sravan/system76-coreboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ec_sync: Run EFS2 in romstage

Browse Source 
EFS2 allows EC RO to enable PD for special cases. When doing so, it sets
NO_BOOT flag to avoid booting the OS. AP needs to get NO_BOOT flag from
Cr50 and enforce that.

This patch makes verstage get a boot mode and a mirrored hash stored
in kernel secdata from Cr50.

This patch also makes romstage write an expected EC hash (a.k.a. Hexp) to
Cr50 (if there is an update).

BUG=b:147298634, chromium:1045217, b:148259137
BRANCH=none
TEST=Verify software sync succeeds on Puff.

Signed-off-by: dnojiri <dnojiri@chromium.org>
Change-Id: I1f387b6e920205b9cc4c8536561f2a279c36413d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40389
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
dnojiri
2020-04-03 10:56:43 -07:00
committed by Julius Werner
parent 622c6b84ab
commit dff56a056c
6 changed files with 109 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/vboot/ec_sync.c
View File

@ -50,7 +50,7 @@ void vboot_sync_ec(void)
ctx->flags |= VB2_CONTEXT_EC_SYNC_SUPPORTED;
retval = vb2api_ec_sync(ctx);
vboot_save_nvdata_only(ctx);
vboot_save_data(ctx);
switch (retval) {
case VB2_SUCCESS: