security/vboot: Move vboot2 to security kconfig section
This commit just moves the vboot sources into
the security directory and fixes kconfig/makefile paths.
Fix vboot2 headers
Change-Id: Icd87f95640186f7a625242a3937e1dd13347eb60
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/22074
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Martin Roth <martinroth@google.com>
diff --git a/Makefile.inc b/Makefile.inc
index ea56a09..71d18e8 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -91,7 +91,7 @@
subdirs-y += util/futility util/marvell util/blobtool
subdirs-y += $(wildcard src/arch/*)
subdirs-y += src/mainboard/$(MAINBOARDDIR)
-subdirs-y += src/vboot
+subdirs-y += src/security
subdirs-y += payloads payloads/external
subdirs-y += site-local
diff --git a/src/Kconfig b/src/Kconfig
index dbc9217..e3323ba 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -349,7 +349,6 @@
source "src/drivers/intel/fsp1_0/Kconfig"
source "src/southbridge/intel/common/firmware/Kconfig"
-source "src/vboot/Kconfig"
source "src/vendorcode/*/Kconfig"
source "src/arch/*/Kconfig"
diff --git a/src/device/pci_device.c b/src/device/pci_device.c
index f43de45..3d23671 100644
--- a/src/device/pci_device.c
+++ b/src/device/pci_device.c
@@ -47,7 +47,7 @@
#include <device/pciexp.h>
#include <device/hypertransport.h>
#include <pc80/i8259.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
u8 pci_moving_config8(struct device *dev, unsigned int reg)
{
diff --git a/src/drivers/intel/fsp1_1/raminit.c b/src/drivers/intel/fsp1_1/raminit.c
index 5b6ec9e..2bdac0a 100644
--- a/src/drivers/intel/fsp1_1/raminit.c
+++ b/src/drivers/intel/fsp1_1/raminit.c
@@ -23,7 +23,7 @@
#include <reset.h>
#include <string.h>
#include <timestamp.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
void raminit(struct romstage_params *params)
{
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index b08ee1e..0aea1ad 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -32,7 +32,7 @@
#include <symbols.h>
#include <timestamp.h>
#include <tpm_lite/tlcl.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
#include <vb2_api.h>
static void mrc_cache_update_tpm_hash(const uint8_t *data, size_t size)
diff --git a/src/drivers/pc80/rtc/mc146818rtc.c b/src/drivers/pc80/rtc/mc146818rtc.c
index 830ff09..928b403 100644
--- a/src/drivers/pc80/rtc/mc146818rtc.c
+++ b/src/drivers/pc80/rtc/mc146818rtc.c
@@ -26,8 +26,8 @@
#include <rtc.h>
#include <string.h>
#include <cbfs.h>
-#include <vboot/vbnv.h>
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vbnv_layout.h>
/* There's no way around this include guard. option_table.h is autogenerated */
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
diff --git a/src/ec/google/chromeec/ec.c b/src/ec/google/chromeec/ec.c
index 7ab9d6b..3d053b6 100644
--- a/src/ec/google/chromeec/ec.c
+++ b/src/ec/google/chromeec/ec.c
@@ -26,7 +26,7 @@
#include <reset.h>
#include <rtc.h>
#include <stdlib.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
#include "chip.h"
#include "ec.h"
diff --git a/src/lib/coreboot_table.c b/src/lib/coreboot_table.c
index 131dde8..f152f34 100644
--- a/src/lib/coreboot_table.c
+++ b/src/lib/coreboot_table.c
@@ -32,7 +32,7 @@
#include <cbmem.h>
#include <bootmem.h>
#include <spi_flash.h>
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vbnv_layout.h>
#if IS_ENABLED(CONFIG_USE_OPTION_TABLE)
#include <option_table.h>
#endif
diff --git a/src/mainboard/google/veyron_rialto/mainboard.c b/src/mainboard/google/veyron_rialto/mainboard.c
index 91bf46a..b6b25be 100644
--- a/src/mainboard/google/veyron_rialto/mainboard.c
+++ b/src/mainboard/google/veyron_rialto/mainboard.c
@@ -34,7 +34,7 @@
#include <symbols.h>
#include <vbe.h>
#include <vendorcode/google/chromeos/chromeos.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
#include "board.h"
diff --git a/src/mainboard/intel/galileo/vboot.c b/src/mainboard/intel/galileo/vboot.c
index b0fa2f2..469ec4e 100644
--- a/src/mainboard/intel/galileo/vboot.c
+++ b/src/mainboard/intel/galileo/vboot.c
@@ -24,8 +24,8 @@
#include "gen1.h"
#include "gen2.h"
#include <spi_flash.h>
-#include <vboot/vboot_common.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vboot_common.h>
+#include <security/vboot/vbnv.h>
int clear_recovery_mode_switch(void)
{
diff --git a/src/northbridge/intel/haswell/raminit.c b/src/northbridge/intel/haswell/raminit.c
index e48cca9..f17a374 100644
--- a/src/northbridge/intel/haswell/raminit.c
+++ b/src/northbridge/intel/haswell/raminit.c
@@ -28,7 +28,7 @@
#include <device/dram/ddr3.h>
#include <smbios.h>
#include <spd.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
#include "raminit.h"
#include "pei_data.h"
#include "haswell.h"
diff --git a/src/northbridge/intel/sandybridge/raminit_mrc.c b/src/northbridge/intel/sandybridge/raminit_mrc.c
index 7145841..901a083 100644
--- a/src/northbridge/intel/sandybridge/raminit_mrc.c
+++ b/src/northbridge/intel/sandybridge/raminit_mrc.c
@@ -31,7 +31,7 @@
#include "raminit.h"
#include "pei_data.h"
#include "sandybridge.h"
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
/* Management Engine is in the southbridge */
#include "southbridge/intel/bd82x6x/me.h"
diff --git a/src/security/Kconfig b/src/security/Kconfig
index 7ec2952..7d105b8 100644
--- a/src/security/Kconfig
+++ b/src/security/Kconfig
@@ -11,3 +11,5 @@
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
+
+source "src/security/vboot/Kconfig"
diff --git a/src/security/Makefile.inc b/src/security/Makefile.inc
new file mode 100644
index 0000000..d2e1e60
--- /dev/null
+++ b/src/security/Makefile.inc
@@ -0,0 +1 @@
+subdirs-y += vboot
diff --git a/src/vboot/Kconfig b/src/security/vboot/Kconfig
similarity index 100%
rename from src/vboot/Kconfig
rename to src/security/vboot/Kconfig
diff --git a/src/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
similarity index 100%
rename from src/vboot/Makefile.inc
rename to src/security/vboot/Makefile.inc
diff --git a/src/vboot/bootmode.c b/src/security/vboot/bootmode.c
similarity index 97%
rename from src/vboot/bootmode.c
rename to src/security/vboot/bootmode.c
index 1207448..834bc48 100644
--- a/src/vboot/bootmode.c
+++ b/src/security/vboot/bootmode.c
@@ -20,9 +20,9 @@
#include <rules.h>
#include <string.h>
#include <vb2_api.h>
-#include <vboot/misc.h>
-#include <vboot/vbnv.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/misc.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vboot_common.h>
static int vb2_get_recovery_reason_shared_data(void)
{
diff --git a/src/vboot/common.c b/src/security/vboot/common.c
similarity index 97%
rename from src/vboot/common.c
rename to src/security/vboot/common.c
index 3e480ed..72228e4 100644
--- a/src/vboot/common.c
+++ b/src/security/vboot/common.c
@@ -20,9 +20,9 @@
#include <reset.h>
#include <string.h>
#include <vb2_api.h>
-#include <vboot/misc.h>
-#include <vboot/symbols.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/misc.h>
+#include <security/vboot/symbols.h>
+#include <security/vboot/vboot_common.h>
struct selected_region {
uint32_t offset;
diff --git a/src/vboot/misc.h b/src/security/vboot/misc.h
similarity index 96%
rename from src/vboot/misc.h
rename to src/security/vboot/misc.h
index dc94720..b5e3fcf 100644
