summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/tpm/tspi/log.c6
-rw-r--r--src/security/tpm/tspi/tspi.c16
-rw-r--r--src/security/tpm/tss.h4
-rw-r--r--src/security/vboot/bootmode.c12
-rw-r--r--src/security/vboot/common.c6
-rw-r--r--src/security/vboot/secdata_tpm.c8
-rw-r--r--src/security/vboot/vbnv.c14
-rw-r--r--src/security/vboot/vbnv_cmos.c4
-rw-r--r--src/security/vboot/vboot_common.c4
-rw-r--r--src/security/vboot/vboot_common.h2
-rw-r--r--src/security/vboot/vboot_crtm.c4
-rw-r--r--src/security/vboot/vboot_crtm.h2
-rw-r--r--src/security/vboot/vboot_handoff.c14
-rw-r--r--src/security/vboot/vboot_loader.c28
-rw-r--r--src/security/vboot/vboot_logic.c20
-rw-r--r--src/security/vboot/verstage.c2
16 files changed, 73 insertions, 73 deletions
diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c
index 18ab288dcc..ba4dbc111a 100644
--- a/src/security/tpm/tspi/log.c
+++ b/src/security/tpm/tspi/log.c
@@ -52,10 +52,10 @@ static struct tcpa_table *tcpa_log_init(void)
/* We are dealing here with pre CBMEM environment.
* If cbmem isn't available use CAR or SRAM */
if (!cbmem_possibly_online() &&
- !IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE))
+ !CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
return (struct tcpa_table *)_vboot2_tpm_log;
else if (ENV_ROMSTAGE &&
- !IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)) {
+ !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) {
tclt = tcpa_cbmem_init();
if (!tclt)
return (struct tcpa_table *)_vboot2_tpm_log;
@@ -136,7 +136,7 @@ void tcpa_preram_log_clear(void)
tclt->num_entries = 0;
}
-#if !IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)
+#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)
static void recover_tcpa_log(int is_recovery)
{
struct tcpa_table *preram_log = (struct tcpa_table *)_vboot2_tpm_log;
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index f1b72fbff3..aa2dc09bfc 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -22,12 +22,12 @@
#include <security/tpm/tss.h>
#include <stdlib.h>
#include <string.h>
-#if IS_ENABLED(CONFIG_VBOOT)
+#if CONFIG(VBOOT)
#include <vb2_api.h>
#include <assert.h>
#endif
-#if IS_ENABLED(CONFIG_TPM1)
+#if CONFIG(TPM1)
static uint32_t tpm1_invoke_state_machine(void)
{
uint8_t disabled;
@@ -51,7 +51,7 @@ static uint32_t tpm1_invoke_state_machine(void)
}
}
- if (!!deactivated != IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {
+ if (!!deactivated != CONFIG(TPM_DEACTIVATE)) {
printk(BIOS_INFO,
"TPM: Unexpected TPM deactivated state. Toggling...\n");
result = tlcl_set_deactivated(!deactivated);
@@ -167,7 +167,7 @@ uint32_t tpm_setup(int s3flag)
}
}
-#if IS_ENABLED(CONFIG_TPM1)
+#if CONFIG(TPM1)
result = tpm1_invoke_state_machine();
#endif
@@ -185,7 +185,7 @@ uint32_t tpm_clear_and_reenable(void)
return result;
}
-#if IS_ENABLED(CONFIG_TPM1)
+#if CONFIG(TPM1)
result = tlcl_set_enable();
if (result != TPM_SUCCESS) {
printk(BIOS_ERR, "TPM: Can't set enabled state.\n");
@@ -214,14 +214,14 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
if (result != TPM_SUCCESS)
return result;
- if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT))
+ if (CONFIG(VBOOT_MEASURED_BOOT))
tcpa_log_add_table_entry(name, pcr, digest_algo,
digest, digest_len);
return TPM_SUCCESS;
}
-#if IS_ENABLED(CONFIG_VBOOT)
+#if CONFIG(VBOOT)
uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
const char *rname)
{
@@ -239,7 +239,7 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
