Hello Persmule,
Here is an example: https://github.com/coreboot/coreboot/blob/master/src/mainboard/lenovo/x220/vboot-rwa.fmdHi all,
I found the typical fmap for a coreboot build using vboot (e.g. those for chromeos) is quite complex, at least with two RW sections containing CBFS, but I only want to use vboot to perform TPM measurement (like what head does with a patched coreboot), so
the simple scheme with a single CBFS containing all stages and payloads is prefered.
Vboot is responsible for firmware verification (checks firmware signature blocks). The TPM measurements are only an extension to Vboot logic adopted in coreboot. In order to have verified boot, at least one RW partition must exists. for Measured boot, only single CBFS is fine. to support verified and measured boot, one RW partition is sufficient. The example linked above has the minimal fmap layout for verified and measured boot for Lenovo x220. SMMSTORE is optional as well as RW_VPD and RO_VPD (depends on use case). SI_GBE region is mandatory for vPRO platforms to support Gigabit Ethernet, SI_ME and SI_DESC are Intel ME and Flash descriptor regions, also mandatory.
My question is: if vboot is only used to perform TPM measurement, at least which sections must be added to the fmap, in addition to default ones (RW_MRC_CACHE and CBFS), allowing vboot to work?
Best regards,
_______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
-- Michał Żygowski Firmware Engineer http://3mdeb.com | @3mdeb_com