validating secure boot settings
Joel Stanley
joel at jms.id.au
Fri Feb 25 15:47:07 AEDT 2022
On Mon, 21 Feb 2022 at 18:23, Andrew Geissler <geissonator at gmail.com> wrote:
>
> IBM has a feature[1] they’d like in regards to validating secure boot settings.
>
> The basic requirement is to utilize the new bmc-secure-boot GPIO defined
> within this patch[2]. If the GPIO is found, then verify the system is in secure
> mode by validating the GPIO reads 1. If it’s not a 1, then log an error.
>
> Similarly the code will also look at a sysfs file created via this patch[3] to tell
> if the system was started with secure boot enabled in the firmware. An error
> will be logged if it was not.
>
> From an IBM perspective, we only want to run these tests if we’re in what
> we consider to be the manufacturing environment. What we use to determine
> that will probably be something configurable with the code. There are a lot
> of other things that will prevent a boot if the system has secure boot enabled
> and the security checks fail. This new function is just a mechanism to
> provide a quick check to our manufacturing team that they’ve enabled
> everything as expected.
>
> So, anyone else interested in something like this? If so, any votes on where
> a good place for this logic to reside would be? We don’t have any obvious
> security repository that I can find that seems like a good fit for this.
In the future we will have applications that deal with TPM logs and
attestation. This is a precursor to that.
Names that come to mind are:
- firmware
- boot
- information
- state
- verification
firmware-state?
boot-information?
And we like putting phosphor at the start, so throw that in.
Cheers,
Joel
More information about the openbmc
mailing list