coreboot-gerrit February 2019

coreboot-gerrit@coreboot.org

1 participants
1249 discussions

Change in ...coreboot[master]: security/tpm: Fix TCPA log feature
by Philipp Deppenwiese (Code Review) 21 Feb '19

21 Feb '19

Hello Werner Zeh, Aaron Durbin, Julius Werner, Patrick Rudolph, Paul Menzel, David Hendricks, build bot (Jenkins), Patrick Georgi, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/29563 to look at the new patch set (#38). Change subject: security/tpm: Fix TCPA log feature ...................................................................... security/tpm: Fix TCPA log feature Until now the TCPA log wasn't working correctly. * Refactor TCPA log code. * Add TCPA log dump fucntion. * Make TCPA log available in bootblock. * Fix TCPA log formatting. * Add x86 and Cavium memory for early log. Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Signed-off-by: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> --- M src/arch/x86/car.ld M src/commonlib/include/commonlib/tcpa_log_serialized.h M src/include/memlayout.h M src/security/tpm/tspi.h M src/security/tpm/tspi/log.c M src/security/tpm/tspi/tspi.c M src/security/vboot/Kconfig M src/security/vboot/secdata_tpm.c M src/security/vboot/symbols.h M src/soc/cavium/cn81xx/include/soc/memlayout.ld M src/soc/imgtec/pistachio/include/soc/memlayout.ld M src/soc/mediatek/mt8173/include/soc/memlayout.ld M src/soc/mediatek/mt8183/include/soc/memlayout.ld M src/soc/nvidia/tegra124/include/soc/memlayout.ld M src/soc/nvidia/tegra210/include/soc/memlayout.ld M src/soc/samsung/exynos5250/include/soc/memlayout.ld M util/cbmem/cbmem.c 17 files changed, 175 insertions(+), 61 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/63/29563/38 -- To view, visit https://review.coreboot.org/c/coreboot/+/29563 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Gerrit-Change-Number: 29563 Gerrit-PatchSet: 38 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Patrick Rudolph Gerrit-CC: Patrick Rudolph <siro(a)das-labor.org> Gerrit-MessageType: newpatchset

1 0

Change in ...coreboot[master]: security/tpm: Fix TCPA log feature
by build bot (Jenkins) (Code Review) 21 Feb '19

21 Feb '19

build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29563 ) Change subject: security/tpm: Fix TCPA log feature ...................................................................... Patch Set 37: (12 comments) https://review.coreboot.org/#/c/29563/37/src/include/memlayout.h File src/include/memlayout.h: https://review.coreboot.org/#/c/29563/37/src/include/memlayout.h@167 PS37, Line 167: #define VBOOT2_TPM_LOG(addr, size) \ Macros with multiple statements should be enclosed in a do - while loop https://review.coreboot.org/#/c/29563/37/src/include/memlayout.h@167 PS37, Line 167: #define VBOOT2_TPM_LOG(addr, size) \ macros should not use a trailing semicolon https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi.h File src/security/tpm/tspi.h: https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi.h@50 PS37, Line 50: uint32_t tpm_extend_pcr(int pcr, const char *digest_type, uint8_t *digest, size_t digest_len, line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c File src/security/tpm/tspi/log.c: https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@37 PS37, Line 37: size_t tcpa_log_len = sizeof(struct tcpa_table) + MAX_TCPA_LOG_ENTRIES * sizeof(struct tcpa_entry); line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@43 PS37, Line 43: if (strncmp(TCPA_LOG_HEADER, (const char *)tclt->header, sizeof(tclt->header))) { line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@44 PS37, Line 44: tclt->max_entries = MAX_PREMEM_TCPA_LOG_ENTRIES; line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@46 PS37, Line 46: strncpy((char *)tclt->header, TCPA_LOG_HEADER, sizeof(tclt->header)); line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@54 PS37, Line 54: strncpy((char *)tclt->header, TCPA_LOG_HEADER, sizeof(tclt->header)); line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@59 PS37, Line 59: if (strncmp(TCPA_LOG_HEADER, (const char *)tclt->header, sizeof(tclt->header))) { line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@62 PS37, Line 62: strncpy((char *)tclt->header, TCPA_LOG_HEADER, sizeof(tclt->header)); line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/tpm/tspi/log.c@97 PS37, Line 97: void tcpa_log_add_table_entry(const char *name, const uint32_t pcr, const char *digest_type, line over 80 characters https://review.coreboot.org/#/c/29563/37/src/security/vboot/secdata_tpm.c File src/security/vboot/secdata_tpm.c: https://review.coreboot.org/#/c/29563/37/src/security/vboot/secdata_tpm.c@86 PS37, Line 86: return tpm_extend_pcr(pcr, "SHA256", buffer, size, TPM_PCR_GBB_HWID_NAME); line over 80 characters -- To view, visit https://review.coreboot.org/c/coreboot/+/29563 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Gerrit-Change-Number: 29563 Gerrit-PatchSet: 37 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Patrick Rudolph Gerrit-CC: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Comment-Date: Thu, 21 Feb 2019 15:52:22 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/tpm: Fix TCPA log feature
by Philipp Deppenwiese (Code Review) 21 Feb '19