printk(BIOS_ERR, "TPM: Can't initialize library.\n");
return result;
}
- if (IS_ENABLED(CONFIG_TPM1)) {
+ if (CONFIG(TPM1)) {
hash_alg = VB2_HASH_SHA1;
} else { /* CONFIG_TPM2 */
hash_alg = VB2_HASH_SHA256;
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h
index c4f2608603..807cb46a3e 100644
--- a/src/security/tpm/tss.h
+++ b/src/security/tpm/tss.h
@@ -19,7 +19,7 @@
#include <security/tpm/tss_errors.h>
#include <security/tpm/tss/vendor/cr50/cr50.h>
-#if IS_ENABLED(CONFIG_TPM1)
+#if CONFIG(TPM1)
#include <security/tpm/tss/tcg-1.2/tss_structures.h>
@@ -53,7 +53,7 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
#endif
-#if IS_ENABLED(CONFIG_TPM2)
+#if CONFIG(TPM2)
#include <security/tpm/tss/tcg-2.0/tss_structures.h>
diff --git a/src/security/vboot/bootmode.c b/src/security/vboot/bootmode.c
index 59eaf2f540..fb1fc461b8 100644
--- a/src/security/vboot/bootmode.c
+++ b/src/security/vboot/bootmode.c
@@ -36,7 +36,7 @@ static int vb2_get_recovery_reason_shared_data(void)
void vb2_save_recovery_reason_vbnv(void)
{
- if (!IS_ENABLED(CONFIG_VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
+ if (!CONFIG(VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
return;
int reason = vb2_get_recovery_reason_shared_data();
@@ -48,7 +48,7 @@ void vb2_save_recovery_reason_vbnv(void)
static void vb2_clear_recovery_reason_vbnv(void *unused)
{
- if (!IS_ENABLED(CONFIG_VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
+ if (!CONFIG(VBOOT_SAVE_RECOVERY_REASON_ON_REBOOT))
return;
set_recovery_mode_into_vbnv(0);
@@ -73,13 +73,13 @@ BOOT_STATE_INIT_ENTRY(BS_DEV_INIT, BS_ON_EXIT,
*/
static int vboot_possibly_executed(void)
{
- if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) {
- if (ENV_BOOTBLOCK && IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE))
+ if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) {
+ if (ENV_BOOTBLOCK && CONFIG(VBOOT_SEPARATE_VERSTAGE))
return 0;
return 1;
}
- if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) {
+ if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
if (ENV_BOOTBLOCK)
return 0;
return 1;
@@ -169,7 +169,7 @@ int vboot_developer_mode_enabled(void)
return 0;
}
-#if IS_ENABLED(CONFIG_VBOOT_NO_BOARD_SUPPORT)
+#if CONFIG(VBOOT_NO_BOARD_SUPPORT)
/**
* TODO: Create flash protection interface which implements get_write_protect_state.
* get_recovery_mode_switch should be implemented as default function.
diff --git a/src/security/vboot/common.c b/src/security/vboot/common.c
index da4e1ca09f..59c830f1bc 100644
--- a/src/security/vboot/common.c
+++ b/src/security/vboot/common.c
@@ -44,7 +44,7 @@ static const size_t vb_work_buf_size = 16 * KiB;
static struct vb2_working_data * const vboot_get_working_data(void)
{
- if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE))
+ if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
/* cbmem_add() does a cbmem_find() first. */
return cbmem_add(CBMEM_ID_VBOOT_WORKBUF, vb_work_buf_size);
else
@@ -53,7 +53,7 @@ static struct vb2_working_data * const vboot_get_working_data(void)
static size_t vb2_working_data_size(void)
{
- if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE))
+ if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
return vb_work_buf_size;
else
return REGION_SIZE(vboot2_work);
@@ -171,7 +171,7 @@ void vb2_store_selected_region(void)
* Therefore, the selected region contents would not be initialized
* so don't automatically add results when cbmem comes online.
