3cae9afbf9
This patch contains the general files for the vendorcode/eltan that has been uploaded recently: - Add eltan directory to vendorcode. - Add documentation about the support in the vendorcode directories. - Add the Makefile.inc and Kconfig for the vendorcode/eltan and vendorcode/eltan/security. BUG=N/A TEST=Created verified binary and verify logging on Portwell PQ-M107 Change-Id: Ic1d5a21d40b6a31886777e8e9fe7b28c860f1a80 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/30218 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
1.3 KiB
1.3 KiB
Eltan Security
Security
This code enables measured boot and verified boot support. Verified boot is available in coreboot, but based on ChromeOS. This vendorcode uses a small encryption library and leave much more space in flash for the payload.
Hashing Library
The library suppports SHA-1, SHA-256 and SHA-512. The required routines of
3rdparty/vboot/firmware/2lib are used.
Measured boot
measured boot support will use TPM2 device if available. The items specified
in mb_log_list[] will be measured.
Verified boot
verified boot support will use TPM2 device if available. The items specified in the next table will be verified:
bootblock_verify_list[]verify_item_t romstage_verify_list[]ram_stage_additional_list[]ramstage_verify_list[]payload_verify_list[]oprom_verify_list[]
Enabling support
- Measured boot can be enabled using CONFIG_MBOOT
- Create mb_log_list table with list of item to measure
- Create tables bootblock_verify_list[], verify_item_t romstage_verify_list[], ram_stage_additional_list[], ramstage_verify_list[], payload_verify_list[], oprom_verify_list[]
- Verified boot can be enabled using CONFIG_VERIFIED_BOOT
- Added Kconfig values for verbose console output
Debugging
You can enable verbose console output in menuconfig.