coreboot-gerrit April 2023

coreboot-gerrit@coreboot.org

1 participants
5761 discussions

[S] Change in coreboot[master]: mb/intel/mtlrvp: Enable RTD3 root port mutex for WWAN
by Martin Roth (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: Hannah Williams, Anil Kumar K, Cliff Huang, Jamie Ryu. Martin Roth has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/73384 ) Change subject: mb/intel/mtlrvp: Enable RTD3 root port mutex for WWAN ...................................................................... Patch Set 6: Code-Review+2 -- To view, visit https://review.coreboot.org/c/coreboot/+/73384 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5b53765453bac0fc96e9651ab347069c7c8bf058 Gerrit-Change-Number: 73384 Gerrit-PatchSet: 6 Gerrit-Owner: Cliff Huang <cliff.huang(a)intel.com> Gerrit-Reviewer: Anil Kumar K <anil.kumar.k(a)intel.com> Gerrit-Reviewer: Bora Guvendik <bora.guvendik(a)intel.com> Gerrit-Reviewer: Hannah Williams <hannah.williams(a)intel.com> Gerrit-Reviewer: Jamie Ryu <jamie.m.ryu(a)intel.com> Gerrit-Reviewer: Jérémy Compostella <jeremy.compostella(a)intel.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Hannah Williams <hannah.williams(a)intel.com> Gerrit-Attention: Anil Kumar K <anil.kumar.k(a)intel.com> Gerrit-Attention: Cliff Huang <cliff.huang(a)intel.com> Gerrit-Attention: Jamie Ryu <jamie.m.ryu(a)intel.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:37:16 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

1 0

[S] Change in coreboot[master]: mb/google/brya: Enable RTD3 root port mutex for WWAN
by Martin Roth (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: Cliff Huang, Tarun Tuli. Martin Roth has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/73382 ) Change subject: mb/google/brya: Enable RTD3 root port mutex for WWAN ...................................................................... Patch Set 3: Code-Review+2 -- To view, visit https://review.coreboot.org/c/coreboot/+/73382 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ia87b5f9d8300d6263c84a586256424799d3a45b1 Gerrit-Change-Number: 73382 Gerrit-PatchSet: 3 Gerrit-Owner: Cliff Huang <cliff.huang(a)intel.com> Gerrit-Reviewer: Bora Guvendik <bora.guvendik(a)intel.com> Gerrit-Reviewer: Jérémy Compostella <jeremy.compostella(a)intel.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: Tarun Tuli <taruntuli(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Cliff Huang <cliff.huang(a)intel.com> Gerrit-Attention: Tarun Tuli <taruntuli(a)google.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:36:14 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

1 0

[S] Change in coreboot[master]: soc/intel/alderlake: Implement `soc_is_ish_partition_enabled` override
by Tarun Tuli (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: SRIDHAR SIRICILLA, Subrata Banik, Kangheui Won, Dinesh Gehlot. Tarun Tuli has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74532 ) Change subject: soc/intel/alderlake: Implement `soc_is_ish_partition_enabled` override ...................................................................... Patch Set 5: Code-Review+2 -- To view, visit https://review.coreboot.org/c/coreboot/+/74532 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I7771aebb988f11d9d1b2824aa28e6f294fd67c25 Gerrit-Change-Number: 74532 Gerrit-PatchSet: 5 Gerrit-Owner: Subrata Banik <subratabanik(a)google.com> Gerrit-Reviewer: Dinesh Gehlot <digehlot(a)google.com> Gerrit-Reviewer: Kangheui Won <khwon(a)chromium.org> Gerrit-Reviewer: Kapil Porwal <kapilporwal(a)google.com> Gerrit-Reviewer: SRIDHAR SIRICILLA Gerrit-Reviewer: Tarun Tuli <taruntuli(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: SRIDHAR SIRICILLA Gerrit-Attention: Subrata Banik <subratabanik(a)google.com> Gerrit-Attention: Kangheui Won <khwon(a)chromium.org> Gerrit-Attention: Dinesh Gehlot <digehlot(a)google.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:35:24 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

1 0

[M] Change in coreboot[master]: Documentation/measured_boot.md: document new TPM options
by Martin Roth (Code Review) 21 Apr '23