*/
-#if !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)
+#if !CONFIG(VBOOT_STARTS_IN_ROMSTAGE)
static void vb2_store_selected_region_cbmem(int unused)
{
vb2_store_selected_region();
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 1ace632aff..39cd6141fd 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -167,7 +167,7 @@ static const uint8_t secdata_kernel[] = {
*/
static const uint8_t rec_hash_data[REC_HASH_NV_SIZE] = { };
-#if IS_ENABLED(CONFIG_TPM2)
+#if CONFIG(TPM2)
/*
* Different sets of NVRAM space attributes apply to the "ro" spaces,
* i.e. those which should not be possible to delete or modify once
@@ -264,7 +264,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
*/
RETURN_ON_FAILURE(set_kernel_space(secdata_kernel));
- if (IS_ENABLED(CONFIG_VBOOT_HAS_REC_HASH_SPACE))
+ if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
RETURN_ON_FAILURE(set_rec_hash_space(rec_hash_data));
RETURN_ON_FAILURE(set_firmware_space(ctx->secdata));
@@ -385,7 +385,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
VB2_SECDATA_SIZE));
/* Define and set rec hash space, if available. */
- if (IS_ENABLED(CONFIG_VBOOT_HAS_REC_HASH_SPACE))
+ if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
RETURN_ON_FAILURE(set_rec_hash_space(rec_hash_data));
return TPM_SUCCESS;
@@ -481,7 +481,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
uint32_t antirollback_write_space_firmware(struct vb2_context *ctx)
{
- if (IS_ENABLED(CONFIG_CR50_IMMEDIATELY_COMMIT_FW_SECDATA))
+ if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA))
tlcl_cr50_enable_nvcommits();
return write_secdata(FIRMWARE_NV_INDEX, ctx->secdata, VB2_SECDATA_SIZE);
}
diff --git a/src/security/vboot/vbnv.c b/src/security/vboot/vbnv.c
index 636e5e3806..b99941875c 100644
--- a/src/security/vboot/vbnv.c
+++ b/src/security/vboot/vbnv.c
@@ -91,11 +91,11 @@ void regen_vbnv_crc(uint8_t *vbnv_copy)
*/
void read_vbnv(uint8_t *vbnv_copy)
{
- if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS))
+ if (CONFIG(VBOOT_VBNV_CMOS))
read_vbnv_cmos(vbnv_copy);
- else if (IS_ENABLED(CONFIG_VBOOT_VBNV_EC))
+ else if (CONFIG(VBOOT_VBNV_EC))
read_vbnv_ec(vbnv_copy);
- else if (IS_ENABLED(CONFIG_VBOOT_VBNV_FLASH))
+ else if (CONFIG(VBOOT_VBNV_FLASH))
read_vbnv_flash(vbnv_copy);
/* Check data for consistency */
@@ -109,11 +109,11 @@ void read_vbnv(uint8_t *vbnv_copy)
*/
void save_vbnv(const uint8_t *vbnv_copy)
{
- if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS))
+ if (CONFIG(VBOOT_VBNV_CMOS))
save_vbnv_cmos(vbnv_copy);
- else if (IS_ENABLED(CONFIG_VBOOT_VBNV_EC))
+ else if (CONFIG(VBOOT_VBNV_EC))
save_vbnv_ec(vbnv_copy);
- else if (IS_ENABLED(CONFIG_VBOOT_VBNV_FLASH))
+ else if (CONFIG(VBOOT_VBNV_FLASH))
save_vbnv_flash(vbnv_copy);
/* Clear initialized flag to force cached data to be updated */
@@ -156,7 +156,7 @@ int vbnv_udc_enable_flag(void)
void vbnv_init(uint8_t *vbnv_copy)
{
- if (IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS))
+ if (CONFIG(VBOOT_VBNV_CMOS))
vbnv_init_cmos(vbnv_copy);
read_vbnv(vbnv_copy);
}
diff --git a/src/security/vboot/vbnv_cmos.c b/src/security/vboot/vbnv_cmos.c
index 9c801d84fe..7758ef6198 100644
--- a/src/security/vboot/vbnv_cmos.c
+++ b/src/security/vboot/vbnv_cmos.c
@@ -39,7 +39,7 @@ static void clear_vbnv_battery_cutoff_flag(uint8_t *vbnv_copy)
/* Return non-zero if backup was used. */
static int restore_from_backup(uint8_t *vbnv_copy)
{
- if (!IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH))
+ if (!CONFIG(VBOOT_VBNV_CMOS_BACKUP_TO_FLASH))
return 0;
printk(BIOS_INFO, "VBNV: CMOS invalid, restoring from flash\n");
@@ -99,7 +99,7 @@ void vbnv_init_cmos(uint8_t *vbnv_copy)
}
}
-#if IS_ENABLED(CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH)
+#if CONFIG(VBOOT_VBNV_CMOS_BACKUP_TO_FLASH)
static void back_up_vbnv_cmos(void *unused)
{
uint8_t vbnv_cmos[VBOOT_VBNV_BLOCK_SIZE];
diff --git a/src/security/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
index c80650f3be..51bc682893 100644
--- a/src/security/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -60,7 +60,7 @@ int vboot_get_handoff_info(void **addr, uint32_t *size)
* pre-ram stage, then bail out early.
