diff options
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/Kconfig | 15 | ||||
-rw-r--r-- | src/security/vboot/common.c | 7 | ||||
-rw-r--r-- | src/security/vboot/vboot_loader.c | 3 |
3 files changed, 3 insertions, 22 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 66bcc1ed6f..ea1f73889a 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -107,21 +107,6 @@ config VBOOT_STARTS_IN_ROMSTAGE memory initialization). This implies that vboot working data is allocated in CBMEM. -config VBOOT_MIGRATE_WORKING_DATA - bool - default y if CACHE_AS_RAM - depends on !VBOOT_STARTS_IN_ROMSTAGE - help - In order to make vboot data structures available downstream, - migrate verified boot working data to CBMEM after CBMEM comes - online, when VBOOT_STARTS_IN_BOOTBLOCK is employed. This should - always be enabled on x86 architectures to migrate data from CAR - before losing access in ramstage, and should almost always be - disabled in SRAM architectures, where access to SRAM is usually - retained. Any SRAM platform where the original location of the - VBOOT_WORKBUF region becomes inaccessible in later stages should - manually select this option. - config VBOOT_MOCK_SECDATA bool "Mock secdata for firmware verification" default n diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c index bd72683e00..626fbc52a4 100644 --- a/src/security/vboot/common.c +++ b/src/security/vboot/common.c @@ -117,13 +117,12 @@ int vboot_is_slot_selected(void) return reg->size > 0; } -#if CONFIG(VBOOT_MIGRATE_WORKING_DATA) +#if CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) /* * For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot * verification occurs before CBMEM is brought online, using pre-RAM. * In order to make vboot data structures available downstream, copy - * vboot_working_data from SRAM/CAR into CBMEM on platforms where this - * memory later becomes unavailable. + * vboot_working_data from SRAM/CAR into CBMEM. */ static void vboot_migrate_cbmem(int unused) { @@ -140,7 +139,7 @@ static void vboot_migrate_cbmem(int unused) memcpy(wd_cbmem, wd_preram, cbmem_size); } ROMSTAGE_CBMEM_INIT_HOOK(vboot_migrate_cbmem) -#elif CONFIG(VBOOT_STARTS_IN_ROMSTAGE) +#else static void vboot_setup_cbmem(int unused) { struct vboot_working_data *wd_cbmem = diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c index 9e2cd00404..af4a3fd880 100644 --- a/src/security/vboot/vboot_loader.c +++ b/src/security/vboot/vboot_loader.c @@ -26,9 +26,6 @@ _Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) + CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1, "vboot must either start in bootblock or romstage (not both!)"); -_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) || - !CONFIG(VBOOT_MIGRATE_WORKING_DATA), - "no need to migrate working data after CBMEM is already up!"); _Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) || CONFIG(VBOOT_STARTS_IN_BOOTBLOCK), "stand-alone verstage must start in (i.e. after) bootblock"); |