[coreboot] vboot

Akendo akendo at akendo.eu
Fri Jul 6 17:21:02 CEST 2018

Awesome Thanks!

Can you tell me what the state is with vboot for a x220 is (as an example)?

I did ask in the IRC and someone told me, that there is some work done
on this topic. Also that no code contribution are necessary, but rather
review (and testing I guess).

>From what I have seen in the code only google based laptop are supported
for vboot. More might be possible, but I wasn't able to quickly identify
them all.

>From what I have seen on the review pages, most changes there for vboot
should not affect the x220, or do I get it wrong?

Thank you everyone for reading, best regards

On 06/29/2018 08:20 PM, David Hendricks wrote:
> On Fri, Jun 29, 2018 at 8:34 AM, Akendo <akendo at akendo.eu> wrote:
>> Hey everyone,
>> I'm reading through the source code and found vboot. It should standing
>> for verified boot. However I can't find any documentation(except the
>> source code). Can anyone provide me with some explanation how to get it
>> going or to make a little more sense of it?
>> As far as I understand it needs to verify the signature against a
>> Key/CA. This key should be located within the TPM. But how should the
>> key/CA look like? Will be a classic x509 be enough?
> Hi Akendo,
> Here is some more background on vboot:
> https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot
> https://www.chromium.org/chromium-os/chromiumos-design-docs/firmware-boot-and-recovery
> In this schema usually the public key is stored in a write-protected
> region of the firmware ROM. You can store it anywhere you want so long
> as you can guarantee that it can't be tampered with in an undesirable
> way.

More information about the coreboot mailing list