21 Feb '19

Hello Werner Zeh, Aaron Durbin, Julius Werner, Patrick Rudolph, Paul Menzel, David Hendricks, build bot (Jenkins), Patrick Georgi, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/29563 to look at the new patch set (#37). Change subject: security/tpm: Fix TCPA log feature ...................................................................... security/tpm: Fix TCPA log feature Until now the TCPA log wasn't working correctly. * Refactor TCPA log code. * Add TCPA log dump fucntion. * Make TCPA log available in bootblock. * Fix TCPA log formatting. * Add x86 and Cavium memory for early log. Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Signed-off-by: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> --- M src/arch/x86/car.ld M src/commonlib/include/commonlib/tcpa_log_serialized.h M src/include/memlayout.h M src/security/tpm/tspi.h M src/security/tpm/tspi/log.c M src/security/tpm/tspi/tspi.c M src/security/vboot/Kconfig M src/security/vboot/secdata_tpm.c M src/security/vboot/symbols.h M src/soc/cavium/cn81xx/include/soc/memlayout.ld M src/soc/imgtec/pistachio/include/soc/memlayout.ld M src/soc/mediatek/mt8173/include/soc/memlayout.ld M src/soc/mediatek/mt8183/include/soc/memlayout.ld M src/soc/nvidia/tegra124/include/soc/memlayout.ld M src/soc/nvidia/tegra210/include/soc/memlayout.ld M src/soc/qualcomm/ipq40xx/include/soc/memlayout.ld M src/soc/qualcomm/ipq806x/include/soc/memlayout.ld M src/soc/qualcomm/sdm845/include/soc/memlayout.ld M src/soc/rockchip/rk3399/include/soc/memlayout.ld M src/soc/samsung/exynos5250/include/soc/memlayout.ld M util/cbmem/cbmem.c 21 files changed, 185 insertions(+), 67 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/63/29563/37 -- To view, visit https://review.coreboot.org/c/coreboot/+/29563 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ic93133531b84318f48940d34bded48cbae739c44 Gerrit-Change-Number: 29563 Gerrit-PatchSet: 37 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Patrick Rudolph Gerrit-CC: Patrick Rudolph <siro(a)das-labor.org> Gerrit-MessageType: newpatchset

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by build bot (Jenkins) (Code Review) 21 Feb '19

