summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorFrans Hendriks <fhendriks@eltan.com>2019-04-05 10:00:18 +0200
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2019-06-04 10:41:53 +0000
commit3cae9afbf91d7b164a033968350f8f60b84301b9 (patch)
treed9d422e707912575887d601d70d47b91b91937d8 /Documentation
parentb2709ae0aed724278dfaa3d0af1d68e8fe18cbb1 (diff)
downloadcoreboot-3cae9afbf91d7b164a033968350f8f60b84301b9.tar.xz
vendorcode/eltan: Add vendor code for measured and verified boot
This patch contains the general files for the vendorcode/eltan that has been uploaded recently: - Add eltan directory to vendorcode. - Add documentation about the support in the vendorcode directories. - Add the Makefile.inc and Kconfig for the vendorcode/eltan and vendorcode/eltan/security. BUG=N/A TEST=Created verified binary and verify logging on Portwell PQ-M107 Change-Id: Ic1d5a21d40b6a31886777e8e9fe7b28c860f1a80 Signed-off-by: Frans Hendriks <fhendriks@eltan.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/30218 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/vendorcode/eltan/index.md8
-rw-r--r--Documentation/vendorcode/eltan/security.md39
2 files changed, 47 insertions, 0 deletions
diff --git a/Documentation/vendorcode/eltan/index.md b/Documentation/vendorcode/eltan/index.md
new file mode 100644
index 0000000000..4484798a23
--- /dev/null
+++ b/Documentation/vendorcode/eltan/index.md
@@ -0,0 +1,8 @@
+# Eltan vendorcode-specific documentation
+
+This section contains documentation about coreboot on Eltan specific
+vendorcode.
+
+## Sections
+
+- [Security](security.md)
diff --git a/Documentation/vendorcode/eltan/security.md b/Documentation/vendorcode/eltan/security.md
new file mode 100644
index 0000000000..04537df23c
--- /dev/null
+++ b/Documentation/vendorcode/eltan/security.md
@@ -0,0 +1,39 @@
+# Eltan Security
+
+## Security
+This code enables measured boot and verified boot support.
+Verified boot is available in coreboot, but based on ChromeOS. This vendorcode
+uses a small encryption library and leave much more space in flash for the
+payload.
+
+## Hashing Library
+The library suppports SHA-1, SHA-256 and SHA-512. The required routines of
+`3rdparty/vboot/firmware/2lib` are used.
+
+## Measured boot
+measured boot support will use TPM2 device if available. The items specified
+in `mb_log_list[]` will be measured.
+
+## Verified boot
+verified boot support will use TPM2 device if available. The items specified
+in the next table will be verified:
+* `bootblock_verify_list[]`
+* `verify_item_t romstage_verify_list[]`
+* `ram_stage_additional_list[]`
+* `ramstage_verify_list[]`
+* `payload_verify_list[]`
+* `oprom_verify_list[]`
+
+## Enabling support
+
+* Measured boot can be enabled using **CONFIG_MBOOT**
+* Create mb_log_list table with list of item to measure
+* Create tables bootblock_verify_list[], verify_item_t romstage_verify_list[],
+ ram_stage_additional_list[], ramstage_verify_list[], payload_verify_list[],
+ oprom_verify_list[]
+* Verified boot can be enabled using **CONFIG_VERIFIED_BOOT**
+* Added Kconfig values for verbose console output
+
+## Debugging
+
+You can enable verbose console output in *menuconfig*.