Attention is currently required from: Andrey Petrov, Sean Rhodes.
Hello Andrey Petrov, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/66103?usp=email
to look at the new patch set (#13).
The following approvals got outdated and were removed: Verified+1 by build bot (Jenkins)
Change subject: soc/intel/apollolake: Add the Kconfig options for IFWI Boot Profile ......................................................................
soc/intel/apollolake: Add the Kconfig options for IFWI Boot Profile
The Boot Profile for use with the IFWI Boot Flow. The selected profile should be equal to or higher than the one configured in IFWI.
No Profile Since its inception, coreboot has ignored the Boot Flow designed by Intel; this only uses an IBB and OBB. Neither are measured or verified and mapped without assistance.
Legacy Profile 0 is for platforms that do not wish to enable Boot Guard boot block verification or measurement enforcement.
Verified Profile 1 is strict Verification enforcement. It prevents unverified BIOS components from running.
Verified and Measured Boot Guard Profile 2 is strict Verification and Measurement enforcement; this prevents unverified BIOS components from running. Upon manufacturing completion, this value is burned into an FPF and is permanent. This setting is only configurable when OEM signing is enabled.
Signed-off-by: Sean Rhodes sean@starlabs.systems Change-Id: I83d2fd134e1a893766f625fe2e2ddd81d48f9f8a --- M src/soc/intel/apollolake/Kconfig 1 file changed, 84 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/03/66103/13