diff options
author | Martin Roth <martin@coreboot.org> | 2020-05-04 10:13:45 -0600 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2020-06-15 21:04:00 +0000 |
commit | 8a3a3c820b8f8a8d357bf54fb7532ad1ae1ba270 (patch) | |
tree | 1e3c8c2c30753118a16eba2d0f3afc25bc74d836 /src/security/vboot/Kconfig | |
parent | 61ba7fb2d9ecd2cfd64dda0618d544e4429fee8e (diff) | |
download | coreboot-8a3a3c820b8f8a8d357bf54fb7532ad1ae1ba270.tar.xz |
security/vboot: Add option to run verstage before bootblock
For AMD's family 17h, verstage can run as a userspace app in the PSP
before the X86 is released. The flags for this have been made generic
to support any other future systems that might run verstage before
the main processor starts.
Although an attempt has been made to make things somewhat generic,
since this is the first and currently only chip to support verstage
before bootblock, there are a number of options which might ultimately
be needed which have currently been left out for simplicity. Examples
of this are:
- PCI is not currently supported - this is currently just a given
instead of making a separate Kconfig option for it.
- The PSP uses an ARM v7 processor, so that's the only processor that
is getting updated for the verstage-before-bootblock option.
BUG=b:158124527
TEST=Build with following patches
Signed-off-by: Martin Roth <martin@coreboot.org>
Change-Id: I4849777cb7ba9f90fe8428b82c21884d1e662b96
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41814
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Diffstat (limited to 'src/security/vboot/Kconfig')
-rw-r--r-- | src/security/vboot/Kconfig | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index d317cb6447..0637edce01 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -71,6 +71,13 @@ config VBOOT_VBNV_FLASH help VBNV is stored in flash storage +config VBOOT_STARTS_BEFORE_BOOTBLOCK + def_bool n + select VBOOT_SEPARATE_VERSTAGE + help + Firmware verification happens before the main processor is brought + online. + config VBOOT_STARTS_IN_BOOTBLOCK bool default n @@ -109,7 +116,7 @@ config VBOOT_DISABLE_DEV_ON_RECOVERY config VBOOT_SEPARATE_VERSTAGE bool default n - depends on VBOOT_STARTS_IN_BOOTBLOCK + depends on VBOOT_STARTS_IN_BOOTBLOCK || VBOOT_STARTS_BEFORE_BOOTBLOCK help If this option is set, vboot verification runs in a standalone stage that is loaded from the bootblock and exits into romstage. If it is |