cbfs: Enable CBFS verification Kconfigs

With the elimination of remaining non-verifying CBFS APIs in CB:59682, CBFS verification is now ready to be used in its simplest form, so enable the respective Kconfig options in menuconfig. Add a few more restrictions to the TOCTOU_SAFETY option for problems that haven't been solved yet, and transform a comment in cbfs.c into a die() to make sure we don't accidentally forget implementing it once vboot integration gets added. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ifeba5c962c943856ab79bc6c4cb90a60c1de4a60 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59982 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Jakub Czapiga <jacz@semihalf.com>
2021-12-08 10:04:25 -08:00
parent 20ad36547e
commit 25096eb950
2 changed files with 33 additions and 19 deletions
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@ -57,7 +57,7 @@ cb_err_t _cbfs_boot_lookup(const char *name, bool force_ro,
 			   RO CBFS would have been caught when building the mcache in cbfs_get
 			   boot_device(). (Note that TOCTOU_SAFETY implies !NO_CBFS_MCACHE.) */
 			assert(cbd == vboot_get_cbfs_boot_device());
-			/* TODO: set metadata_hash to RW metadata hash here. */
+			die("TODO: set metadata_hash to RW metadata hash here.\n");
 		}
 		err = cbfs_lookup(&cbd->rdev, name, mdata, &data_offset, metadata_hash);
 	}