src/vendorcode/google/chromeos/vboot2/Kconfig +++ b/src/vendorcode/google/chromeos/vboot2/Kconfig @@ -16,6 +16,8 @@ ## Foundation, Inc. ##

+if VBOOT_VERIFY_FIRMWARE + config VBOOT_STARTS_IN_BOOTBLOCK bool "Vboot starts verifying in bootblock" default n @@ -126,3 +128,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER ram to allocate the vboot work buffer. That means vboot verification is after memory init and requires main memory to back the work buffer. + +endif # VBOOT_VERIFY_FIRMWARE