soc/intel/common/cse: Update help text for CSE_OEMP_FILE

The OEM may create and sign an Audio component to extend the Audio capability provided by Intel. The manifest is then signed, and the signature and public key are entered into the header of the manifest to create the final signed component binary. This creates a secure verification mechanism where firmware verifies that the OEM Key Manifest was signed with a key owned by a trusted owner. Once OEM KM is authenticated, each public key hash stored within the OEM KM is able to authenticate the corresponding FW binary. Link to the Document: https://www.intel.com/content/www/us/en/secure/design/confidential/software-kits/kit-details.html?kitId=689893 ADL_Signing_and_Manifesting_User_Guide.pdf BUG=b:207820413 TEST:none Signed-off-by: ravindr1 <ravindra@intel.com> Change-Id: Id52b51ab1c910d70b7897eb31add8287b5b0166f Reviewed-on: https://review.coreboot.org/c/coreboot/+/60020 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@mailbox.org> Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
2021-12-10 09:11:23 +05:30 · 2021-12-10 09:11:23 +05:30 · 123312d6a5
parent 10f457af5f
commit 123312d6a5
1 changed files with 5 additions and 1 deletions
--- a/src/soc/intel/common/block/cse/Kconfig
+++ b/src/soc/intel/common/block/cse/Kconfig
@ -181,7 +181,11 @@ config CSE_BPDT_VERSION
 	  This config indicates the BPDT version used by CSE for a given SoC.

 config CSE_OEMP_FILE
-	string "Name of OEM KM file"
+	string "Name of OEM Key Manifest file"
 	default "oem_km.bin"
+	help
+	  OEM Key Manifest lists the public key hashes used for authenticating the
+	  OEM created binaries to be loaded. This binary is generated by signing with
+	  the key owned by trusted owner.

 endif