[Skiboot] [PATCH 01/15] doc/device-tree: Add ibm, secureboot.txt
stewart at linux.vnet.ibm.com
Tue Sep 6 17:15:29 AEST 2016
Claudio Carvalho <cclaudio at linux.vnet.ibm.com> writes:
> On 09/01/2016 05:46 AM, Stewart Smith wrote:
>> Claudio Carvalho <cclaudio at linux.vnet.ibm.com> writes:
>>> This adds a documentation for the ibm,secureboot device tree node.
>>> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
>>> doc/device-tree/ibm,secureboot.txt | 42 ++++++++++++++++++++++++++++++++++++++
>>> 1 file changed, 42 insertions(+)
>>> create mode 100644 doc/device-tree/ibm,secureboot.txt
>>> diff --git a/doc/device-tree/ibm,secureboot.txt b/doc/device-tree/ibm,secureboot.txt
>>> new file mode 100644
>>> index 0000000..387cb25
>>> --- /dev/null
>>> +++ b/doc/device-tree/ibm,secureboot.txt
>> (minor point, but we recently switched to rst formatted docs. I'm not
>> too fussed if you move it over to .rst or not, I can do that with merge)
>>> @@ -0,0 +1,42 @@
>>> +Device tree bindings for ibm,secureboot
>>> +This node represents the presence of the ROM verification code in the
>>> +platform. It has properties related to secure boot and trusted boot.
>> Could you expand a bit on what you mean by ROM? (or point to the
>> Maybe something like:
>> "In a secure ROM flashed during manufacturing, there may exist some code
>> for secure/trusted boot. On POWER8, the presence of this code is announced to
>> skiboot (by HostBoot) by the ibm,secureboot node."
> I can replace the first paragraph by this in the V2:
> "Secure boot and trusted boot relies on a code burned in a secure ROM at
> manufacture time to verify and measure other codes before they are
> executed. This ROM code is also referred to as ROM verification code.
> On POWER8, the presence of the ROM code is announced to skiboot (by
> Hostboot) by the ibm,secureboot node.
> If the system is booting up in secure mode, the ROM code is called for
> secure boot to verify the integrity and authenticity of a code before it
> is executed.
> If the system is booting up in trusted mode, the ROM code is called for
> trusted boot to calculate the sha512 hash of a code before it is executed.
> For further information about secure boot and trusted boot please refer
> to 'doc/stb.rst'."
> What do you think?
I think that's better.
OPAL Architect, IBM.
More information about the Skiboot