[Skiboot] [RFC PATCH v3 6/6] libstb/trustedboot: Map UV image measurement to PCR4
Stewart Smith
stewart at flamingspork.com
Sun Feb 2 11:01:48 AEDT 2020
On Wed, Jan 22, 2020, at 7:13 AM, Ryan Grimm wrote:
> From: Claudio Carvalho <cclaudio at linux.ibm.com>
>
> This maps the ultravisor image to be measured to PCR4. The image is
> automatically verified and measured hen it is loaded from PNOR.
>
> Signed-off-by: Claudio Carvalho <cclaudio at linux.ibm.com>
> ---
> libstb/trustedboot.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c
> index 3f977de1..87f3b6bf 100644
> --- a/libstb/trustedboot.c
> +++ b/libstb/trustedboot.c
> @@ -45,6 +45,7 @@ static struct {
> { RESOURCE_ID_KERNEL, PCR_4},
> { RESOURCE_ID_CAPP, PCR_4},
> { RESOURCE_ID_VERSION, PCR_4}, /* Also data for Hostboot */
> + { RESOURCE_ID_UV_IMAGE, PCR_4},
> };
Is it about time we start being explicit as to the order in which these are written into the PCRs? Currently it's all implementation specific and I wonder the best way for someone to be able to create a set of PCR values for a firmware build and publish them along side it?
More information about the Skiboot
mailing list