libstb: add secure and trusted boot interface

stb.c implements the libstb API, which is an API for secure and trusted boot:

- stb_init(): read secure mode and trusted mode from device tree and
  load drivers accordingly

- tb_measure(): measure a resource downloaded from PNOR if trusted mode
  is on. That is, an EV_ACTION event is recorded in the event log for
  the mapped PCR and the sha1 and sha256 measurements are extended in
  the mapped PCR.

- sb_verify(): verify the integrity and authenticity of a resource
  downloaded from PNOR if secure mode is on. The boot process is aborted
  if the verification fails.

- stb_final(): this is called to add marks to TPM and event log before
  handover to petitboot kernel. Basically, it records an EV_SEPARATOR
  event in the event log for PCR[0-7], extends the sha1 and sha256
  digests of 0xFFFFFFFF in PCR[0-7], and deallocates the memory allocated
  for secure and trusted boot.

For more information please refer to 'doc/stb.rst'.

Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/libstb/status_codes.h b/libstb/status_codes.h
index 5fd9757b..64f93259 100644
--- a/libstb/status_codes.h
+++ b/libstb/status_codes.h
@@ -23,9 +23,11 @@
 #define STB_DRIVER_ERROR	-3
 
 /* secure boot */
+#define STB_SECURE_MODE_DISABLED	 100
 #define STB_VERIFY_FAILED  		-100
 
 /* trusted boot */
+#define STB_TRUSTED_MODE_DISABLED	 200
 #define STB_EVENTLOG_FAILED	-200
 #define STB_PCR_EXTEND_FAILED	-201