21 Apr '23

Martin Roth has submitted this change. ( https://review.coreboot.org/c/coreboot/+/68752 ) Change subject: Documentation/measured_boot.md: document new TPM options ...................................................................... Documentation/measured_boot.md: document new TPM options Change-Id: I6dae8e95c59b440c75e13473eefc4c2cf4fd369b Ticket: https://ticket.coreboot.org/issues/426 Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68752 Tested-by: build bot (Jenkins) <no-reply(a)coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> --- M Documentation/security/vboot/measured_boot.md 1 file changed, 124 insertions(+), 31 deletions(-) Approvals: build bot (Jenkins): Verified Michał Żygowski: Looks good to me, approved diff --git a/Documentation/security/vboot/measured_boot.md b/Documentation/security/vboot/measured_boot.md index 64c4a35..c8014c2 100644 --- a/Documentation/security/vboot/measured_boot.md +++ b/Documentation/security/vboot/measured_boot.md @@ -63,32 +63,51 @@ #### CBFS files (stages, blobs) * CBFS data is measured as raw data before decompression happens. * CBFS header is excluded from measurements. -* Measurements are stored in PCR 2. +* Measurements are stored in PCR 2 (by default, use PCR_SRTM kconfig option to + change). #### Runtime Data * CBFS data which changes by external input dynamically. Never stays the same. * It is identified by VBOOT_MEASURED_BOOT_RUNTIME_DATA kconfig option and - measured into a different PCR 3 in order to avoid PCR pre-calculation issues. + measured into a different PCR (PCR_RUNTIME_DATA kconfig option, 3 by default) + in order to avoid PCR pre-calculation issues. ![][srtm] [srtm]: srtm.png -### TCPA eventlog -coreboot makes use of its own TCPA log implementation. Normally the eventlog -specification can be found via the TCG homepage: +### TPM eventlog +There are three supported formats of event logs: +* coreboot-specific format. +* [TPM1.2 Specification][TPM12] (chapter 11). +* [TPM2.0 Specification][TPM20] (chapter 10). -[UEFI Specification](https://trustedcomputinggroup.org/resource/tcg-efi-platform-… +#### coreboot-specific format +```c +struct tcpa_entry { + uint32_t pcr; /* PCR number. */ + char digest_type[10]; /* Hash algorithm name. */ + uint8_t digest[64]; /* Digest (tail can be unused). */ + uint32_t digest_length; /* Number of digest bytes used. */ + char name[50]; /* Description of what was hashed. */ +} __packed; -[BIOS Specification](https://www.trustedcomputinggroup.org/wp-content/uploads/TCG… +struct tcpa_table { + uint16_t max_entries; + uint16_t num_entries; + struct tcpa_entry entries[0]; +} __packed; +``` -Both of them are not representing firmware measurements in a generalized way. -Therefore we have to implement our own solution. +Single hash per PCR. No magic number or any other way of recognizing it. +Endianness isn't specified. -We decided to provide an easy to understand TCPA log which can be read out -from the operating system and firmware itself. +In principle can hold any hash with 512 bits or less. In practice, +SHA-1 (for TPM1) and SHA-256 (TPM2) are used. -#### Table Format +Can be parsed by `cbmem`. + +##### Console dump format The first column describes the PCR index used for measurement. The second column is the hash of the raw data. The third column contains the hash algorithm used in the operation. The last column provides @@ -96,6 +115,53 @@ came from, CBFS or FMAP, then the name used to look up the data (region or file name). +#### TPM 1.2 format +Single hash per PCR (always SHA-1). First entry serves as a header, provides +ID and version. Always little endian. Event data describes what is being hashed +as a NUL-terminated string instead of providing the actual raw data. + +Can be parsed by at least `cbmem` and Linux (exports in both text and binary +forms). + +Packed data in vendor info section of the header: +```c +uint8_t reserved; /* 0 */ +uint8_t version_major; /* 1 */ +uint8_t version_minor; /* 0 */ +uint32_t magic; /* 0x31544243 ("CBT1" in LE) */ +uint16_t max_entries; +uint16_t num_entries; +uint32_t entry_size; +``` +All fields are little endian. + +#### TPM 2.0 format +One or more hashes per PCR, but implementation is limited to single hash (SHA-1, +SHA-256, SHA-384 or SHA-512). First entry is overall compatible with TPM 1.2 and +serves as a header with ID, version and number of hashing algorithms used. +Always little endian. Event data describes what is being hashed as a +NUL-terminated string instead of providing the actual raw data. + +By default SHA-1 is used for TPM1 and SHA-256 for TPM2. Other options are +selectable via kconfig menu. + +Can be parsed by at least `cbmem`, Linux (exports only binary form) and +[Skiboot][skiboot]. + +[skiboot]: https://github.com/open-power/skiboot/ + +Packed data in vendor info section of the header: +```c +uint8_t reserved; /* 0 */ +uint8_t version_major; /* 1 */ +uint8_t version_minor; /* 0 */ +uint32_t magic; /* 0x32544243 ("CBT2" in LE) */ +uint16_t max_entries; +uint16_t num_entries; +uint32_t entry_size; +``` +All fields are little endian. + #### Example: ```bash PCR-2 e8f2b57c9ec5ea06d1bbd3240a753974d4c3e7c8cd305c20a8ea26eed906dc89 SHA256 [FMAP: COREBOOT CBFS: bootblock] @@ -120,7 +186,7 @@ PCR-2 091706f5fce3eb123dd9b96c15a9dcc459a694f5e5a86e7bf6064b819a8575c7 SHA256 [FMAP: FW_MAIN_B CBFS: fallback/payload] ``` -#### Dump TCPA eventlog in the OS: +#### Dump TPM eventlog in the OS: ```bash cbmem -L ``` @@ -157,29 +223,42 @@ similar enforcement that the "Dynamic Launch" instruction, `SKINIT`, was executed. -## Platform Configuration Register -Normally PCR 0-7 are reserved for firmware usage. In coreboot we use just 4 PCR -banks in order to store the measurements. coreboot uses the SHA-1 or SHA-256 -hash algorithm depending on the TPM specification for measurements. PCR-4 to -PCR-7 are left empty. +## Platform Configuration Registers +PCRs are allocated as follows: +* PCRs 0-15 are SRTM PCRs. + - PCRs 0-7 are reserved for firmware usage. +* PCR 16 is the debug PCR. +* PCRs 17-22 are DRTM PCRs (PCR 22 is resettable from locality 1). +* PCR 23 is the application/user PCR and is resettable from locality 0. -### PCR-0 -_Hash:_ SHA1 +coreboot uses 3 or 4 PCRs in order to store the measurements. PCRs 4-7 are left +empty. -_Description:_ Google vboot GBB flags. +The firmware computes the hash and passes it to TPM. -### PCR-1 -_Hash:_ SHA1/SHA256 +The bank used by the TPM depends on the selected eventlog format. CBFS hashes +use the same algorithm as the bank. However, GBB flags are always hashed by +SHA-1 and GBB HWID by SHA-256. This results in these hashes being truncated or +extended with zeroes in eventlog and on passing them to TPM. -_Description:_ Google vboot GBB HWID. +### If CHROMEOS kconfig option is set +vboot-specific (non-standard) PCR usage. -### PCR-2 -_Hash:_ SHA1/SHA256 +* PCR-0 - SHA1 of Google vboot GBB flags. +* PCR-1 - SHA256 of Google vboot GBB HWID. +* PCR-2 - Hash of Root of Trust for Measurement which includes all stages, + data and blobs. +* PCR-3 - Hash of runtime data like hwinfo.hex or MRC cache. -_Description:_ Core Root of Trust for Measurement which includes all stages, -data and blobs. +### If CHROMEOS kconfig option is NOT set +See [TPM1.2 Specification][TPM12] (section 3.3.3) and +[TPM2.0 Specification][TPM20] (section 3.3.4) for PCR assignment information. -### PCR-3 -_Hash:_ SHA1/SHA256 +* PCR-0 - Unused. +* PCR-1 - SHA1 of Google vboot GBB flags, SHA256 of Google vboot GBB HWID. +* PCR-2 - Hash of Root of Trust for Measurement which includes all stages, + data and blobs. +* PCR-3 - Hash of runtime data like hwinfo.hex or MRC cache. -_Description:_ Runtime data like hwinfo.hex or MRC cache. +[TPM12]: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementa… +[TPM20]: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05… -- To view, visit https://review.coreboot.org/c/coreboot/+/68752 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I6dae8e95c59b440c75e13473eefc4c2cf4fd369b Gerrit-Change-Number: 68752 Gerrit-PatchSet: 16 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: Maximilian Brune <maximilian.brune(a)9elements.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Daniel P. Smith Gerrit-CC: Lean Sheng Tan <sheng.tan(a)9elements.com> Gerrit-MessageType: merged

