Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32150

Change subject: src/include/cbfs.h: Added prototype for function to verify a stage after it has been loaded into DRAM ......................................................................

src/include/cbfs.h: Added prototype for function to verify a stage after it has been loaded into DRAM

This support enables a user to implement a stage verification mechanism AFTER the stage has been loaded into DRAM. This feature is currently used by VBOOT_STAGE_VERIFICATION

TEST=Create a coreboot.rom image which has keyblock and VBLOCK with VBOOT version 2.1 structures. This is done by enabling CONFIG_VBOOT_STAGE_VERIFICATION. Verify that the image boots to authenticated payload.

Change-Id: I8702f00186db568316e04ffb87fd1439a27bdb6e Signed-off-by: Sukerkar, Amol N amol.n.sukerkar@intel.com --- M src/include/cbfs.h 1 file changed, 6 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/50/32150/1

diff --git a/src/include/cbfs.h b/src/include/cbfs.h index 85e25b3..d24fe58 100644 --- a/src/include/cbfs.h +++ b/src/include/cbfs.h @@ -2,6 +2,7 @@ * This file is part of the coreboot project. * * Copyright 2015 Google Inc. + * Copyright 2019 Intel Corp. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -90,4 +91,9 @@ int (*locate)(struct cbfs_props *props); };

+/* This function can be used to implement any secure boot mechanism to + * verify the stage AFTER it is loaded into DRAM */ +void verify_stage_if_required(const struct region_device *rdev); + #endif +