21 Feb '19

build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 ) Change subject: security/vboot: Add measured boot mode ...................................................................... Patch Set 70: (15 comments) https://review.coreboot.org/#/c/29547/70/src/lib/cbfs.c File src/lib/cbfs.c: https://review.coreboot.org/#/c/29547/70/src/lib/cbfs.c@102 PS70, Line 102: size_t in_size, void *buffer, size_t buffer_size, uint32_t compression) line over 80 characters https://review.coreboot.org/#/c/29547/70/src/lib/cbfs.c@115 PS70, Line 115: if ((ENV_BOOTBLOCK || ENV_VERSTAGE) && !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES)) line over 80 characters https://review.coreboot.org/#/c/29547/70/src/lib/cbfs.c@257 PS70, Line 257: if (ENV_VERSTAGE && !IS_ENABLED(CONFIG_NO_XIP_EARLY_STAGES) && IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) { line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_crtm.h File src/security/vboot/vboot_crtm.h: https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_crtm.h@49 PS70, Line 49: #if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR) line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c: https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_crtm.c@38 PS70, Line 38: if (cbfs_boot_locate(&bootblock_data, prog_name(&bootblock), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_crtm.c@55 PS70, Line 55: if (cbfs_boot_locate(&romstage_data, prog_name(&romstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_crtm.c@73 PS70, Line 73: if (cbfs_boot_locate(&verstage_data, prog_name(&verstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_crtm.c@94 PS70, Line 94: size_t whitelist_len = sizeof(CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA) - 1; line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c File src/security/vboot/vboot_logic.c: https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c@98 PS70, Line 98: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c@1… PS70, Line 104: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c@2… PS70, Line 281: return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) || vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c@3… PS70, Line 308: if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && vboot_platform_is_resuming()) line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c@3… PS70, Line 319: if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !(ctx.flags & VB2_CONTEXT_S3_RESUME)) { line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c@3… PS70, Line 324: if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) line over 80 characters https://review.coreboot.org/#/c/29547/70/src/security/vboot/vboot_logic.c@3… PS70, Line 333: if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) line over 80 characters -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 70 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Thu, 21 Feb 2019 15:47:58 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by build bot (Jenkins) (Code Review) 21 Feb '19

21 Feb '19

build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 ) Change subject: security/vboot: Add measured boot mode ...................................................................... Patch Set 69: (15 comments) https://review.coreboot.org/#/c/29547/69/src/lib/cbfs.c File src/lib/cbfs.c: https://review.coreboot.org/#/c/29547/69/src/lib/cbfs.c@102 PS69, Line 102: size_t in_size, void *buffer, size_t buffer_size, uint32_t compression) line over 80 characters https://review.coreboot.org/#/c/29547/69/src/lib/cbfs.c@115 PS69, Line 115: if ((ENV_BOOTBLOCK || ENV_VERSTAGE) && !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES)) line over 80 characters https://review.coreboot.org/#/c/29547/69/src/lib/cbfs.c@257 PS69, Line 257: if (ENV_VERSTAGE && !IS_ENABLED(CONFIG_NO_XIP_EARLY_STAGES) && IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) { line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_crtm.h File src/security/vboot/vboot_crtm.h: https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_crtm.h@49 PS69, Line 49: #if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR) line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c: https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_crtm.c@38 PS69, Line 38: if (cbfs_boot_locate(&bootblock_data, prog_name(&bootblock), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_crtm.c@55 PS69, Line 55: if (cbfs_boot_locate(&romstage_data, prog_name(&romstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_crtm.c@73 PS69, Line 73: if (cbfs_boot_locate(&verstage_data, prog_name(&verstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_crtm.c@94 PS69, Line 94: size_t whitelist_len = sizeof(CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA) - 1; line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c File src/security/vboot/vboot_logic.c: https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c@98 PS69, Line 98: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c@1… PS69, Line 104: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c@2… PS69, Line 281: return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) || vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c@3… PS69, Line 308: if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && vboot_platform_is_resuming()) line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c@3… PS69, Line 319: if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !(ctx.flags & VB2_CONTEXT_S3_RESUME)) { line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c@3… PS69, Line 324: if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) line over 80 characters https://review.coreboot.org/#/c/29547/69/src/security/vboot/vboot_logic.c@3… PS69, Line 333: if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) line over 80 characters -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 69 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Thu, 21 Feb 2019 15:47:24 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by Philipp Deppenwiese (Code Review) 21 Feb '19

