diff options
author | Frans Hendriks <fhendriks@eltan.com> | 2019-07-26 07:59:05 +0200 |
---|---|---|
committer | Philipp Deppenwiese <zaolin.daisuki@gmail.com> | 2019-10-04 13:37:03 +0000 |
commit | 72b3c3c8383e4cef6e112d9fd2c990aaab1525b7 (patch) | |
tree | 3f57b7974dfcb5ce7fe23936a67c91a2b51547a9 /src/vendorcode/eltan/security/verified_boot/Kconfig | |
parent | 7c82dbcc51657806bf2117b214a490bca8eec2f8 (diff) | |
download | coreboot-72b3c3c8383e4cef6e112d9fd2c990aaab1525b7.tar.xz |
vendorcode/eltan/security/verified_boot: Add verified boot support
Create verified boot support, which includes verifiication of bootblock.
This feature use the vendorcode/eltan/security/lib.
cbfs_locator is used to init the verified boot support.
vendor_secure_prepare() and vendor_secure_locate() are used to preform the
required action in each stage.
The next lists will be used for verification:
* bootblock_verify_list
* postcar_verify_list
* romstage_verify_list
* ramstage_verify_list
BUG=N/A
TEST=Created binary and verify logging on Facebook FBG-1701
Change-Id: If6c1423b0b4a309cefb7fe7a29d5100ba289e0b4
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/30835
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Lance Zhao <lance.zhao@gmail.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Diffstat (limited to 'src/vendorcode/eltan/security/verified_boot/Kconfig')
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/Kconfig | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/src/vendorcode/eltan/security/verified_boot/Kconfig b/src/vendorcode/eltan/security/verified_boot/Kconfig new file mode 100644 index 0000000000..3177529dc9 --- /dev/null +++ b/src/vendorcode/eltan/security/verified_boot/Kconfig @@ -0,0 +1,63 @@ +## This file is part of the coreboot project. +## +## Copyright (C) 2018-2019 Eltan B.V. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +menu "Verified Boot (verified_boot)" + +config VENDORCODE_ELTAN_VBOOT + bool "Enable Verified Boot" + depends on !VBOOT + default n + +config VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST + bool "Enable Signed Manifest" + depends on VENDORCODE_ELTAN_VBOOT + default n + +config VENDORCODE_ELTAN_VBOOT_USE_SHA512 + bool "SHA512 hashes" + depends on VENDORCODE_ELTAN_VBOOT + default n + help + Use SHA512 for the vboot operations, this applies to the digest in + the manifest and the manifest digest. + +config VENDORCODE_ELTAN_OEM_MANIFEST_LOC + hex "Manifest Location" + default 0xFFFFF840 + +config VENDORCODE_ELTAN_VBOOT_MANIFEST + string "Verified boot manifest file" + default "mainboard/$(MAINBOARD_DIR)/manifest.h" + +config VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS + int "Manifest Items" + default 11 if POSTCAR_STAGE + default 10 + +config VENDORCODE_ELTAN_OEM_MANIFEST_ITEM_SIZE + int + default 64 if VENDORCODE_ELTAN_VBOOT_USE_SHA512 + default 32 + +config VENDORCODE_ELTAN_VBOOT_KEY_LOCATION + hex "Verified boot Key Location" + depends on VENDORCODE_ELTAN_VBOOT_SIGNED_MANIFEST + default 0xFFFFF500 + +config VENDORCODE_ELTAN_VBOOT_KEY_SIZE + int + default 554 if VENDORCODE_ELTAN_VBOOT_USE_SHA512 + default 520 + +endmenu # Verified Boot (verified_boot) |