[coreboot-gerrit] New patch to review for coreboot: chromeos: Create GBB at build time
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Tue Feb 2 18:02:17 CET 2016
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/13558
-gerrit
commit 9ef6247376badceaa303b22e704513364c26eb40
Author: Patrick Georgi <pgeorgi at chromium.org>
Date: Tue Feb 2 14:43:56 2016 +0100
chromeos: Create GBB at build time
The GBB contains hardware-specific data plus some configuration. The
latter isn't supported by this change yet and will come later.
The fields that are supported (hardware ID, bmpfv, vboot keys) are
configurable through Kconfig and point to Chrome OS-style default (eg.
developer keys).
While adding vboot keys, the two keys used to sign RW regions are also
added to Kconfig, even if not yet used.
Change-Id: Icfba6061ca83182df560cd36052fbb257826d4b0
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
---
src/vendorcode/google/chromeos/Kconfig | 44 +++++++++++++++++++++++++++++
src/vendorcode/google/chromeos/Makefile.inc | 32 +++++++++++++++++++++
2 files changed, 76 insertions(+)
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
index d2a42a1..f060817 100644
--- a/src/vendorcode/google/chromeos/Kconfig
+++ b/src/vendorcode/google/chromeos/Kconfig
@@ -168,5 +168,49 @@ config HAVE_REGULATORY_DOMAIN
source src/vendorcode/google/chromeos/vboot2/Kconfig
+menu "GBB configuration"
+
+config GBB_HWID
+ string "Hardware ID"
+ default "NOCONF HWID"
+
+config GBB_BMPFV_FILE
+ string "Path to bmpfv image"
+ depends on GBB_HAVE_BMPFV
+ default ""
+
+endmenu # GBB
+
+menu "Vboot Keys"
+config VBOOT_ROOT_KEY
+ string "Root key (public)"
+ default "3rdparty/vboot/tests/devkeys/root_key.vbpubk"
+
+config VBOOT_RECOVERY_KEY
+ string "Recovery key (public)"
+ default "3rdparty/vboot/tests/devkeys/recovery_key.vbpubk"
+
+config VBOOT_FIRMWARE_PRIVKEY
+ string "Firmware key (private)"
+ default "3rdparty/vboot/tests/devkeys/firmware_data_key.vbprivk"
+
+config VBOOT_KERNEL_KEY
+ string "Kernel subkey (public)"
+ default "3rdparty/vboot/tests/devkeys/kernel_subkey.vbpubk"
+
+config VBOOT_KEYBLOCK
+ string "Keyblock to use for the RW regions"
+ default "3rdparty/vboot/tests/devkeys/firmware.keyblock"
+
+config VBOOT_KEYBLOCK_VERSION
+ int "Keyblock version number"
+ default 1
+
+config VBOOT_KEYBLOCK_PREAMBLE_FLAGS
+ hex "Keyblock preamble flags"
+ default 0
+
+endmenu # Keys
+
endif # CHROMEOS
endmenu
diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index 3f016a5..8e12e3a 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -51,3 +51,35 @@ CFLAGS_common += -DMOCK_TPM=0
endif
subdirs-$(CONFIG_VBOOT_VERIFY_FIRMWARE) += vboot2
+
+CONFIG_GBB_HWID := $(call strip_quotes,$(CONFIG_GBB_HWID))
+CONFIG_GBB_BMPFV_FILE := $(call strip_quotes,$(CONFIG_GBB_BMPFV_FILE))
+
+ifneq ($(CONFIG_GBB_BMPFV_FILE),)
+$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
+ @printf " CREATE GBB (with BMPFV)\n"
+ $(CBFSTOOL) $< read -r GBB -f $(obj)/gbb.stub.tmp
+ $(FUTILITY) gbb_utility -c 0x100,0x1000,$(call int-subtract $(call file-size,$(obj)/gbb.stub.tmp) 0x2180),0x1000 $@.tmp
+ rm -f $(obj)/gbb.stub.tmp
+ mv $@.tmp $@
+else
+$(obj)/gbb.stub: $(obj)/coreboot.rom $(FUTILITY)
+ @printf " CREATE GBB (without BMPFV)\n"
+ $(FUTILITY) gbb_utility -c 0x100,0x1000,0,0x1000 $@.tmp
+ mv $@.tmp $@
+endif
+
+$(obj)/gbb.region: $(obj)/gbb.stub
+ @printf " SETUP GBB\n"
+ cp $< $@.tmp
+ $(FUTILITY) gbb_utility -s \
+ --hwid="$(CONFIG_GBB_HWID)" \
+ --rootkey="$(CONFIG_VBOOT_ROOT_KEY)" \
+ --recoverykey="$(CONFIG_VBOOT_RECOVERY_KEY)" \
+ --flags=0 \
+ $@.tmp
+ mv $@.tmp $@
+
+build_complete:: $(obj)/gbb.region
+ @printf " WRITE GBB\n"
+ $(CBFSTOOL) $(obj)/coreboot.rom write -u -r GBB -f $<
More information about the coreboot-gerrit
mailing list