diff options
-rw-r--r-- | src/vendorcode/eltan/security/mboot/mboot.c | 2 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/vboot_check.c | 69 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/vboot_check.h | 9 |
3 files changed, 29 insertions, 51 deletions
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c index 4823c6aa00..228d1a0f59 100644 --- a/src/vendorcode/eltan/security/mboot/mboot.c +++ b/src/vendorcode/eltan/security/mboot/mboot.c @@ -266,7 +266,6 @@ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, return status; } -#ifdef __PRE_RAM__ /* * Called from early romstage * @@ -473,4 +472,3 @@ int __attribute__((weak))mb_crtm(void) return status; } -#endif // __PRE_RAM__ diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 88519bdd78..fdae7b8b46 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -276,13 +276,11 @@ void process_verify_list(const verify_item_t list[]) i++; } } -#ifdef __BOOTBLOCK__ + /* * BOOTBLOCK */ -extern verify_item_t bootblock_verify_list[]; - void verified_boot_bootblock_check(void) { printk(BIOS_SPEW, "%s: processing bootblock items\n", __func__); @@ -296,14 +294,6 @@ void verified_boot_bootblock_check(void) process_verify_list(bootblock_verify_list); } -static void vendor_secure_prepare(void) -{ - printk(BIOS_SPEW, "%s: bootblock\n", __func__); - verified_boot_bootblock_check(); -} -#endif //__BOOTBLOCK__ - -#ifdef __ROMSTAGE__ /* * ROMSTAGE */ @@ -330,33 +320,6 @@ void verified_boot_early_check(void) process_verify_list(romstage_verify_list); } -static int prepare_romstage = 0; - -static void vendor_secure_prepare(void) -{ - printk(BIOS_SPEW, "%s: romstage\n", __func__); - if (!prepare_romstage) { - verified_boot_early_check(); - prepare_romstage = 1; - } -} -#endif //__ROMSTAGE__ - -#ifdef __POSTCAR__ -/* - * POSTCAR - */ - -extern verify_item_t postcar_verify_list[]; - -static void vendor_secure_prepare(void) -{ - printk(BIOS_SPEW, "%s: postcar\n", __func__); - process_verify_list(postcar_verify_list); -} -#endif //__POSTCAR__ - -#ifdef __RAMSTAGE__ /* * RAM STAGE */ @@ -408,10 +371,6 @@ static int process_oprom_list(const verify_item_t list[], return 0; } -extern verify_item_t payload_verify_list[]; - -extern verify_item_t oprom_verify_list[]; - int verified_boot_should_run_oprom(struct rom_header *rom_header) { return process_oprom_list(oprom_verify_list, rom_header); @@ -419,10 +378,30 @@ int verified_boot_should_run_oprom(struct rom_header *rom_header) static void vendor_secure_prepare(void) { - printk(BIOS_SPEW, "%s: ramstage\n", __func__); - process_verify_list(payload_verify_list); + if (ENV_BOOTBLOCK) { + printk(BIOS_SPEW, "%s: bootblock\n", __func__); + verified_boot_bootblock_check(); + } + + if (ENV_ROMSTAGE) { + static int prepare_romstage = 0; + printk(BIOS_SPEW, "%s: romstage\n", __func__); + if (!prepare_romstage) { + verified_boot_early_check(); + prepare_romstage = 1; + } + } + + if (ENV_POSTCAR) { + printk(BIOS_SPEW, "%s: postcar\n", __func__); + process_verify_list(postcar_verify_list); + } + + if (ENV_RAMSTAGE) { + printk(BIOS_SPEW, "%s: ramstage\n", __func__); + process_verify_list(payload_verify_list); + } } -#endif //__RAMSTAGE__ const struct cbfs_locator cbfs_master_header_locator = { .name = "Vendorcode Header Locator", diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.h b/src/vendorcode/eltan/security/verified_boot/vboot_check.h index 22f1edf948..36c8ffa8d3 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.h +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.h @@ -32,12 +32,8 @@ /* These method verifies the SHA256 hash over the 'named' CBFS component. * 'type' denotes the type of CBFS component i.e. stage, payload or fsp. */ -#ifdef __BOOTBLOCK__ void verified_boot_bootblock_check(void); -#endif -#ifdef __ROMSTAGE__ void verified_boot_early_check(void); -#endif int verified_boot_check_manifest(void); @@ -75,4 +71,9 @@ typedef struct { void process_verify_list(const verify_item_t list[]); +extern const verify_item_t bootblock_verify_list[]; +extern const verify_item_t postcar_verify_list[]; +extern const verify_item_t payload_verify_list[]; +extern const verify_item_t oprom_verify_list[]; + #endif //VBOOT_CHECK_H |