[Skiboot] [PATCH 01/15] doc/device-tree: Add ibm,secureboot.txt
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Thu Aug 11 15:23:43 AEST 2016
This adds a documentation for the ibm,secureboot device tree node.
Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
doc/device-tree/ibm,secureboot.txt | 42 ++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
create mode 100644 doc/device-tree/ibm,secureboot.txt
diff --git a/doc/device-tree/ibm,secureboot.txt b/doc/device-tree/ibm,secureboot.txt
new file mode 100644
index 0000000..387cb25
--- /dev/null
+++ b/doc/device-tree/ibm,secureboot.txt
@@ -0,0 +1,42 @@
+Device tree bindings for ibm,secureboot
+=======================================
+
+This node represents the presence of the ROM verification code in the
+platform. It has properties related to secure boot and trusted boot.
+
+Required properties
+-------------------
+
+- compatible : ibm,secureboot version. It is related to the ROM verification
+ code version.
+
+- hash-algo : hash algorithm used for the hw-key-hash. Aspects such as the
+ size of the hw-key-hash can be infered from this property.
+
+- secure-enabled : this property exists whether the system is booting on
+ secure mode.
+
+- trusted-enabled : this property exists whether the system is booting on
+ trusted mode.
+
+- hw-key-hash : hash of three concatenated hardware public key. This is
+ required by the ROM verification code to verify images.
+
+Example
+-------
+
+For the first version "ibm,secureboot-v1", the ROM verification code expects the
+hw-key-hash to be a sha512 hash.
+
+ibm,secureboot {
+ compatible = "ibm,secureboot-v1";
+ hash-algo = "sha512";
+ secure-enabled;
+ trusted-enabled;
+ hw-key-hash = <0x40d487ff 0x7380ed6a 0xd54775d5 0x795fea0d 0xe2f541fe
+0xa9db06b8 0x466a42a3 0x20e65f75 0xb4866546 0x17d907 0x515dc2a5 0xf9fc5095
+0x4d6ee0c9 0xb67d219d 0xfb708535 0x1d01d6d1>;
+ phandle = <0x100000fd>;
+ linux,phandle = <0x100000fd>;
+};
+
--
1.9.1
More information about the Skiboot
mailing list