From 38d7d1cb7f7a2a75a375f82eaff887dc5757efe5 Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Tue, 3 Dec 2019 09:14:03 -0800
Subject: vboot/secdata: add fwmp parameter to enable FIPS 140-2 mode

Added VB2_SECDATA_FWMP_DEV_FIPS_MODE flag which would enable FIPS 140-2/3
compliant behavior in Cr50. This includes power-up self tests, known
answer tests for cryptographic functions, etc.

BUG=b:138577491
TEST=make clean && make runtests
BRANCH=none

Change-Id: I37334aab82fc36e6beff1a8902867fe316f901b6
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1947916
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 firmware/2lib/include/2secdata.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index ec119e45..6f9b2816 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -127,6 +127,7 @@ enum vb2_secdata_fwmp_flags {
 	VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5),
 	/* CCD = case-closed debugging on cr50; flag implemented on cr50 */
 	VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6),
+	VB2_SECDATA_FWMP_DEV_FIPS_MODE = (1 << 7),
 };
 
 /**
-- 
cgit v1.2.1