[coreboot-gerrit] Change in ...coreboot[master]: security{tpm, verified_boot, mboot}:Add measured and verified boot.
Frans Hendriks (Code Review)
gerrit at coreboot.org
Fri Dec 14 14:16:00 CET 2018
Hello build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/30218
to look at the new patch set (#2).
Change subject: security{tpm,verified_boot,mboot}:Add measured and verified boot.
......................................................................
security{tpm,verified_boot,mboot}:Add measured and verified boot.
coreboot supports verfied boot based on ChromeOS verified boot.
No verified boot support without dependency on ChromeOS is available.
Create measured boot (security/mboot) and verified_boot
(security/verified_boot) directories. These features use the security/lib
which is a 'wrapper' using only sha1, sha256 and sha512 of
3rdparty/vboot/firmware.
prog_locate_hook() is added and used to start verified boot.
At board level can be specified with parts of SPI must be verified and/or
measured.
BUG=N/A
TEST=Created verified binary and verify logging on Portwell PQ-M107
Change-Id: Ic1d5a21d40b6a31886777e8e9fe7b28c860f1a80
Signed-off-by: Frans Hendriks <fhendriks at eltan.com>
---
M src/device/pci_device.c
M src/include/program_loading.h
M src/lib/prog_loaders.c
M src/security/Kconfig
M src/security/Makefile.inc
A src/security/include/cb_sha1.h
A src/security/include/cb_sha256.h
A src/security/include/cb_sha512.h
A src/security/include/cryptolib.h
A src/security/lib/Makefile.inc
A src/security/lib/cb_sha1.c
A src/security/lib/cb_sha256.c
A src/security/lib/cb_sha512.c
A src/security/mboot/Kconfig
A src/security/mboot/Makefile.inc
A src/security/mboot/mboot.c
A src/security/mboot/mboot.h
M src/security/tpm/tss.h
M src/security/tpm/tss/tcg-2.0/tss.c
M src/security/tpm/tss/tcg-2.0/tss_marshaling.c
M src/security/tpm/tss/tcg-2.0/tss_structures.h
A src/security/verified_boot/Kconfig
A src/security/verified_boot/Makefile.inc
A src/security/verified_boot/vboot_check.c
A src/security/verified_boot/vboot_check.h
25 files changed, 2,110 insertions(+), 23 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/18/30218/2
--
To view, visit https://review.coreboot.org/c/coreboot/+/30218
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Ic1d5a21d40b6a31886777e8e9fe7b28c860f1a80
Gerrit-Change-Number: 30218
Gerrit-PatchSet: 2
Gerrit-Owner: Frans Hendriks <fhendriks at eltan.com>
Gerrit-Reviewer: Frans Hendriks <fhendriks at eltan.com>
Gerrit-Reviewer: Martin Roth <martinroth at google.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi at google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply at coreboot.org>
Gerrit-MessageType: newpatchset
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181214/d78b7a14/attachment.html>
More information about the coreboot-gerrit
mailing list