21 Feb '19

Hello Patrick Rudolph, Aaron Durbin, Piotr Król, Julius Werner, Krystian Hebel, Patrick Rudolph, Stefan Reinauer, Paul Menzel, build bot (Jenkins), Patrick Georgi, Werner Zeh, Huang Jin, York Yang, David Hendricks, Martin Roth, Michał Żygowski, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/29547 to look at the new patch set (#69). Change subject: security/vboot: Add measured boot mode ...................................................................... security/vboot: Add measured boot mode * Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Signed-off-by: Werner Zeh <werner.zeh(a)siemens.com> --- M Documentation/index.md A Documentation/security.md A Documentation/security/index.md A Documentation/security/vboot/measured_boot.md A Documentation/security/vboot/srtm.png M src/cpu/intel/haswell/Makefile.inc M src/cpu/intel/model_2065x/Makefile.inc M src/cpu/intel/model_206ax/Makefile.inc M src/lib/cbfs.c M src/security/tpm/tspi/tspi.c M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc A src/security/vboot/vboot_crtm.c A src/security/vboot/vboot_crtm.h M src/security/vboot/vboot_logic.c M src/soc/amd/stoneyridge/Makefile.inc M src/soc/intel/baytrail/Makefile.inc M src/soc/intel/braswell/Makefile.inc M src/soc/intel/broadwell/Makefile.inc M src/soc/intel/fsp_baytrail/Makefile.inc M src/soc/intel/fsp_broadwell_de/Makefile.inc M src/soc/mediatek/mt8183/include/soc/memlayout.ld M util/abuild/abuild 23 files changed, 345 insertions(+), 44 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/47/29547/69 -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 69 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-MessageType: newpatchset

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by build bot (Jenkins) (Code Review) 21 Feb '19

21 Feb '19

build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 ) Change subject: security/vboot: Add measured boot mode ...................................................................... Patch Set 68: (15 comments) https://review.coreboot.org/#/c/29547/68/src/lib/cbfs.c File src/lib/cbfs.c: https://review.coreboot.org/#/c/29547/68/src/lib/cbfs.c@102 PS68, Line 102: size_t in_size, void *buffer, size_t buffer_size, uint32_t compression) line over 80 characters https://review.coreboot.org/#/c/29547/68/src/lib/cbfs.c@115 PS68, Line 115: if ((ENV_BOOTBLOCK || ENV_VERSTAGE) && !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES)) line over 80 characters https://review.coreboot.org/#/c/29547/68/src/lib/cbfs.c@257 PS68, Line 257: if (ENV_VERSTAGE && !IS_ENABLED(CONFIG_NO_XIP_EARLY_STAGES) && IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) { line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_crtm.h File src/security/vboot/vboot_crtm.h: https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_crtm.h@49 PS68, Line 49: #if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR) line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c: https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_crtm.c@38 PS68, Line 38: if (cbfs_boot_locate(&bootblock_data, prog_name(&bootblock), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_crtm.c@55 PS68, Line 55: if (cbfs_boot_locate(&romstage_data, prog_name(&romstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_crtm.c@73 PS68, Line 73: if (cbfs_boot_locate(&verstage_data, prog_name(&verstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_crtm.c@94 PS68, Line 94: size_t whitelist_len = sizeof(CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA) - 1; line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c File src/security/vboot/vboot_logic.c: https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c@98 PS68, Line 98: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c@1… PS68, Line 104: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c@2… PS68, Line 281: return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) || vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c@3… PS68, Line 308: if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && vboot_platform_is_resuming()) line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c@3… PS68, Line 319: if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !(ctx.flags & VB2_CONTEXT_S3_RESUME)) { line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c@3… PS68, Line 324: if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) line over 80 characters https://review.coreboot.org/#/c/29547/68/src/security/vboot/vboot_logic.c@3… PS68, Line 333: if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) line over 80 characters -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 68 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Thu, 21 Feb 2019 15:42:58 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by Philipp Deppenwiese (Code Review) 21 Feb '19

