[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi Enrico, (list to bcc) not speaking about the technical difficulties you face with golang or the general topic of blob use here, just one thing: Don't post conspiracy theories here. Well, two things: We also do not punching here (except for cards, maybe, if we're in the mood for some retro

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi Christian, Christian Walter wrote: > thanks for the feedback. I am totally on your site that this is not an > ideal solution - however the coreboot community has to think about how > to work around these issues. I disagree; this isn't an issue for the community, it's /your/ issue in /your/

[coreboot] Re: Intel CBnT tooling and dealing with NDA

On 23.02.21 12:35, Christian Walter wrote: Hi, Stating that this just does not get merged into the tree is not a good solution, as we are not moving forward on these topics and can not compete with proprietary solutions if we are holding on to the statement that also tooling needs to be

[coreboot] Re: Intel CBnT tooling and dealing with NDA

On 09.02.21 20:40, Arthur Heymans wrote: Hi, Shell scripts are a very bad way to construct binary data structures. Maybe a python or perl script ? Being open source does not require to be public. How so, exactly ? If only a few parties have access to the source code, eg. some vendor

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi, thanks for the feedback. I am totally on your site that this is not an ideal solution - however the coreboot community has to think about how to work around these issues. Stating that this just does not get merged into the tree is not a good solution, as we are not moving forward on

[coreboot] Re: Intel CBnT tooling and dealing with NDA

On 09.02.21 13:14, Christian Walter wrote: Hi, As Arthur pointed out, we would hope to integrate this as a binary as a temporary solution, until Intel clears out the NDA issues. I really don't like this idea. As it's a special case for the time being, this can live in some extra branch,

[coreboot] Re: Intel CBnT tooling and dealing with NDA

On 09.02.21 11:02, Arthur Heymans wrote: Hi, My question to the community is if it would be ok to allow for the build system integration code for KM and BPM generation to be integrated into the master branch before the code to the tooling is made public. Please define 'integration' and 'made

[coreboot] Re: Intel CBnT tooling and dealing with NDA

On 09.02.21 20:40, Arthur Heymans wrote: > I wish we had enough leverage as a community to change the silicon > vendors way, but that is just not the case. I feel however that things > improve in the right direction. OSF on server hardware is becoming a > thing again, which was not the case at all

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi Thanks for your input! Peter Stuge writes: > Arthur Heymans wrote: >> To make Intel CBnT (Converged Bootguard and TXT) useful in coreboot some >> tooling is required to generate both a Key Manifest (A signed binary, that >> is checked against a key fused into the ME, holding keys that OEM

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Arthur Heymans wrote: > To make Intel CBnT (Converged Bootguard and TXT) useful in coreboot some > tooling is required to generate both a Key Manifest (A signed binary, that > is checked against a key fused into the ME, holding keys that OEM can use > to sign the BPM) and a Boot Policy Manifest

[coreboot] Re: Intel CBnT tooling and dealing with NDA

: [coreboot] Re: Intel CBnT tooling and dealing with NDA Am Di., 9. Feb. 2021 um 11:34 Uhr schrieb Arthur Heymans mailto:arthur.heym...@9elements.com>>: So TL;DR: - Is (temporarily) adding a tool to the blobs repo ok? If it matches the requirements of the blobs repo wrt. license

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi Michal, this _could_ have been a good starting point - however we decided to integrate this into the Converged Security Suite (github.com/9elements/converged-security-suite ) which already is part of coreboot as a 3rdparty module.

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi Christian, On 09.02.2021 11:58, Christian Walter wrote: > Hi Michal, > > mind pointing me to the tooling you make for *creating* these manifests? > There is a whole intel_bootguard topic: https://review.coreboot.org/q/topic:intel_bootguard In particular have a look at these patches: - Tool:

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Patrick Georgi via coreboot writes: > Am Di., 9. Feb. 2021 um 11:34 Uhr schrieb Arthur Heymans : > >  So TL;DR: >  - Is (temporarily) adding a tool to the blobs repo ok? > > If it matches the requirements of the blobs repo wrt. license terms and documentation, I don't see why not from a formal

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi Michal, mind pointing me to the tooling you make for *creating* these manifests? Am Di., 9. Feb. 2021 um 11:46 Uhr schrieb Michal Zygowski < michal.zygow...@3mdeb.com>: > Hi, > > On 09.02.2021 11:02, Arthur Heymans wrote: > > Hi > > > > To make Intel CBnT (Converged Bootguard and TXT) useful

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Hi, On 09.02.2021 11:02, Arthur Heymans wrote: > Hi > > To make Intel CBnT (Converged Bootguard and TXT) useful in coreboot some > tooling is required to generate both a Key Manifest (A signed binary, > that is checked > against a key fused into the ME, holding keys that OEM can use to sign the

[coreboot] Re: Intel CBnT tooling and dealing with NDA

Am Di., 9. Feb. 2021 um 11:34 Uhr schrieb Arthur Heymans < arthur.heym...@9elements.com>: > So TL;DR: > - Is (temporarily) adding a tool to the blobs repo ok? > If it matches the requirements of the blobs repo wrt. license terms and documentation, I don't see why not from a formal perspective.