Amol N Sukerkar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32159
Change subject: Documentation/security/vboot: Add logic to verify stage/blob using VBOOT 2.1 library
......................................................................
Documentation/security/vboot: Add logic to verify stage/blob using
VBOOT 2.1 library
Added documentation to explain the logic that makes use of VBOOT 2.1 library to
verify Coreboot stages/blobs.
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar(a)intel.com>
Change-Id: I1eb174bb4f4d84eb8f6befdce18421b6b85ccc02
---
M Documentation/security/index.md
A Documentation/security/vboot/flash_partition.png
A Documentation/security/vboot/vboot_21_logic.png
A Documentation/security/vboot/vboot_flow_20.png
A Documentation/security/vboot/vboot_flow_21.png
A Documentation/security/vboot/verified_boot_21.md
6 files changed, 115 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/32159/1
diff --git a/Documentation/security/index.md b/Documentation/security/index.md
index 89db42e..aebfc82 100644
--- a/Documentation/security/index.md
+++ b/Documentation/security/index.md
@@ -5,3 +5,4 @@
## Vendor
- [Measured Boot](vboot/measured_boot.md)
+- [Verified Boot with VBOOT 2.1](vboot/verified_boot_21.md)
diff --git a/Documentation/security/vboot/flash_partition.png b/Documentation/security/vboot/flash_partition.png
new file mode 100644
index 0000000..91e459b
--- /dev/null
+++ b/Documentation/security/vboot/flash_partition.png
Binary files differ
diff --git a/Documentation/security/vboot/vboot_21_logic.png b/Documentation/security/vboot/vboot_21_logic.png
new file mode 100644
index 0000000..d32e99e
--- /dev/null
+++ b/Documentation/security/vboot/vboot_21_logic.png
Binary files differ
diff --git a/Documentation/security/vboot/vboot_flow_20.png b/Documentation/security/vboot/vboot_flow_20.png
new file mode 100644
index 0000000..fce4c5d
--- /dev/null
+++ b/Documentation/security/vboot/vboot_flow_20.png
Binary files differ
diff --git a/Documentation/security/vboot/vboot_flow_21.png b/Documentation/security/vboot/vboot_flow_21.png
new file mode 100644
index 0000000..24859fe
--- /dev/null
+++ b/Documentation/security/vboot/vboot_flow_21.png
Binary files differ
diff --git a/Documentation/security/vboot/verified_boot_21.md b/Documentation/security/vboot/verified_boot_21.md
new file mode 100644
index 0000000..15253b3
--- /dev/null
+++ b/Documentation/security/vboot/verified_boot_21.md
@@ -0,0 +1,114 @@
+# Enabling Intel BootGuard Support in Coreboot
+
+## Introduction
+
+One of the primary and key requirement for Intel customers is to enable Secure
+Boot in their platform where root of trust resides in the hardware and is
+immutable. While the obvious choice when it comes to hardware root of trust is
+Intel Bootguard for IA platforms, the mechanism that extends the chain
+of trust from hardware to bootloader, to payload/OS loader and eventually to the
+OS is currently not implemented in Coreboot mainly due to licensing constraints.
+This document describes the mechanism implemented in Coreboot using Google VBOOT
+libraries version 2.1 that makes use of Intel BootGuard technology as Root of
+Trust and extends the chain of trust to Coreboot which in turn extends it to the
+payload. Note: UEFI payload will use secure boot mechanism to verify and launch
+OS but that is beyond the scope of this document and will not be covered here.
+More details about VBOOT support in Coreboot are available at
+https://www.coreboot.org/git-docs/Intel/vboot.html.
+
+
+## Intel BootGuard Technology
+
+Intel BootGuard is a platform boot integrity
+protection technology. It allows initial stage of bootloader to be verified (and
+measured in TPM) by a piece of firmware (ACM) which itself is verified by Intel
+CPU microcode. A high level summary of the steps required to enable Intel
+BootGuard are: 1. Use Intel FSP-T with Coreboot bootloader. It contains the
+logic of correctly handling BtGuard enabled state. 2. Integrate ACM
+(Authenticated Code module) binary in bootloader image. 3. Generate BtGuard Key
+Manifest(BtG KM) and BtGuard Boot PolicyManifest(BtG BPM) and embed them in
+bootloader image. a. BtG KM contains the hash of the key used for signing BtG
+BPM. BtG KM is signed by the key whose hash is embedded in field-programmable
+fuses. b. BtG BPM contains the hash of initial stage of boot loader. It also
+stores other policies related to Intel TXT, BtG DMA protection etc. 4. Add
+entries for CPU microcode patch, ACM, BtG KM and BtG BPM in FIT table. 5.