21 Feb '19

Hello Patrick Rudolph, Aaron Durbin, Piotr Król, Julius Werner, Krystian Hebel, Patrick Rudolph, Stefan Reinauer, Paul Menzel, build bot (Jenkins), Patrick Georgi, Werner Zeh, Huang Jin, York Yang, David Hendricks, Martin Roth, Michał Żygowski, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/29547 to look at the new patch set (#68). Change subject: security/vboot: Add measured boot mode ...................................................................... security/vboot: Add measured boot mode * Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Signed-off-by: Werner Zeh <werner.zeh(a)siemens.com> --- M Documentation/index.md A Documentation/security.md A Documentation/security/index.md A Documentation/security/vboot/measured_boot.md A Documentation/security/vboot/srtm.png M src/cpu/intel/haswell/Makefile.inc M src/cpu/intel/model_2065x/Makefile.inc M src/cpu/intel/model_206ax/Makefile.inc M src/lib/cbfs.c M src/security/tpm/tspi/tspi.c M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc A src/security/vboot/vboot_crtm.c A src/security/vboot/vboot_crtm.h M src/security/vboot/vboot_logic.c M src/soc/amd/stoneyridge/Makefile.inc M src/soc/intel/baytrail/Makefile.inc M src/soc/intel/braswell/Makefile.inc M src/soc/intel/broadwell/Makefile.inc M src/soc/intel/fsp_baytrail/Makefile.inc M src/soc/intel/fsp_broadwell_de/Makefile.inc M src/soc/mediatek/mt8183/include/soc/memlayout.ld M util/abuild/abuild 23 files changed, 338 insertions(+), 44 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/47/29547/68 -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 68 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-MessageType: newpatchset

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by build bot (Jenkins) (Code Review) 21 Feb '19

21 Feb '19

build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 ) Change subject: security/vboot: Add measured boot mode ...................................................................... Patch Set 67: (15 comments) https://review.coreboot.org/#/c/29547/67/src/lib/cbfs.c File src/lib/cbfs.c: https://review.coreboot.org/#/c/29547/67/src/lib/cbfs.c@102 PS67, Line 102: size_t in_size, void *buffer, size_t buffer_size, uint32_t compression) line over 80 characters https://review.coreboot.org/#/c/29547/67/src/lib/cbfs.c@115 PS67, Line 115: if ((ENV_BOOTBLOCK || ENV_VERSTAGE) && !IS_ENABLED(CONFIG_COMPRESS_PRERAM_STAGES)) line over 80 characters https://review.coreboot.org/#/c/29547/67/src/lib/cbfs.c@257 PS67, Line 257: if (ENV_VERSTAGE && !IS_ENABLED(CONFIG_NO_XIP_EARLY_STAGES) && IS_ENABLED(CONFIG_BOOT_DEVICE_MEMORY_MAPPED)) { line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_crtm.h File src/security/vboot/vboot_crtm.h: https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_crtm.h@49 PS67, Line 49: #if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !ENV_BOOTBLOCK && !ENV_DECOMPRESSOR) line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c: https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_crtm.c@38 PS67, Line 38: if (cbfs_boot_locate(&bootblock_data, prog_name(&bootblock), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_crtm.c@55 PS67, Line 55: if (cbfs_boot_locate(&romstage_data, prog_name(&romstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_crtm.c@73 PS67, Line 73: if (cbfs_boot_locate(&verstage_data, prog_name(&verstage), NULL) == 0) { line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_crtm.c@94 PS67, Line 94: size_t whitelist_len = sizeof(CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA) - 1; line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c File src/security/vboot/vboot_logic.c: https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c@98 PS67, Line 98: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c@1… PS67, Line 104: BUG(); /* Should never get called if init() returned an error. */ Avoid crashing the kernel - try using WARN_ON & recovery code rather than BUG() or BUG_ON() https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c@2… PS67, Line 281: return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) || vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR); line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c@3… PS67, Line 308: if (IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT) && vboot_platform_is_resuming()) line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c@3… PS67, Line 319: if (IS_ENABLED(CONFIG_VBOOT_MEASURED_BOOT) && !(ctx.flags & VB2_CONTEXT_S3_RESUME)) { line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c@3… PS67, Line 324: if (IS_ENABLED(CONFIG_VBOOT_PHYSICAL_DEV_SWITCH) && get_developer_mode_switch()) line over 80 characters https://review.coreboot.org/#/c/29547/67/src/security/vboot/vboot_logic.c@3… PS67, Line 333: if (IS_ENABLED(CONFIG_VBOOT_WIPEOUT_SUPPORTED) && get_wipeout_mode_switch()) line over 80 characters -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 67 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Comment-Date: Thu, 21 Feb 2019 15:42:13 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

