51 comments:
Patch Set #1, Line 7: Documentation/security/vboot: Add logic to verify stage/blob using
Commit messages summaries have to fit on one line.
Documentation/security/vboot: Add logic to verify stage/blob using
VBOOT 2.1 library
Maybe:
security: Document logic to verify stag/blob using vboot 2.1
Patch Set #1, Line 8: VBOOT
vboot
Patch Set #1, Line 10: Added
Add
Patch Set #1, Line 11: Coreboot
coreboot
File Documentation/security/index.md:
Patch Set #1, Line 8: VBOOT
vboot
File Documentation/security/vboot/verified_boot_21.md:
Patch Set #1, Line 1: BootGuard
Boot Guard
Patch Set #1, Line 1: Coreboot
lowercase: coreboot
Patch Set #1, Line 8: Bootguard
Boot Guard
Patch Set #1, Line 10: Coreboot
coreboot
Patch Set #1, Line 11: Coreboot
coreboot
Patch Set #1, Line 11: This document describes the mechanism implemented in Coreboot using Google VBOOT
Please add a blank line above to separate the paragraphs.
Patch Set #1, Line 11: VBOOT
vboot
Patch Set #1, Line 12: BootGuard
Boot Guard
root
Patch Set #1, Line 13: Trust
trust
Patch Set #1, Line 13: Coreboot
coreboot
Patch Set #1, Line 16: VBOOT
vboot
Patch Set #1, Line 16: Coreboot
coreboot
Patch Set #1, Line 20: BootGuard
Boot Guard
Patch Set #1, Line 22: BootGuard
Boot Guard
As this is documentation, please also give the full name or link to the corresponding documentation.
measured in TPM) by a piece of firmware (ACM) which itself is verified by Intel
CPU microcode
Verified by microcode?
Patch Set #1, Line 26: BootGuard
Boot Guard
Patch Set #1, Line 28: Authenticated Code module
Please move that above.
Patch Set #1, Line 29: PolicyManifest(BtG BPM)
Ditto.
Patch Set #1, Line 29: Manifest(BtG KM)
Add a space before (.
in the
Patch Set #1, Line 35: BootGuard
Boot Guard
BootGuard are: 1. Use Intel FSP-T with Coreboot bootloader. It contains the
logic of correctly handling BtGuard enabled state. 2. Integrate ACM
(Authenticated Code module) binary in bootloader image. 3. Generate BtGuard Key
Manifest(BtG KM) and BtGuard Boot PolicyManifest(BtG BPM) and embed them in
bootloader image. a. BtG KM contains the hash of the key used for signing BtG
BPM. BtG KM is signed by the key whose hash is embedded in field-programmable
fuses. b. BtG BPM contains the hash of initial stage of boot loader. It also
stores other policies related to Intel TXT, BtG DMA protection etc. 4. Add
entries for CPU microcode patch, ACM, BtG KM and BtG BPM in FIT table. 5.
Update BootGuard related field-programmable fuses on the test platform.
Please format this as a list.
1. a
2. b
3. c
4. …
Patch Set #1, Line 41: Coreboot
coreboot
Below you use 2.1
Patch Set #1, Line 42: has been
is
feature has been described here,
https://www.coreboot.org/git-docs/Intel/vboot.html
Make it a link.
Patch Set #1, Line 45: Coreboot
coreboot
Patch Set #1, Line 51: Coreboot
coreboot
Please use a dot.
Patch Set #1, Line 64: Root of Trust
root of trust
Patch Set #1, Line 64: - Some hardware designs cannot support ‘read-only’ flash region as Root of Trust
Please add a blank line above.
Patch Set #1, Line 65: BootGuard
Boot Guard
Remove or align all lines.
One space for consistency.
Patch Set #1, Line 76: Bootguard
Boot Guard
Patch Set #1, Line 78: Bootguard
Boot Guard
Remove.
Patch Set #1, Line 80: VBOOT
vboot
Patch Set #1, Line 86: Bootguard
Boot Guard
Patch Set #1, Line 88: Bootguard
Boot Guard
Elaborate what GBB is?
Patch Set #1, Line 90: verified
verifies?
Patch Set #1, Line 92: This is done to ensure maximum security.
That sounds like marketing speech?
To view, visit change 32159. To unsubscribe, or for help writing mail filters, visit settings.