On 08/11/2016 05:33 PM, Trammell Hudson wrote: > On Thu, Aug 11, 2016 at 05:00:00PM +0200, Zaolin wrote: >> The whole TPM stack needs to be reworked until it can used for a >> measured boot. > Is it necessary to import the entire complexity of TSS for the measured > boot task of hashing the various components? Once the Linux payload > starts up it can implement the more complex parts, as long as the > bootblock (with appropriate WP# and BP bits set on the ROM) can setup > the root of trust and the romstage/ramstage/payload loading process can > maintain the chain. I am not talking about the whole TSS. Google implements only a small parts of it. Currently there are two tss in coreboot. I wanted refactor and merge them. In order to provide a trusted/measured boot we need measurement functions which are actually missing and tcpa acpi log for PCR information. Also a good documentation should be the way to go. If you want to help out feel free to work with me together on it. :)
Best Regards
signature.asc
Description: OpenPGP digital signature
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot