Change in coreboot[master]: vc/eltan/security/verified_boot/vboot_check.c: Add check for prog->ty...
Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/48852 )
Change subject: vc/eltan/security/verified_boot/vboot_check.c: Add check for prog->type PROG_POSTCAR ......................................................................
vc/eltan/security/verified_boot/vboot_check.c: Add check for prog->type PROG_POSTCAR
On Coffee Lake systems prog_locate_hook() is called with prog->type PROG_POSTCAR. For this reason the early check is not executed.
Add check for prog->type == PROG_POSTCAR, but execute verified_boot_early_check only once.
BUG = N/A TEST = Build and boot on Facebook FBG1701 and Intel CoffeeLake system
Change-Id: Ia3bd36064bcc8176302834c1e46a225937d61c20 Signed-off-by: Frans Hendriks fhendriks@eltan.com --- M src/vendorcode/eltan/security/verified_boot/vboot_check.c 1 file changed, 6 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/52/48852/1
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 824570e..0de2f0a 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -345,12 +345,17 @@
int prog_locate_hook(struct prog *prog) { + static int initialized; + if (ENV_BOOTBLOCK) verified_boot_bootblock_check();
if (ENV_ROMSTAGE) { - if (prog->type == PROG_REFCODE) + if (!initialized && ((prog->type == PROG_REFCODE) || + (prog->type == PROG_POSTCAR))) { verified_boot_early_check(); + initialized = 1; + }
if (CONFIG(POSTCAR_STAGE) && prog->type == PROG_POSTCAR) process_verify_list(postcar_verify_list);
Hello Wim Vervoorn,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/48852
to look at the new patch set (#2).
Change subject: vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR ......................................................................
vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR
On Coffee Lake systems prog_locate_hook() is called with PROG_POSTCAR. For this reason the early check is not executed.
Add check for prog->type == PROG_POSTCAR, but execute verified_boot_early_check() only once.
BUG = N/A TEST = Build and boot on Facebook FBG1701 and Intel CoffeeLake system
Change-Id: Ia3bd36064bcc8176302834c1e46a225937d61c20 Signed-off-by: Frans Hendriks fhendriks@eltan.com --- M src/vendorcode/eltan/security/verified_boot/vboot_check.c 1 file changed, 6 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/52/48852/2
Hello Wim Vervoorn,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/48852
to look at the new patch set (#3).
Change subject: vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR ......................................................................
vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR
On Coffee Lake systems prog_locate_hook() is called with PROG_POSTCAR. For this reason the early check is not executed.
Add check for prog->type == PROG_POSTCAR, but execute verified_boot_early_check() once.
BUG = N/A TEST = Build and boot on Facebook FBG1701 and Intel CoffeeLake system
Change-Id: Ia3bd36064bcc8176302834c1e46a225937d61c20 Signed-off-by: Frans Hendriks fhendriks@eltan.com --- M src/vendorcode/eltan/security/verified_boot/vboot_check.c 1 file changed, 6 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/52/48852/3
Attention is currently required from: Frans Hendriks. Wim Vervoorn has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48852 )
Change subject: vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR ......................................................................
Patch Set 3: Code-Review+2
Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/48852 )
Change subject: vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR ......................................................................
vc/eltan/security/verified_boot/vboot_check.c: Add check PROG_POSTCAR
On Coffee Lake systems prog_locate_hook() is called with PROG_POSTCAR. For this reason the early check is not executed.
Add check for prog->type == PROG_POSTCAR, but execute verified_boot_early_check() once.
BUG = N/A TEST = Build and boot on Facebook FBG1701 and Intel CoffeeLake system
Change-Id: Ia3bd36064bcc8176302834c1e46a225937d61c20 Signed-off-by: Frans Hendriks fhendriks@eltan.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/48852 Reviewed-by: Wim Vervoorn wvervoorn@eltan.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/vendorcode/eltan/security/verified_boot/vboot_check.c 1 file changed, 6 insertions(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Wim Vervoorn: Looks good to me, approved
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 824570e..0de2f0a 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -345,12 +345,17 @@
int prog_locate_hook(struct prog *prog) { + static int initialized; + if (ENV_BOOTBLOCK) verified_boot_bootblock_check();
if (ENV_ROMSTAGE) { - if (prog->type == PROG_REFCODE) + if (!initialized && ((prog->type == PROG_REFCODE) || + (prog->type == PROG_POSTCAR))) { verified_boot_early_check(); + initialized = 1; + }
if (CONFIG(POSTCAR_STAGE) && prog->type == PROG_POSTCAR) process_verify_list(postcar_verify_list);
-
Frans Hendriks (Code Review) -
Patrick Georgi (Code Review)
-
Wim Vervoorn (Code Review)