diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2012-05-08 14:34:03 -0700 |
|---|---|---|
| committer | Bill Richardson <wfrichar@chromium.org> | 2012-05-10 17:27:36 -0700 |
| commit | 8101b7131651e344807d2bd0ec77542b3196a653 (patch) | |
| tree | df058964eee0efdfe82cfa2bd0f7e6ef013c45b8 /Makefile.rules | |
| parent | 058079977e3d94d05d40e44144549b9d4e391144 (diff) | |
| download | chrome-ec-8101b7131651e344807d2bd0ec77542b3196a653.tar.gz | |
Enable verified boot for EC firmware
BUG=chrome-os-partner:7459
TEST=manual
In the chroot:
cd src/platform/ec
make BOARD=link
The firmware image (build/link/ec.bin) is signed with dev-keys. Reflash the
EC and try it, and it should verify and reboot into RW A.
Additional tests (setting USE_RO_NORMAL, poking random values into VBLOCK_A
or FW_MAIN_A to force RW B to run, etc.) are left as an exercise for the
reader. I've done them and they work, though.
Change-Id: I29a23ea69aef02a11aebd4af3b043f6864723523
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'Makefile.rules')
| -rw-r--r-- | Makefile.rules | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/Makefile.rules b/Makefile.rules index ea7a961777..5a94984813 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -1,3 +1,4 @@ +# -*- makefile -*- # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -13,6 +14,8 @@ host-utils := $(foreach u,$(host-util-bin),$(out)/util/$(u)) # Create output directories if necessary _dir_create := $(foreach d,$(dirs),$(shell [ -d $(out)/$(d) ] || \ mkdir -p $(out)/$(d))) +_dir_y_create := $(foreach d,$(dirs-y),$(shell [ -d $(out)/$(d) ] || \ + mkdir -p $(out)/$(d))) section = $(subst .,,$(suffix $(1))) section_is = $(subst .,,SECTION_IS_$(suffix $(1))) @@ -38,6 +41,13 @@ cmd_c_to_host = $(HOSTCC) $(HOST_CFLAGS) -MMD -MF $@.d $< -o $@ cmd_qemu = ./util/run_qemu_test --image=build/$(BOARD)/$*/$*.bin test/$*.py \ $(silent) cmd_version = ./util/getversion.sh > $@ +cmd_sign = vbutil_ec --sign $@ \ + --version 1 \ + --keyblock $(VBOOT_DEVKEYS)/ec.keyblock \ + --signprivate $(VBOOT_DEVKEYS)/ec_data_key.vbprivk \ + --signpubkey $(VBOOT_DEVKEYS)/ec_root_key.vbpubk \ + $(silent) +cmd_mv = mv $^ $@ .PHONY: all tests utils @@ -66,8 +76,12 @@ $(out)/firmware_image.lds: common/firmware_image.lds.S $(out)/%.lds: core/$(CORE)/ec.lds.S $(call quiet,lds,LDS ) -$(out)/%.bin: $(out)/%.obj +$(out)/%.bin: $(out)/%.bin.tmp + $(call quiet,mv,MV ) + +$(out)/%.bin.tmp: $(out)/%.obj $(call quiet,obj_to_bin,OBJCOPY) + $(if $(sign-y),$(call quiet,sign,SIGN ),) $(out)/%.obj: common/firmware_image.S $(out)/firmware_image.lds \ $(out)/%.RO.flat $(out)/%.A.flat $(out)/%.B.flat @@ -85,6 +99,9 @@ $(out)/%.elf: $(out)/%.lds $(objs) $(out)/%.o:%.c $(call quiet,c_to_o,CC ) +$(out)/vboot/%.o:$(VBOOT_SOURCE)/%.c + $(call quiet,c_to_o,CC ) + $(out)/%.o:%.S $(call quiet,c_to_o,AS ) |