diff options
| author | Patryk Duda <pdk@semihalf.com> | 2023-05-08 14:36:07 +0200 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-05-08 18:08:48 +0000 |
| commit | 1d09fdbfa316b6c4341aec8dee6dbe7c332fc11a (patch) | |
| tree | 0563aefbb012bd663530ec84a7937d6bd4895f0f | |
| parent | c5b0963b4c369cebb751bad628dfcde3f44db4ad (diff) | |
| download | chrome-ec-1d09fdbfa316b6c4341aec8dee6dbe7c332fc11a.tar.gz | |
config: Don't enable LIBCRYPTOC in config.h
In config.h we define CONFIG_LIBCRYPTOC when CONFIG_ROLLBACK_SECRET_SIZE
is defined. This way we are sure that rollback have an access to
always_memset() function, used to securely clear buffers.
However, if BoringSSL library is enabled we use OPENSSL_cleanse()
function to clear buffers, so there is no need to enable libcryptoc.
BUG=b:277029648
TEST=make BOARD=hammer
TEST=make BOARD=prism
TEST=make BOARD=bloonchipper
TEST=make BOARD=dartmonkey
Change-Id: Ibc1e276e221a015285f3b1946df23510a578577d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4513395
Tested-by: Patryk Duda <patrykd@google.com>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Commit-Queue: Patryk Duda <patrykd@google.com>
| -rw-r--r-- | board/hammer/board.h | 1 | ||||
| -rw-r--r-- | board/prism/board.h | 1 | ||||
| -rw-r--r-- | include/config.h | 8 |
3 files changed, 2 insertions, 8 deletions
diff --git a/board/hammer/board.h b/board/hammer/board.h index 5d7b912ff2..d5ab4699ac 100644 --- a/board/hammer/board.h +++ b/board/hammer/board.h @@ -313,6 +313,7 @@ /* * Add rollback protection, and independent RW region protection. */ +#define CONFIG_LIBCRYPTOC #define CONFIG_ROLLBACK #define CONFIG_ROLLBACK_SECRET_SIZE 32 #define CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE 32 diff --git a/board/prism/board.h b/board/prism/board.h index 42768de2e7..c4bf4de58e 100644 --- a/board/prism/board.h +++ b/board/prism/board.h @@ -184,6 +184,7 @@ /* * Add rollback protection, and independent RW region protection. */ +#define CONFIG_LIBCRYPTOC #define CONFIG_ROLLBACK #define CONFIG_ROLLBACK_SECRET_SIZE 32 #define CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE 32 diff --git a/include/config.h b/include/config.h index 024c4f0fe2..06d97d358d 100644 --- a/include/config.h +++ b/include/config.h @@ -6437,14 +6437,6 @@ /*****************************************************************************/ /* - * Define CONFIG_LIBCRYPTOC if a board needs to read secret data from the - * anti-rollback block. - */ -#ifdef CONFIG_ROLLBACK_SECRET_SIZE -#define CONFIG_LIBCRYPTOC -#endif - -/* * Handle task-dependent configs. * * This prevent sub-modules from being compiled when the task and parent module |