Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Julius Werner, Krystian Hebel, Yu-Ping Wu.
Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68750 )
Change subject: [WIP] security/tpm: make use of PCRs configurable via Kconfig
......................................................................
Patch Set 3:
(1 comment)
File src/security/tpm/Kconfig:
https://review.coreboot.org/c/coreboot/+/68750/comment/55f559d0_103acdcb
PS2, Line 176: PCR_CRTM
> Rename to `PCR_SRTM`. This is not (only) CRTM.
Done
--
To view, visit https://review.coreboot.org/c/coreboot/+/68750
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9
Gerrit-Change-Number: 68750
Gerrit-PatchSet: 3
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Reviewer: Yu-Ping Wu <yupingso(a)google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Attention: Julius Werner <jwerner(a)chromium.org>
Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Attention: Yu-Ping Wu <yupingso(a)google.com>
Gerrit-Comment-Date: Wed, 26 Oct 2022 22:03:52 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-MessageType: comment
Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Krystian Hebel.
Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68748 )
Change subject: [WIP] security/tpm: add TPM log format as per 2.0 spec
......................................................................
Patch Set 3:
(2 comments)
File src/security/tpm/tpm2_log_serialized.h:
https://review.coreboot.org/c/coreboot/+/68748/comment/466695ca_ccdad124
PS2, Line 51: uint32_t digest_count;
> Please add a comment that this is hardcoded to 1 in current version.
Done
File src/security/tpm/tspi/log-tpm2.c:
https://review.coreboot.org/c/coreboot/+/68748/comment/491e294d_4e4f4f51
PS2, Line 42: static struct tcpa_table *tcpa_cbmem_init(void)
> This is not TCPA, TCPA was the format for TPM1.2. […]
They can only be removed for all log formats or we'll have to add typedefs or implement each common function for each format. Can add a commit for renaming `tcpa_table` to `tpm_eventlog` or something first and then add new formats.
--
To view, visit https://review.coreboot.org/c/coreboot/+/68748
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1
Gerrit-Change-Number: 68748
Gerrit-PatchSet: 3
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Comment-Date: Wed, 26 Oct 2022 22:03:41 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-MessageType: comment
Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Krystian Hebel.
Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68747 )
Change subject: [WIP] security/tpm: add TPM log format as per 1.2 spec
......................................................................
Patch Set 3:
(5 comments)
File src/security/tpm/tpm12_log_serialized.h:
https://review.coreboot.org/c/coreboot/+/68747/comment/8214dc5a_9b442c3b
PS2, Line 11: TCPA_DIGEST_MAX_LENGTH
> `TCPA_DIGEST_LENGTH`, there can be no other.
Done
https://review.coreboot.org/c/coreboot/+/68747/comment/de80cb93_12656432
PS2, Line 13: #define TCPA_PCR_HASH_LEN 10
> What is this for?
Removed.
https://review.coreboot.org/c/coreboot/+/68747/comment/2056c9fb_74031846
PS2, Line 22: char name[TCPA_PCR_HASH_NAME];
> Specification doesn't precise that this is a name, just data. […]
I know, but if don't do agile log right, why would this be implemented correctly? It's done like coreboot-format which uses `name` and `char` and code in `tspi/crtm.c` relies on common structure/fields naming. I used this argument in that issue.
File src/security/tpm/tspi.h:
https://review.coreboot.org/c/coreboot/+/68747/comment/ae3bba50_75785772
PS2, Line 13: #include "tpm12_log_serialized.h"
> May be worth moving to `commonlib`
It's not useful there, you can't include multiple `*_log_serialized.h` because of redefinitions.
File src/security/tpm/tspi/log-tpm12.c:
https://review.coreboot.org/c/coreboot/+/68747/comment/86ff57c3_5e41964e
PS2, Line 5: then
> `than`
Done
--
To view, visit https://review.coreboot.org/c/coreboot/+/68747
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I89720615a75573d44dd0a39ad3d7faa78f125843
Gerrit-Change-Number: 68747
Gerrit-PatchSet: 3
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Comment-Date: Wed, 26 Oct 2022 22:03:29 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-MessageType: comment
Attention is currently required from: Tarun Tuli, Michał Żygowski, Maciej Pijanowski, Jason Nien, Subrata Banik, Christian Walter, Kapil Porwal, Tim Wawrzynczak, Nick Vaccaro, Krystian Hebel, Martin Roth.
Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68746 )
Change subject: [WIP] security/tpm: make log format configurable via Kconfig
......................................................................
Patch Set 4:
(1 comment)
File src/security/tpm/Kconfig:
https://review.coreboot.org/c/coreboot/+/68746/comment/6152e86b_b0a9e827
PS3, Line 102: config USE_TPM_LOG_CB
> Is this required? Why not use `TPM_LOG_CB` directly wherever needed?
Yes, it's required. Options defined in `choice` can't be selected directly.
--
To view, visit https://review.coreboot.org/c/coreboot/+/68746
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55
Gerrit-Change-Number: 68746
Gerrit-PatchSet: 4
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Reviewer: Jason Nien <jason.nien(a)amd.corp-partner.google.com>
Gerrit-Reviewer: Kapil Porwal <kapilporwal(a)google.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Reviewer: Nick Vaccaro <nvaccaro(a)chromium.org>
Gerrit-Reviewer: Subrata Banik <subratabanik(a)google.com>
Gerrit-Reviewer: Tarun Tuli <taruntuli(a)google.com>
Gerrit-Reviewer: Tim Wawrzynczak <inforichland(a)gmail.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Tarun Tuli <taruntuli(a)google.com>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Jason Nien <jason.nien(a)amd.corp-partner.google.com>
Gerrit-Attention: Subrata Banik <subratabanik(a)google.com>
Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Attention: Kapil Porwal <kapilporwal(a)google.com>
Gerrit-Attention: Tim Wawrzynczak <inforichland(a)gmail.com>
Gerrit-Attention: Nick Vaccaro <nvaccaro(a)chromium.org>
Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Attention: Martin Roth <martin.roth(a)amd.corp-partner.google.com>
Gerrit-Comment-Date: Wed, 26 Oct 2022 22:02:50 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-MessageType: comment
Felix Held has submitted this change. ( https://review.coreboot.org/c/coreboot/+/68139 )
Change subject: soc/amd/mendocino: Enable GPP clk req disabling for disabled devices
......................................................................
soc/amd/mendocino: Enable GPP clk req disabling for disabled devices
Enable GPP clk req disabling for disabled PCIe devices. If a clk req
line is enabled for a PCIe device that is not actually present and
enabled then the L1SS could get confused and cause issues with
suspending the SoC.
BUG=b:250009974
TEST=Ran on skyrim proto device, verified that clk reqs are set
appropriately
Change-Id: I6c840f2fa3f9358f58c0386134d23511ff880248
Signed-off-by: Robert Zieba <robertzieba(a)google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68139
Reviewed-by: Karthik Ramasubramanian <kramasub(a)google.com>
Tested-by: build bot (Jenkins) <no-reply(a)coreboot.org>
Reviewed-by: Felix Held <felix-coreboot(a)felixheld.de>
---
M src/mainboard/amd/chausie/Makefile.inc
M src/mainboard/google/skyrim/Makefile.inc
M src/soc/amd/mendocino/Kconfig
M src/soc/amd/mendocino/chip.h
M src/soc/amd/mendocino/fch.c
5 files changed, 32 insertions(+), 6 deletions(-)
Approvals:
build bot (Jenkins): Verified
Felix Held: Looks good to me, approved
Karthik Ramasubramanian: Looks good to me, approved
diff --git a/src/mainboard/amd/chausie/Makefile.inc b/src/mainboard/amd/chausie/Makefile.inc
index 2560886..98b2cdd 100644
--- a/src/mainboard/amd/chausie/Makefile.inc
+++ b/src/mainboard/amd/chausie/Makefile.inc
@@ -8,6 +8,7 @@
ramstage-y += chromeos.c
