eeacd8349c
With CBnT a digest needs to be made of the IBB, Initial BootBlock, in this case the bootblock. After that a pointer to the BPM, Boot Policy Manifest, containing the IBB digest needs to be added to the FIT table. If the fit table is inside the IBB, updating it with a pointer to the BPM, would make the digest invalid. The proper solution is to move the FIT table out of the bootblock. The FIT table itself does not need to be covered by the digest as it just contains pointers to structures that can by verified by the hardware itself, such as microcode and ACMs (Authenticated Code Modules). Change-Id: I352e11d5f7717147a877be16a87e9ae35ae14856 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/50926 Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-by: Christian Walter <christian.walter@9elements.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> |
||
|---|---|---|
| .. | ||
| common.c | ||
| getsec.c | ||
| getsec_enteraccs.S | ||
| getsec_mtrr_setup.inc | ||
| getsec_sclean.S | ||
| Kconfig | ||
| logging.c | ||
| Makefile.inc | ||
| ramstage.c | ||
| romstage.c | ||
| txt.h | ||
| txt_getsec.h | ||
| txt_platform.h | ||
| txt_register.h | ||