1 0

[M] Change in coreboot[master]: Documentation/measured_boot.md: fix SRTM/DRTM explanations
by Martin Roth (Code Review) 21 Apr '23

21 Apr '23

Martin Roth has submitted this change. ( https://review.coreboot.org/c/coreboot/+/68751 ) Change subject: Documentation/measured_boot.md: fix SRTM/DRTM explanations ...................................................................... Documentation/measured_boot.md: fix SRTM/DRTM explanations Change-Id: If224dc0cf3c0515dbd18daca544c22275e96b459 Ticket: https://ticket.coreboot.org/issues/426 Co-authored-by: Daniel P. Smith <dpsmith(a)apertussolutions.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68751 Tested-by: build bot (Jenkins) <no-reply(a)coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Reviewed-by: Martin Roth <martin.roth(a)amd.corp-partner.google.com> --- M Documentation/security/vboot/measured_boot.md 1 file changed, 85 insertions(+), 23 deletions(-) Approvals: build bot (Jenkins): Verified Michał Żygowski: Looks good to me, approved Martin Roth: Looks good to me, approved diff --git a/Documentation/security/vboot/measured_boot.md b/Documentation/security/vboot/measured_boot.md index adfae46..64c4a35 100644 --- a/Documentation/security/vboot/measured_boot.md +++ b/Documentation/security/vboot/measured_boot.md @@ -1,16 +1,52 @@ # Measured Boot -coreboot measured boot is implemented as Google Verified Boot extension. This -means in order to use it, vboot needs to be available for your platform. The -goal of this implementation is to implement an easy to understand and -transparent measured boot mechanism. +Measured boot feature was initially implemented as an extension of Google +Verified Boot. However, the two features were decoupled since then and use of +measured boot no longer requires enabling vboot. + +In most cases TPM eventlog is initialized during bootblock before TPM gets set +up, hence digests are not measured into TPM immediately, but are only cached in +the event log. Later, as part of TPM setup, the cached events are applied onto +TPM device. The behaviour is different if TPM_MEASURED_BOOT_INIT_BOOTBLOCK +kconfig is set, which moves TPM initialization into bootblock. + +## SRTM +A measured-based trust chain is one that begins with an initial entity that +takes the first measurement, referred to as the "Core Root of Trust for +Measurement" (CRTM), before control is granted to the measured entity. This +process of measurement and then passing control is referred to as a transitive +trust. When the CRTM can only ever be executed once during the power life-cycle +of the system, it is referred to as a "Static CRTM" (S-CRTM). Thus the trust +chain constructed from the S-CRTM is referred to as the Static Root of Trust for +Measurement (SRTM) trust chain. The theory is that as long as a proper +transitive trust is conducted as more code is allowed to execute, a trustworthy +record showing the provenance of the executing system may be provided to +establish the trustworthiness of the system. ## IBB/CRTM -The "Initial Boot Block" or "Core Root of Trust for Measurement" is the first -code block loaded at reset vector and measured by a DRTM solution. -In case SRTM mode is active, the IBB measures itself before measuring the next -code block. In coreboot, cbfs files which are part of the IBB are identified -by a metadata tag. This makes it possible to have platform specific IBB -measurements without hardcoding them. +The "Initial Boot Block" (IBB) is a one-time executed code block loaded at the +reset vector. Under measured boot mode, the IBB measures itself before measuring +the next code block making it an S-CRTM for the measured boot trust chain, an +SRTM trust chain. Since the IBB measures itself and executes out of DRAM, it is +said to have a "Root of Trust" (RoT) that is rooted in software. + +## S-CRTM Hardening +To address attacks that took advantage of the IBB being self-referential with +both the "Root of Trust for Verification" (RTV) and "Root of Trust for +Measurement" (RTM) being rooted in software, hardening was implemented by CPU +manufactures. This was accomplished by introducing RoT, typically an RTV, to an +external entity provided by the manufacture that could be validated by the CPU +at boot. Examples of this are Intel's BootGuard and AMD's Hardware Validated +Boot (also known as Platform Secure Boot). These solutions work by having the +IBB invoke the manufacture provided RoT as early as possible, for which the CPU +has already validated or validates when invoked. The RoT will then validate the +IBB, thus moving the root for the respective trust chain, typically the +verification trust chain, into hardware. + +It should be noted that when Intel BootGuard was originally designed, it +provided a measurement mode that resulted in the ACM (Authenticated Code +Module) becoming the S-CRTM for the SRTM trust chain. Unfortunately, this was +never deployed and thus relying on "Root of Trust for Verification" (RTV) +signature check as the only assertion rooted in hardware. ## Known Limitations At the moment measuring IBB dynamically and FMAP partitions are not possible but @@ -19,13 +55,10 @@ Also SoCs making use of VBOOT_RETURN_FROM_VERSTAGE are not able to use the measured boot extension because of platform constraints. -## SRTM Mode -The "Static Root of Trust for Measurement" is the easiest way doing measurements -by measuring code before it is loaded. - ### Measurements -SRTM mode measurements are done starting with the IBB as root of trust. -Only CBFS contents are measured at the moment. +To construct the coreboot SRTM trust chain, the CBFS files which are part of the +IBB, are identified by a metadata tag. This makes it possible to have platform +specific IBB measurements without hard-coding them. #### CBFS files (stages, blobs) * CBFS data is measured as raw data before decompression happens. @@ -102,14 +135,27 @@ cbfstool coreboot.rom read -n SI_ME -f /dev/stdout | sha256sum ``` -## DRTM Mode -The "Dynamic Root of Trust for Measurement" is realised by platform features -like Intel TXT or Boot Guard. The features provide a way of loading a signed -"Authenticated Code Module" aka signed blob. Most of these features are also -a "Trusted Execution Environment", e.g. Intel TXT. +## DRTM +Certain hardware platforms, for example those with Intel TXT or AMD-V, provide +a mechanism to dynamically execute a CRTM, referred to as the "Dynamic +CRTM" (D-CRTM), at any point and repeatedly during a single power life-cycle of +a system. The trust chain constructed by this D-CRTM is referred to as the +"Dynamic Root of Trust for Measurement" (DRTM) trust chain. On platforms with +Intel TXT and AMD-V, the D-CRTM is the CPU itself, which is the reason for these +capabilities being referred to as having a "Root of Trust" (RoT) rooted in +hardware. -DRTM gives you the ability of measuring the IBB from a higher Root of Trust -instead of doing it yourself without any hardware support. +To provide as an authority assertion and for the DRTM trust chain attestations +to co-exist with the SRTM trust chain, the TPM provides localities, localities +1 - 4, which restrict access to a subset of the Platform Configuration +Registers (PCR), specifically the DRTM PCRs 17 - 22. The mechanism to assert +authority for access to these localities is platform specific, though the +intention was for it to be a hardware mechanism. On Intel x86 platforms this is +controlled through communication between the CPU and the PCH to determine if +the "Dynamic Launch" instruction, `GETSEC[SENTER]`, was executed and that the +CPU is in SMX mode. For AMD x86 platforms, this controlled with the APU with a +similar enforcement that the "Dynamic Launch" instruction, `SKINIT`, was +executed. ## Platform Configuration Register Normally PCR 0-7 are reserved for firmware usage. In coreboot we use just 4 PCR -- To view, visit https://review.coreboot.org/c/coreboot/+/68751 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: If224dc0cf3c0515dbd18daca544c22275e96b459 Gerrit-Change-Number: 68751 Gerrit-PatchSet: 14 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: Maximilian Brune <maximilian.brune(a)9elements.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Daniel P. Smith Gerrit-CC: Lean Sheng Tan <sheng.tan(a)9elements.com> Gerrit-MessageType: merged