*/
if (ENV_BOOTBLOCK ||
- (ENV_VERSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)))
+ (ENV_VERSTAGE && CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)))
return -1;
struct vboot_handoff *vboot_handoff;
@@ -124,7 +124,7 @@ void __weak vboot_platform_prepare_reboot(void)
void vboot_reboot(void)
{
- if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART))
+ if (CONFIG(CONSOLE_CBMEM_DUMP_TO_UART))
cbmem_dump_console();
vboot_platform_prepare_reboot();
board_reset();
diff --git a/src/security/vboot/vboot_common.h b/src/security/vboot/vboot_common.h
index 61f5931fe5..8c92437a3c 100644
--- a/src/security/vboot/vboot_common.h
+++ b/src/security/vboot/vboot_common.h
@@ -104,7 +104,7 @@ void verstage_main(void);
void verstage_mainboard_init(void);
/* Check boot modes */
-#if IS_ENABLED(CONFIG_VBOOT)
+#if CONFIG(VBOOT)
int vboot_developer_mode_enabled(void);
int vboot_recovery_mode_enabled(void);
int vboot_recovery_mode_memory_retrain(void);
diff --git a/src/security/vboot/vboot_crtm.c b/src/security/vboot/vboot_crtm.c
index 4e69b7cddd..6aa5103f60 100644
--- a/src/security/vboot/vboot_crtm.c
+++ b/src/security/vboot/vboot_crtm.c
@@ -88,7 +88,7 @@ uint32_t vboot_init_crtm(void)
}
}
- if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) {
+ if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
struct cbfsf romstage_data;
/* measure romstage from RO */
if (cbfs_boot_locate(&romstage_data,
@@ -111,7 +111,7 @@ uint32_t vboot_init_crtm(void)
}
}
- if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE)) {
+ if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) {
struct cbfsf verstage_data;
/* measure verstage from RO */
if (cbfs_boot_locate(&verstage_data,
diff --git a/src/security/vboot/vboot_crtm.h b/src/security/vboot/vboot_crtm.h
index 84ee9e63b5..e1799b8e84 100644
--- a/src/security/vboot/vboot_crtm.h
+++ b/src/security/vboot/vboot_crtm.h
@@ -46,7 +46,7 @@
*/
uint32_t vboot_init_crtm(void);
-#if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && \
+#if (CONFIG(VBOOT_MEASURED_BOOT) && \
!ENV_BOOTBLOCK && !ENV_DECOMPRESSOR && !ENV_SMM)
/*
* Measures cbfs data via hook (cbfs)
diff --git a/src/security/vboot/vboot_handoff.c b/src/security/vboot/vboot_handoff.c
index e8464140b9..2bb26a8974 100644
--- a/src/security/vboot/vboot_handoff.c
+++ b/src/security/vboot/vboot_handoff.c
@@ -79,18 +79,18 @@ static void fill_vboot_handoff(struct vboot_handoff *vboot_handoff,
vb_sd->flags |= VBSD_LF_DEV_SWITCH_ON;
}
/* TODO: Set these in depthcharge */
- if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH))
+ if (!CONFIG(VBOOT_PHYSICAL_DEV_SWITCH))
vb_sd->flags |= VBSD_HONOR_VIRT_DEV_SWITCH;
- if (IS_ENABLED(CONFIG_VBOOT_EC_SOFTWARE_SYNC)) {
+ if (CONFIG(VBOOT_EC_SOFTWARE_SYNC)) {
vb_sd->flags |= VBSD_EC_SOFTWARE_SYNC;
- if (IS_ENABLED(CONFIG_VBOOT_EC_SLOW_UPDATE))
+ if (CONFIG(VBOOT_EC_SLOW_UPDATE))
vb_sd->flags |= VBSD_EC_SLOW_UPDATE;
- if (IS_ENABLED(CONFIG_VBOOT_EC_EFS))
+ if (CONFIG(VBOOT_EC_EFS))
vb_sd->flags |= VBSD_EC_EFS;
}
- if (!IS_ENABLED(CONFIG_VBOOT_PHYSICAL_REC_SWITCH))
+ if (!CONFIG(VBOOT_PHYSICAL_REC_SWITCH))
vb_sd->flags |= VBSD_BOOT_REC_SWITCH_VIRTUAL;
- if (IS_ENABLED(CONFIG_VBOOT_OPROM_MATTERS)) {
+ if (CONFIG(VBOOT_OPROM_MATTERS)) {
vb_sd->flags |= VBSD_OPROM_MATTERS;
/*
* Inform vboot if the display was enabled by dev/rec
@@ -179,7 +179,7 @@ void vboot_fill_handoff(void)
