diff options
Diffstat (limited to 'resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch')
-rw-r--r-- | resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch new file mode 100644 index 00000000..f268922a --- /dev/null +++ b/resources/libreboot/patch/cros/0001-chromeos-Allow-disabling-vboot-firmware-verification.patch @@ -0,0 +1,98 @@ +From 2178bea1fbef28afbb9ffa2d95673407fac1907e Mon Sep 17 00:00:00 2001 +From: Paul Kocialkowski <contact@paulk.fr> +Date: Sun, 9 Aug 2015 10:23:38 +0200 +Subject: [PATCH] chromeos: Allow disabling vboot firmware verification when + ChromeOS is enabled + +Some ChromeOS bindings might be wanted without using vboot verification, for +instance to boot up depthcharge from the version of Coreboot installed in the +write-protected part of the SPI flash (without jumping to a RW firmware). + +Vboot firmware verification is still selected by default when ChromeOS is +enabled, but this allows more flexibility since vboot firmware verification is +no longer a hard requirement for ChromeOS (that this particular use case still +allows booting ChromeOS). + +In the future, it would make sense to have all the separate components that +CONFIG_CHROMEOS enables have their own config options, so that they can be +enabled separately. + +Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb +Signed-off-by: Paul Kocialkowski <contact@paulk.fr> +--- + src/lib/bootmode.c | 2 ++ + src/soc/rockchip/rk3288/Kconfig | 2 +- + src/vendorcode/google/chromeos/Kconfig | 2 +- + src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++ + 4 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c +index f2ff72a..13c0130 100644 +--- a/src/lib/bootmode.c ++++ b/src/lib/bootmode.c +@@ -80,8 +80,10 @@ void gfx_set_init_done(int done) + int display_init_required(void) + { + /* For Chrome OS always honor vboot_skip_display_init(). */ ++#if CONFIG_VBOOT_VERIFY_FIRMWARE + if (IS_ENABLED(CONFIG_CHROMEOS)) + return !vboot_skip_display_init(); ++#endif + + /* By default always initialize display. */ + return 1; +diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig +index bc484e3..74a63e7 100644 +--- a/src/soc/rockchip/rk3288/Kconfig ++++ b/src/soc/rockchip/rk3288/Kconfig +@@ -35,7 +35,7 @@ config SOC_ROCKCHIP_RK3288 + + if SOC_ROCKCHIP_RK3288 + +-config CHROMEOS ++config VBOOT_VERIFY_FIRMWARE + select VBOOT_STARTS_IN_BOOTBLOCK + select SEPARATE_VERSTAGE + select RETURN_FROM_VERSTAGE +diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig +index 8309d19..694e0d7 100644 +--- a/src/vendorcode/google/chromeos/Kconfig ++++ b/src/vendorcode/google/chromeos/Kconfig +@@ -31,7 +31,6 @@ config CHROMEOS + select BOOTMODE_STRAPS + select ELOG + select COLLECT_TIMESTAMPS +- select VBOOT_VERIFY_FIRMWARE + help + Enable ChromeOS specific features like the GPIO sub table in + the coreboot table. NOTE: Enabling this option on an unsupported +@@ -129,6 +128,7 @@ config VIRTUAL_DEV_SWITCH + + config VBOOT_VERIFY_FIRMWARE + bool "Verify firmware with vboot." ++ default y if CHROMEOS + default n + depends on HAVE_HARD_RESET + help +diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig +index 930b009..610a847 100644 +--- a/src/vendorcode/google/chromeos/vboot2/Kconfig ++++ b/src/vendorcode/google/chromeos/vboot2/Kconfig +@@ -16,6 +16,8 @@ + ## Foundation, Inc. + ## + ++if VBOOT_VERIFY_FIRMWARE ++ + config VBOOT_STARTS_IN_BOOTBLOCK + bool "Vboot starts verifying in bootblock" + default n +@@ -133,3 +135,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER + ram to allocate the vboot work buffer. That means vboot verification + is after memory init and requires main memory to back the work + buffer. ++ ++endif # VBOOT_VERIFY_FIRMWARE +-- +1.9.1 + |