[coreboot-gerrit] Change in coreboot[master]: soc/intel/common/cse: Update help text for CSE_OEMP_FILE

13 Dec 2021

Tim Wawrzynczak has submitted this change. ( https://review.coreboot.org/c/coreboot/+/60020 )
Change subject: soc/intel/common/cse: Update help text for CSE_OEMP_FILE
......................................................................
soc/intel/common/cse: Update help text for CSE_OEMP_FILE
The OEM may create and sign an Audio component to extend the Audio
capability provided by Intel. The manifest is then signed, and the
signature and public key are entered into the header of the manifest
to create the final signed component binary. This creates a secure
verification mechanism where firmware verifies that the OEM Key
Manifest was signed with a key owned by a trusted owner. Once OEM KM
is authenticated, each public key hash stored within the OEM KM is
able to authenticate the corresponding FW binary.
Link to the Document:
https://www.intel.com/content/www/us/en/secure/design/confidential/software-...
ADL_Signing_and_Manifesting_User_Guide.pdf
BUG=b:207820413
TEST:none
Signed-off-by: ravindr1 ravindra@intel.com
Change-Id: Id52b51ab1c910d70b7897eb31add8287b5b0166f
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60020
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Paul Menzel paulepanter@mailbox.org
Reviewed-by: Tim Wawrzynczak twawrzynczak@chromium.org
---
M src/soc/intel/common/block/cse/Kconfig
1 file changed, 5 insertions(+), 1 deletion(-)
Approvals:
  build bot (Jenkins): Verified
  Paul Menzel: Looks good to me, but someone else must approve
  Tim Wawrzynczak: Looks good to me, approved

diff --git a/src/soc/intel/common/block/cse/Kconfig b/src/soc/intel/common/block/cse/Kconfig
index 055927b..ec901ca 100644
--- a/src/soc/intel/common/block/cse/Kconfig
+++ b/src/soc/intel/common/block/cse/Kconfig
@@ -181,7 +181,11 @@
      This config indicates the BPDT version used by CSE for a given SoC.
config CSE_OEMP_FILE
-	string "Name of OEM KM file"
+	string "Name of OEM Key Manifest file"
    default "oem_km.bin"
+	help
+	  OEM Key Manifest lists the public key hashes used for authenticating the
+	  OEM created binaries to be loaded. This binary is generated by signing with
+	  the key owned by trusted owner.
endif
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/60020
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Id52b51ab1c910d70b7897eb31add8287b5b0166f
Gerrit-Change-Number: 60020
Gerrit-PatchSet: 4
Gerrit-Owner: Ravindra ravindra@intel.com
Gerrit-Reviewer: Nick Vaccaro nvaccaro@chromium.org
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Paul Menzel paulepanter@mailbox.org
Gerrit-Reviewer: Sridhar Siricilla sridhar.siricilla@intel.com
Gerrit-Reviewer: Subrata Banik subrata.banik@intel.com
Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Balaji Manigandan balaji.bmg@gmail.com
Gerrit-CC: Krishna P Bhat D krishna.p.bhat.d@intel.com
Gerrit-CC: Ravindra N ravindra@intel.corp-partner.google.com
Gerrit-MessageType: merged



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: soc/intel/common/cse: Update help text for CSE_OEMP_FILE