[coreboot-gerrit] Patch merged into coreboot/master: mainboard/intel/galileo: Add vboot support
gerrit at coreboot.org
gerrit at coreboot.org
Tue Mar 14 23:55:45 CET 2017
the following patch was just integrated into master:
commit a50ced2eba20a007fa5b486c251c252ad09868cf
Author: Lee Leahy <leroy.p.leahy at intel.com>
Date: Wed Jan 4 08:34:01 2017 -0800
mainboard/intel/galileo: Add vboot support
Add the necessary files and changes to support vboot.
TEST=Build and run on Galileo Gen2 with a SparkFun CryptoShield
1. Obtain and install a SparkFun CryptoShield.
https://www.sparkfun.com/products/13183
2. Edit src/mainboard/intel/galileo/Kconfig to select
VBOOT_WITH_CRYPTO_SHIELD
3. Use make menuconfig to update the config values and select a
payload that will fit. I used SeaBIOS which does not boot.
4. Build coreboot
5. Use the command file below to generate the signed coreboot image.
6. Flash build/coreboot.rom onto the Galileo board
7. The test is successful if verstage detects that it needs recovery
after Phase 1. This is expected because the image does not contain
the GBB section.
8. Flash build/coreboot.signed.bin onto the Galileo board
9. The test is successful if verstage reaches Phase 4 and selects SLOT
A to load the rest of the files.
#!/bin/sh
#
# The necessary tools were built and installed using the following
commands:
#
# pushd 3rdparty/vboot
# make
# sudo make install
# popd
#
# The keys were made using the following command
#
# 3rdparty/vboot/scripts/keygeneration/create_new_keys.sh \
# --4k --4k-root --output $PWD/keys
#
#
# Create the GBB area blob
#
gbb_utility -c 0x100,0x1000,0x7ce80,0x1000 gbb.blob
#
# Add the empty GBB to the coreboot.rom image
#
dd conv=fdatasync ibs=4096 obs=4096 count=1553 \
if=build/coreboot.rom of=build/coreboot.signed.rom
dd conv=fdatasync obs=4096 obs=4096 seek=1553 if=gbb.blob \
of=build/coreboot.signed.rom
dd conv=fdatasync ibs=4096 obs=4096 skip=1680 seek=1680 \
count=368 if=build/coreboot.rom of=build/coreboot.signed.rom
#
# Add the keys and HWID to the GBB
#
gbb_utility \
--set --hwid='Galileo' \
-r $PWD/keys/recovery_key.vbpubk \
-k $PWD/keys/root_key.vbpubk \
build/coreboot.signed.rom
#
# Sign the firmware with the keys
#
3rdparty/vboot/scripts/image_signing/sign_firmware.sh \
build/coreboot.signed.rom \
$PWD/keys \
build/coreboot.signed.rom
Change-Id: I96170412e7bbc2b9c747ff5e2c845f29220353ed
Signed-off-by: Lee Leahy <leroy.p.leahy at intel.com>
Reviewed-on: https://review.coreboot.org/18041
Tested-by: Martin Roth <martinroth at google.com>
Reviewed-by: Aaron Durbin <adurbin at chromium.org>
See https://review.coreboot.org/18041 for details.
-gerrit
More information about the coreboot-gerrit
mailing list