[coreboot-gerrit] Patch set updated for coreboot: chromeos: Allow disabling vboot firmware verification when ChromeOS is enabled

Paul Kocialkowski (contact@paulk.fr) gerrit at coreboot.org
Thu Sep 3 09:10:46 CET 2015 

Paul Kocialkowski (contact at paulk.fr) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/11143

-gerrit

commit cad659a2f605df651841d052e2d7d2984be6553a
Author: Paul Kocialkowski <contact at paulk.fr>
Date:   Sun Aug 9 10:23:38 2015 +0200

    chromeos: Allow disabling vboot firmware verification when ChromeOS is enabled
    
    Some ChromeOS bindings might be wanted without using vboot verification, for
    instance to boot up depthcharge from the version of Coreboot installed in the
    write-protected part of the SPI flash (without jumping to a RW firmware).
    
    Vboot firmware verification is still selected by default when ChromeOS is
    enabled, but this allows more flexibility since vboot firmware verification is
    no longer a hard requirement for ChromeOS (that this particular use case still
    allows booting ChromeOS).
    
    In the future, it would make sense to have all the separate components that
    CONFIG_CHROMEOS enables have their own config options, so that they can be
    enabled separately.
    
    Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb
    Signed-off-by: Paul Kocialkowski <contact at paulk.fr>
---
 src/vendorcode/google/chromeos/Kconfig        | 2 +-
 src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index 8309d19..694e0d7 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -31,7 +31,6 @@ config CHROMEOS
 	select BOOTMODE_STRAPS
 	select ELOG
 	select COLLECT_TIMESTAMPS
-	select VBOOT_VERIFY_FIRMWARE
 	help
 	  Enable ChromeOS specific features like the GPIO sub table in
 	  the coreboot table. NOTE: Enabling this option on an unsupported
@@ -129,6 +128,7 @@ config VIRTUAL_DEV_SWITCH
 
 config VBOOT_VERIFY_FIRMWARE
 	bool "Verify firmware with vboot."
+	default y if CHROMEOS
 	default n
 	depends on HAVE_HARD_RESET
 	help
diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig
index c5c46e5..736dee6 100644
--- a/src/vendorcode/google/chromeos/vboot2/Kconfig
+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig
@@ -16,6 +16,8 @@
 ## Foundation, Inc.
 ##
 
+if VBOOT_VERIFY_FIRMWARE
+
 config VBOOT_STARTS_IN_BOOTBLOCK
 	bool "Vboot starts verifying in bootblock"
 	default n
@@ -126,3 +128,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER
 	  ram to allocate the vboot work buffer. That means vboot verification
 	  is after memory init and requires main memory to back the work
 	  buffer.
+
+endif # VBOOT_VERIFY_FIRMWARE

More information about the coreboot-gerrit mailing list