* Therefore, the vboot results would not be initialized so don't
* automatically add results when cbmem comes online.
*/
-#if !IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)
+#if !CONFIG(VBOOT_STARTS_IN_ROMSTAGE)
static void vb2_fill_handoff_cbmem(int unused)
{
vboot_fill_handoff();
diff --git a/src/security/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c
index 75f75b5cf8..b6c216d5fa 100644
--- a/src/security/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@@ -24,14 +24,14 @@
#include <security/vboot/vboot_common.h>
/* Ensure vboot configuration is valid: */
-_Static_assert(IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) +
- IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE) == 1,
+_Static_assert(CONFIG(VBOOT_STARTS_IN_BOOTBLOCK) +
+ CONFIG(VBOOT_STARTS_IN_ROMSTAGE) == 1,
"vboot must either start in bootblock or romstage (not both!)");
-_Static_assert(!IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE) ||
- IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK),
+_Static_assert(!CONFIG(VBOOT_SEPARATE_VERSTAGE) ||
+ CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
"stand-alone verstage must start in (i.e. after) bootblock");
-_Static_assert(!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE) ||
- IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE),
+_Static_assert(!CONFIG(VBOOT_RETURN_FROM_VERSTAGE) ||
+ CONFIG(VBOOT_SEPARATE_VERSTAGE),
"return from verstage only makes sense for separate verstages");
/* The stage loading code is compiled and entered from multiple stages. The
@@ -40,11 +40,11 @@ _Static_assert(!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE) ||
static int verification_should_run(void)
{
- if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE))
+ if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
return ENV_VERSTAGE;
- else if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE))
+ else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE))
return ENV_ROMSTAGE;
- else if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))
+ else if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
return ENV_BOOTBLOCK;
else
die("impossible!");
@@ -52,7 +52,7 @@ static int verification_should_run(void)
static int verstage_should_load(void)
{
- if (IS_ENABLED(CONFIG_VBOOT_SEPARATE_VERSTAGE))
+ if (CONFIG(VBOOT_SEPARATE_VERSTAGE))
return ENV_BOOTBLOCK;
else
return 0;
@@ -67,10 +67,10 @@ int vb2_logic_executed(void)
if (verstage_should_load() || verification_should_run())
return car_get_var(vboot_executed);
- if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK)) {
+ if (CONFIG(VBOOT_STARTS_IN_BOOTBLOCK)) {
/* All other stages are "after the bootblock" */
return !ENV_BOOTBLOCK;
- } else if (IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) {
+ } else if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
/* Post-RAM stages are "after the romstage" */
#ifdef __PRE_RAM__
return 0;
@@ -112,7 +112,7 @@ static void vboot_prepare(void)
/* This is not actually possible to hit this condition at
* runtime, but this provides a hint to the compiler for dead
* code elimination below. */
- if (!IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE))
+ if (!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
return;
car_set_var(vboot_executed, 1);
@@ -126,7 +126,7 @@ static void vboot_prepare(void)
* other platforms the vboot cbmem objects are initialized when
* cbmem comes online.
