vboot: add mocked secdata
This patch allows a board without a secdata storage (typically TPM) to pass
the verification stage if recovery path is taken. It's useful for bringup
when the actual board is not ready.
BUG=none
BRANCH=none
TEST=booted the kernel from a usb stick on a cygnus reference board
Change-Id: I5ab97d1198057d102a1708338d71c606fe106c75
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 5d45acee31fd5b7bfe7444f12e3622bae49fc329
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/212418
Original-Reviewed-by: Daisuke Nojiri <dnojiri@google.com>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iddd9af19a2b6428704254af0c17b642e7a976fb8
Original-Reviewed-on: https://chromium-review.googlesource.com/265046
Reviewed-on: http://review.coreboot.org/9919
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
diff --git a/src/vendorcode/google/chromeos/vboot2/Kconfig b/src/vendorcode/google/chromeos/vboot2/Kconfig
index 7ea53fd..16b8110 100644
--- a/src/vendorcode/google/chromeos/vboot2/Kconfig
+++ b/src/vendorcode/google/chromeos/vboot2/Kconfig
@@ -24,6 +24,17 @@
Enabling VBOOT2_VERIFY_FIRMWARE will use vboot2 to verify the romstage
and boot loader.
+config VBOOT2_MOCK_SECDATA
+ bool "Mock secdata for firmware verification"
+ default n
+ depends on VBOOT2_VERIFY_FIRMWARE
+ help
+ Enabling VBOOT2_MOCK_SECDATA will mock secdata for the firmware
+ verification to avoid access to a secdata storage (typically TPM).
+ All operations for a secdata storage will be successful. This option
+ can be used during development when a TPM is not present or broken.
+ THIS SHOULD NOT BE LEFT ON FOR PRODUCTION DEVICES.
+
config RETURN_FROM_VERSTAGE
bool "return from verstage"
default n