[coreboot] Measuring the bootblock and adding a verstage
Zaolin
zaolin at das-labor.org
Thu Aug 11 17:42:59 CEST 2016
On 08/11/2016 05:33 PM, Trammell Hudson wrote:
> On Thu, Aug 11, 2016 at 05:00:00PM +0200, Zaolin wrote:
>> The whole TPM stack needs to be reworked until it can used for a
>> measured boot.
> Is it necessary to import the entire complexity of TSS for the measured
> boot task of hashing the various components? Once the Linux payload
> starts up it can implement the more complex parts, as long as the
> bootblock (with appropriate WP# and BP bits set on the ROM) can setup
> the root of trust and the romstage/ramstage/payload loading process can
> maintain the chain.
I am not talking about the whole TSS. Google implements only a small
parts of it.
Currently there are two tss in coreboot. I wanted refactor and merge
them. In order
to provide a trusted/measured boot we need measurement functions which
are actually missing
and tcpa acpi log for PCR information. Also a good documentation should
be the way to go.
If you want to help out feel free to work with me together on it. :)
Best Regards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20160811/239507a7/attachment.asc>
More information about the coreboot
mailing list