Hi Michal,
this _could_ have been a good starting point - however we decided to integrate this into the Converged Security Suite (github.com/9elements/converged-security-suite http://github.com/9elements/converged-security-suite) which already is part of coreboot as a 3rdparty module. However even if we _would_ extend your tooling - NDA issues still are not resolved. As Arthur pointed out, we would hope to integrate this as a binary as a temporary solution, until Intel clears out the NDA issues. And also in the sense of moving forward, I would like to choose Golang over C in this case.
Best, Chris
Am Di., 9. Feb. 2021 um 12:14 Uhr schrieb Michal Zygowski <michal.zygowski@3mdeb.com mailto:michal.zygowski@3mdeb.com>:
Hi Christian,
On 09.02.2021 11:58, Christian Walter wrote:
> Hi Michal, > > mind pointing me to the tooling you make for *creating* these manifests? > There is a whole intel_bootguard topic: https://review.coreboot.org/q/topic:intel_bootguard https://review.coreboot.org/q/topic:intel_bootguard In particular have a look at these patches: - Tool: https://review.coreboot.org/c/coreboot/+/43403 https://review.coreboot.org/c/coreboot/+/43403 - Hook manifest creation into build system: https://review.coreboot.org/c/coreboot/+/43404 https://review.coreboot.org/c/coreboot/+/43404
The manifests layout is implemented in the tool. Although it creates the v1.0 manifests and AFAIK CBnT required v2.1 format, but this tool can be a good base, isn't it?
Best regards,
-- Michał Żygowski Firmware Engineer https://3mdeb.com https://3mdeb.com | @3mdeb_com
_______________________________________________ coreboot mailing list -- coreboot@coreboot.org mailto:coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org mailto:coreboot-leave@coreboot.org