summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/trusted/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/secureboot/trusted/README.md')
-rw-r--r--src/usr/secureboot/trusted/README.md74
1 files changed, 74 insertions, 0 deletions
diff --git a/src/usr/secureboot/trusted/README.md b/src/usr/secureboot/trusted/README.md
new file mode 100644
index 000000000..effe75f44
--- /dev/null
+++ b/src/usr/secureboot/trusted/README.md
@@ -0,0 +1,74 @@
+# **'trusted'** Secureboot Services in Hostboot
+This directory implements the 'trusted' boot functionality that Hostboot
+ provides.
+It primarily does this by measuring and storing firmware images and system
+ data into the system's TPMs (Trusted Platform Modules).
+
+## Key Points
+* This code measures specific information on the system, including different
+ firmware images that are loaded onto the system by hostboot
+* These mesasurements, along with other system data, are stored in the TPMs
+ on the system
+* This code also determines which TPMs exist on the system, if they are
+ functional, and initializes them
+* To directly talk to the TPMs this code uses the TPM Device Driver, which
+ is built on top of the I2C Device Driver:
+ * [src/usr/i2c/tmpdd.C](../../i2c/tpmdd.C)
+ * [src/usr/i2c/tpmdd.H](../../i2c/tpmdd.H)
+
+* The **libsecureboot_trusted.so** module created here is available in
+ Hostboot's extended image
+* However, the code in the 'base' sub-directory is built into
+ libsecureboot_base.so and is available in Hostboot's base image
+* This module implements the interfaces defined in
+ [trustedbootif.H](../../../include/usr/secureboot/trustedbootif.H)
+
+## Files
+
+* __makefile__
+ * Standard Hostboot makefile
+
+* __[README.md](./README.md)__
+ * This file
+
+* __tpmLogMgr.C, tpmLogMgr.H__
+ * Defines and implements functions around the TPM Event Log, including
+ adding new events, extending the log to the TPM, and moving the log to
+ different memory locations
+
+* __trustedTypes.C, trustedTypes.H__
+ * Defines different structures and methods for sending and receiving data
+ to and from the TPM
+
+* __trustedboot.C, trustedboot.H__
+ * Defines and implements the majority of the functions that interact with the
+ TPMs
+ * Implements the majority of the functions that verify and initialize the TPMs
+
+* __trustedbootCmds.C, trustedbootCmds.H__
+ * Defines and implements commands sent to the TPM and then processes (aka
+ marshall and unmarshall) the data appropriately
+
+* __trustedbootUtils.C, trustedbootUtils.H__
+ * Defines and implements a few utility functions like a wrapper to the TPM
+ Device Driver and creating trustedboot error logs.
+
+
+## sub-directories
+* __base__
+ * These files create a message queue to reserve operations that can be
+ implemented once the full Hostboot extended code, including
+ libsecureboot_trusted.so, is available to process them
+ * These files also take the basic operations that the Hostboot base code
+ needs and sends them to the message queue
+ * __trustedboot_base.C__
+ * Implements early trustedboot/TPM calls be calling into a message
+ queue so that they can be processed later
+
+ * __trustedbootMsg.C, trustedbootMsg.H__
+ * Defines and implements the message queue so that commands can be
+ processed later when libsecureboot_trusted.so is available
+
+* __test__
+ * Standard Hostboot test directory that implements CXX Unit Tests
+
OpenPOWER on IntegriCloud