Doc/security/vboot: Add a script generated device list

Add a script generated list of vboot enabled devices to the
documentation. Add a entry to the release checklist.

Change-Id: Ibb57d26c5f0cb8efd27ca9a97fd762c25b566f93
Signed-off-by: Marcello Sylvester Bauer <sylv@sylv.io>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39200
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
This commit is contained in:
Marcello Sylvester Bauer 2020-03-02 16:04:19 +01:00 committed by Patrick Georgi
parent 0fd179aeb1
commit e9aef1fe45
5 changed files with 283 additions and 0 deletions

View File

@ -68,6 +68,7 @@ be more frequent than was needed, so we scaled it back to twice a year.
- [ ] Test the commit selected for release.
- [ ] Update release notes with actual commit id, push to repo.
- [ ] Run release script.
- [ ] Run vboot_list script.
- [ ] Test the release from the actual release tarballs.
- [ ] Push signed Tag to repo.
- [ ] Announce that the release tag is done on IRC.

View File

@ -12,6 +12,8 @@ Google's verified boot support consists of:
Google's vboot verifies the firmware and places measurements within the TPM.
- [List of supported Devices](list_vboot.md)
***
## Root of Trust

View File

@ -0,0 +1,223 @@
# VBOOT enabled devices
## Emulation
- QEMU x86 i440fx/piix4 (aka qemu -M pc)
- QEMU x86 q35/ich9 (aka qemu -M q35, since v1.4)
## Facebook
- Facebook Monolith
## Google
- Auron_Paine (Acer C740 Chromebook)
- Auron_Yuna (Acer Chromebook 15 (C910/CB5-531))
- Buddy (Acer Chromebase 24)
- Gandof (Toshiba Chromebook 2 (2015))
- Lulu (Dell Chromebook 13 7310)
- Samus (Google Chromebook Pixel (2015))
- Mccloud (Acer Chromebox CXI)
- Monroe (LG Chromebase 22CV241 & 22CB25S)
- Panther (ASUS Chromebox CN60)
- Tricky (Dell Chromebox 3010)
- Zako (HP Chromebox G1)
- Butterfly (HP Pavilion Chromebook 14)
- Cheza
- Banon (Acer Chromebook 15 (CB3-532))
- Celes (Samsung Chromebook 3)
- Cyan (Acer Chromebook R11 (C738T))
- Edgar (Acer Chromebook 14 (CB3-431))
- Kefka (Dell Chromebook 11 3180/3189)
- Reks (Lenovo N22/N42 Chromebook)
- Relm
- Setzer (HP Chromebook 11 G5)
- Terra (ASUS Chromebook C202SA/C300SA/C301SA)
- Ultima (Lenovo Yoga 11e G3)
- Wizpig
- Daisy (Samsung Chromebook (2012))
- DragonEgg
- Drallion
- Eve (Google Pixelbook)
- Fizz
- Karma
- Endeavour
- Foster
- Gale (Google WiFi)
- Asuka (Dell Chromebook 13 3380)
- Caroline (Samsung Chromebook Pro)
- Cave (Asus Chromebook Flip C302SA)
- Chell (HP Chromebook 13 G1)
- Glados Skylake Reference Board
- Lars (Acer Chromebook 14 for Work (CP5-471))
- Sentry (Lenovo Thinkpad 13 Chromebook)
- Kevin (Samsung Chromebook Plus)
- Gru
- Bob (Asus Chromebook Flip C101PA)
- Scarlet
- Nefario
- Rainier
- Akemi
- Dratini
- Hatch
- Jinlon
- Kohaku
- Kindred
- Helios
- Mushu
- Palkia
- Nightfury
- Puff
- Helios_Diskswap
- Stryke
- Guado (ASUS Chromebox CN62)
- Jecht
- Rikku (Acer Chromebox CXI2)
- Tidus (Lenovo ThinkCentre Chromebox)
- Aleena
- Careena
- Grunt
- Liara
- Nuwani
- Treeya
- Kukui
- Krane
- Kodama
- Kakadu
- Flapjack
- Jacuzzi
- Juniper
- Kappa
- Damu
- Link (Google Chromebook Pixel (2013))
- Mistral
- Nyan
- Nyan Big (Acer Chromebook 13 (CB5-311))
- Nyan Blaze (HP Chromebook 14 G3)
- Oak
- Elm (Acer Chromebook R13)
- Hana (Lenovo N23 Yoga Chromebook)
- Parrot (Acer C7/C710 Chromebook)
- Peach Pit (Samsung Chromebook 2 11\")
- Atlas
- Poppy
- Nami
- Nautilus
- Nocturne
- Rammus
- Soraka
- Banjo (Acer Chromebook 15 (CB3-531))
- Candy (Dell Chromebook 11 3120)
- Clapper (Lenovo N20 Chromebook)
- Enguarde
- Glimmer (Lenovo ThinkPad 11e Chromebook)
- Gnawty (Acer Chromebook 11 (CB3-111/131,C730/C730E/C735))
- Heli (Haier Chromebook G2)
- Kip (HP Chromebook 11 G3 / G4 / G4 EE)
- Ninja (AOpen Chromebox Commercial)
- Orco (Lenovo 100S Chromebook)
- Quawks (ASUS Chromebook C300)
- Squawks (ASUS Chromebook C200)
- Rambi
- Sumo (AOpen Chromebase Commercial)
- Swanky (Toshiba Chromebook 2)
- Winky (Samsung Chromebook 2 (XE500C12))
- Reef/Electro (Acer Chromebook Spin 11 R751T)
- Pyro (Lenovo Thinkpad (Yoga) 11e Chromebook)
- Sand (Acer Chromebook 15 CB515-1HT/1H)
- Snappy (HP Chromebook x360 11 G1 EE)
- Nasher
- Coral
- Arcada
- Sarien
- Falco (HP Chromebook 14)
- Leon (Toshiba Chromebook)
- Peppy (Acer C720/C720P Chromebook)
- Wolf (Dell Chromebook 11)
- Smaug (Google Pixel C)
- Storm (OnHub Router TGR1900)
- Stout (Lenovo Thinkpad X131e Chromebook)
- Trogdor
- Veyron_Jaq (Haier Chromebook 11)
- Veyron_Jerry (Hisense Chromebook 11)
- Veyron_Mighty (Haier Chromebook 11(edu))
- Veyron_Minnie (ASUS Chromebook Flip C100)
- Veyron_Speedy (ASUS C201 Chromebook)
- Veyron_Mickey (Asus Chromebit CS10)
- Veyron_Rialto
## HP
- Z220 SFF Workstation
## Intel
- Basking Ridge CRB
- Cannonlake U LPDDR4 RVP
- Cannonlake Y LPDDR4 RVP
- Coffeelake U SO-DIMM DDR4 RVP
- Coffeelake H SO-DIMM DDR4 RVP11
- Whiskeylake U DDR4 RVP
- Coffeelake S U-DIMM DDR4 RVP8
- Cometlake U DDR4 RVP
- Emerald Lake 2 CRB
- Galileo
- Glkrvp
- Icelake U DDR4/LPDDR4 RVP
- Icelake Y LPDDR4 RVP
- Jasperlake DDR4/LPDDR4 RVP
- Jasperlake DDR4/LPDDR4 RVP with Chrome EC
- Kabylake LPDDR3 RVP3
- Kabylake DDR3L RVP7
- Kabylake DDR4 RVP8
- Kabylake DDR4 RVP11
- Kunimitsu
- Strago
- Tigerlake UP3 RVP
- Tigerlake UP4 RVP
- Whitetip Mountain 2 CRB
## Lenovo
- ThinkPad T400
- ThinkPad T500
- ThinkPad R400
- ThinkPad R500
- ThinkPad W500
- ThinkPad T410
- ThinkPad T420
- ThinkPad T420s
- ThinkPad T430
- ThinkPad T430s
- ThinkPad T431s
- ThinkPad T440p
- ThinkPad T520
- ThinkPad W520
- ThinkPad T530
- ThinkPad W530
- ThinkPad X131e
- ThinkPad X1 carbon gen 1
- ThinkPad X200 / X200s / X200t
- ThinkPad X301
- ThinkPad X201 / X201i / X201s / X201t
- ThinkPad X220
- ThinkPad X220i
- ThinkPad X1
- ThinkPad X230
- ThinkPad X230t
## OpenCellular
- Elgon (GBCv2)
## SAMSUNG
- Lumpy
- Stumpy
## Siemens
- MC APL1
- MC APL2
- MC APL3
- MC APL4
- MC APL5
- MC APL6
## Supermicro
- X11SSH-TF
- X11SSM-F
## UP
- Squared

