From 1d09fdbfa316b6c4341aec8dee6dbe7c332fc11a Mon Sep 17 00:00:00 2001 From: Patryk Duda Date: Mon, 8 May 2023 14:36:07 +0200 Subject: config: Don't enable LIBCRYPTOC in config.h In config.h we define CONFIG_LIBCRYPTOC when CONFIG_ROLLBACK_SECRET_SIZE is defined. This way we are sure that rollback have an access to always_memset() function, used to securely clear buffers. However, if BoringSSL library is enabled we use OPENSSL_cleanse() function to clear buffers, so there is no need to enable libcryptoc. BUG=b:277029648 TEST=make BOARD=hammer TEST=make BOARD=prism TEST=make BOARD=bloonchipper TEST=make BOARD=dartmonkey Change-Id: Ibc1e276e221a015285f3b1946df23510a578577d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4513395 Tested-by: Patryk Duda Reviewed-by: Tom Hughes Commit-Queue: Patryk Duda --- board/hammer/board.h | 1 + board/prism/board.h | 1 + include/config.h | 8 -------- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/board/hammer/board.h b/board/hammer/board.h index 5d7b912ff2..d5ab4699ac 100644 --- a/board/hammer/board.h +++ b/board/hammer/board.h @@ -313,6 +313,7 @@ /* * Add rollback protection, and independent RW region protection. */ +#define CONFIG_LIBCRYPTOC #define CONFIG_ROLLBACK #define CONFIG_ROLLBACK_SECRET_SIZE 32 #define CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE 32 diff --git a/board/prism/board.h b/board/prism/board.h index 42768de2e7..c4bf4de58e 100644 --- a/board/prism/board.h +++ b/board/prism/board.h @@ -184,6 +184,7 @@ /* * Add rollback protection, and independent RW region protection. */ +#define CONFIG_LIBCRYPTOC #define CONFIG_ROLLBACK #define CONFIG_ROLLBACK_SECRET_SIZE 32 #define CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE 32 diff --git a/include/config.h b/include/config.h index 024c4f0fe2..06d97d358d 100644 --- a/include/config.h +++ b/include/config.h @@ -6436,14 +6436,6 @@ #endif /*****************************************************************************/ -/* - * Define CONFIG_LIBCRYPTOC if a board needs to read secret data from the - * anti-rollback block. - */ -#ifdef CONFIG_ROLLBACK_SECRET_SIZE -#define CONFIG_LIBCRYPTOC -#endif - /* * Handle task-dependent configs. * -- cgit v1.2.1