diff options
Diffstat (limited to 'src/usr/secureboot/trusted/README.md')
-rw-r--r-- | src/usr/secureboot/trusted/README.md | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/src/usr/secureboot/trusted/README.md b/src/usr/secureboot/trusted/README.md new file mode 100644 index 000000000..effe75f44 --- /dev/null +++ b/src/usr/secureboot/trusted/README.md @@ -0,0 +1,74 @@ +# **'trusted'** Secureboot Services in Hostboot +This directory implements the 'trusted' boot functionality that Hostboot + provides. +It primarily does this by measuring and storing firmware images and system + data into the system's TPMs (Trusted Platform Modules). + +## Key Points +* This code measures specific information on the system, including different + firmware images that are loaded onto the system by hostboot +* These mesasurements, along with other system data, are stored in the TPMs + on the system +* This code also determines which TPMs exist on the system, if they are + functional, and initializes them +* To directly talk to the TPMs this code uses the TPM Device Driver, which + is built on top of the I2C Device Driver: + * [src/usr/i2c/tmpdd.C](../../i2c/tpmdd.C) + * [src/usr/i2c/tpmdd.H](../../i2c/tpmdd.H) + +* The **libsecureboot_trusted.so** module created here is available in + Hostboot's extended image +* However, the code in the 'base' sub-directory is built into + libsecureboot_base.so and is available in Hostboot's base image +* This module implements the interfaces defined in + [trustedbootif.H](../../../include/usr/secureboot/trustedbootif.H) + +## Files + +* __makefile__ + * Standard Hostboot makefile + +* __[README.md](./README.md)__ + * This file + +* __tpmLogMgr.C, tpmLogMgr.H__ + * Defines and implements functions around the TPM Event Log, including + adding new events, extending the log to the TPM, and moving the log to + different memory locations + +* __trustedTypes.C, trustedTypes.H__ + * Defines different structures and methods for sending and receiving data + to and from the TPM + +* __trustedboot.C, trustedboot.H__ + * Defines and implements the majority of the functions that interact with the + TPMs + * Implements the majority of the functions that verify and initialize the TPMs + +* __trustedbootCmds.C, trustedbootCmds.H__ + * Defines and implements commands sent to the TPM and then processes (aka + marshall and unmarshall) the data appropriately + +* __trustedbootUtils.C, trustedbootUtils.H__ + * Defines and implements a few utility functions like a wrapper to the TPM + Device Driver and creating trustedboot error logs. + + +## sub-directories +* __base__ + * These files create a message queue to reserve operations that can be + implemented once the full Hostboot extended code, including + libsecureboot_trusted.so, is available to process them + * These files also take the basic operations that the Hostboot base code + needs and sends them to the message queue + * __trustedboot_base.C__ + * Implements early trustedboot/TPM calls be calling into a message + queue so that they can be processed later + + * __trustedbootMsg.C, trustedbootMsg.H__ + * Defines and implements the message queue so that commands can be + processed later when libsecureboot_trusted.so is available + +* __test__ + * Standard Hostboot test directory that implements CXX Unit Tests + |