[Skiboot] [PATCH 00/12] Add secure and trusted boot support for habanero
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Thu Aug 11 16:30:08 AEST 2016
Habanero is the first platform that will have support to secure and
trusted boot. Hostboot already have some secure and trusted boot features
for habanero.
This patch set adds secure and trusted boot support for habanero in skiboot.
core/flash.c is extended to verify and measure all the resources downloaded
from PNOR using libstb.
For habanero, CAPP and BOOTKERNEL are the only PNOR partitions downloaded
from PNOR at boot time. So we verify and measure only these partitions.
Hardware dependencies:
* Nuvoton TPM 2.0 device (nuvoton,npct650)
Software dependencies:
* Hostboot patch to enable both TPM device and TPM device driver
* Habanero-xml patch to enable TPM.
* Currently, secure mode is not on for habanero, but when secure mode is on,
CAPP and BOOTKERNEL partitions must have secure boot containers properly
built
I have a few patches and scripts that we can use for testing while all the
software dependencies above are not upstream. Please let me know if you need
them for testing.
Throubleshooting:
* You may need to add 'set ALLOW_NON_COMPLIANT_DIMM' to hostboot habanero.config
in order to avoid hostboot failures related to DIMM.
Claudio Carvalho (12):
core/init.c: Adjust offset to run BOOTKERNEL containers
core/flash.c: Load actual partition size
core: Add flash_subpart_info
hw/phb3.c: Preload the whole CAPP partition
hw/phb3.c: Adjust offset to run CAPP containers
include/capp.h: Add #include guard
core/flash.c: Verify and measure resources
core/init.c: Measure 0xFFFFFFFF before skiroot run
platforms/astbmc: Initialize libstb for habanero
external/boot_tests: Add the partition name option -e
external/boot_tests: Add the flash only option -f
external/boot_tests: Add the remove lid option -r
core/flash.c | 154 ++++++++++++++++++++++---------------
core/init.c | 11 ++-
external/boot-tests/bmc_support.sh | 26 ++++++-
external/boot-tests/boot_test.sh | 48 +++++++++---
hw/phb3.c | 26 ++++++-
include/capp.h | 7 +-
include/skiboot.h | 4 +-
platforms/astbmc/astbmc.h | 1 +
platforms/astbmc/common.c | 7 ++
platforms/astbmc/habanero.c | 2 +-
10 files changed, 207 insertions(+), 79 deletions(-)
--
1.9.1
More information about the Skiboot
mailing list