summaryrefslogtreecommitdiffstats
path: root/resources/libreboot/patch/coreboot/1bf5e6409678d04fd15f9625460078853118521c/depthcharge/veyron_speedy/0004-chromeos-Allow-disabling-vboot-firmware-verification.patch
diff options
context:
space:
mode:
Diffstat (limited to 'resources/libreboot/patch/coreboot/1bf5e6409678d04fd15f9625460078853118521c/depthcharge/veyron_speedy/0004-chromeos-Allow-disabling-vboot-firmware-verification.patch')
-rw-r--r--resources/libreboot/patch/coreboot/1bf5e6409678d04fd15f9625460078853118521c/depthcharge/veyron_speedy/0004-chromeos-Allow-disabling-vboot-firmware-verification.patch112
1 files changed, 112 insertions, 0 deletions
diff --git a/resources/libreboot/patch/coreboot/1bf5e6409678d04fd15f9625460078853118521c/depthcharge/veyron_speedy/0004-chromeos-Allow-disabling-vboot-firmware-verification.patch b/resources/libreboot/patch/coreboot/1bf5e6409678d04fd15f9625460078853118521c/depthcharge/veyron_speedy/0004-chromeos-Allow-disabling-vboot-firmware-verification.patch
new file mode 100644
index 0000000..1139490
--- /dev/null
+++ b/resources/libreboot/patch/coreboot/1bf5e6409678d04fd15f9625460078853118521c/depthcharge/veyron_speedy/0004-chromeos-Allow-disabling-vboot-firmware-verification.patch
@@ -0,0 +1,112 @@
+From 1122f7a00ad7b9cab11a548ed2ba24536bfc194e Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact@paulk.fr>
+Date: Sun, 9 Aug 2015 10:23:38 +0200
+Subject: [PATCH 4/4] chromeos: Allow disabling vboot firmware verification
+ when ChromeOS is enabled
+
+Some ChromeOS bindings might be wanted without using vboot verification, for
+instance to boot up depthcharge from the version of Coreboot installed in the
+write-protected part of the SPI flash (without jumping to a RW firmware).
+
+Vboot firmware verification is still selected by default when ChromeOS is
+enabled, but this allows more flexibility since vboot firmware verification is
+no longer a hard requirement for ChromeOS (that this particular use case still
+allows booting ChromeOS).
+
+In the future, it would make sense to have all the separate components that
+CONFIG_CHROMEOS enables have their own config options, so that they can be
+enabled separately.
+
+Change-Id: Ia4057a56838aa05dcf3cb250ae1a27fd91402ddb
+Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
+---
+ src/lib/bootmode.c | 2 ++
+ src/soc/rockchip/rk3288/Kconfig | 2 +-
+ src/vendorcode/google/chromeos/Kconfig | 4 +---
+ src/vendorcode/google/chromeos/vboot2/Kconfig | 4 ++++
+ 4 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/bootmode.c b/src/lib/bootmode.c
+index 15f7a5a..e4be29e 100644
+--- a/src/lib/bootmode.c
++++ b/src/lib/bootmode.c
+@@ -76,8 +76,10 @@ void gfx_set_init_done(int done)
+ int display_init_required(void)
+ {
+ /* For Chrome OS always honor vboot_skip_display_init(). */
++#if CONFIG_VBOOT_VERIFY_FIRMWARE
+ if (IS_ENABLED(CONFIG_CHROMEOS))
+ return !vboot_skip_display_init();
++#endif
+
+ /* By default always initialize display. */
+ return 1;
+diff --git a/src/soc/rockchip/rk3288/Kconfig b/src/soc/rockchip/rk3288/Kconfig
+index 65e6dc3..7947514 100644
+--- a/src/soc/rockchip/rk3288/Kconfig
++++ b/src/soc/rockchip/rk3288/Kconfig
+@@ -31,7 +31,7 @@ config SOC_ROCKCHIP_RK3288
+
+ if SOC_ROCKCHIP_RK3288
+
+-config CHROMEOS
++config VBOOT_VERIFY_FIRMWARE
+ select VBOOT_STARTS_IN_BOOTBLOCK
+ select SEPARATE_VERSTAGE
+ select RETURN_FROM_VERSTAGE
+diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig
+index d2a42a1..4068419 100644
+--- a/src/vendorcode/google/chromeos/Kconfig
++++ b/src/vendorcode/google/chromeos/Kconfig
+@@ -27,7 +27,6 @@ config CHROMEOS
+ select BOOTMODE_STRAPS
+ select ELOG if SPI_FLASH
+ select COLLECT_TIMESTAMPS
+- select VBOOT_VERIFY_FIRMWARE
+ select MULTIPLE_CBFS_INSTANCES
+ help
+ Enable ChromeOS specific features like the GPIO sub table in
+@@ -96,7 +95,6 @@ config CHROMEOS_RAMOOPS_RAM_SIZE
+ config EC_SOFTWARE_SYNC
+ bool "Enable EC software sync"
+ default n
+- depends on VBOOT_VERIFY_FIRMWARE
+ help
+ EC software sync is a mechanism where the AP helps the EC verify its
+ firmware similar to how vboot verifies the main system firmware. This
+@@ -120,12 +118,12 @@ config VBOOT_OPROM_MATTERS
+ config VIRTUAL_DEV_SWITCH
+ bool "Virtual developer switch support"
+ default n
+- depends on VBOOT_VERIFY_FIRMWARE
+ help
+ Whether this platform has a virtual developer switch.
+
+ config VBOOT_VERIFY_FIRMWARE
+ bool "Verify firmware with vboot."
++ default y if CHROMEOS
+ default n
+ depends on HAVE_HARD_RESET
+ help
+diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig
+index 7580d8d..141b636 100644
+--- a/src/vendorcode/google/chromeos/vboot2/Kconfig
++++ b/src/vendorcode/google/chromeos/vboot2/Kconfig
+@@ -12,6 +12,8 @@
+ ## GNU General Public License for more details.
+ ##
+
++if VBOOT_VERIFY_FIRMWARE
++
+ config VBOOT_STARTS_IN_BOOTBLOCK
+ bool "Vboot starts verifying in bootblock"
+ default n
+@@ -78,3 +80,5 @@ config VBOOT_DYNAMIC_WORK_BUFFER
+ ram to allocate the vboot work buffer. That means vboot verification
+ is after memory init and requires main memory to back the work
+ buffer.
++
++endif # VBOOT_VERIFY_FIRMWARE
+--
+2.8.0
+
generated by cgit v0.9.1 at 2024-06-29 08:46:46 (EDT)