Attention is currently required from: Vadim Bendebury, Julius Werner.

Yu-Ping Wu has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68057 )

Change subject: vboot: change name of the GCVD root pub key file ......................................................................

Patch Set 2: Code-Review+1

(2 comments)

Commit Message:

https://review.coreboot.org/c/coreboot/+/68057/comment/14e83560_7b8de8c9 PS2, Line 9: HSM Without mentioning HSM, here we can just say that the name of the keys is changed in CL:3932872, so we need to rename the Kconfig option accordingly.

https://review.coreboot.org/c/coreboot/+/68057/comment/2563afd6_4f8b3dce PS2, Line 11: vboot reference

There is a change coming in vboot reference which will change the key name, upstream coreboot does n […]

The upstream coreboot does depend on vboot (as a submodule in 3rdparty/vboot), so in this case the coreboot and vboot patches depend on each other. This patch without the vboot one would result in

``` ERROR: do_gscvd: Could not read 3rdparty/vboot/tests/devkeys/root_key_arv_root.vbpubk ```

when tested by `util/abuild/abuild -x -t GOOGLE_STEELIX`. I think this is the same failure as in the Jenkins build.

For co-dependent coreboot and vboot CLs, we usually:

1. Create an upstream coreboot CL (like this one) and get CR+2. 2. Manually downstream it and merge it together with the vboot one (with both Cq-Depend on each other). 3. Finally, update the vboot submodule in the upstream coreboot CL and then merge it.