summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/secureboot/README.md')
-rw-r--r--src/usr/secureboot/README.md64
1 files changed, 64 insertions, 0 deletions
diff --git a/src/usr/secureboot/README.md b/src/usr/secureboot/README.md
new file mode 100644
index 000000000..979cada54
--- /dev/null
+++ b/src/usr/secureboot/README.md
@@ -0,0 +1,64 @@
+# Secureboot Services in Hostboot
+Hostboot provides multiple services to help secure the system and
+ ensure that only 'trusted' code is running on it. The multiple sub-directories
+ implement the various interfaces defined in the
+ [src/include/usr/secureboot/](../../include/usr/secureboot/) directory.
+
+## Directories
+* __base__
+ * The modules here define the core secureboot support: **defining and
+ implementing interfaces to retrieve the security state of the system**
+ * The directory is called 'base' because its contents are included in the
+ Hostboot Base Image (HBB) partition
+ * See [base/README.md](base/README.md) for more details
+
+* __common__
+ * The modules here provide common support like tracing, error callouts,
+ definitions of the secure "container" header, etc, that is used by the
+ secureboot modules in the peer directories
+ * See [common/README.md](common/README.md) for more details
+
+* __ext__
+ * The modules here provide some additional secureboot capabilities that are
+ beyond the core secureboot functionality found in the "base" directory
+ * This directory is called 'ext' because its contents are included in the
+ Hostboot Extended Image (HBI)
+ * Any module here can call into the Hostboot Base Image (ie the 'base' code
+ in the HBB partition)), but Hostboot Base Image modules cannot call into
+ these extended image modules
+ * See [ext/README.md](ext/README.md) for more details
+
+* __node_comm__
+ * The modules here implement a node-to-node communication protocol that is
+ used on multinode systems to share secureboot data between the nodes
+ * See [node_comm/README.md](node_comm/README.md) for more details
+
+* __runtime__
+ * The modules here implement a small subset of secureboot code that is used by
+ Hostboot runtime services.
+ * See [runtime/README.md](runtime/README.md) for more details
+
+* __smf__
+ * The modules here distribute different amounts of Secure SMF memory between
+ the available processors on the system based on a user-configurable petitboot
+ setting
+ * If we ever supported this on P9 FSP-based systems, the SMF memory amount
+ would be passed from the FSP to Hostboot using attributes.
+ * See [smf/README.md](smf/README.md) for more details
+
+* __trusted__
+ * The modules here define the trusted boot support which uses TPMs (Trusted
+ Platform Modules) to track what code is running on the system
+ * See [trusted/README.md](trusted/README.md) for more details
+
+## Other Files
+* __HBconfig__
+ * Standard HBconfig file that defines secureboot- and trustedboot-related
+ Hostboot compile variables
+
+* __makefile__
+ * Standard Hostboot makefile
+
+* __[README.md](./README.md)__
+ * This file
+
OpenPOWER on IntegriCloud