--- a/src/vboot/misc.h
+++ b/src/security/vboot/misc.h
@@ -16,7 +16,7 @@
#ifndef __VBOOT_MISC_H__
#define __VBOOT_MISC_H__
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
struct vb2_context;
struct vb2_shared_data;
diff --git a/src/vboot/secdata_mock.c b/src/security/vboot/secdata_mock.c
similarity index 100%
rename from src/vboot/secdata_mock.c
rename to src/security/vboot/secdata_mock.c
diff --git a/src/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
similarity index 100%
rename from src/vboot/secdata_tpm.c
rename to src/security/vboot/secdata_tpm.c
diff --git a/src/vboot/symbols.h b/src/security/vboot/symbols.h
similarity index 100%
rename from src/vboot/symbols.h
rename to src/security/vboot/symbols.h
diff --git a/src/vboot/vbnv.c b/src/security/vboot/vbnv.c
similarity index 97%
rename from src/vboot/vbnv.c
rename to src/security/vboot/vbnv.c
index 79bdc8e..0fecacd 100644
--- a/src/vboot/vbnv.c
+++ b/src/security/vboot/vbnv.c
@@ -16,8 +16,8 @@
#include <arch/early_variables.h>
#include <string.h>
#include <types.h>
-#include <vboot/vbnv.h>
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vbnv_layout.h>
static int vbnv_initialized CAR_GLOBAL;
static uint8_t vbnv[VBOOT_VBNV_BLOCK_SIZE] CAR_GLOBAL;
diff --git a/src/vboot/vbnv.h b/src/security/vboot/vbnv.h
similarity index 100%
rename from src/vboot/vbnv.h
rename to src/security/vboot/vbnv.h
diff --git a/src/vboot/vbnv_cmos.c b/src/security/vboot/vbnv_cmos.c
similarity index 97%
rename from src/vboot/vbnv_cmos.c
rename to src/security/vboot/vbnv_cmos.c
index a311fddbb..9c801d8 100644
--- a/src/vboot/vbnv_cmos.c
+++ b/src/security/vboot/vbnv_cmos.c
@@ -17,8 +17,8 @@
#include <console/console.h>
#include <types.h>
#include <pc80/mc146818rtc.h>
-#include <vboot/vbnv.h>
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vbnv_layout.h>
static void clear_vbnv_battery_cutoff_flag(uint8_t *vbnv_copy)
{
diff --git a/src/vboot/vbnv_ec.c b/src/security/vboot/vbnv_ec.c
similarity index 92%
rename from src/vboot/vbnv_ec.c
rename to src/security/vboot/vbnv_ec.c
index 99e2b82..d73423e 100644
--- a/src/vboot/vbnv_ec.c
+++ b/src/security/vboot/vbnv_ec.c
@@ -15,8 +15,8 @@
#include <types.h>
#include <ec/google/chromeec/ec.h>
-#include <vboot/vbnv.h>
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vbnv_layout.h>
void read_vbnv_ec(uint8_t *vbnv_copy)
{
diff --git a/src/vboot/vbnv_flash.c b/src/security/vboot/vbnv_flash.c
similarity index 97%
rename from src/vboot/vbnv_flash.c
rename to src/security/vboot/vbnv_flash.c
index dd128a9..07569fa 100644
--- a/src/vboot/vbnv_flash.c
+++ b/src/security/vboot/vbnv_flash.c
@@ -20,9 +20,9 @@
#include <string.h>
#include <vb2_api.h>
#include <vboot_nvstorage.h>
-#include <vboot/vboot_common.h>
-#include <vboot/vbnv.h>
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vboot_common.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vbnv_layout.h>
#define BLOB_SIZE VB2_NVDATA_SIZE
diff --git a/src/vboot/vbnv_layout.h b/src/security/vboot/vbnv_layout.h
similarity index 100%
rename from src/vboot/vbnv_layout.h
rename to src/security/vboot/vbnv_layout.h
diff --git a/src/vboot/vboot_common.c b/src/security/vboot/vboot_common.c
similarity index 98%
rename from src/vboot/vboot_common.c
rename to src/security/vboot/vboot_common.c
index 515b368f..3ef9070 100644
--- a/src/vboot/vboot_common.c
+++ b/src/security/vboot/vboot_common.c
@@ -23,7 +23,7 @@
#include <rules.h>
#include <stddef.h>
#include <string.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
int vboot_named_region_device(const char *name, struct region_device *rdev)
{
