[coreboot] Re: TigerLake RVP TCSS init failure

2021-02-09 Thread Guillermo Placencia
KEnviado desde HUAWEI Y6 2019 Mensaje original De: Michal Zygowski Fecha: mar., 9 feb. 2021 10:38Para: coreboot@coreboot.orgCC: wonkyu@intel.com, john.z...@intel.com, twawrzync...@google.com, furquan.m.sha...@gmail.comAsunto: [coreboot] Re: TigerLake RVP TCSS init failure

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Arthur Heymans
Hi Thanks for your input! Peter Stuge writes: > Arthur Heymans wrote: >> To make Intel CBnT (Converged Bootguard and TXT) useful in coreboot some >> tooling is required to generate both a Key Manifest (A signed binary, that >> is checked against a key fused into the ME, holding keys that OEM

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Peter Stuge
Arthur Heymans wrote: > To make Intel CBnT (Converged Bootguard and TXT) useful in coreboot some > tooling is required to generate both a Key Manifest (A signed binary, that > is checked against a key fused into the ME, holding keys that OEM can use > to sign the BPM) and a Boot Policy Manifest

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Jonathan Zhang (Infra) via coreboot
Regarding Intel approval of the content, We (Facebook) has been working with Intel to get this moved forward as soon as possible. Thanks, Jonathan From: Patrick Georgi via coreboot Reply-To: Patrick Georgi Date: Tuesday, February 9, 2021 at 2:40 AM To: Arthur Heymans Cc: coreboot Subject:

[coreboot] Re: TigerLake RVP TCSS init failure

2021-02-09 Thread Michal Zygowski
Any ideas what may be wrong? I can share more details/logs if needed. On 01.02.2021 16:48, Michal Zygowski wrote: > > Dear coreboot community, > > I have encountered problem with silicon init on Tiger Lake RVP > platform. I managed to resolve previous issues with memory > initialization and now

[coreboot] New Defects reported by Coverity Scan for coreboot

2021-02-09 Thread scan-admin--- via coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 122 new defect(s) introduced to coreboot found with Coverity Scan. 11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Christian Walter
Hi Michal, this _could_ have been a good starting point - however we decided to integrate this into the Converged Security Suite (github.com/9elements/converged-security-suite ) which already is part of coreboot as a 3rdparty module.

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Michal Zygowski
Hi Christian, On 09.02.2021 11:58, Christian Walter wrote: > Hi Michal, > > mind pointing me to the tooling you make for *creating* these manifests? > There is a whole intel_bootguard topic: https://review.coreboot.org/q/topic:intel_bootguard In particular have a look at these patches: - Tool:

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Arthur Heymans
Patrick Georgi via coreboot writes: > Am Di., 9. Feb. 2021 um 11:34 Uhr schrieb Arthur Heymans : > >  So TL;DR: >  - Is (temporarily) adding a tool to the blobs repo ok? > > If it matches the requirements of the blobs repo wrt. license terms and documentation, I don't see why not from a formal

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Christian Walter
Hi Michal, mind pointing me to the tooling you make for *creating* these manifests? Am Di., 9. Feb. 2021 um 11:46 Uhr schrieb Michal Zygowski < michal.zygow...@3mdeb.com>: > Hi, > > On 09.02.2021 11:02, Arthur Heymans wrote: > > Hi > > > > To make Intel CBnT (Converged Bootguard and TXT) useful

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Michal Zygowski
Hi, On 09.02.2021 11:02, Arthur Heymans wrote: > Hi > > To make Intel CBnT (Converged Bootguard and TXT) useful in coreboot some > tooling is required to generate both a Key Manifest (A signed binary, > that is checked > against a key fused into the ME, holding keys that OEM can use to sign the

[coreboot] Re: Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Patrick Georgi via coreboot
Am Di., 9. Feb. 2021 um 11:34 Uhr schrieb Arthur Heymans < arthur.heym...@9elements.com>: > So TL;DR: > - Is (temporarily) adding a tool to the blobs repo ok? > If it matches the requirements of the blobs repo wrt. license terms and documentation, I don't see why not from a formal perspective.

[coreboot] Intel CBnT tooling and dealing with NDA

2021-02-09 Thread Arthur Heymans
Hi To make Intel CBnT (Converged Bootguard and TXT) useful in coreboot some tooling is required to generate both a Key Manifest (A signed binary, that is checked against a key fused into the ME, holding keys that OEM can use to sign the BPM) and a Boot Policy Manifest (signed binary, has a digest