[Skiboot] [PATCH 00/12] Add secure and trusted boot support for habanero

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Thu Aug 11 16:30:08 AEST 2016

Habanero is the first platform that will have support to secure and
trusted boot. Hostboot already have some secure and trusted boot features
for habanero.

This patch set adds secure and trusted boot support for habanero in skiboot.
core/flash.c is extended to verify and measure all the resources downloaded
from PNOR using libstb.

For habanero, CAPP and BOOTKERNEL are the only PNOR partitions downloaded
from PNOR at boot time. So we verify and measure only these partitions.

Hardware dependencies:
* Nuvoton TPM 2.0 device (nuvoton,npct650)

Software dependencies:
* Hostboot patch to enable both TPM device and TPM device driver
* Habanero-xml patch to enable TPM.
* Currently, secure mode is not on for habanero, but when secure mode is on,
  CAPP and BOOTKERNEL partitions must have secure boot containers properly

I have a few patches and scripts that we can use for testing while all the
software dependencies above are not upstream. Please let me know if you need
them for testing.

* You may need to add 'set ALLOW_NON_COMPLIANT_DIMM' to hostboot habanero.config
in order to avoid hostboot failures related to DIMM.

Claudio Carvalho (12):
  core/init.c: Adjust offset to run BOOTKERNEL containers
  core/flash.c: Load actual partition size
  core: Add flash_subpart_info
  hw/phb3.c: Preload the whole CAPP partition
  hw/phb3.c: Adjust offset to run CAPP containers
  include/capp.h: Add #include guard
  core/flash.c: Verify and measure resources
  core/init.c: Measure 0xFFFFFFFF before skiroot run
  platforms/astbmc: Initialize libstb for habanero
  external/boot_tests: Add the partition name option -e
  external/boot_tests: Add the flash only option -f
  external/boot_tests: Add the remove lid option -r

 core/flash.c                       | 154 ++++++++++++++++++++++---------------
 core/init.c                        |  11 ++-
 external/boot-tests/bmc_support.sh |  26 ++++++-
 external/boot-tests/boot_test.sh   |  48 +++++++++---
 hw/phb3.c                          |  26 ++++++-
 include/capp.h                     |   7 +-
 include/skiboot.h                  |   4 +-
 platforms/astbmc/astbmc.h          |   1 +
 platforms/astbmc/common.c          |   7 ++
 platforms/astbmc/habanero.c        |   2 +-
 10 files changed, 207 insertions(+), 79 deletions(-)


More information about the Skiboot mailing list