diff --git a/src/vboot/vboot_common.h b/src/security/vboot/vboot_common.h
similarity index 100%
rename from src/vboot/vboot_common.h
rename to src/security/vboot/vboot_common.h
diff --git a/src/vboot/vboot_handoff.c b/src/security/vboot/vboot_handoff.c
similarity index 98%
rename from src/vboot/vboot_handoff.c
rename to src/security/vboot/vboot_handoff.c
index 974fe78..9fecc1a 100644
--- a/src/vboot/vboot_handoff.c
+++ b/src/security/vboot/vboot_handoff.c
@@ -34,8 +34,8 @@
#include <stdlib.h>
#include <timestamp.h>
#include <vboot_struct.h>
-#include <vboot/vbnv.h>
-#include <vboot/misc.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/misc.h>
/**
* Sets vboot_handoff based on the information in vb2_shared_data
diff --git a/src/vboot/vboot_loader.c b/src/security/vboot/vboot_loader.c
similarity index 97%
rename from src/vboot/vboot_loader.c
rename to src/security/vboot/vboot_loader.c
index 6a7e284..17ea0a9 100644
--- a/src/vboot/vboot_loader.c
+++ b/src/security/vboot/vboot_loader.c
@@ -21,9 +21,9 @@
#include <rmodule.h>
#include <rules.h>
#include <string.h>
-#include <vboot/misc.h>
-#include <vboot/symbols.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/misc.h>
+#include <security/vboot/symbols.h>
+#include <security/vboot/vboot_common.h>
/* Ensure vboot configuration is valid: */
_Static_assert(IS_ENABLED(CONFIG_VBOOT_STARTS_IN_BOOTBLOCK) +
diff --git a/src/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
similarity index 99%
rename from src/vboot/vboot_logic.c
rename to src/security/vboot/vboot_logic.c
index d06faa7..e6b97b9 100644
--- a/src/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -23,8 +23,8 @@
#include <string.h>
#include <timestamp.h>
#include <vb2_api.h>
-#include <vboot/misc.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/misc.h>
+#include <security/vboot/vbnv.h>
/* The max hash size to expect is for SHA512. */
#define VBOOT_MAX_HASH_SIZE VB2_SHA512_DIGEST_SIZE
diff --git a/src/vboot/verstage.c b/src/security/vboot/verstage.c
similarity index 95%
rename from src/vboot/verstage.c
rename to src/security/vboot/verstage.c
index aca4ab3..c244184 100644
--- a/src/vboot/verstage.c
+++ b/src/security/vboot/verstage.c
@@ -17,7 +17,7 @@
#include <arch/hlt.h>
#include <console/console.h>
#include <program_loading.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
void __attribute__((weak)) verstage_mainboard_init(void)
{
diff --git a/src/soc/amd/stoneyridge/pmutil.c b/src/soc/amd/stoneyridge/pmutil.c
index 5bbea2a..89d3640 100644
--- a/src/soc/amd/stoneyridge/pmutil.c
+++ b/src/soc/amd/stoneyridge/pmutil.c
@@ -13,7 +13,7 @@
* GNU General Public License for more details.
*/
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
int vbnv_cmos_failed(void)
{
diff --git a/src/soc/intel/apollolake/pmutil.c b/src/soc/intel/apollolake/pmutil.c
index 5fcefd7..162290a 100644
--- a/src/soc/intel/apollolake/pmutil.c
+++ b/src/soc/intel/apollolake/pmutil.c
@@ -34,7 +34,7 @@
#include <soc/pci_devs.h>
#include <soc/pm.h>
#include <timer.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#include "chip.h"
static uintptr_t read_pmc_mmio_bar(void)
diff --git a/src/soc/intel/baytrail/pmutil.c b/src/soc/intel/baytrail/pmutil.c
index fbdea8f..ee99917 100644
--- a/src/soc/intel/baytrail/pmutil.c
+++ b/src/soc/intel/baytrail/pmutil.c
@@ -22,7 +22,7 @@
#include <soc/lpc.h>
#include <soc/pci_devs.h>
#include <soc/pmc.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#if defined(__SIMPLE_DEVICE__)
diff --git a/src/soc/intel/baytrail/romstage/raminit.c b/src/soc/intel/baytrail/romstage/raminit.c
index 44e0923..b577a35 100644
