hdata/tpmrel.c: add ibm, cvc device tree node

In P9, the Container Verification Code is stored in a hostboot reserved
memory and the list of provided CVC services is stored in the
TPMREL_IDATA_HASH_VERIF_OFFSETS idata array. Each CVC service has an
offset and version.

This adds the ibm,cvc device tree node and its documentation.

Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>

1 files changed, 47 insertions, 0 deletions

diff --git a/doc/device-tree/ibm,cvc.rst b/doc/device-tree/ibm,cvc.rst
new file mode 100644
index 0000000..c53df24
--- /dev/null
+++ b/doc/device-tree/ibm,cvc.rst
@@ -0,0 +1,47 @@
+.. _device-tree/ibm,cvc:
+
+ibm,cvc
+=======
+
+This describes the code (a.k.a container verification code) that skiboot uses
+to verify signed firmware blobs. Each ibm,cvc child node describes CVC service,
+which has a version and offset (reg).
+
+Added in the device tree from ``ibm,secureboot-v2``.
+
+Required properties
+-------------------
+
+.. code-block:: none
+
+   compatible:      should be "ibm,container-verification-code"
+
+   memory-region:   this points to the reserved memory where the
+                    container-verification-code is stored.
+
+Example
+-------
+
+.. code-block:: dts
+
+	ibm,cvc {
+		phandle = <0x10f>;
+		#address-cells = <0x1>;
+		#size-cells = <0x0>;
+		compatible = "ibm,container-verification-code";
+		memory-region = <0xaa>;
+
+		ibm,cvc-service@40 {
+			phandle = <0x110>;
+			compatible = "ibm,cvc-sha512";
+			reg = <0x40>;
+			version = <0x1>;
+		};
+
+		ibm,cvc-service@50 {
+			phandle = <0x111>;
+			compatible = "ibm,cvc-verify";
+			reg = <0x50>;
+			version = <0x1>;
+		};
+	};