Hi Michal,

this _could_ have been a good starting point - however we decided to integrate this into the Converged Security Suite (github.com/9elements/converged-security-suite) which already is part of coreboot as a 3rdparty module. However even if we _would_ extend your tooling - NDA issues still are not resolved. As Arthur pointed out, we would hope to integrate this as a binary as a temporary solution, until Intel clears out the NDA issues. And also in the sense of moving forward, I would like to choose Golang over C in this case.

Best,

Chris

Am Di., 9. Feb. 2021 um 12:14 Uhr schrieb Michal Zygowski <michal.zygowski@3mdeb.com>:

Hi Christian,

On 09.02.2021 11:58, Christian Walter wrote:

> Hi Michal,
>
> mind pointing me to the tooling you make for *creating* these manifests?
>
There is a whole intel_bootguard topic:
https://review.coreboot.org/q/topic:intel_bootguard
In particular have a look at these patches:
- Tool: https://review.coreboot.org/c/coreboot/+/43403
- Hook manifest creation into build system:
https://review.coreboot.org/c/coreboot/+/43404

The manifests layout is implemented in the tool. Although it creates the
v1.0 manifests and AFAIK CBnT required v2.1 format, but this tool can be
a good base, isn't it?

Best regards,

--
Michał Żygowski
Firmware Engineer
https://3mdeb.com | @3mdeb_com

_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-leave@coreboot.org