summaryrefslogtreecommitdiff
path: root/Documentation/security/vboot
diff options
context:
space:
mode:
authorPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2018-11-08 10:59:40 +0100
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2019-02-25 22:29:16 +0000
commit66f9a09916368bfab09da42ef0beed84a4bb7206 (patch)
tree57ab1cd5851055c117db7fee991d03207b28c69d /Documentation/security/vboot
parentbacd57dfaf7b4c5d3bc5400dbd82b896d0ed23cc (diff)
security/vboot: Add measured boot mode
* Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'Documentation/security/vboot')
-rw-r--r--Documentation/security/vboot/measured_boot.md58
-rw-r--r--Documentation/security/vboot/srtm.pngbin0 -> 20192 bytes
2 files changed, 58 insertions, 0 deletions
diff --git a/Documentation/security/vboot/measured_boot.md b/Documentation/security/vboot/measured_boot.md
new file mode 100644
index 0000000000..3ec3729edf
--- /dev/null
+++ b/Documentation/security/vboot/measured_boot.md
@@ -0,0 +1,58 @@
+# Measured Boot
+coreboot measured boot is implemented as Google Verified Boot extension. This
+means in order to use it, vboot needs to be available for your platform.
+
+## IBB/CRTM
+The "Initial Boot Block" or "Core Root of Trust for Measurement" is the first
+code block loaded at reset vector and measured by a DRTM solution.
+In case SRTM mode is active, the IBB measures itself before measuring the next
+code block. In coreboot, cbfs files which are part of the IBB are identified
+by a metatdata tag. This makes it possible to have platform specific IBB
+measurements without hardcoding them.
+
+## Known Limitations
+At the moment measuring IBB dynamically and FMAP partitions are not possible but
+will be added later to the implementation.
+
+Also SoCs making use of VBOOT_RETURN_FROM_VERSTAGE are not able to use the
+measured boot extension because of platform constraints.
+
+## SRTM Mode
+The "Static Root of Trust for Measurement" is the easiest way doing measurements
+by measuring code before it is loaded.
+
+![][srtm]
+
+[srtm]: srtm.png
+
+## DRTM Mode
+The "Dynamic Root of Trust for Measurement" is realised by platform features
+like Intel TXT or Boot Guard. The features provide a way of loading a signed
+"Authenticated Code Module" aka signed blob. Most of these features are also
+a "Trusted Execution Environment", e.g. Intel TXT.
+
+DRTM gives you the ability of measuring the IBB from a higher Root of Trust
+instead of doing it yourself without any hardware support.
+
+## Platform Configuration Register
+Normally PCR 0-7 are reserved for firmware usage. In coreboot we use just 4 PCR
+banks in order to store the measurements. coreboot uses the SHA-1 or SHA-256
+hash algorithm depending on the TPM specification for measurements. PCR-4 to
+PCR-7 are left empty.
+
+### PCR-0
+_Hash:_ SHA1
+_Description:_ Google VBoot GBB flags.
+
+### PCR-1
+_Hash:_ SHA1/SHA256
+_Description:_ Google VBoot GBB HWID.
+
+### PCR-2
+_Hash:_ SHA1/SHA256
+_Description:_ Core Root of Trust for Measurement which includes all stages,
+data and blobs.
+
+### PCR-3
+_Hash:_ SHA1/SHA256
+_Description:_ Runtime data like hwinfo.hex or MRC cache.
diff --git a/Documentation/security/vboot/srtm.png b/Documentation/security/vboot/srtm.png
new file mode 100644
index 0000000000..365fa3915f
--- /dev/null
+++ b/Documentation/security/vboot/srtm.png
Binary files differ