1 0

[M] Change in coreboot[master]: Documentation/measured_boot.md: document new TPM options
by Martin Roth (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: Daniel P. Smith, Maciej Pijanowski, Maximilian Brune, Krystian Hebel, Sergii Dmytruk. Martin Roth has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68752 ) Change subject: Documentation/measured_boot.md: document new TPM options ...................................................................... Patch Set 15: (1 comment) File Documentation/security/vboot/measured_boot.md: https://review.coreboot.org/c/coreboot/+/68752/comment/570acde2_0d327225 PS15, Line 80: There are three supported formats of event logs: Questions that could be answered in a follow-on patch: Do we select between the different options or does coreboot just generate all 3. If it's selectable, why would someone prefer one format to another -- To view, visit https://review.coreboot.org/c/coreboot/+/68752 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I6dae8e95c59b440c75e13473eefc4c2cf4fd369b Gerrit-Change-Number: 68752 Gerrit-PatchSet: 15 Gerrit-Owner: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Reviewer: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Reviewer: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Reviewer: Maximilian Brune <maximilian.brune(a)9elements.com> Gerrit-Reviewer: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-CC: Daniel P. Smith Gerrit-CC: Lean Sheng Tan <sheng.tan(a)9elements.com> Gerrit-CC: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Attention: Daniel P. Smith Gerrit-Attention: Maciej Pijanowski <maciej.pijanowski(a)3mdeb.com> Gerrit-Attention: Maximilian Brune <maximilian.brune(a)9elements.com> Gerrit-Attention: Krystian Hebel <krystian.hebel(a)3mdeb.com> Gerrit-Attention: Sergii Dmytruk <sergii.dmytruk(a)3mdeb.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:33:32 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

[S] Change in coreboot[master]: soc/intel/alderlake: Implement `soc_is_ish_partition_enabled` override
by Kapil Porwal (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: SRIDHAR SIRICILLA, Tarun Tuli, Subrata Banik, Kangheui Won, Dinesh Gehlot. Kapil Porwal has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74532 ) Change subject: soc/intel/alderlake: Implement `soc_is_ish_partition_enabled` override ...................................................................... Patch Set 5: (1 comment) Commit Message: https://review.coreboot.org/c/coreboot/+/74532/comment/b02a6ff8_af0d1943 PS5, Line 15: rex rex! -- To view, visit https://review.coreboot.org/c/coreboot/+/74532 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I7771aebb988f11d9d1b2824aa28e6f294fd67c25 Gerrit-Change-Number: 74532 Gerrit-PatchSet: 5 Gerrit-Owner: Subrata Banik <subratabanik(a)google.com> Gerrit-Reviewer: Dinesh Gehlot <digehlot(a)google.com> Gerrit-Reviewer: Kangheui Won <khwon(a)chromium.org> Gerrit-Reviewer: Kapil Porwal <kapilporwal(a)google.com> Gerrit-Reviewer: SRIDHAR SIRICILLA Gerrit-Reviewer: Tarun Tuli <taruntuli(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: SRIDHAR SIRICILLA Gerrit-Attention: Tarun Tuli <taruntuli(a)google.com> Gerrit-Attention: Subrata Banik <subratabanik(a)google.com> Gerrit-Attention: Kangheui Won <khwon(a)chromium.org> Gerrit-Attention: Dinesh Gehlot <digehlot(a)google.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:33:15 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment

1 0

[L] Change in coreboot[master]: mb/google/skyrim: Add named GPIO's
by Raul Rangel (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: Jason Nien, Jon Murphy, Martin Roth, Tim Van Patten, Karthik Ramasubramanian, Mark Hasemeyer. Raul Rangel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74592 ) Change subject: mb/google/skyrim: Add named GPIO's ...................................................................... Patch Set 2: (1 comment) Commit Message: https://review.coreboot.org/c/coreboot/+/74592/comment/52c445df_ed7888cb PS2, Line 9: Add named GPIO's to help prevent confusion in GPIO management > For my knowledge what is TIMELESS build and how do you do that? BUILD_TIMELESS=1 emerge-... coreboot https://source.chromium.org/chromium/chromiumos/third_party/coreboot/+/main… -- To view, visit https://review.coreboot.org/c/coreboot/+/74592 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: If907478442ea7acb80b2e413926d173d188ce340 Gerrit-Change-Number: 74592 Gerrit-PatchSet: 2 Gerrit-Owner: Jon Murphy <jpmurphy(a)google.com> Gerrit-Reviewer: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com> Gerrit-Reviewer: Mark Hasemeyer <markhas(a)google.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: Raul Rangel <rrangel(a)chromium.org> Gerrit-Reviewer: Tim Van Patten <timvp(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Attention: Jon Murphy <jpmurphy(a)google.com> Gerrit-Attention: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Attention: Tim Van Patten <timvp(a)google.com> Gerrit-Attention: Karthik Ramasubramanian <kramasub(a)google.com> Gerrit-Attention: Mark Hasemeyer <markhas(a)google.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:32:49 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Raul Rangel <rrangel(a)chromium.org> Comment-In-Reply-To: Tim Van Patten <timvp(a)google.com> Comment-In-Reply-To: Karthik Ramasubramanian <kramasub(a)google.com> Gerrit-MessageType: comment

