[PATCH 0/3] Trusted Boot: Boot Policy Measurement.
Nayna Jain
nayna at linux.vnet.ibm.com
Thu Jun 2 19:56:55 AEST 2016
Overview:
==========
* Adds boot policy configuration measurement in bootloader
to support Trusted Boot.
* Trusted Boot is implemented in compliance with TCG Specification
for TPM 2.0 family.
* TCG Specification describes about which PCRs to be used
for recording specific measurements.
* As per the spec, PCR 5 is used for recording boot policies.
* This patch measures all boot config parameters as consumed
by petitboot.
TBD:
====
Following items are still TBD and will be submitted as different patch.
* Handling of error paths - Currently, it just logs the error paths
and actual handling will be submitted as another patch.
* Extend to TPM - The implementation of this function is experimental
and is bound to change.
Nayna Jain (3):
lib/types : Adds function to return struct config as string
lib/security: New lib for security functions.
discover/pb-discover.c:Initialize security context.
discover/Makefile.am | 4 ++-
discover/pb-discover.c | 9 ++++++
discover/pb-secure.c | 69 ++++++++++++++++++++++++++++++++++++++++
discover/pb-secure.h | 17 ++++++++++
lib/Makefile.am | 6 +++-
lib/security/crypto.c | 73 ++++++++++++++++++++++++++++++++++++++++++
lib/security/crypto.h | 22 +++++++++++++
lib/security/tpmOperations.c | 72 ++++++++++++++++++++++++++++++++++++++++++
lib/security/tpmOperations.h | 18 +++++++++++
lib/types/types.c | 75 ++++++++++++++++++++++++++++++++++++++++++++
lib/types/types.h | 3 ++
11 files changed, 366 insertions(+), 2 deletions(-)
create mode 100644 discover/pb-secure.c
create mode 100644 discover/pb-secure.h
create mode 100644 lib/security/crypto.c
create mode 100644 lib/security/crypto.h
create mode 100644 lib/security/tpmOperations.c
create mode 100644 lib/security/tpmOperations.h
--
2.5.0
More information about the Petitboot
mailing list