On 08/11/2016 05:33 PM, Trammell Hudson wrote:
On Thu, Aug 11, 2016 at 05:00:00PM +0200, Zaolin wrote:
The whole TPM stack needs to be reworked until it can used for a measured boot.
Is it necessary to import the entire complexity of TSS for the measured boot task of hashing the various components? Once the Linux payload starts up it can implement the more complex parts, as long as the bootblock (with appropriate WP# and BP bits set on the ROM) can setup the root of trust and the romstage/ramstage/payload loading process can maintain the chain.
I am not talking about the whole TSS. Google implements only a small parts of it. Currently there are two tss in coreboot. I wanted refactor and merge them. In order to provide a trusted/measured boot we need measurement functions which are actually missing and tcpa acpi log for PCR information. Also a good documentation should be the way to go. If you want to help out feel free to work with me together on it. :)
Best Regards
-
Zaolin