security/vboot: Add measured boot mode

* Introduce a measured boot mode into vboot.
* Add hook for stage measurements in prog_loader and cbfs.
* Implement and hook-up CRTM in vboot and check for suspend.

Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e
Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/29547
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Philipp Deppenwiese
2018-11-08 10:59:40 +01:00
parent bacd57dfaf
commit 66f9a09916
22 changed files with 349 additions and 37 deletions

View File

@@ -26,6 +26,22 @@ config VBOOT
if VBOOT
config VBOOT_MEASURED_BOOT
bool "Enable Measured Boot"
default n
depends on !VBOOT_MOCK_SECDATA
depends on !VBOOT_RETURN_FROM_VERSTAGE
help
Enables measured boot mode in vboot (experimental)
config VBOOT_MEASURED_BOOT_RUNTIME_DATA
string "Runtime data whitelist"
default ""
depends on VBOOT_MEASURED_BOOT
help
Runtime data whitelist of cbfs filenames. Needs to be a comma separated
list
config VBOOT_SLOTS_RW_A
bool "Firmware RO + RW_A"
help
@@ -37,7 +53,6 @@ config VBOOT_SLOTS_RW_AB
help
Have two update partitions beside the RO partition.
config VBOOT_VBNV_CMOS
bool
default n