summaryrefslogtreecommitdiff
path: root/src/mainboard/facebook/fbg1701/board_verified_boot.c
blob: f869773c56d88bff9b406d7579fc6caf0132647f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/*
 * This file is part of the coreboot project.
 *
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; version 2 of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 */

#include "board_verified_boot.h"

/* The items verified by the bootblock, the bootblock will not measure the
 * items to the TPM
 */
const verify_item_t bootblock_verify_list[] = {
	{ VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } },
		HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 },
	{ VERIFY_BLOCK, "BootBlock",
		{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
		CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
		MBOOT_PCR_INDEX_0 },
#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
	{ VERIFY_BLOCK, "PublicKey",
		{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
		CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
		MBOOT_PCR_INDEX_0 },
#endif
	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};

/*
 * The items used by the romstage. Bootblock and PublicKey are added here to make sure they
 * are measured
 */
const verify_item_t romstage_verify_list[] = {
	{ VERIFY_FILE, ROMSTAGE, { { NULL, CBFS_TYPE_STAGE } },
		HASH_IDX_ROM_STAGE, MBOOT_PCR_INDEX_0 },
	{ VERIFY_FILE, MICROCODE, { { NULL, CBFS_TYPE_MICROCODE } },
		HASH_IDX_MICROCODE, MBOOT_PCR_INDEX_1 },
	{ VERIFY_FILE, FSP, { { NULL, CBFS_TYPE_FSP } }, HASH_IDX_FSP,
		MBOOT_PCR_INDEX_1 },
	{ VERIFY_FILE, "spd.bin", { { NULL, CBFS_TYPE_SPD } },
		HASH_IDX_SPD0, MBOOT_PCR_INDEX_1 },
	{ VERIFY_BLOCK, "BootBlock",
		{ { (void *)0xffffffff - CONFIG_C_ENV_BOOTBLOCK_SIZE + 1,
		CONFIG_C_ENV_BOOTBLOCK_SIZE, } }, HASH_IDX_BOOTBLOCK,
		MBOOT_PCR_INDEX_0 },
#if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
	{ VERIFY_BLOCK, "PublicKey",
		{ { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION,
		CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE, } }, HASH_IDX_PUBLICKEY,
		MBOOT_PCR_INDEX_6 },
#endif
	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};

/* The items used by the postcar stage */
const verify_item_t postcar_verify_list[] = {
	{ VERIFY_FILE, POSTCAR, { { NULL, CBFS_TYPE_STAGE } },
		HASH_IDX_POSTCAR_STAGE, MBOOT_PCR_INDEX_0 },
	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};

/*
 * The items  used by the ramstage. FSP and microcode are already checked in the
 * romstage verify list
 */
static const verify_item_t ram_stage_additional_list[] = {
	{ VERIFY_FILE, OP_ROM_VBT, { { NULL, CBFS_TYPE_RAW } },
		HASH_IDX_OPROM, MBOOT_PCR_INDEX_2 },
#if CONFIG(FSP1_1_DISPLAY_LOGO)
	{ VERIFY_FILE, "logo.bmp", { { NULL, CBFS_TYPE_RAW } },
		HASH_IDX_LOGO, MBOOT_PCR_INDEX_2 },
#endif
	{ VERIFY_FILE, "fallback/dsdt.aml", { { NULL, CBFS_TYPE_RAW } },
		HASH_IDX_DSDT, MBOOT_PCR_INDEX_2 },
	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};

const verify_item_t ramstage_verify_list[] = {
	{ VERIFY_FILE, RAMSTAGE, { { ram_stage_additional_list,
		CBFS_TYPE_STAGE } }, HASH_IDX_RAM_STAGE, MBOOT_PCR_INDEX_0 },
	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};

/* items used by the payload */
const verify_item_t payload_verify_list[] = {
	{ VERIFY_FILE, PAYLOAD, { { NULL, CBFS_TYPE_SELF |
		VERIFIED_BOOT_COPY_BLOCK } }, HASH_IDX_PAYLOAD,
		MBOOT_PCR_INDEX_3 },
	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};

/* list of allowed options roms */
const verify_item_t oprom_verify_list[] = {
	{ VERIFY_TERMINATOR, NULL, { { NULL, 0 } }, 0, 0 }
};