[coreboot-gerrit] Change in ...coreboot[master]: security/vboot: Add measured boot mode

15 Feb 2019


      Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/29547 )
Change subject: security/vboot: Add measured boot mode
......................................................................
Patch Set 55:
(1 comment)
I still dislike the idea of CBFS files being measured every go they are accessed. This will lead hashing the same file multiple times.
https://review.coreboot.org/#/c/29547/55/src/security/vboot/vboot_crtm.h 
File src/security/vboot/vboot_crtm.h:
https://review.coreboot.org/#/c/29547/55/src/security/vboot/vboot_crtm.h@47 
PS55, Line 47: #define TPM_DATA_PCR 6
...
I'm honestly still a bit confused by what logic you're splitting up these PCRs. […]
There is one valid case for spliting up PCRs, at least a bit. There might be configuration data inside cbfs which should not be measured in the same PCR like runtime code. So just smashing everything into one single PCR would be counterproductive.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/29547
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e
Gerrit-Change-Number: 29547
Gerrit-PatchSet: 55
Gerrit-Owner: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-Reviewer: David Hendricks david.hendricks@gmail.com
Gerrit-Reviewer: Huang Jin huang.jin@intel.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Krystian Hebel krystian.hebel@3mdeb.com
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Michał Żygowski michal.zygowski@3mdeb.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Reviewer: Piotr Król piotr.krol@3mdeb.com
Gerrit-Reviewer: Stefan Reinauer stefan.reinauer@coreboot.org
Gerrit-Reviewer: Werner Zeh werner.zeh@siemens.com
Gerrit-Reviewer: York Yang york.yang@intel.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-Comment-Date: Fri, 15 Feb 2019 12:22:23 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Julius Werner jwerner@chromium.org
Gerrit-MessageType: comment

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in ...coreboot[master]: security/vboot: Add measured boot mode