[Skiboot] [PATCH 00/40] Trusted boot V3
Stewart Smith
stewart at linux.vnet.ibm.com
Mon Oct 10 19:43:41 AEDT 2016
For the record, and so the list has a copy, here's what I just pushed
up as the trusted boot patches. Individual patches should document
changes from Claudio's V2.
Claudio Carvalho (36):
doc: add initial secure and trusted boot documentation
doc/device-tree: add ibm, secureboot.rst
doc/device-tree: add tpm.rst
libc/string: add memcpy_from_ci()
asm: add Hostboot rom_entry.S
asm/rom_entry.S: fix parameters syntax
asm: add rom_entry.S to Makefile.inc
libstb: add required container header structures
libstb: add rom interface
libstb: add tpm_chip interface
libstb/drivers: add romcode driver
libstb/drivers: add tpm_i2c interface
Add i2c Nuvoton TPM 2.0 Driver
libstb/tss: add hostboot TSS code for TPM 2.0
libstb/tpm_chip.h: declare the TpmTarget type for TSS
libstb/tss: include tpm_chip.h in trustedbootCmds.H
libstb/tss: implement TSS required functions
libstb/tss: add hostboot tpmLogMgr code for TPM 2.0
libstb/tss/tpmLogMgr: disable TpmLogMgr_dumpLog()
libstb/tss/tpmLogMgr: add support for EV_SEPARATOR events
libstb/tss/tpmLogMgr.C: remove the trustedTypes.H include
libstb/tss: build TSS and tpmLogMgr
libstb/tpm_chip: add tpm_extendl()
libstb: add secure and trusted boot interface
core/init.c: adjust offset to run BOOTKERNEL containers
core/flash.c: load actual partition size
core: add flash_subpart_info()
hw/phb3.c: preload the whole CAPP partition
hw/phb3.c: adjust offset to run CAPP containers
include/capp.h: add #include guard
core/flash.c: verify and measure resources
core/init.c: measure event separator before handover to skiroot
Initialize Secure/Trusted Boot (STB) during init
external/boot_tests: add arbitrary lid option -F
external/boot_tests: add the nobooting option -N
external/boot_tests: remove lid from the BMC after flashing
Stewart Smith (4):
Add software STB "ROM" implementation for Mambo
core/init: Compute built-in/preloaded BOOTKERNEL size from ELF and do
secure/trusted boot
init: rework tb_measure/verify so can work on preloaded kernels
stb: always recompute hash of container payload and compare
.gitignore | 2 +
Makefile.main | 3 +-
asm/Makefile.inc | 2 +-
asm/rom_entry.S | 52 ++
core/flash.c | 154 +++---
core/init.c | 68 ++-
doc/device-tree/ibm,secureboot.rst | 58 ++
doc/device-tree/tpm.rst | 45 ++
doc/stb.rst | 159 ++++++
external/boot-tests/bmc_support.sh | 26 +-
external/boot-tests/boot_test.sh | 43 +-
external/mambo/skiboot.tcl | 28 +
hw/phb3.c | 28 +-
include/capp.h | 7 +-
include/skiboot.h | 4 +-
libc/include/string.h | 3 +-
libc/string/Makefile.inc | 9 +-
libc/string/memcpy_from_ci.c | 47 ++
libstb/Makefile.inc | 14 +
libstb/container.c | 85 +++
libstb/container.h | 151 +++++
libstb/drivers/Makefile.inc | 11 +
libstb/drivers/romcode.c | 138 +++++
libstb/drivers/romcode.h | 24 +
libstb/drivers/sha512.c | 480 ++++++++++++++++
libstb/drivers/sha512.h | 141 +++++
libstb/drivers/sw_driver.c | 76 +++
libstb/drivers/sw_driver.h | 24 +