+Update BootGuard related field-programmable fuses on the test platform.
+
+
+## VBOOT in Coreboot
+
+The current implementation of VBOOT tool support and logic
+in Coreboot is at version 2.0. The architecture, design and usage of this
+feature has been described here,
+https://www.coreboot.org/git-docs/Intel/vboot.html.
+
+### VBOOT 2.0 in Coreboot (Currently available)
+
+As described in the location mentioned above, the VBOOT 2.0 verified boot logic
+flow works as follows. Upon boot, verstage attempts to verify the read-write
+section A. It gets the public root key from GBB area and verifies the VBLOCK
+area in read-write section A. If the verification is successful, then verstage
+instructs Coreboot to boot rest of the firmware in read-write section A
+(romstage, postcar, ramstage and payload). If the verification fails, then,
+VBOOT falls back on read-only area to boot.
+The flow chart below shows this flow:
+
+**VBOOT 2.0 Verification Flow in Coreboot**
+![VBOOT_20_Flow_in_Coreboot][VBOOT_Flow_20]
+
+[VBOOT_Flow_20]: vboot_flow_20.png
+
+While this design implements verified boot to a certain extent, it does not take
+into account a few use-cases and concerns some Intel customers run into. A
+couple of them are as listed below,
+- Some hardware designs cannot support ‘read-only’ flash region as Root of Trust
+ and therefore prefer Intel BootGuard technology as RoT for verified boot
+mechanism.
+- In some use-cases, some of the firmware components may come from different
+ media, for instance, customer could boot payload from USB thumb drive instead
+of SPI flash. In that case, the entire read-write section will not have all the
+firmware components. There needs to be a mechanism to verify payload along with
+other components.
+- In exisiting implementation, all the firmware components in the boot chain are
+ verified in verstage. This may result in a TOCTOU attack where right after the
+verification phase, some firmware stages/components (such as payload, FSP, etc.)
+can be swapped with malware. To extend the vboot security model, the mechanism
+described below is proposed where the root of trust Bootguard begins by
+verifying the IBB and the chain of trust is extended only to the next
+stage/component at every verification pass. For instance, once Bootguard
+verifies IBB which contains verstage, romstage and postcar), postcar then uses
+the VBOOT mechanism to verify ramstage. Once ramstage is loaded into DRAM,
+ramstage in turn will verify FSP and payload.
+
+### Proposed Changes using VBOOT2.1 Libraries
+
+The proposed changes are described as follows. Upon power on of the device,
+Intel Bootguard attempts to verify IBB. IBB in this case, replaces the read-only
+portion of the flash map and contains bootblock, verstage, romstage and postcar
+stage. If the verification is successful, Intel Bootguard launches IBB and the
+system boots until postcar stage. In postcar stage, GBB is extracted and GBB
+verified the VBLOCK. Once VBLOCK is verified, postcar stage extracts the
+ramstage hash from VBLOCK and verifies the ramstage after it has been loaded
+into DRAM. This is done to ensure maximum security. Once ramstage is verified,
+ramstage is launched. At this point, ramstage extracts the hash of FSPS, DSDT
+ACPI table and payload in that order, and verifies and launches them
+sequentially. At any point, if the verification fails, the system boot will
+halt.