ramstage-y += gpio.c
+ramstage-y += port_descriptors.c
ifneq ($(wildcard $(MAINBOARD_BLOBS_DIR)/APCB_FT6_Updatable.bin),)
APCB_SOURCES = $(MAINBOARD_BLOBS_DIR)/APCB_FT6_Updatable.bin
diff --git a/src/mainboard/google/skyrim/Makefile.inc b/src/mainboard/google/skyrim/Makefile.inc
index 0fa733e..c1d1108 100644
--- a/src/mainboard/google/skyrim/Makefile.inc
+++ b/src/mainboard/google/skyrim/Makefile.inc
@@ -6,6 +6,7 @@
ramstage-y += mainboard.c
ramstage-y += ec.c
+ramstage-y += port_descriptors.c
ramstage-$(CONFIG_CHROMEOS) += chromeos.c
verstage-$(CONFIG_VBOOT_STARTS_BEFORE_BOOTBLOCK) += verstage.c
diff --git a/src/soc/amd/mendocino/Kconfig b/src/soc/amd/mendocino/Kconfig
index d31b29dd..9caee1e 100644
--- a/src/soc/amd/mendocino/Kconfig
+++ b/src/soc/amd/mendocino/Kconfig
@@ -75,6 +75,7 @@
select SOC_AMD_COMMON_BLOCK_PCI # TODO: Check if this is still correct
select SOC_AMD_COMMON_BLOCK_PCI_MMCONF
select SOC_AMD_COMMON_BLOCK_PCIE_GPP_DRIVER # TODO: Check if this is still correct
+ select SOC_AMD_COMMON_BLOCK_PCIE_CLK_REQ
select SOC_AMD_COMMON_BLOCK_PM # TODO: Check if this is still correct
select SOC_AMD_COMMON_BLOCK_PM_CHIPSET_STATE_SAVE # TODO: Check if this is still correct
select SOC_AMD_COMMON_BLOCK_PSP_GEN2 # TODO: Check if this is still correct
diff --git a/src/soc/amd/mendocino/chip.h b/src/soc/amd/mendocino/chip.h
index 0e656f5..04241ec 100644
--- a/src/soc/amd/mendocino/chip.h
+++ b/src/soc/amd/mendocino/chip.h
@@ -7,6 +7,7 @@
#include <amdblocks/chip.h>
#include <amdblocks/i2c.h>
+#include <amdblocks/pci_clk_req.h>
#include <gpio.h>
#include <soc/i2c.h>
#include <soc/southbridge.h>
@@ -92,11 +93,7 @@
/* The array index is the general purpose PCIe clock output number. Values in here
aren't the values written to the register to have the default to be always on. */
- enum {
- GPP_CLK_ON, /* GPP clock always on; default */
- GPP_CLK_REQ, /* GPP clock controlled by corresponding #CLK_REQx pin */
- GPP_CLK_OFF, /* GPP clk off */
- } gpp_clk_config[GPP_CLK_OUTPUT_AVAILABLE];
+ enum gpp_clk_req gpp_clk_config[GPP_CLK_OUTPUT_AVAILABLE];
/* performance policy for the PCIe links: power consumption vs. link speed */
enum {
diff --git a/src/soc/amd/mendocino/fch.c b/src/soc/amd/mendocino/fch.c
index e86cd31..5ebcc6b 100644
--- a/src/soc/amd/mendocino/fch.c
+++ b/src/soc/amd/mendocino/fch.c
@@ -6,6 +6,7 @@
#include <amdblocks/acpimmio.h>
#include <amdblocks/amd_pci_util.h>
#include <amdblocks/gpio.h>
+#include <amdblocks/pci_clk_req.h>
#include <amdblocks/smi.h>
#include <assert.h>
#include <bootstate.h>
@@ -130,7 +131,7 @@
/* configure the general purpose PCIe clock outputs according to the devicetree settings */
static void gpp_clk_setup(void)
{
- const struct soc_amd_mendocino_config *cfg = config_of_soc();
+ struct soc_amd_mendocino_config *cfg = config_of_soc();
/* look-up table to be able to iterate over the PCIe clock output settings */
const uint8_t gpp_clk_shift_lut[GPP_CLK_OUTPUT_COUNT] = {
@@ -145,6 +146,8 @@
uint32_t gpp_clk_ctl = misc_read32(GPP_CLK_CNTRL);
+ pcie_gpp_dxio_update_clk_req_config(&cfg->gpp_clk_config[0],
+ ARRAY_SIZE(cfg->gpp_clk_config));
for (int i = 0; i < GPP_CLK_OUTPUT_COUNT; i++) {
gpp_clk_ctl &= ~GPP_CLK_REQ_MASK(gpp_clk_shift_lut[i]);
/*
--
To view, visit https://review.coreboot.org/c/coreboot/+/68139
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6c840f2fa3f9358f58c0386134d23511ff880248
Gerrit-Change-Number: 68139
