diff options
| author | Frans Hendriks <fhendriks@eltan.com> | 2019-04-05 10:00:18 +0200 |
|---|---|---|
| committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2019-06-04 10:41:53 +0000 |
| commit | 3cae9afbf91d7b164a033968350f8f60b84301b9 (patch) | |
| tree | d9d422e707912575887d601d70d47b91b91937d8 /Documentation/vendorcode | |
| parent | b2709ae0aed724278dfaa3d0af1d68e8fe18cbb1 (diff) | |
vendorcode/eltan: Add vendor code for measured and verified boot
This patch contains the general files for the vendorcode/eltan that has
been uploaded recently:
- Add eltan directory to vendorcode.
- Add documentation about the support in the vendorcode directories.
- Add the Makefile.inc and Kconfig for the vendorcode/eltan and
vendorcode/eltan/security.
BUG=N/A
TEST=Created verified binary and verify logging on Portwell PQ-M107
Change-Id: Ic1d5a21d40b6a31886777e8e9fe7b28c860f1a80
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30218
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'Documentation/vendorcode')
| -rw-r--r-- | Documentation/vendorcode/eltan/index.md | 8 | ||||
| -rw-r--r-- | Documentation/vendorcode/eltan/security.md | 39 |
2 files changed, 47 insertions, 0 deletions
diff --git a/Documentation/vendorcode/eltan/index.md b/Documentation/vendorcode/eltan/index.md new file mode 100644 index 0000000000..4484798a23 --- /dev/null +++ b/Documentation/vendorcode/eltan/index.md @@ -0,0 +1,8 @@ +# Eltan vendorcode-specific documentation + +This section contains documentation about coreboot on Eltan specific +vendorcode. + +## Sections + +- [Security](security.md) diff --git a/Documentation/vendorcode/eltan/security.md b/Documentation/vendorcode/eltan/security.md new file mode 100644 index 0000000000..04537df23c --- /dev/null +++ b/Documentation/vendorcode/eltan/security.md @@ -0,0 +1,39 @@ +# Eltan Security + +## Security +This code enables measured boot and verified boot support. +Verified boot is available in coreboot, but based on ChromeOS. This vendorcode +uses a small encryption library and leave much more space in flash for the +payload. + +## Hashing Library +The library suppports SHA-1, SHA-256 and SHA-512. The required routines of +`3rdparty/vboot/firmware/2lib` are used. + +## Measured boot +measured boot support will use TPM2 device if available. The items specified +in `mb_log_list[]` will be measured. + +## Verified boot +verified boot support will use TPM2 device if available. The items specified +in the next table will be verified: +* `bootblock_verify_list[]` +* `verify_item_t romstage_verify_list[]` +* `ram_stage_additional_list[]` +* `ramstage_verify_list[]` +* `payload_verify_list[]` +* `oprom_verify_list[]` + +## Enabling support + +* Measured boot can be enabled using **CONFIG_MBOOT** +* Create mb_log_list table with list of item to measure +* Create tables bootblock_verify_list[], verify_item_t romstage_verify_list[], + ram_stage_additional_list[], ramstage_verify_list[], payload_verify_list[], + oprom_verify_list[] +* Verified boot can be enabled using **CONFIG_VERIFIED_BOOT** +* Added Kconfig values for verbose console output + +## Debugging + +You can enable verbose console output in *menuconfig*. |