diff options
author | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2018-11-08 10:59:40 +0100 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2019-02-25 22:29:16 +0000 |
commit | 66f9a09916368bfab09da42ef0beed84a4bb7206 (patch) | |
tree | 57ab1cd5851055c117db7fee991d03207b28c69d /Documentation/security/vboot | |
parent | bacd57dfaf7b4c5d3bc5400dbd82b896d0ed23cc (diff) |
security/vboot: Add measured boot mode
* Introduce a measured boot mode into vboot.
* Add hook for stage measurements in prog_loader and cbfs.
* Implement and hook-up CRTM in vboot and check for suspend.
Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/29547
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'Documentation/security/vboot')
-rw-r--r-- | Documentation/security/vboot/measured_boot.md | 58 | ||||
-rw-r--r-- | Documentation/security/vboot/srtm.png | bin | 0 -> 20192 bytes |
2 files changed, 58 insertions, 0 deletions
diff --git a/Documentation/security/vboot/measured_boot.md b/Documentation/security/vboot/measured_boot.md new file mode 100644 index 0000000000..3ec3729edf --- /dev/null +++ b/Documentation/security/vboot/measured_boot.md @@ -0,0 +1,58 @@ +# Measured Boot +coreboot measured boot is implemented as Google Verified Boot extension. This +means in order to use it, vboot needs to be available for your platform. + +## IBB/CRTM +The "Initial Boot Block" or "Core Root of Trust for Measurement" is the first +code block loaded at reset vector and measured by a DRTM solution. +In case SRTM mode is active, the IBB measures itself before measuring the next +code block. In coreboot, cbfs files which are part of the IBB are identified +by a metatdata tag. This makes it possible to have platform specific IBB +measurements without hardcoding them. + +## Known Limitations +At the moment measuring IBB dynamically and FMAP partitions are not possible but +will be added later to the implementation. + +Also SoCs making use of VBOOT_RETURN_FROM_VERSTAGE are not able to use the +measured boot extension because of platform constraints. + +## SRTM Mode +The "Static Root of Trust for Measurement" is the easiest way doing measurements +by measuring code before it is loaded. + +![][srtm] + +[srtm]: srtm.png + +## DRTM Mode +The "Dynamic Root of Trust for Measurement" is realised by platform features +like Intel TXT or Boot Guard. The features provide a way of loading a signed +"Authenticated Code Module" aka signed blob. Most of these features are also +a "Trusted Execution Environment", e.g. Intel TXT. + +DRTM gives you the ability of measuring the IBB from a higher Root of Trust +instead of doing it yourself without any hardware support. + +## Platform Configuration Register +Normally PCR 0-7 are reserved for firmware usage. In coreboot we use just 4 PCR +banks in order to store the measurements. coreboot uses the SHA-1 or SHA-256 +hash algorithm depending on the TPM specification for measurements. PCR-4 to +PCR-7 are left empty. + +### PCR-0 +_Hash:_ SHA1 +_Description:_ Google VBoot GBB flags. + +### PCR-1 +_Hash:_ SHA1/SHA256 +_Description:_ Google VBoot GBB HWID. + +### PCR-2 +_Hash:_ SHA1/SHA256 +_Description:_ Core Root of Trust for Measurement which includes all stages, +data and blobs. + +### PCR-3 +_Hash:_ SHA1/SHA256 +_Description:_ Runtime data like hwinfo.hex or MRC cache. diff --git a/Documentation/security/vboot/srtm.png b/Documentation/security/vboot/srtm.png Binary files differnew file mode 100644 index 0000000000..365fa3915f --- /dev/null +++ b/Documentation/security/vboot/srtm.png |