Documentation: Add Intel TXT

Change-Id: I9e9606d0e4294ad3552ec3b3b44629f9e732d82b Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/33416 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Subrata Banik <subrata.banik@intel.com>
2019-06-10 20:20:29 +02:00
parent 5865e3c4e1
commit fa0ef81d15
6 changed files with 372 additions and 0 deletions
--- a/Documentation/security/intel/txt_ibb.md
+++ b/Documentation/security/intel/txt_ibb.md
@@ -0,0 +1,39 @@
+# Intel TXT Initial Boot Block
+
+The Initial Boot Block (IBB) consists out of one or more files in the CBFS.
+
+## Constraints
+
+The IBB must follow the following constrains:
+* One IBB must contain the reset vector as well as the [FIT table].
+* The IBB should be as small as possible.
+* The IBBs must not overlap each other.
+* The IBB might overlap with microcode.
+* The IBB must not overlap the BIOS ACM.
+* The IBB size must be a multiple of 16.
+* Either one of the following:
+  * The IBB must be able to train the main system memory and clear all secrets.
+  * If the IBB cannot train the main system memory it must verify the code
+    that can train the main system memory and is able to clear all secrets.
+
+## Identification
+
+To add the IBBs to the [FIT], all CBFS files are added using the `cbfstool`
+with the `--ibb` flag set.
+The flags sets the CBFS file attribute tag to LE `' IBB'`.
+
+The make system in turn adds all those files to the [FIT] as type 7.
+
+## Intel TXT measurements
+
+Each IBB is measured and extended into PCR0 by [Intel TXT], before the CPU
+reset vector is executed.
+The IBBs are measured in the order they are listed in the [FIT].
+
+## FIT schematic
+
+![][fit_ibb]
+
+[fit_ibb]: fit_ibb.svg
+[FIT]: ../../soc/intel/fit.md
+[Intel TXT]: txt.md