Bill XIE has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/35077 )
Change subject: security/vboot: Decouple measured boot from verified boot
......................................................................
Patch Set 33:
(1 comment)
https://review.coreboot.org/c/coreboot/+/35077/5/src/lib/cbfs.c
File src/lib/cbfs.c:
https://review.coreboot.org/c/coreboot/+/35077/5/src/lib/cbfs.c@330
PS5, Line 330: #if !CONFIG(VBOOT) && CONFIG(VBOOT_MEASURED_BOOT)
The latest revision can basically work with C_ENVIRONMENT_BOOTBLOCK.
Now the problem is that the bootblock on some platform is too small to contain the code to initialize crtm. I believe that is why a separate verstage is necessary on such platform. One path is to leave measured boot dependent on verified boot on these platform, another could be initializing crtm on romstage with a cbfs locator for those platforms as patchset 5 did. Repurposing verstage may also be possible, but it is beyond my ability. Which path do you prefer? Or is there any better ideas?
--
To view, visit
https://review.coreboot.org/c/coreboot/+/35077
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Gerrit-Change-Number: 35077
Gerrit-PatchSet: 33
Gerrit-Owner: Bill XIE
persmule@hardenedlinux.org
Gerrit-Reviewer: Aaron Durbin
adurbin@chromium.org
Gerrit-Reviewer: Bill XIE
persmule@hardenedlinux.org
Gerrit-Reviewer: Julius Werner
jwerner@chromium.org
Gerrit-Reviewer: Martin Roth
martinroth@google.com
Gerrit-Reviewer: Patrick Georgi
pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph
siro@das-labor.org
Gerrit-Reviewer: Philipp Deppenwiese
zaolin.daisuki@gmail.com
Gerrit-Reviewer: Werner Zeh
werner.zeh@siemens.com
Gerrit-Reviewer: Wim Vervoorn
wvervoorn@eltan.com
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Frans Hendriks
fhendriks@eltan.com
Gerrit-CC: Joel Kitching
kitching@google.com
Gerrit-CC: Paul Menzel
paulepanter@users.sourceforge.net
Gerrit-CC: Shawn C
citypw@hardenedlinux.org
Gerrit-Comment-Date: Fri, 20 Dec 2019 16:33:18 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Julius Werner
jwerner@chromium.org
Comment-In-Reply-To: Bill XIE
persmule@hardenedlinux.org
Gerrit-MessageType: comment