1 /* SPDX-License-Identifier: GPL-2.0-only */
3 #include "board_verified_boot.h"
6 * The items verified by the bootblock, the bootblock will not measure the
9 const verify_item_t bootblock_verify_list
[] = {
10 #if CONFIG(SEPARATE_ROMSTAGE)
11 { VERIFY_FILE
, ROMSTAGE
, { { NULL
, CBFS_TYPE_STAGE
} },
12 HASH_IDX_ROM_STAGE
, MBOOT_PCR_INDEX_0
},
14 { VERIFY_FILE
, BOOTBLOCK
, { { NULL
, CBFS_TYPE_BOOTBLOCK
} },
15 HASH_IDX_BOOTBLOCK
, MBOOT_PCR_INDEX_0
},
16 { VERIFY_FILE
, FSP
, { { NULL
, CBFS_TYPE_FSP
} }, HASH_IDX_FSP
,
18 { VERIFY_FILE
, "spd.bin", { { NULL
, CBFS_TYPE_SPD
} },
19 HASH_IDX_SPD0
, MBOOT_PCR_INDEX_1
},
20 #if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
21 { VERIFY_BLOCK
, "PublicKey",
22 { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION
,
23 CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE
, } }, HASH_IDX_PUBLICKEY
,
26 { VERIFY_TERMINATOR
, NULL
, { { NULL
, 0 } }, 0, 0 }
30 * The items used by the romstage. Items verified by bootblock are added here to make sure they
33 const verify_item_t romstage_verify_list
[] = {
34 { VERIFY_FILE
, ROMSTAGE
, { { NULL
, CBFS_TYPE_STAGE
} },
35 HASH_IDX_ROM_STAGE
, MBOOT_PCR_INDEX_0
},
36 { VERIFY_FILE
, MICROCODE
, { { NULL
, CBFS_TYPE_MICROCODE
} },
37 HASH_IDX_MICROCODE
, MBOOT_PCR_INDEX_1
},
38 { VERIFY_FILE
, FSP
, { { NULL
, CBFS_TYPE_FSP
} }, HASH_IDX_FSP
,
40 { VERIFY_FILE
, "spd.bin", { { NULL
, CBFS_TYPE_SPD
} },
41 HASH_IDX_SPD0
, MBOOT_PCR_INDEX_1
},
42 { VERIFY_FILE
, BOOTBLOCK
, { { NULL
, CBFS_TYPE_BOOTBLOCK
} },
43 HASH_IDX_BOOTBLOCK
, MBOOT_PCR_INDEX_0
},
44 #if CONFIG(VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST)
45 { VERIFY_BLOCK
, "PublicKey",
46 { { (void *)CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_LOCATION
,
47 CONFIG_VENDORCODE_ELTAN_VBOOT_KEY_SIZE
, } }, HASH_IDX_PUBLICKEY
,
50 { VERIFY_TERMINATOR
, NULL
, { { NULL
, 0 } }, 0, 0 }
53 /* The items used by the postcar stage */
54 const verify_item_t postcar_verify_list
[] = {
55 { VERIFY_FILE
, POSTCAR
, { { NULL
, CBFS_TYPE_STAGE
} },
56 HASH_IDX_POSTCAR_STAGE
, MBOOT_PCR_INDEX_0
},
57 { VERIFY_TERMINATOR
, NULL
, { { NULL
, 0 } }, 0, 0 }
61 * The items used by the ramstage. FSP and microcode are already checked in the
62 * romstage verify list
64 static const verify_item_t ram_stage_additional_list
[] = {
65 #if CONFIG(INCLUDE_CONFIG_FILE)
66 { VERIFY_FILE
, "config", { { NULL
, CBFS_TYPE_RAW
} },
67 HASH_IDX_CONFIG
, MBOOT_PCR_INDEX_0
},
69 { VERIFY_FILE
, OP_ROM_VBT
, { { NULL
, CBFS_TYPE_RAW
} },
70 HASH_IDX_OPROM
, MBOOT_PCR_INDEX_2
},
72 { VERIFY_FILE
, "logo.bmp", { { NULL
, CBFS_TYPE_RAW
} },
73 HASH_IDX_LOGO
, MBOOT_PCR_INDEX_2
},
75 { VERIFY_FILE
, "fallback/dsdt.aml", { { NULL
, CBFS_TYPE_RAW
} },
76 HASH_IDX_DSDT
, MBOOT_PCR_INDEX_2
},
77 { VERIFY_TERMINATOR
, NULL
, { { NULL
, 0 } }, 0, 0 }
80 const verify_item_t ramstage_verify_list
[] = {
81 { VERIFY_FILE
, RAMSTAGE
, { { ram_stage_additional_list
,
82 CBFS_TYPE_STAGE
} }, HASH_IDX_RAM_STAGE
, MBOOT_PCR_INDEX_0
},
83 { VERIFY_TERMINATOR
, NULL
, { { NULL
, 0 } }, 0, 0 }
86 /* items used by the payload */
87 const verify_item_t payload_verify_list
[] = {
88 { VERIFY_FILE
, PAYLOAD
, { { NULL
, CBFS_TYPE_SELF
|
89 VERIFIED_BOOT_COPY_BLOCK
} }, HASH_IDX_PAYLOAD
,
91 { VERIFY_TERMINATOR
, NULL
, { { NULL
, 0 } }, 0, 0 }
94 /* list of allowed options roms */
95 const verify_item_t oprom_verify_list
[] = {
96 { VERIFY_TERMINATOR
, NULL
, { { NULL
, 0 } }, 0, 0 }