security/vboot: Include new gbb flag to enforce CSE sync

This patch adds a GBB flag to coreboot, which, when enabled, enforces CSE sync even if the current CSE version matches the version in CBFS. The CSME sync GBB and flag are designed to enhance autotest functionalities and are not intended or recommended for use in developing any other features. BUG=b:353053317 TEST=futility gbb --help Cq-Depend: chromium:5718196 Change-Id: I6352959e1e898a90b4c6e12a22f8d6513f90ded9 Signed-off-by: Dinesh Gehlot <digehlot@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/83685 Reviewed-by: Yu-Ping Wu <yupingso@google.com> Reviewed-by: Subrata Banik <subratabanik@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2024-07-30 12:51:28 +05:30
parent 2534539373
commit 896c76c5c1
2 changed files with 5 additions and 0 deletions
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -451,6 +451,10 @@ config GBB_FLAG_ENABLE_UDC
 	bool "Enable USB Device Controller"
 	default n

+config GBB_FLAG_FORCE_CSE_SYNC
+	bool "Running tests; enforce CSE sync"
+	default n
+
 endmenu # GBB

 menu "Vboot Keys"
--- a/src/security/vboot/Makefile.mk
+++ b/src/security/vboot/Makefile.mk
@@ -265,6 +265,7 @@ GBB_FLAGS := $(call int-add, \
 	$(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY),0x4000) \
 	$(call bool-to-mask,$(CONFIG_GBB_FLAG_DISABLE_FWMP),0x8000) \
 	$(call bool-to-mask,$(CONFIG_GBB_FLAG_ENABLE_UDC),0x10000) \
+	$(call bool-to-mask,$(CONFIG_GBB_FLAG_FORCE_CSE_SYNC),0x20000) \
 	)

 ifneq ($(CONFIG_GBB_BMPFV_FILE),)