[Skiboot] [PATCH 01/15] doc/device-tree: Add ibm, secureboot.txt
Balbir Singh
bsingharora at gmail.com
Fri Sep 2 09:41:29 AEST 2016
On 11/08/16 15:23, Claudio Carvalho wrote:
> This adds a documentation for the ibm,secureboot device tree node.
>
> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
> ---
> doc/device-tree/ibm,secureboot.txt | 42 ++++++++++++++++++++++++++++++++++++++
> 1 file changed, 42 insertions(+)
> create mode 100644 doc/device-tree/ibm,secureboot.txt
>
> diff --git a/doc/device-tree/ibm,secureboot.txt b/doc/device-tree/ibm,secureboot.txt
> new file mode 100644
> index 0000000..387cb25
> --- /dev/null
> +++ b/doc/device-tree/ibm,secureboot.txt
> @@ -0,0 +1,42 @@
> +Device tree bindings for ibm,secureboot
> +=======================================
> +
> +This node represents the presence of the ROM verification code in the
> +platform. It has properties related to secure boot and trusted boot.
> +
> +Required properties
> +-------------------
> +
> +- compatible : ibm,secureboot version. It is related to the ROM verification
> + code version.
> +
> +- hash-algo : hash algorithm used for the hw-key-hash. Aspects such as the
> + size of the hw-key-hash can be infered from this property.
> +
> +- secure-enabled : this property exists whether the system is booting on
> + secure mode.
I think the enabled explains that it is booted with enabled. May be the
documentation should first introduce what issecure boot ad then
explain the enabled property
> +
> +- trusted-enabled : this property exists whether the system is booting on
> + trusted mode.
Ditto
> +
> +- hw-key-hash : hash of three concatenated hardware public key. This is
> + required by the ROM verification code to verify images.
> +
> +Example
> +-------
> +
> +For the first version "ibm,secureboot-v1", the ROM verification code expects the
> +hw-key-hash to be a sha512 hash.
> +
> +ibm,secureboot {
> + compatible = "ibm,secureboot-v1";
> + hash-algo = "sha512";
> + secure-enabled;
> + trusted-enabled;
> + hw-key-hash = <0x40d487ff 0x7380ed6a 0xd54775d5 0x795fea0d 0xe2f541fe
> +0xa9db06b8 0x466a42a3 0x20e65f75 0xb4866546 0x17d907 0x515dc2a5 0xf9fc5095
> +0x4d6ee0c9 0xb67d219d 0xfb708535 0x1d01d6d1>;
> + phandle = <0x100000fd>;
> + linux,phandle = <0x100000fd>;
> +};
> +
>
More information about the Skiboot
mailing list