Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/26925 )
Change subject: Documentation: Add Trusted Computing documentation ......................................................................
Patch Set 1:
(12 comments)
https://review.coreboot.org/#/c/26925/1/Documentation/security/security.md File Documentation/security/security.md:
https://review.coreboot.org/#/c/26925/1/Documentation/security/security.md@1 PS1, Line 1: .. toctree:: rename file to index.md
https://review.coreboot.org/#/c/26925/1/Documentation/security/security.md@6 PS1, Line 6: The security describes existing technologies which are shipped with coreboot. section
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... File Documentation/security/trusted-computing/index.md:
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 2: respect 80 chars line limit
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 3: coreboot offers trusted computing support for the TCG specification 1.1, 1.2 and 2.0. Bus protocols like I2C, SPI and PC80 are supported by default. For more information please consult the [TCG](https://trustedcomputinggroup.org/). bus
...based on the TCG spec...
... are supported.
... the [TCG].
[TCG]: https://trustedcomputinggroup.org/
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 7: ![integration](code-structure.png) Interface, not integration
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 12: The TPM Interface Service is the driver layer communicating directly to the TPM through different bus implementations. Bold or italic
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 22: The TPM Software Stack is the implementation of the TPM communication protocol and commands which can be used to execute task on a TPM. Évery TPM specification has its own functionality which needs to be implemented standalone. Every
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 92: The normal boot flow without measured boot and vboot is done by a TPM ramstage driver which is executed at the start of BS_DEV_INIT. The ramstage driver is automatically selected if there is no vboot enabled but the TPM support is compiled into the coreboot image. there is no vboot enabled -> vboot isn't enabled,
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 102: coreboot does not use the official TCPA log because of limitations and specification issues. Therefore we offer two ACPI logs. The first is the standard log which is interfaced through ACPI buy bootloader and the OS. The second log is exposed via CBMEM and used by coreboot to report all measurements. To be compliant with the existing kernel TCPA ACPI log, cbmem prints the results in the same format. cbmem logs ?
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 114: First select one of the bus type driver: newline before ``` due to broken markdown parsers !
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 127: If you added it to the config. You should already see a kconfig menu under Security -> Trusted Platform Module for selecting the TPM specification. This is useful for desktop and server boards which have a TPM header with multiple specification options. ```Security -> Trusted Platform Module``` specifications -> variations
https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-compu... PS1, Line 137: Ǹow you are done! Now