[coreboot-gerrit] Patch merged into coreboot/master: mainboard/intel/galileo: Add vboot support

gerrit at coreboot.org gerrit at coreboot.org
Tue Mar 14 23:55:45 CET 2017 

the following patch was just integrated into master:
commit a50ced2eba20a007fa5b486c251c252ad09868cf
Author: Lee Leahy <leroy.p.leahy at intel.com>
Date:   Wed Jan 4 08:34:01 2017 -0800

    mainboard/intel/galileo: Add vboot support
    
    Add the necessary files and changes to support vboot.
    
    TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield
    
    1.  Obtain and install a SparkFun CryptoShield.
        https://www.sparkfun.com/products/13183
    
    2.  Edit src/mainboard/intel/galileo/Kconfig to select
        VBOOT_WITH_CRYPTO_SHIELD
    
    3.  Use make menuconfig to update the config values and select a
        payload that will fit.  I used SeaBIOS which does not boot.
    
    4.  Build coreboot
    
    5.  Use the command file below to generate the signed coreboot image.
    
    6.  Flash build/coreboot.rom onto the Galileo board
    
    7.  The test is successful if verstage detects that it needs recovery
        after Phase 1.  This is expected because the image does not contain
        the GBB section.
    
    8.  Flash build/coreboot.signed.bin onto the Galileo board
    
    9.  The test is successful if verstage reaches Phase 4 and selects SLOT
        A to load the rest of the files.
    
    #!/bin/sh
    #
    #  The necessary tools were built and installed using the following
    commands:
    #
    #        pushd 3rdparty/vboot
    #        make
    #        sudo make install
    #        popd
    #
    #  The keys were made using the following command
    #
    #        3rdparty/vboot/scripts/keygeneration/create_new_keys.sh  \
    #                --4k --4k-root --output $PWD/keys
    #
    #
    #  Create the GBB area blob
    #
    gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob
    
    #
    #  Add the empty GBB to the coreboot.rom image
    #
    dd  conv=fdatasync  ibs=4096  obs=4096  count=1553  \
    if=build/coreboot.rom  of=build/coreboot.signed.rom
    
    dd  conv=fdatasync  obs=4096  obs=4096  seek=1553  if=gbb.blob  \
    of=build/coreboot.signed.rom
    
    dd  conv=fdatasync  ibs=4096  obs=4096  skip=1680  seek=1680  \
    count=368  if=build/coreboot.rom  of=build/coreboot.signed.rom
    
    #
    #  Add the keys and HWID to the GBB
    #
    gbb_utility                       \
    --set --hwid='Galileo'            \
    -r $PWD/keys/recovery_key.vbpubk  \
    -k $PWD/keys/root_key.vbpubk      \
    build/coreboot.signed.rom
    
    #
    #  Sign the firmware with the keys
    #
    3rdparty/vboot/scripts/image_signing/sign_firmware.sh  \
    build/coreboot.signed.rom                              \
    $PWD/keys                                              \
    build/coreboot.signed.rom
    
    Change-Id: I96170412e7bbc2b9c747ff5e2c845f29220353ed
    Signed-off-by: Lee Leahy <leroy.p.leahy at intel.com>
    Reviewed-on: https://review.coreboot.org/18041
    Tested-by: Martin Roth <martinroth at google.com>
    Reviewed-by: Aaron Durbin <adurbin at chromium.org>


See https://review.coreboot.org/18041 for details.

-gerrit

More information about the coreboot-gerrit mailing list