--- a/src/soc/intel/baytrail/romstage/raminit.c
+++ b/src/soc/intel/baytrail/romstage/raminit.c
@@ -30,7 +30,7 @@
#include <soc/romstage.h>
#include <ec/google/chromeec/ec.h>
#include <ec/google/chromeec/ec_commands.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
static void reset_system(void)
{
diff --git a/src/soc/intel/braswell/pmutil.c b/src/soc/intel/braswell/pmutil.c
index b5f284f..18e655c 100644
--- a/src/soc/intel/braswell/pmutil.c
+++ b/src/soc/intel/braswell/pmutil.c
@@ -23,7 +23,7 @@
#include <soc/pci_devs.h>
#include <soc/pm.h>
#include <stdint.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#if defined(__SIMPLE_DEVICE__)
diff --git a/src/soc/intel/broadwell/igd.c b/src/soc/intel/broadwell/igd.c
index fa1340f..0b6e416 100644
--- a/src/soc/intel/broadwell/igd.c
+++ b/src/soc/intel/broadwell/igd.c
@@ -30,7 +30,7 @@
#include <soc/ramstage.h>
#include <soc/systemagent.h>
#include <soc/intel/broadwell/chip.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#include <soc/igd.h>
#define GT_RETRY 1000
diff --git a/src/soc/intel/broadwell/pmutil.c b/src/soc/intel/broadwell/pmutil.c
index 0edcd8c..25624cc 100644
--- a/src/soc/intel/broadwell/pmutil.c
+++ b/src/soc/intel/broadwell/pmutil.c
@@ -28,7 +28,7 @@
#include <soc/pci_devs.h>
#include <soc/pm.h>
#include <soc/gpio.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
/* Print status bits with descriptive names */
static void print_status_bits(u32 status, const char *bit_names[])
diff --git a/src/soc/intel/cannonlake/pmc.c b/src/soc/intel/cannonlake/pmc.c
index e9972a6..a0d816e 100644
--- a/src/soc/intel/cannonlake/pmc.c
+++ b/src/soc/intel/cannonlake/pmc.c
@@ -36,8 +36,8 @@
#include <cpu/x86/smm.h>
#include <soc/pcr_ids.h>
#include <soc/ramstage.h>
-#include <vboot/vbnv.h>
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vbnv_layout.h>
static void pch_pmc_add_mmio_resources(device_t dev)
{
diff --git a/src/soc/intel/cannonlake/pmutil.c b/src/soc/intel/cannonlake/pmutil.c
index ed2e3b0..b3fad88 100644
--- a/src/soc/intel/cannonlake/pmutil.c
+++ b/src/soc/intel/cannonlake/pmutil.c
@@ -40,7 +40,7 @@
#include <soc/pm.h>
#include <soc/smbus.h>
#include <timer.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#include "chip.h"
/*
diff --git a/src/soc/intel/common/block/pmc/pmclib.c b/src/soc/intel/common/block/pmc/pmclib.c
index 82ce292..f653bf0 100644
--- a/src/soc/intel/common/block/pmc/pmclib.c
+++ b/src/soc/intel/common/block/pmc/pmclib.c
@@ -23,7 +23,7 @@
#include <soc/pm.h>
#include <string.h>
#include <timer.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
static struct chipset_power_state power_state CAR_GLOBAL;
diff --git a/src/soc/intel/common/mrc_cache.c b/src/soc/intel/common/mrc_cache.c
index a4f3d32..8720c9d 100644
--- a/src/soc/intel/common/mrc_cache.c
+++ b/src/soc/intel/common/mrc_cache.c
@@ -23,7 +23,7 @@
#include <fmap.h>
#include <ip_checksum.h>
#include <region_file.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
#include "mrc_cache.h"
#include "nvm.h"
diff --git a/src/soc/intel/skylake/igd.c b/src/soc/intel/skylake/igd.c
index e1d5bff..545030f 100644
--- a/src/soc/intel/skylake/igd.c
+++ b/src/soc/intel/skylake/igd.c
@@ -32,7 +32,7 @@
#include <soc/systemagent.h>
#include <stdlib.h>
#include <string.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
uintptr_t fsp_soc_get_igd_bar(void)
{
diff --git a/src/soc/intel/skylake/pmutil.c b/src/soc/intel/skylake/pmutil.c
index 0da7fe8..d05c812 100644
--- a/src/soc/intel/skylake/pmutil.c
+++ b/src/soc/intel/skylake/pmutil.c
@@ -40,7 +40,7 @@
#include <soc/pmc.h>
#include <soc/smbus.h>