View File

@ -0,0 +1,2 @@
Tools to generate a list of vboot enabled devices to the documentation
`Bash`

55
util/vboot_list/vboot_list.sh Executable file
View File

@ -0,0 +1,55 @@
#!/usr/bin/env bash
TOP="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../.. >/dev/null 2>&1 && pwd )"
MAINBOARDS="src/mainboard"
OUTPUT_FILE=${1:-$TOP/Documentation/security/vboot/list_vboot.md}
function has_vboot
{
local DIR=$1
grep -rq "config VBOOT" $DIR
return $?
}
function get_vendor_name
{
local VENDORDIR=$1
sed -n '/config VENDOR/{n;s/^[\t[:space:]]\+bool "\(.*\)"/\1/;p;}' \
$VENDORDIR/Kconfig.name
}
function get_board_name
{
local BOARDDIR=$1
sed -n '/config BOARD/{n;s/^[\t[:space:]]\+bool "\(->\s\+\)\?\(.*\)"/\2/;p;}' \
$BOARDDIR/Kconfig.name
}
function list_vboot_boards
{
local VENDORDIR=$1
for BOARD in $(ls -d $VENDORDIR/*/)
do
has_vboot $BOARD || continue
get_board_name $BOARD
done
}
function generate_vboot_list
{
for VENDOR in $(ls -d $TOP/$MAINBOARDS/*/)
do
has_vboot $VENDOR || continue
echo -e "\n## $(get_vendor_name $VENDOR)"
IFS=$'\n'
for BOARD in $(list_vboot_boards $VENDOR)
do
echo "- $BOARD"
done
done
}
(echo "# VBOOT enabled devices"; generate_vboot_list) > $OUTPUT_FILE