[coreboot-gerrit] Change in coreboot[master]: Documentation: Add Trusted Computing documentation

Patrick Rudolph (Code Review) gerrit at coreboot.org
Thu Jun 7 14:50:59 CEST 2018 

Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/26925 )

Change subject: Documentation: Add Trusted Computing documentation
......................................................................


Patch Set 1:

(12 comments)

https://review.coreboot.org/#/c/26925/1/Documentation/security/security.md
File Documentation/security/security.md:

https://review.coreboot.org/#/c/26925/1/Documentation/security/security.md@1
PS1, Line 1: .. toctree::
rename file to index.md


https://review.coreboot.org/#/c/26925/1/Documentation/security/security.md@6
PS1, Line 6: The security describes existing technologies which are shipped with coreboot.
section


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md
File Documentation/security/trusted-computing/index.md:

https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@2
PS1, Line 2: 
respect 80 chars line limit


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@3
PS1, Line 3: coreboot offers trusted computing support for the TCG specification 1.1, 1.2 and 2.0. Bus protocols like I2C, SPI and PC80 are supported by default. For more information please consult the [TCG](https://trustedcomputinggroup.org/).
bus

...based on the TCG spec...

... are supported.

... the [TCG].

[TCG]: https://trustedcomputinggroup.org/


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@7
PS1, Line 7: ![integration](code-structure.png)
Interface, not integration


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@12
PS1, Line 12: The TPM Interface Service is the driver layer communicating directly to the TPM through different bus implementations.
Bold or italic


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@22
PS1, Line 22: The TPM Software Stack is the implementation of the TPM communication protocol and commands which can be used to execute task on a TPM. Évery TPM specification has its own functionality which needs to be implemented standalone.
Every


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@92
PS1, Line 92: The normal boot flow without measured boot and vboot is done by a TPM ramstage driver which is executed at the start of BS_DEV_INIT. The ramstage driver is automatically selected if there is no vboot enabled but the TPM support is compiled into the coreboot image.
there is no vboot enabled -> vboot isn't enabled,


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@102
PS1, Line 102: coreboot does not use the official TCPA log because of limitations and specification issues. Therefore we offer two ACPI logs. The first is the standard log which is interfaced through ACPI buy bootloader and the OS. The second log is exposed via CBMEM and used by coreboot to report all measurements. To be compliant with the existing kernel TCPA ACPI log, cbmem prints the results in the same format.
cbmem logs ?


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@114
PS1, Line 114: First select one of the bus type driver:
newline before ``` due to broken markdown parsers !


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@127
PS1, Line 127: If you added it to the config. You should already see a kconfig menu under Security -> Trusted Platform Module for selecting the TPM specification. This is useful for desktop and server boards which have a TPM header with multiple specification options.
```Security -> Trusted Platform Module```
specifications -> variations


https://review.coreboot.org/#/c/26925/1/Documentation/security/trusted-computing/index.md@137
PS1, Line 137: Ǹow you are done!
Now



-- 
To view, visit https://review.coreboot.org/26925
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I8d49a113c77c08c0c703791a160704ae57e3c3f7
Gerrit-Change-Number: 26925
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Patrick Georgi <pgeorgi at google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply at coreboot.org>
Gerrit-CC: Patrick Rudolph <siro at das-labor.org>
Gerrit-Comment-Date: Thu, 07 Jun 2018 12:50:59 +0000
Gerrit-HasComments: Yes
Gerrit-HasLabels: No
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180607/bbd40b29/attachment.html>

More information about the coreboot-gerrit mailing list