[coreboot-gerrit] Patch merged into coreboot/master: chromeos/vboot: provide support for x86 memory init verification
gerrit at coreboot.org
gerrit at coreboot.org
Thu Feb 4 17:34:04 CET 2016
the following patch was just integrated into master:
commit 87c9faeb4c7a94b2de1b2cf44d8db1383909ccc2
Author: Aaron Durbin <adurbin at chromium.org>
Date: Fri Jan 22 15:26:04 2016 -0600
chromeos/vboot: provide support for x86 memory init verification
For x86 systems which resume through the reset vector one needs to
ensure the the RW slot taken at resume time matches the one at
boot time. The reason is that any assets pulled out of the boot
media need to match how the platform previously booted. To do
that one needs obtain the hash digest of the chosen slot, and it
needs to be saved in a secure place on the normal boot path. On
resume one needs to retrieve the hash digest back to compare it
with the chosen slot. If they don't match resuming won't be
possible.
BUG=chrome-os-partner:46049
BRANCH=glados
TEST=Suspended and resumed on chell. Also, tested with an EC build
which returns a bad hash to ensure that is properly caught.
CQ-DEPEND=CL:323460
Change-Id: I90ce26813b67f46913aa4026b42d9490a564bb6c
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
Original-Commit-Id: 01a42c0ecfc6d60d1d2e5e36a86781d91d5c47a9
Original-Change-Id: I6c6bdce7e06712bc06cc620a3d7a6a6250c59c95
Original-Signed-off-by: Aaron Durbin <adurbin at chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/323500
Original-Reviewed-by: Patrick Georgi <pgeorgi at chromium.org>
Original-Reviewed-by: Duncan Laurie <dlaurie at chromium.org>
Reviewed-on: https://review.coreboot.org/13574
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer at coreboot.org>
See https://review.coreboot.org/13574 for details.
-gerrit
More information about the coreboot-gerrit
mailing list