Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/43405 )
Change subject: Documentation/security/intel: add Boot Guard related documentation ......................................................................
Patch Set 1:
(19 comments)
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... File Documentation/security/intel/bootguard.md:
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 13: **TPM** I recommend to use *TPM* to emphasize a word. (Italics is often better readable than bold as LaTeX.)
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 15: **Authenticated Code Modules** Ditto.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 17: told rumored
Or:
Officially Intel Boot Guard requires a “Boot Guard capable CPU” (check on Intel ARK).
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 17: **Boot Guard capable CPU** Ditto.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 43: as in Intel TXT. Please re-flow for 80(?) characters.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 63: ore or
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 63: that point pointing
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 74: The coreboot's implementation With the article, no possessive(?) s is required.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 90: Security *Security*
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 110: CNDA NDA?
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 112: The : ibpmtool You can remove the article.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 116: ``` : FYI: Hash of the KM public key (modulus only): : : B7 94 7B 36 D2 74 74 A5 B0 44 22 23 99 BE 57 07 : FA 84 97 0D 74 A7 8F 6F D0 6F 66 06 8C 41 D3 81 : ``` Indent by four spaces for marking it up as a code block. Then you can get rid of ```, and it’s a little shorter.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 128: menu config Above you spell it *menuconfig*.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 129: 1 and 1 Does the second number need to differ?
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 179: OEM, firmware owner Do you mean:
OEM or firmware owner may …
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 197: 1. Platform Manufacturer's Key Manifest version. : 2. Platform Manufacturer's Boot Policy version. : 3. Post IBB hash. : 4. Platform Manufacturer's structure. Please remove the dots at the end.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 222: huge big
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 235: flow (Boot Guard releases : CPUs from reset where IBB is already in cache and MTRRs are set for IBB : elements). Please add a dot after *flow*, and directly after *elements*.
https://review.coreboot.org/c/coreboot/+/43405/1/Documentation/security/inte... PS1, Line 237: he the