*/
- if (ENV_ROMSTAGE && IS_ENABLED(CONFIG_VBOOT_STARTS_IN_ROMSTAGE)) {
+ if (ENV_ROMSTAGE && CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
vb2_store_selected_region();
vboot_fill_handoff();
}
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 7ab9824843..4aab795871 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -113,14 +113,14 @@ static int handle_digest_result(void *slot_hash, size_t slot_hash_sz)
* Chrome EC is the only support for vboot_save_hash() &
* vboot_retrieve_hash(), if Chrome EC is not enabled then return.
*/
- if (!IS_ENABLED(CONFIG_EC_GOOGLE_CHROMEEC))
+ if (!CONFIG(EC_GOOGLE_CHROMEEC))
return 0;
/*
* Nothing to do since resuming on the platform doesn't require
* vboot verification again.
*/
- if (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT))
+ if (!CONFIG(RESUME_PATH_SAME_AS_BOOT))
return 0;
/*
@@ -128,7 +128,7 @@ static int handle_digest_result(void *slot_hash, size_t slot_hash_sz)
* RW memory init code is not employed. i.e. memory init code
* lives in RO CBFS.
*/
- if (!IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK))
+ if (!CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
return 0;
is_resume = vboot_platform_is_resuming();
@@ -306,7 +306,7 @@ void verstage_main(void)
* which slot to boot. This is only relevant to vboot if the platform
* does verification of memory init and thus must ensure it resumes with
* the same slot that it booted from. */
- if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) &&
+ if (CONFIG(RESUME_PATH_SAME_AS_BOOT) &&
vboot_platform_is_resuming())
ctx.flags |= VB2_CONTEXT_S3_RESUME;
@@ -318,27 +318,27 @@ void verstage_main(void)
timestamp_add_now(TS_END_TPMINIT);
/* Enable measured boot mode */
- if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) &&
+ if (CONFIG(VBOOT_MEASURED_BOOT) &&
!(ctx.flags & VB2_CONTEXT_S3_RESUME)) {
if (vboot_init_crtm() != VB2_SUCCESS)
die("Initializing measured boot mode failed!");
}
- if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) &&
+ if (CONFIG(VBOOT_PHYSICAL_DEV_SWITCH) &&
get_developer_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
if (get_recovery_mode_switch()) {
ctx.flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE;
- if (IS_ENABLED(CONFIG_VBOOT_DISABLE_DEV_ON_RECOVERY))
+ if (CONFIG(VBOOT_DISABLE_DEV_ON_RECOVERY))
ctx.flags |= VB2_CONTEXT_DISABLE_DEVELOPER_MODE;
}
- if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) &&
+ if (CONFIG(VBOOT_WIPEOUT_SUPPORTED) &&
get_wipeout_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_WIPEOUT_MODE;
- if (IS_ENABLED(CONFIG_VBOOT_LID_SWITCH) && !get_lid_switch())
+ if (CONFIG(VBOOT_LID_SWITCH) && !get_lid_switch())
ctx.flags |= VB2_CONTEXT_NOFAIL_BOOT;
/* Do early init (set up secdata and NVRAM, load GBB) */
@@ -424,7 +424,7 @@ void verstage_main(void)
timestamp_add_now(TS_END_TPMLOCK);
/* Lock rec hash space if available. */
- if (IS_ENABLED(CONFIG_VBOOT_HAS_REC_HASH_SPACE)) {
+ if (CONFIG(VBOOT_HAS_REC_HASH_SPACE)) {
rv = antirollback_lock_space_rec_hash();
if (rv) {
printk(BIOS_INFO, "Failed to lock rec hash space(%x)\n",
diff --git a/src/security/vboot/verstage.c b/src/security/vboot/verstage.c
index afd73f11e0..ef0bd48850 100644
--- a/src/security/vboot/verstage.c
+++ b/src/security/vboot/verstage.c
@@ -30,7 +30,7 @@ void main(void)
exception_init();
verstage_mainboard_init();
- if (IS_ENABLED(CONFIG_VBOOT_RETURN_FROM_VERSTAGE)) {
+ if (CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) {
verstage_main();
} else {
run_romstage();