1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />
<title>ibm,secureboot — skiboot 9eb2874
documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css" />
<link rel="stylesheet" type="text/css" href="../_static/classic.css" />
<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>
<script src="../_static/jquery.js"></script>
<script src="../_static/underscore.js"></script>
<script src="../_static/doctools.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="IMC Device Tree Bindings" href="imc.html" />
<link rel="prev" title="sysparams" href="ibm%2Copal/sysparams.html" />
</head><body>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="imc.html" title="IMC Device Tree Bindings"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="ibm%2Copal/sysparams.html" title="sysparams"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="../index.html">skiboot 9eb2874
documentation</a> »</li>
<li class="nav-item nav-item-1"><a href="index.html" accesskey="U">Device Tree</a> »</li>
<li class="nav-item nav-item-this"><a href="">ibm,secureboot</a></li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="ibm-secureboot">
<span id="device-tree-ibm-secureboot"></span><h1>ibm,secureboot<a class="headerlink" href="#ibm-secureboot" title="Permalink to this headline">¶</a></h1>
<p>The <code class="docutils literal notranslate"><span class="pre">ìbm,secureboot</span></code> node provides secure boot and trusted boot information
up to the target OS. Further information can be found in <a class="reference internal" href="../stb.html#stb-overview"><span class="std std-ref">Secure and Trusted Boot Library (LibSTB) Documentation</span></a>.</p>
<section id="required-properties">
<h2>Required properties<a class="headerlink" href="#required-properties" title="Permalink to this headline">¶</a></h2>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>compatible: Either one of the following values:
ibm,secureboot-v1 : The container-verification-code
is stored in a secure ROM memory.
ibm,secureboot-v2 : The container-verification-code
is stored in a reserved memory.
It described by the ibm,cvc child
node.
secure-enabled: this property exists when the firmware stack is booting
in secure mode (hardware secure boot jumper asserted).
trusted-enabled: this property exists when the firmware stack is booting
in trusted mode.
hw-key-hash: hash of the three hardware public keys trusted by the
platformw owner. This is used to verify if a firmware
code is signed with trusted keys.
hw-key-hash-size: hw-key-hash size
os-secureboot-enforcing:
this property is created by the secure variable backend
if it detects a desire by the owner to requre any
images (e.g. kernels) to be signed by an appropriate
key stored in secure variables.
physical-presence-asserted:
this property exists to indicate the physical presence
of user to request key clearance.
clear-os-keys: this property exists when the firmware indicates that
physical presence is asserted to clear only Host OS
secure boot keys.
clear-all-keys: this property exists when the firmware indicates that
physical presence is asserted to clear all sensistive
data controlled by platform firmware.
clear-mfg-keys: this property exists only during manufacturing process
when the firmware indicates to clear all senstive data
during manufacturing. It is only valid on development
drivers.
</pre></div>
</div>
</section>
<section id="obsolete-properties">
<h2>Obsolete properties<a class="headerlink" href="#obsolete-properties" title="Permalink to this headline">¶</a></h2>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>hash-algo: Superseded by the hw-key-hash-size property in
'ibm,secureboot-v2'.
</pre></div>
</div>
</section>
<section id="example">
<h2>Example<a class="headerlink" href="#example" title="Permalink to this headline">¶</a></h2>
<div class="highlight-dts notranslate"><div class="highlight"><pre><span></span><span class="nc">ibm,secureboot</span> <span class="p">{</span>
<span class="nf">compatible</span> <span class="o">=</span> <span class="s">"ibm,secureboot-v2"</span><span class="p">;</span>
<span class="nf">secure-enabled</span><span class="p">;</span>
<span class="nf">trusted-enabled</span><span class="p">;</span>
<span class="nf">hw-key-hash-size</span> <span class="o">=</span> <span class="p"><</span><span class="mh">0x40</span><span class="p">>;</span>
<span class="nf">hw-key-hash</span> <span class="o">=</span> <span class="p"><</span><span class="mh">0x40d487ff</span> <span class="mh">0x7380ed6a</span> <span class="mh">0xd54775d5</span> <span class="mh">0x795fea0d</span> <span class="mh">0xe2f541fe</span>
<span class="mh">0xa9db06b8</span> <span class="mh">0x466a42a3</span> <span class="mh">0x20e65f75</span> <span class="mh">0xb4866546</span> <span class="mh">0x0017d907</span>
<span class="mh">0x515dc2a5</span> <span class="mh">0xf9fc5095</span> <span class="mh">0x4d6ee0c9</span> <span class="mh">0xb67d219d</span> <span class="mh">0xfb708535</span>
<span class="mh">0x1d01d6d1</span><span class="p">>;</span>
<span class="nf">phandle</span> <span class="o">=</span> <span class="p"><</span><span class="mh">0x100000fd</span><span class="p">>;</span>
<span class="nf">linux,phandle</span> <span class="o">=</span> <span class="p"><</span><span class="mh">0x100000fd</span><span class="p">>;</span>
<span class="p">};</span>
</pre></div>
</div>
</section>
</section>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h3><a href="../index.html">Table of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">ibm,secureboot</a><ul>
<li><a class="reference internal" href="#required-properties">Required properties</a></li>
<li><a class="reference internal" href="#obsolete-properties">Obsolete properties</a></li>
<li><a class="reference internal" href="#example">Example</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="ibm%2Copal/sysparams.html"
title="previous chapter">sysparams</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="imc.html"
title="next chapter">IMC Device Tree Bindings</a></p>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/device-tree/ibm,secureboot.rst.txt"
rel="nofollow">Show Source</a></li>
</ul>
</div>
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="../search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
<input type="submit" value="Go" />
</form>
</div>
</div>
<script>$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="imc.html" title="IMC Device Tree Bindings"
>next</a> |</li>
<li class="right" >
<a href="ibm%2Copal/sysparams.html" title="sysparams"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="../index.html">skiboot 9eb2874
documentation</a> »</li>
<li class="nav-item nav-item-1"><a href="index.html" >Device Tree</a> »</li>
<li class="nav-item nav-item-this"><a href="">ibm,secureboot</a></li>
</ul>
</div>
<div class="footer" role="contentinfo">
© Copyright 2016-2017, IBM, others.
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 4.3.2.
</div>
</body>
</html>
|
