vboot/secdata: add fwmp parameter to enable FIPS 140-2 mode

Added VB2_SECDATA_FWMP_DEV_FIPS_MODE flag which would enable FIPS 140-2/3 compliant behavior in Cr50. This includes power-up self tests, known answer tests for cryptographic functions, etc. BUG=b:138577491 TEST=make clean && make runtests BRANCH=none Change-Id: I37334aab82fc36e6beff1a8902867fe316f901b6 Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1947916 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
author: Vadim Sukhomlinov <sukhomlinov@google.com> 2019-12-03 09:14:03 -0800
committer: Commit Bot <commit-bot@chromium.org> 2019-12-04 03:16:31 +0000
commit: 38d7d1cb7f7a2a75a375f82eaff887dc5757efe5 (patch)
tree: a2e4e846b7eb20fbdd290c51a2d43bbd6f0e310b
parent: 7d64b93ccf13623fa26ee865674e3b443ce253bd (diff)
download: vboot-38d7d1cb7f7a2a75a375f82eaff887dc5757efe5.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index ec119e45..6f9b2816 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -127,6 +127,7 @@ enum vb2_secdata_fwmp_flags {
 	VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5),
 	/* CCD = case-closed debugging on cr50; flag implemented on cr50 */
 	VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6),
+	VB2_SECDATA_FWMP_DEV_FIPS_MODE = (1 << 7),
 };
 
 /**
author	Vadim Sukhomlinov <sukhomlinov@google.com>	2019-12-03 09:14:03 -0800
committer	Commit Bot <commit-bot@chromium.org>	2019-12-04 03:16:31 +0000
commit	38d7d1cb7f7a2a75a375f82eaff887dc5757efe5 (patch)
tree	a2e4e846b7eb20fbdd290c51a2d43bbd6f0e310b
parent	7d64b93ccf13623fa26ee865674e3b443ce253bd (diff)
download	vboot-38d7d1cb7f7a2a75a375f82eaff887dc5757efe5.tar.gz