riscv-gnu-toolchain/qemu/roms/skiboot.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2017-12-18	libstb/trustedboot.c: import tb_measure() from stb.c	Claudio Carvalho	1	-2/+2
	This imports tb_measure() from stb.c, but now it calls the CVC sha512 wrapper to calculate the sha512 hash of the firmware image provided. In trustedboot.c, the tb_measure() is renamed to trustedboot_measure(). The new function, trustedboot_measure(), no longer checks if the container payload hash calculated at boot time matches with the hash found in the container header. A few reasons: - If the system admin wants the container header to be checked/validated, the secure boot jumper must be set. Otherwise, the container header information may not be reliable. - The container layout is expected to change over time. Skiboot would need to maintain a parser for each container layout change. - Skiboot could be checking the hash against a container version that is not supported by the Container-Verification-Code (CVC). The tb_measure() calls are updated to trustedboot_measure() in a subsequent patch. Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com> Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
2017-12-18	libstb/secureboot.c: import sb_verify() from stb.c	Claudio Carvalho	1	-0/+52
	This imports the sb_verify() function from stb.c, but now it calls the CVC verify wrapper in order to verify signed firmware images. The hw-key-hash and hw-key-hash-size initialized in secureboot.c are passed to the CVC verify function wrapper. In secureboot.c, the sb_verify() is renamed to secureboot_verify(). The sb_verify() calls are updated in a subsequent patch. Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com> Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>