erebion/coreboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coreboot/src/security/vboot
History
Arthur Heymans eeacd8349c cpu/intel/fit: Add the FIT table as a separate CBFS file 
With CBnT a digest needs to be made of the IBB, Initial BootBlock, in
this case the bootblock. After that a pointer to the BPM, Boot Policy
Manifest, containing the IBB digest needs to be added to the FIT
table.

If the fit table is inside the IBB, updating it with a pointer to the
BPM, would make the digest invalid.
The proper solution is to move the FIT table out of the bootblock.

The FIT table itself does not need to be covered by the digest as it
just contains pointers to structures that can by verified by the
hardware itself, such as microcode and ACMs (Authenticated Code
Modules).

Change-Id: I352e11d5f7717147a877be16a87e9ae35ae14856
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50926
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2021-03-19 11:23:21 +00:00
..
antirollback.h security/vboot: Add new TPM NVRAM index MRC_RW_HASH_NV_INDEX 2020-10-20 23:25:50 +00:00
bootmode.c security/vboot/bootmode: Add weak fill_lb_gpios 2021-02-09 20:43:12 +00:00
common.c src/security: Remove unused <console/console.h> 2021-02-15 10:49:53 +00:00
ec_sync.c cbfs: Simplify load/map API names, remove type arguments 2020-12-02 22:13:17 +00:00
Kconfig vboot: update GBB flags to use altfw terminology 2021-02-27 09:37:49 +00:00
Makefile.inc cpu/intel/fit: Add the FIT table as a separate CBFS file 2021-03-19 11:23:21 +00:00
misc.h src/security: Drop unneeded empty lines 2020-09-21 16:26:17 +00:00
mrc_cache_hash_tpm.c mrc_cache: Add tpm_hash_index field to cache_region struct 2020-10-20 23:26:01 +00:00
mrc_cache_hash_tpm.h security/vboot: Make mrc_cache hash functions generic 2020-10-20 23:25:39 +00:00
secdata_mock.c security/vboot: Make mrc_cache hash functions generic 2020-10-20 23:25:39 +00:00
secdata_tpm.c security/vboot/secdata_tpm.c: Remove repeated word 2021-01-18 07:36:49 +00:00
symbols.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
tpm_common.c src/security: Drop unneeded empty lines 2020-09-21 16:26:17 +00:00
tpm_common.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vbnv.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vbnv.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vbnv_cmos.c coreboot_table: Move VBOOT_VBNV support 2021-02-04 08:43:39 +00:00
vbnv_ec.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vbnv_flash.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vbnv_layout.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vboot_common.c src: Remove unused 'include <boot_device.h>' 2020-08-18 12:15:10 +00:00
vboot_common.h cbfs: Add metadata cache 2020-11-21 10:43:53 +00:00
vboot_lib.c src: Change BOOL CONFIG_ to CONFIG() in comments & strings 2020-07-26 21:20:30 +00:00
vboot_loader.c cbfs: Remove prog_locate() for stages and rmodules 2021-03-16 21:45:34 +00:00
vboot_logic.c src: Add missing 'include <console/console.h>' 2020-11-17 09:01:14 +00:00
verstage.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00