1 0

[L] Change in coreboot[master]: mb/google/skyrim: Add named GPIO's
by Karthik Ramasubramanian (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: Raul Rangel, Jason Nien, Jon Murphy, Martin Roth, Tim Van Patten, Mark Hasemeyer. Karthik Ramasubramanian has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74592 ) Change subject: mb/google/skyrim: Add named GPIO's ...................................................................... Patch Set 2: (1 comment) Commit Message: https://review.coreboot.org/c/coreboot/+/74592/comment/c4d55144_70f4fd0e PS2, Line 9: Add named GPIO's to help prevent confusion in GPIO management > That sounds like a good plan. […] For my knowledge what is TIMELESS build and how do you do that? -- To view, visit https://review.coreboot.org/c/coreboot/+/74592 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: If907478442ea7acb80b2e413926d173d188ce340 Gerrit-Change-Number: 74592 Gerrit-PatchSet: 2 Gerrit-Owner: Jon Murphy <jpmurphy(a)google.com> Gerrit-Reviewer: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com> Gerrit-Reviewer: Mark Hasemeyer <markhas(a)google.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: Raul Rangel <rrangel(a)chromium.org> Gerrit-Reviewer: Tim Van Patten <timvp(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Raul Rangel <rrangel(a)chromium.org> Gerrit-Attention: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Attention: Jon Murphy <jpmurphy(a)google.com> Gerrit-Attention: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Attention: Tim Van Patten <timvp(a)google.com> Gerrit-Attention: Mark Hasemeyer <markhas(a)google.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:29:07 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Raul Rangel <rrangel(a)chromium.org> Comment-In-Reply-To: Tim Van Patten <timvp(a)google.com> Gerrit-MessageType: comment

1 0

[L] Change in coreboot[master]: mb/google/skyrim: Add named GPIO's
by Tim Van Patten (Code Review) 21 Apr '23

21 Apr '23

Attention is currently required from: Raul Rangel, Jason Nien, Jon Murphy, Martin Roth, Mark Hasemeyer. Tim Van Patten has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74592 ) Change subject: mb/google/skyrim: Add named GPIO's ...................................................................... Patch Set 2: (1 comment) Commit Message: https://review.coreboot.org/c/coreboot/+/74592/comment/761a91bc_e772b852 PS2, Line 9: Add named GPIO's to help prevent confusion in GPIO management > We can do a TIMELESS build and compare the binaries. […] That sounds like a good plan. It also looks like we need that build added to the `TEST` list as a requirement before landing this CL, based on at least 1 bug found so far: https://review.coreboot.org/c/coreboot/+/74592/comments/c6e545b4_879b5f1a -- To view, visit https://review.coreboot.org/c/coreboot/+/74592 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: If907478442ea7acb80b2e413926d173d188ce340 Gerrit-Change-Number: 74592 Gerrit-PatchSet: 2 Gerrit-Owner: Jon Murphy <jpmurphy(a)google.com> Gerrit-Reviewer: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Reviewer: Karthik Ramasubramanian <kramasub(a)google.com> Gerrit-Reviewer: Mark Hasemeyer <markhas(a)google.com> Gerrit-Reviewer: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Reviewer: Raul Rangel <rrangel(a)chromium.org> Gerrit-Reviewer: Tim Van Patten <timvp(a)google.com> Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org> Gerrit-Attention: Raul Rangel <rrangel(a)chromium.org> Gerrit-Attention: Jason Nien <jason.nien(a)amd.corp-partner.google.com> Gerrit-Attention: Jon Murphy <jpmurphy(a)google.com> Gerrit-Attention: Martin Roth <martin.roth(a)amd.corp-partner.google.com> Gerrit-Attention: Mark Hasemeyer <markhas(a)google.com> Gerrit-Comment-Date: Fri, 21 Apr 2023 17:24:09 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: Raul Rangel <rrangel(a)chromium.org> Comment-In-Reply-To: Tim Van Patten <timvp(a)google.com> Gerrit-MessageType: comment

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit April 2023