1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
# **'trusted'** Secureboot Services in Hostboot
This directory implements the 'trusted' boot functionality that Hostboot
provides.
It primarily does this by measuring and storing firmware images and system
data into the system's TPMs (Trusted Platform Modules).
## Key Points
* This code measures specific information on the system, including different
firmware images that are loaded onto the system by hostboot
* These mesasurements, along with other system data, are stored in the TPMs
on the system
* This code also determines which TPMs exist on the system, if they are
functional, and initializes them
* To directly talk to the TPMs this code uses the TPM Device Driver, which
is built on top of the I2C Device Driver:
* [src/usr/i2c/tmpdd.C](../../i2c/tpmdd.C)
* [src/usr/i2c/tpmdd.H](../../i2c/tpmdd.H)
* The **libsecureboot_trusted.so** module created here is available in
Hostboot's extended image
* However, the code in the 'base' sub-directory is built into
libsecureboot_base.so and is available in Hostboot's base image
* This module implements the interfaces defined in
[trustedbootif.H](../../../include/usr/secureboot/trustedbootif.H)
## Files
* __makefile__
* Standard Hostboot makefile
* __[README.md](./README.md)__
* This file
* __tpmLogMgr.C, tpmLogMgr.H__
* Defines and implements functions around the TPM Event Log, including
adding new events, extending the log to the TPM, and moving the log to
different memory locations
* __trustedTypes.C, trustedTypes.H__
* Defines different structures and methods for sending and receiving data
to and from the TPM
* __trustedboot.C, trustedboot.H__
* Defines and implements the majority of the functions that interact with the
TPMs
* Implements the majority of the functions that verify and initialize the TPMs
* __trustedbootCmds.C, trustedbootCmds.H__
* Defines and implements commands sent to the TPM and then processes (aka
marshall and unmarshall) the data appropriately
* __trustedbootUtils.C, trustedbootUtils.H__
* Defines and implements a few utility functions like a wrapper to the TPM
Device Driver and creating trustedboot error logs.
## sub-directories
* __base__
* These files create a message queue to reserve operations that can be
implemented once the full Hostboot extended code, including
libsecureboot_trusted.so, is available to process them
* These files also take the basic operations that the Hostboot base code
needs and sends them to the message queue
* __trustedboot_base.C__
* Implements early trustedboot/TPM calls be calling into a message
queue so that they can be processed later
* __trustedbootMsg.C, trustedbootMsg.H__
* Defines and implements the message queue so that commands can be
processed later when libsecureboot_trusted.so is available
* __test__
* Standard Hostboot test directory that implements CXX Unit Tests
|