From d15dd47d4a0f766282a034641621529e58ae8b25 Mon Sep 17 00:00:00 2001 From: Claudio Carvalho Date: Wed, 28 Sep 2016 05:01:30 -0300 Subject: libstb: add secure and trusted boot interface stb.c implements the libstb API, which is an API for secure and trusted boot: - stb_init(): read secure mode and trusted mode from device tree and load drivers accordingly - tb_measure(): measure a resource downloaded from PNOR if trusted mode is on. That is, an EV_ACTION event is recorded in the event log for the mapped PCR and the sha1 and sha256 measurements are extended in the mapped PCR. - sb_verify(): verify the integrity and authenticity of a resource downloaded from PNOR if secure mode is on. The boot process is aborted if the verification fails. - stb_final(): this is called to add marks to TPM and event log before handover to petitboot kernel. Basically, it records an EV_SEPARATOR event in the event log for PCR[0-7], extends the sha1 and sha256 digests of 0xFFFFFFFF in PCR[0-7], and deallocates the memory allocated for secure and trusted boot. For more information please refer to 'doc/stb.rst'. Signed-off-by: Claudio Carvalho Signed-off-by: Stewart Smith --- libstb/Makefile.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libstb/Makefile.inc') diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc index cb6c30e..337b9e4 100644 --- a/libstb/Makefile.inc +++ b/libstb/Makefile.inc @@ -4,7 +4,7 @@ LIBSTB_DIR = libstb SUBDIRS += $(LIBSTB_DIR) -LIBSTB_SRCS = container.c rom.c tpm_chip.c +LIBSTB_SRCS = container.c rom.c tpm_chip.c stb.c LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o) LIBSTB = $(LIBSTB_DIR)/built-in.o -- cgit v1.1