security/vboot: Add measured boot mode
* Introduce a measured boot mode into vboot. * Add hook for stage measurements in prog_loader and cbfs. * Implement and hook-up CRTM in vboot and check for suspend. Change-Id: I339a2f1051e44f36aba9f99828f130592a09355e Signed-off-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/29547 Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
@@ -26,6 +26,22 @@ config VBOOT
|
||||
|
||||
if VBOOT
|
||||
|
||||
config VBOOT_MEASURED_BOOT
|
||||
bool "Enable Measured Boot"
|
||||
default n
|
||||
depends on !VBOOT_MOCK_SECDATA
|
||||
depends on !VBOOT_RETURN_FROM_VERSTAGE
|
||||
help
|
||||
Enables measured boot mode in vboot (experimental)
|
||||
|
||||
config VBOOT_MEASURED_BOOT_RUNTIME_DATA
|
||||
string "Runtime data whitelist"
|
||||
default ""
|
||||
depends on VBOOT_MEASURED_BOOT
|
||||
help
|
||||
Runtime data whitelist of cbfs filenames. Needs to be a comma separated
|
||||
list
|
||||
|
||||
config VBOOT_SLOTS_RW_A
|
||||
bool "Firmware RO + RW_A"
|
||||
help
|
||||
@@ -37,7 +53,6 @@ config VBOOT_SLOTS_RW_AB
|
||||
help
|
||||
Have two update partitions beside the RO partition.
|
||||
|
||||
|
||||
config VBOOT_VBNV_CMOS
|
||||
bool
|
||||
default n
|
||||
|
Reference in New Issue
Block a user