Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/31597 )
Change subject: security/vboot: Add fmap measurements ......................................................................
Patch Set 22:
(9 comments)
https://review.coreboot.org/#/c/31597/22/Documentation/security/vboot/measur... File Documentation/security/vboot/measured_boot.md:
https://review.coreboot.org/#/c/31597/22/Documentation/security/vboot/measur... PS22, Line 22: SMM is currently excluded from measurements but will be added in a later stage. phase
https://review.coreboot.org/#/c/31597/22/Documentation/security/vboot/measur... PS22, Line 26: by measuring code before it is loaded. At the moment measurements of cbfs and CBFS
https://review.coreboot.org/#/c/31597/22/Documentation/security/vboot/measur... PS22, Line 27: FMAP content is possible. This includes the Intel IFD as well. are
https://review.coreboot.org/#/c/31597/22/Documentation/security/vboot/measur... PS22, Line 28: list which partitions could be measured
https://review.coreboot.org/#/c/31597/22/src/security/vboot/vboot_crtm.c File src/security/vboot/vboot_crtm.c:
https://review.coreboot.org/#/c/31597/22/src/security/vboot/vboot_crtm.c@80 PS22, Line 80: if (fmap_locate_area_as_rdev("SI_ME", &fmap) == 0) TPM_RUNTIME_DATA_PCR
https://review.coreboot.org/#/c/31597/22/src/security/vboot/vboot_crtm.c@85 PS22, Line 85: if (fmap_locate_area_as_rdev("SI_EC", &fmap) == 0) TPM_RUNTIME_DATA_PCR
https://review.coreboot.org/#/c/31597/22/src/security/vboot/vboot_crtm.c@95 PS22, Line 95: if (fmap_locate_area_as_rdev("SI_PDR", &fmap) == 0) TPM_RUNTIME_DATA_PCR
https://review.coreboot.org/#/c/31597/22/src/security/vboot/vboot_crtm.c@116 PS22, Line 116: /* fmap measurement */ FMAP
https://review.coreboot.org/#/c/31597/22/src/security/vboot/vboot_crtm.c@267 PS22, Line 267: if (!strcmp("COREBOOT", name) || Use FMAP flags to detect a "CBFS" FMAP partition.