#include <timer.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#include "chip.h"
/*
diff --git a/src/soc/intel/skylake/romstage/romstage_fsp20.c b/src/soc/intel/skylake/romstage/romstage_fsp20.c
index d4a5e34..d6ec41f 100644
--- a/src/soc/intel/skylake/romstage/romstage_fsp20.c
+++ b/src/soc/intel/skylake/romstage/romstage_fsp20.c
@@ -35,7 +35,7 @@
#include <soc/romstage.h>
#include <string.h>
#include <timestamp.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
#define FSP_SMBIOS_MEMORY_INFO_GUID \
{ \
diff --git a/src/southbridge/intel/bd82x6x/early_pch_common.c b/src/southbridge/intel/bd82x6x/early_pch_common.c
index f812247..a41c2f3 100644
--- a/src/southbridge/intel/bd82x6x/early_pch_common.c
+++ b/src/southbridge/intel/bd82x6x/early_pch_common.c
@@ -22,7 +22,7 @@
#include <arch/acpi.h>
#include <console/console.h>
#include <rules.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#if ENV_ROMSTAGE
uint64_t get_initial_timestamp(void)
diff --git a/src/southbridge/intel/lynxpoint/pmutil.c b/src/southbridge/intel/lynxpoint/pmutil.c
index 55fe403..00a6e65 100644
--- a/src/southbridge/intel/lynxpoint/pmutil.c
+++ b/src/southbridge/intel/lynxpoint/pmutil.c
@@ -24,7 +24,7 @@
#include <device/pci.h>
#include <device/pci_def.h>
#include <console/console.h>
-#include <vboot/vbnv.h>
+#include <security/vboot/vbnv.h>
#include "pch.h"
#if IS_ENABLED(CONFIG_INTEL_LYNXPOINT_LP)
diff --git a/src/vendorcode/google/chromeos/acpi/chromeos.asl b/src/vendorcode/google/chromeos/acpi/chromeos.asl
index 44d9d15..d813b22 100644
--- a/src/vendorcode/google/chromeos/acpi/chromeos.asl
+++ b/src/vendorcode/google/chromeos/acpi/chromeos.asl
@@ -13,7 +13,7 @@
* GNU General Public License for more details.
*/
-#include <vboot/vbnv_layout.h>
+#include <security/vboot/vbnv_layout.h>
#if IS_ENABLED(CONFIG_CHROMEOS)
diff --git a/src/vendorcode/google/chromeos/chromeos.h b/src/vendorcode/google/chromeos/chromeos.h
index a739ab7..df61596 100644
--- a/src/vendorcode/google/chromeos/chromeos.h
+++ b/src/vendorcode/google/chromeos/chromeos.h
@@ -21,8 +21,8 @@
#include <bootmode.h>
#include <device/device.h>
#include <rules.h>
-#include <vboot/misc.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/misc.h>
+#include <security/vboot/vboot_common.h>
#if IS_ENABLED(CONFIG_CHROMEOS)
/* functions implemented in watchdog.c */
diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c
index 0ec0e70..6e67cc2 100644
--- a/src/vendorcode/google/chromeos/cr50_enable_update.c
+++ b/src/vendorcode/google/chromeos/cr50_enable_update.c
@@ -20,7 +20,7 @@
#include <halt.h>
#include <tpm_lite/tlcl.h>
#include <vb2_api.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
static void enable_update(void *unused)
{
diff --git a/src/vendorcode/google/chromeos/elog.c b/src/vendorcode/google/chromeos/elog.c
index f16f0ad..fbbfd16 100644
--- a/src/vendorcode/google/chromeos/elog.c
+++ b/src/vendorcode/google/chromeos/elog.c
@@ -16,7 +16,7 @@
#include <bootstate.h>
#include <console/console.h>
#include <elog.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vboot_common.h>
#if IS_ENABLED(CONFIG_HAVE_ACPI_RESUME)
#include <arch/acpi.h>
diff --git a/src/vendorcode/google/chromeos/gnvs.c b/src/vendorcode/google/chromeos/gnvs.c
index 8a5cc64..a278b41 100644
--- a/src/vendorcode/google/chromeos/gnvs.c
+++ b/src/vendorcode/google/chromeos/gnvs.c
@@ -20,8 +20,8 @@
#include <cbmem.h>
#include <console/console.h>
#include <elog.h>
-#include <vboot/vbnv.h>
-#include <vboot/vboot_common.h>
+#include <security/vboot/vbnv.h>
+#include <security/vboot/vboot_common.h>
#include <vboot_struct.h>
#include "chromeos.h"