Gerrit-PatchSet: 9
Gerrit-Owner: Robert Zieba <robertzieba(a)google.com>
Gerrit-Reviewer: Felix Held <felix-coreboot(a)felixheld.de>
Gerrit-Reviewer: Fred Reitberger <reitbergerfred(a)gmail.com>
Gerrit-Reviewer: Jason Glenesk <jason.glenesk(a)gmail.com>
Gerrit-Reviewer: Jason Nien <jason.nien(a)amd.corp-partner.google.com>
Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com>
Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com>
Gerrit-Reviewer: Matt DeVillier <matt.devillier(a)amd.corp-partner.google.com>
Gerrit-Reviewer: Raul Rangel <rrangel(a)chromium.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-CC: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-MessageType: merged
Attention is currently required from: Erik van den Bogaert, Michał Żygowski, Maciej Pijanowski, Frans Hendriks, Christian Walter, Krystian Hebel.
Sergii Dmytruk has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68745 )
Change subject: [WIP] security/tpm: improve tlcl_extend() signature
......................................................................
Patch Set 3:
(1 comment)
File src/security/tpm/tss/tcg-1.2/tss.c:
https://review.coreboot.org/c/coreboot/+/68745/comment/76cf52fb_f191b670
PS2, Line 335: enum vb2_hash_algorithm digest_algo)
> Maybe this should return error if anything else than SHA1 is requested?
It did, but then I lost this change. Thanks.
--
To view, visit https://review.coreboot.org/c/coreboot/+/68745
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I944302b502e3424c5041b17c713a867b0fc535c4
Gerrit-Change-Number: 68745
Gerrit-PatchSet: 3
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Reviewer: Erik van den Bogaert <ebogaert(a)eltan.com>
Gerrit-Reviewer: Frans Hendriks <fhendriks(a)eltan.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Erik van den Bogaert <ebogaert(a)eltan.com>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Frans Hendriks <fhendriks(a)eltan.com>
Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Comment-Date: Wed, 26 Oct 2022 22:02:39 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-MessageType: comment
Attention is currently required from: Daniel P. Smith, Michał Żygowski, Maciej Pijanowski, Sergii Dmytruk.
Hello Michał Żygowski, Maciej Pijanowski, Krystian Hebel,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/68752
to look at the new patch set (#5).
Change subject: [WIP] Documentation/measured_boot.md: document new TPM options
......................................................................
[WIP] Documentation/measured_boot.md: document new TPM options
Change-Id: I6dae8e95c59b440c75e13473eefc4c2cf4fd369b
Ticket: https://ticket.coreboot.org/issues/426
Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
---
M Documentation/security/vboot/measured_boot.md
1 file changed, 116 insertions(+), 32 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/52/68752/5
--
To view, visit https://review.coreboot.org/c/coreboot/+/68752
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I6dae8e95c59b440c75e13473eefc4c2cf4fd369b
Gerrit-Change-Number: 68752
Gerrit-PatchSet: 5
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-CC: Daniel P. Smith
Gerrit-CC: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Daniel P. Smith
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-MessageType: newpatchset
Attention is currently required from: Daniel P. Smith, Michał Żygowski, Maciej Pijanowski, Sergii Dmytruk.
