diff options
author | Julius Werner <jwerner@chromium.org> | 2019-05-09 13:40:23 -0700 |
---|---|---|
committer | Julius Werner <jwerner@chromium.org> | 2019-05-10 21:41:14 +0000 |
commit | ef7d89cabe658e7f2951112c50853328988cea98 (patch) | |
tree | 29825181a56e73be7c6c9cf3884a82f4f8b1d56a /src/security | |
parent | 939bfccb3dbf04a0a2f7e15b82db1fdb469b7a73 (diff) | |
download | coreboot-ef7d89cabe658e7f2951112c50853328988cea98.tar.xz |
vboot: Make vboot_logic_executed() a bit more precise
This patch adds another check to vboot_logic_executed() to make sure we
only do a runtime check for verstage_should_load() if
CONFIG_VBOOT_RETURN_FROM_VERSTAGE is enabled. That's the only case where
the stage that's loading the verstage can execute after verification has
run (because the verstage will return to it when it's done). In the
other case, the stage that loads verstage really just loads it and will
never do anything again after hand-off, so it's guaranteed to always
execute before verification.
This change may allow extra dead-code elimination in some cases.
Change-Id: I7019b6f7b0acfbf0a8173914b53364751b08f2cf
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32714
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/vboot_loader.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index 0640ebd173..3bbb3da99c 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -64,9 +64,11 @@ static int vboot_executed CAR_GLOBAL; int vboot_logic_executed(void) { - /* If we are in a stage that would load the verstage or execute the - vboot logic directly, we store the answer in a global. */ - if (verstage_should_load() || verification_should_run()) + /* If we are in the stage that runs verification, or in the stage that + both loads the verstage and is returned to from it afterwards, we + need to check a global to see if verfication has run. */ + if (verification_should_run() || + (verstage_should_load() && CONFIG(VBOOT_RETURN_FROM_VERSTAGE))) return car_get_var(vboot_executed); if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) { |