summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2019-05-09 13:40:23 -0700
committerJulius Werner <jwerner@chromium.org>2019-05-10 21:41:14 +0000
commitef7d89cabe658e7f2951112c50853328988cea98 (patch)
tree29825181a56e73be7c6c9cf3884a82f4f8b1d56a /src/security
parent939bfccb3dbf04a0a2f7e15b82db1fdb469b7a73 (diff)
downloadcoreboot-ef7d89cabe658e7f2951112c50853328988cea98.tar.xz
vboot: Make vboot_logic_executed() a bit more precise
This patch adds another check to vboot_logic_executed() to make sure we only do a runtime check for verstage_should_load() if CONFIG_VBOOT_RETURN_FROM_VERSTAGE is enabled. That's the only case where the stage that's loading the verstage can execute after verification has run (because the verstage will return to it when it's done). In the other case, the stage that loads verstage really just loads it and will never do anything again after hand-off, so it's guaranteed to always execute before verification. This change may allow extra dead-code elimination in some cases. Change-Id: I7019b6f7b0acfbf0a8173914b53364751b08f2cf Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/32714 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/vboot_loader.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c
index 0640ebd173..3bbb3da99c 100644
--- a/src/security/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@@ -64,9 +64,11 @@ static int vboot_executed CAR_GLOBAL;
int vboot_logic_executed(void)
{
- /* If we are in a stage that would load the verstage or execute the
- vboot logic directly, we store the answer in a global. */
- if (verstage_should_load() || verification_should_run())
+ /* If we are in the stage that runs verification, or in the stage that
+ both loads the verstage and is returned to from it afterwards, we
+ need to check a global to see if verfication has run. */
+ if (verification_should_run() ||
+ (verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE)))
return car_get_var(vboot_executed);
if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) {