Change in ...coreboot[master]: security/vboot: Add measured boot mode
by Philipp Deppenwiese (Code Review) 21 Feb '19

21 Feb '19

Hello Patrick Rudolph, Aaron Durbin, Piotr Król, Julius Werner, Krystian Hebel, Patrick Rudolph, Stefan Reinauer, Paul Menzel, build bot (Jenkins), Patrick Georgi, Werner Zeh, Huang Jin, York Yang, David Hendricks, Martin Roth, Michał Żygowski, I'd like you to reexamine a change. Please visit https://review.coreboot.org/c/coreboot/+/29547 to look at the new patch set (#67). Change subject: security/vboot: Add measured boot mode ...................................................................... security/vboot: Add measured boot mode * Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Signed-off-by: Werner Zeh <werner.zeh(a)siemens.com> --- M Documentation/index.md A Documentation/security.md A Documentation/security/index.md A Documentation/security/vboot/measured_boot.md A Documentation/security/vboot/srtm.png M src/cpu/intel/haswell/Makefile.inc M src/cpu/intel/model_2065x/Makefile.inc M src/cpu/intel/model_206ax/Makefile.inc M src/lib/cbfs.c M src/lib/prog_loaders.c M src/security/tpm/tspi/tspi.c M src/security/vboot/Kconfig M src/security/vboot/Makefile.inc A src/security/vboot/vboot_crtm.c A src/security/vboot/vboot_crtm.h M src/security/vboot/vboot_logic.c M src/soc/amd/stoneyridge/Makefile.inc M src/soc/intel/baytrail/Makefile.inc M src/soc/intel/braswell/Makefile.inc M src/soc/intel/broadwell/Makefile.inc M src/soc/intel/fsp_baytrail/Makefile.inc M src/soc/intel/fsp_broadwell_de/Makefile.inc M src/soc/mediatek/mt8183/include/soc/memlayout.ld M util/abuild/abuild 24 files changed, 346 insertions(+), 49 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/47/29547/67 -- To view, visit https://review.coreboot.org/c/coreboot/+/29547 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Gerrit-Change-Number: 29547 Gerrit-PatchSet: 67 Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Aaron Durbin <adurbin(a)chromium.org> Gerrit-Reviewer: David Hendricks <david.hendricks(a)gmail.com> Gerrit-Reviewer: Huang Jin <huang.jin(a)intel.com> Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martinroth(a)google.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: Patrick Georgi <pgeorgi(a)google.com> Gerrit-Reviewer: Patrick Rudolph <patrick.rudolph(a)9elements.com> Gerrit-Reviewer: Patrick Rudolph <siro(a)das-labor.org> Gerrit-Reviewer: Paul Menzel <paulepanter(a)users.sourceforge.net> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki(a)gmail.com> Gerrit-Reviewer: Piotr Król <piotr.krol(a)3mdeb.com> Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer(a)coreboot.org> Gerrit-Reviewer: Werner Zeh <werner.zeh(a)siemens.com> Gerrit-Reviewer: York Yang <york.yang(a)intel.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-MessageType: newpatchset

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit February 2019