+
+**Stage/Blob Verification using VBOOT2.1 Library**
+![VBOOT_Stage_Blob_Verification][VBOOT_Flow_21]
+
+[VBOOT_Flow_21]: vboot_flow_21.png
+
+### Flash Partition and Code Flow in Coreboot
+
+**Flash Partition for Verification using VBOOT 2.1 Library**
+![VBOOT_Verification_2_1_Flash][Flash_Partition]
+
+[Flash_Partition]: flash_partition.png
+
+**Verification Logic using VBOOT 2.1 Library**
+![VBOOT_Verification_2_1_Logic][vboot_21_logic]
+
+[vboot_21_logic]: vboot_21_logic.png
+
--
To view, visit https://review.coreboot.org/c/coreboot/+/32159
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I1eb174bb4f4d84eb8f6befdce18421b6b85ccc02
Gerrit-Change-Number: 32159
Gerrit-PatchSet: 1
Gerrit-Owner: Amol N Sukerkar <amol.n.sukerkar(a)intel.com>
Gerrit-MessageType: newchange
Mike Banon has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/33886
Change subject: G505S AtomBIOS ROMs: known good binaries with a script to check their SHA256
......................................................................
G505S AtomBIOS ROMs: known good binaries with a script to check their SHA256
This change is a mirror for the known good AMD Lenovo G505S AtomBIOS ROMs from
this repository - https://github.com/g505s-opensource-researcher/g505s-atombios
- with the addition of two ROMs for ASUS AM1I-A and A88XM-E boards that I have.
AtomBIOS ROMs are required to enable the integrated and discrete VGA adapters,
however to add the discrete GPU support you will also need to apply these patches:
https://review.coreboot.org/c/coreboot/+/33874 - CB:33874 = CB:31448 + CB:31450
G505S dGPU support: scripts for applying the unofficial (not-merged-yet) patches
Save to ./coreboot/ then run ./extract_atombios_roms.sh and ./check... . Could
analyze these ROMs with AtomDis - https://cgit.freedesktop.org/~mhopf/AtomDis/
Three ROMs are suitable for Lenovo G505S with A10-5750M APU installed, and two
as a bonus: for ASUS AM1I-A with Athlon-5370 APU (iGPU HD-8400 / R3-Series)
and for ASUS A88XM-E with A10-6700 APU installed (iGPU HD-8670D).
Here are the SHA256 checksums for these AtomBIOS ROMs:
6104e6989ea3f494d7bfa30573bf38e830f1068bab9980caec5e890e0ccbfced
./pci1002,990b.rom - G505S (A10-5750M APU): for integrated GPU (iGPU) HD-8650G
6052b5def3fda2a93f6c4d55ec91b819429e212e26cdb8e0fcca54599c9c92ed
./pci1002,6663.rom - G505S (A10-5750M APU): for discrete GPU (dGPU) HD-8570M
15d74515332bc512de66e0dc910d8600aeb134bf715bbc34a4faac0257f4a0dc
./pci1002,6665.rom - G505S (A10-5750M APU): for discrete GPU (dGPU) R5-M230
cf5ad6f562cda07c8455a5fd33aae49ee6f451561a758e9761d1788767348115
./pci1002,9830.rom - ASUS AM1I-A (Athlon-5370 APU): for iGPU HD-8400 / R3-Series
73d52887c5c0797a00c38ff1d26528f32620efe41b47c592aa295f008712d0e5
./pci1002,990c.rom - ASUS A88XM-E (A10-6700 APU): for iGPU HD-8670D
pci1002,990b.rom (for iGPU HD-8650G) has been taken from G505S with R5-M230, and
despite the tiny voltage difference - it's working great for all G505S versions.
https://mail.coreboot.org/hyperkitty/list/coreboot@coreboot.org/thread/
GZNWISLFHUTYN6C7RTWSQUMJIFOUHMED/
Signed-off-by: Mike Banon <mikebdp2(a)gmail.com>
Change-Id: I717128b279bfaa5164fe6ac7dbfdb64e2984b550
---
A check_atombios_roms.sh
A extract_atombios_roms.sh
A pci1002,6663.rom.txt
A pci1002,6665.rom.txt
A pci1002,9830.rom.txt
A pci1002,990b.rom.txt
A pci1002,990c.rom.txt
A sha256sums_atombios_correct.txt
8 files changed, 15,719 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/86/33886/1
--
To view, visit https://review.coreboot.org/c/coreboot/+/33886
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I717128b279bfaa5164fe6ac7dbfdb64e2984b550
Gerrit-Change-Number: 33886
Gerrit-PatchSet: 1
Gerrit-Owner: Mike Banon <mikebdp2(a)gmail.com>
Gerrit-MessageType: newchange