libstb/drivers/tpm_i2c_interface.c | 130 +++++
libstb/drivers/tpm_i2c_interface.h | 27 +
libstb/drivers/tpm_i2c_nuvoton.c | 504 +++++++++++++++++
libstb/drivers/tpm_i2c_nuvoton.h | 22 +
libstb/rom.c | 55 ++
libstb/rom.h | 43 ++
libstb/status_codes.h | 38 ++
libstb/stb.c | 320 +++++++++++
libstb/stb.h | 74 +++
libstb/test/Makefile.check | 44 ++
libstb/test/print-stb-container.c | 206 +++++++
libstb/test/run-stb-container.c | 34 ++
libstb/test/t.container | Bin 0 -> 4096 bytes
libstb/test/t.container.out | 48 ++
libstb/tpm_chip.c | 300 ++++++++++
libstb/tpm_chip.h | 108 ++++
libstb/tss/Makefile.inc | 13 +
libstb/tss/tpmLogMgr.C | 571 +++++++++++++++++++
libstb/tss/tpmLogMgr.H | 247 +++++++++
libstb/tss/trustedTypes.C | 927 +++++++++++++++++++++++++++++++
libstb/tss/trustedTypes.H | 467 ++++++++++++++++
libstb/tss/trustedboot.H | 72 +++
libstb/tss/trustedbootCmds.C | 1009 ++++++++++++++++++++++++++++++++++
libstb/tss/trustedbootCmds.H | 177 ++++++
libstb/tss/trustedbootUtils.C | 44 ++
libstb/tss/trustedbootUtils.H | 86 +++
libstb/tss/trustedboot_reasoncodes.H | 95 ++++
55 files changed, 7443 insertions(+), 100 deletions(-)
create mode 100644 asm/rom_entry.S
create mode 100644 doc/device-tree/ibm,secureboot.rst
create mode 100644 doc/device-tree/tpm.rst
create mode 100644 doc/stb.rst
create mode 100644 libc/string/memcpy_from_ci.c
create mode 100644 libstb/Makefile.inc
create mode 100644 libstb/container.c
create mode 100644 libstb/container.h
create mode 100644 libstb/drivers/Makefile.inc
create mode 100644 libstb/drivers/romcode.c
create mode 100644 libstb/drivers/romcode.h
create mode 100644 libstb/drivers/sha512.c
create mode 100644 libstb/drivers/sha512.h
create mode 100644 libstb/drivers/sw_driver.c
create mode 100644 libstb/drivers/sw_driver.h
create mode 100644 libstb/drivers/tpm_i2c_interface.c
create mode 100644 libstb/drivers/tpm_i2c_interface.h
create mode 100644 libstb/drivers/tpm_i2c_nuvoton.c
create mode 100644 libstb/drivers/tpm_i2c_nuvoton.h
create mode 100644 libstb/rom.c
create mode 100644 libstb/rom.h
create mode 100644 libstb/status_codes.h
create mode 100644 libstb/stb.c
create mode 100644 libstb/stb.h
create mode 100644 libstb/test/Makefile.check
create mode 100644 libstb/test/print-stb-container.c
create mode 100644 libstb/test/run-stb-container.c
create mode 100644 libstb/test/t.container
create mode 100644 libstb/test/t.container.out
create mode 100644 libstb/tpm_chip.c
create mode 100644 libstb/tpm_chip.h
create mode 100644 libstb/tss/Makefile.inc
create mode 100644 libstb/tss/tpmLogMgr.C
create mode 100644 libstb/tss/tpmLogMgr.H
create mode 100644 libstb/tss/trustedTypes.C
create mode 100644 libstb/tss/trustedTypes.H
create mode 100644 libstb/tss/trustedboot.H
create mode 100644 libstb/tss/trustedbootCmds.C
create mode 100644 libstb/tss/trustedbootCmds.H
create mode 100644 libstb/tss/trustedbootUtils.C
create mode 100644 libstb/tss/trustedbootUtils.H
create mode 100644 libstb/tss/trustedboot_reasoncodes.H
--
2.7.4
More information about the Skiboot
mailing list