Hello Michał Żygowski, Maciej Pijanowski, Krystian Hebel,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/68751
to look at the new patch set (#3).
Change subject: [WIP] Documentation/measured_boot.md: fix SRTM/DRTM explanations
......................................................................
[WIP] Documentation/measured_boot.md: fix SRTM/DRTM explanations
Change-Id: If224dc0cf3c0515dbd18daca544c22275e96b459
Ticket: https://ticket.coreboot.org/issues/426
Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Co-authored-by: Daniel P. Smith
---
M Documentation/security/vboot/measured_boot.md
1 file changed, 80 insertions(+), 23 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/51/68751/3
--
To view, visit https://review.coreboot.org/c/coreboot/+/68751
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If224dc0cf3c0515dbd18daca544c22275e96b459
Gerrit-Change-Number: 68751
Gerrit-PatchSet: 3
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-CC: Daniel P. Smith
Gerrit-CC: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Daniel P. Smith
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-MessageType: newpatchset
Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Julius Werner, Yu-Ping Wu, Sergii Dmytruk.
Hello build bot (Jenkins), Michał Żygowski, Maciej Pijanowski, Christian Walter, Julius Werner, Krystian Hebel, Yu-Ping Wu,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/68750
to look at the new patch set (#3).
Change subject: [WIP] security/tpm: make use of PCRs configurable via Kconfig
......................................................................
[WIP] security/tpm: make use of PCRs configurable via Kconfig
At this moment, only GBB flags are moved from PCR-0 to PCR-1 when
vboot-compatibility is not enabled.
Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9
Ticket: https://ticket.coreboot.org/issues/424
Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
---
M src/security/tpm/Kconfig
M src/security/tpm/tspi/crtm.c
M src/security/tpm/tspi/crtm.h
M src/security/vboot/vboot_logic.c
4 files changed, 39 insertions(+), 17 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/50/68750/3
--
To view, visit https://review.coreboot.org/c/coreboot/+/68750
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9
Gerrit-Change-Number: 68750
Gerrit-PatchSet: 3
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Reviewer: Yu-Ping Wu <yupingso(a)google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Attention: Julius Werner <jwerner(a)chromium.org>
Gerrit-Attention: Yu-Ping Wu <yupingso(a)google.com>
Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-MessageType: newpatchset
Attention is currently required from: Michał Żygowski, Maciej Pijanowski, Christian Walter, Sergii Dmytruk.
Hello build bot (Jenkins), Michał Żygowski, Maciej Pijanowski, Christian Walter, Krystian Hebel,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/68748
to look at the new patch set (#3).
Change subject: [WIP] security/tpm: add TPM log format as per 2.0 spec
......................................................................
[WIP] security/tpm: add TPM log format as per 2.0 spec
Used by default for all boards with TPM2 which don't specify log
format explicitly.
Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1
Ticket: https://ticket.coreboot.org/issues/422
Ticket: https://ticket.coreboot.org/issues/423
Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
---
A src/commonlib/include/commonlib/tpm_log_defs.h
M src/security/tpm/Kconfig
M src/security/tpm/Makefile.inc
A src/security/tpm/tpm2_log_serialized.h
M src/security/tpm/tspi.h
M src/security/tpm/tspi/crtm.h
A src/security/tpm/tspi/log-tpm2.c
7 files changed, 425 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/48/68748/3
--
To view, visit https://review.coreboot.org/c/coreboot/+/68748
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I0fac386bebab1b7104378ae3424957c6497e84e1
Gerrit-Change-Number: 68748
Gerrit-PatchSet: 3
Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-Reviewer: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com>
Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Michał Żygowski <michal.zygowski(a)3mdeb.com>
Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com>
Gerrit-Attention: Christian Walter <christian.walter(a)9elements.com>
Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com>
Gerrit-MessageType: newpatchset