diff options
author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2016-09-28 05:01:30 -0300 |
---|---|---|
committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2016-10-10 15:29:36 +1100 |
commit | d15dd47d4a0f766282a034641621529e58ae8b25 (patch) | |
tree | 659ebfdd0e1e6c187b85f88827d468c751e23fc6 /libstb/status_codes.h | |
parent | 3837c6f0cf4cffb5de874413eed755c0c698b076 (diff) | |
download | talos-skiboot-d15dd47d4a0f766282a034641621529e58ae8b25.tar.gz talos-skiboot-d15dd47d4a0f766282a034641621529e58ae8b25.zip |
libstb: add secure and trusted boot interface
stb.c implements the libstb API, which is an API for secure and trusted boot:
- stb_init(): read secure mode and trusted mode from device tree and
load drivers accordingly
- tb_measure(): measure a resource downloaded from PNOR if trusted mode
is on. That is, an EV_ACTION event is recorded in the event log for
the mapped PCR and the sha1 and sha256 measurements are extended in
the mapped PCR.
- sb_verify(): verify the integrity and authenticity of a resource
downloaded from PNOR if secure mode is on. The boot process is aborted
if the verification fails.
- stb_final(): this is called to add marks to TPM and event log before
handover to petitboot kernel. Basically, it records an EV_SEPARATOR
event in the event log for PCR[0-7], extends the sha1 and sha256
digests of 0xFFFFFFFF in PCR[0-7], and deallocates the memory allocated
for secure and trusted boot.
For more information please refer to 'doc/stb.rst'.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb/status_codes.h')
-rw-r--r-- | libstb/status_codes.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libstb/status_codes.h b/libstb/status_codes.h index 5fd9757b..64f93259 100644 --- a/libstb/status_codes.h +++ b/libstb/status_codes.h @@ -23,9 +23,11 @@ #define STB_DRIVER_ERROR -3 /* secure boot */ +#define STB_SECURE_MODE_DISABLED 100 #define STB_VERIFY_FAILED -100 /* trusted boot */ +#define STB_TRUSTED_MODE_DISABLED 200 #define STB_EVENTLOG_FAILED -200 #define STB_PCR_EXTEND_FAILED -201 |