summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/Kconfig15
-rw-r--r--src/security/vboot/common.c7
-rw-r--r--src/security/vboot/vboot_loader.c3
3 files changed, 3 insertions, 22 deletions
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 66bcc1ed6f..ea1f73889a 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -107,21 +107,6 @@ config VBOOT_STARTS_IN_ROMSTAGE
memory initialization). This implies that vboot working data is
allocated in CBMEM.
-config VBOOT_MIGRATE_WORKING_DATA
- bool
- default y if CACHE_AS_RAM
- depends on !VBOOT_STARTS_IN_ROMSTAGE
- help
- In order to make vboot data structures available downstream,
- migrate verified boot working data to CBMEM after CBMEM comes
- online, when VBOOT_STARTS_IN_BOOTBLOCK is employed. This should
- always be enabled on x86 architectures to migrate data from CAR
- before losing access in ramstage, and should almost always be
- disabled in SRAM architectures, where access to SRAM is usually
- retained. Any SRAM platform where the original location of the
- VBOOT_WORKBUF region becomes inaccessible in later stages should
- manually select this option.
-
config VBOOT_MOCK_SECDATA
bool "Mock secdata for firmware verification"
default n
diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c
index bd72683e00..626fbc52a4 100644
--- a/src/security/vboot/common.c
+++ b/src/security/vboot/common.c
@@ -117,13 +117,12 @@ int vboot_is_slot_selected(void)
return reg->size > 0;
}
-#if CONFIG(VBOOT_MIGRATE_WORKING_DATA)
+#if CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)
/*
* For platforms that do not employ VBOOT_STARTS_IN_ROMSTAGE, vboot
* verification occurs before CBMEM is brought online, using pre-RAM.
* In order to make vboot data structures available downstream, copy
- * vboot_working_data from SRAM/CAR into CBMEM on platforms where this
- * memory later becomes unavailable.
+ * vboot_working_data from SRAM/CAR into CBMEM.
*/
static void vboot_migrate_cbmem(int unused)
{
@@ -140,7 +139,7 @@ static void vboot_migrate_cbmem(int unused)
memcpy(wd_cbmem, wd_preram, cbmem_size);
}
ROMSTAGE_CBMEM_INIT_HOOK(vboot_migrate_cbmem)
-#elif CONFIG(VBOOT_STARTS_IN_ROMSTAGE)
+#else
static void vboot_setup_cbmem(int unused)
{
struct vboot_working_data *wd_cbmem =
diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c
index 9e2cd00404..af4a3fd880 100644
--- a/src/security/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@@ -26,9 +26,6 @@
_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) +
CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1,
"vboot must either start in bootblock or romstage (not both!)");
-_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) ||
- !CONFIG(VBOOT_MIGRATE_WORKING_DATA),
- "no need to migrate working data after CBMEM is already up!");
_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) ||
CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
"stand-alone verstage must start in (i.e. after) bootblock");