summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/vendorcode/eltan/security/mboot/mboot.c2
-rw-r--r--src/vendorcode/eltan/security/verified_boot/vboot_check.c69
-rw-r--r--src/vendorcode/eltan/security/verified_boot/vboot_check.h9
3 files changed, 29 insertions, 51 deletions
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c
index 4823c6aa00..228d1a0f59 100644
--- a/src/vendorcode/eltan/security/mboot/mboot.c
+++ b/src/vendorcode/eltan/security/mboot/mboot.c
@@ -266,7 +266,6 @@ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr,
return status;
}
-#ifdef __PRE_RAM__
/*
* Called from early romstage
*
@@ -473,4 +472,3 @@ int __attribute__((weak))mb_crtm(void)
return status;
}
-#endif // __PRE_RAM__
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
index 88519bdd78..fdae7b8b46 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
@@ -276,13 +276,11 @@ void process_verify_list(const verify_item_t list[])
i++;
}
}
-#ifdef __BOOTBLOCK__
+
/*
* BOOTBLOCK
*/
-extern verify_item_t bootblock_verify_list[];
-
void verified_boot_bootblock_check(void)
{
printk(BIOS_SPEW, "%s: processing bootblock items\n", __func__);
@@ -296,14 +294,6 @@ void verified_boot_bootblock_check(void)
process_verify_list(bootblock_verify_list);
}
-static void vendor_secure_prepare(void)
-{
- printk(BIOS_SPEW, "%s: bootblock\n", __func__);
- verified_boot_bootblock_check();
-}
-#endif //__BOOTBLOCK__
-
-#ifdef __ROMSTAGE__
/*
* ROMSTAGE
*/
@@ -330,33 +320,6 @@ void verified_boot_early_check(void)
process_verify_list(romstage_verify_list);
}
-static int prepare_romstage = 0;
-
-static void vendor_secure_prepare(void)
-{
- printk(BIOS_SPEW, "%s: romstage\n", __func__);
- if (!prepare_romstage) {
- verified_boot_early_check();
- prepare_romstage = 1;
- }
-}
-#endif //__ROMSTAGE__
-
-#ifdef __POSTCAR__
-/*
- * POSTCAR
- */
-
-extern verify_item_t postcar_verify_list[];
-
-static void vendor_secure_prepare(void)
-{
- printk(BIOS_SPEW, "%s: postcar\n", __func__);
- process_verify_list(postcar_verify_list);
-}
-#endif //__POSTCAR__
-
-#ifdef __RAMSTAGE__
/*
* RAM STAGE
*/
@@ -408,10 +371,6 @@ static int process_oprom_list(const verify_item_t list[],
return 0;
}
-extern verify_item_t payload_verify_list[];
-
-extern verify_item_t oprom_verify_list[];
-
int verified_boot_should_run_oprom(struct rom_header *rom_header)
{
return process_oprom_list(oprom_verify_list, rom_header);
@@ -419,10 +378,30 @@ int verified_boot_should_run_oprom(struct rom_header *rom_header)
static void vendor_secure_prepare(void)
{
- printk(BIOS_SPEW, "%s: ramstage\n", __func__);
- process_verify_list(payload_verify_list);
+ if (ENV_BOOTBLOCK) {
+ printk(BIOS_SPEW, "%s: bootblock\n", __func__);
+ verified_boot_bootblock_check();
+ }
+
+ if (ENV_ROMSTAGE) {
+ static int prepare_romstage = 0;
+ printk(BIOS_SPEW, "%s: romstage\n", __func__);
+ if (!prepare_romstage) {
+ verified_boot_early_check();
+ prepare_romstage = 1;
+ }
+ }
+
+ if (ENV_POSTCAR) {
+ printk(BIOS_SPEW, "%s: postcar\n", __func__);
+ process_verify_list(postcar_verify_list);
+ }
+
+ if (ENV_RAMSTAGE) {
+ printk(BIOS_SPEW, "%s: ramstage\n", __func__);
+ process_verify_list(payload_verify_list);
+ }
}
-#endif //__RAMSTAGE__
const struct cbfs_locator cbfs_master_header_locator = {
.name = "Vendorcode Header Locator",
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.h b/src/vendorcode/eltan/security/verified_boot/vboot_check.h
index 22f1edf948..36c8ffa8d3 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.h
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.h
@@ -32,12 +32,8 @@
/* These method verifies the SHA256 hash over the 'named' CBFS component.
* 'type' denotes the type of CBFS component i.e. stage, payload or fsp.
*/
-#ifdef __BOOTBLOCK__
void verified_boot_bootblock_check(void);
-#endif
-#ifdef __ROMSTAGE__
void verified_boot_early_check(void);
-#endif
int verified_boot_check_manifest(void);
@@ -75,4 +71,9 @@ typedef struct {
void process_verify_list(const verify_item_t list[]);
+extern const verify_item_t bootblock_verify_list[];
+extern const verify_item_t postcar_verify_list[];
+extern const verify_item_t payload_verify_list[];
+extern const verify_item_t oprom_verify_list[];
+
#endif //VBOOT_CHECK_H