Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protectli vault cml/txt support #368

Merged
merged 18 commits into from
Sep 25, 2023
Merged

Protectli vault cml/txt support #368

merged 18 commits into from
Sep 25, 2023

Conversation

miczyg1
Copy link
Contributor

@miczyg1 miczyg1 commented Aug 7, 2023

No description provided.

@miczyg1
security/intel/txt: Add missing information and improve logging
af70d7e 
Signed-off-by: Michał Żygowski <[email protected]>
@miczyg1
security/intel/txt: Handle TPM properly when vboot enabled
808601d 
Signed-off-by: Michał Żygowski <[email protected]>
@miczyg1
soc/intel/cannonlake: Add SoC-specific settings for TXT
0ffa231 
Signed-off-by: Michał Żygowski <[email protected]>
@miczyg1
mainboard/protectli/vault_cml: Configure FSP params for Intel TXT
3665615 
Signed-off-by: Michał Żygowski <[email protected]>
@miczyg1
cpu/x86/mp_init: Add code to restart APs
0adef6f 
Signed-off-by: Michał Żygowski <[email protected]>
@miczyg1
security/intel/txt: Restart APs after successful SCHECK
8e9b9f0 
Signed-off-by: Michał Żygowski <[email protected]>
@miczyg1
src/security/intel/txt/ramstage.c: Fix the IBB measurement logging
724927c 
Signed-off-by: Michał Żygowski <[email protected]>
@miczyg1
Copy link
Contributor Author

miczyg1 commented Aug 7, 2023

Boots fine to Linux, gets past SCHECK when TPM is provisioned. DRTM measured launch untested yet

@miczyg1 miczyg1 force-pushed the protectli_vault_cml/txt_support branch from 0d52131 to c146051 Compare August 7, 2023 12:13
@miczyg1 miczyg1 temporarily deployed to Protectli August 7, 2023 12:14 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli August 7, 2023 12:14 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli August 10, 2023 11:09 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli August 10, 2023 11:09 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli August 16, 2023 08:14 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli August 16, 2023 08:14 — with GitHub Actions Inactive
@miczyg1 miczyg1 force-pushed the protectli_vault_cml/txt_support branch from 3f815a1 to c7540a7 Compare September 2, 2023 14:44
@miczyg1 miczyg1 temporarily deployed to Protectli September 2, 2023 14:44 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli September 2, 2023 14:44 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli September 4, 2023 12:14 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli September 4, 2023 12:14 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli September 4, 2023 12:27 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli September 4, 2023 12:27 — with GitHub Actions Inactive
@miczyg1
Copy link
Contributor Author

miczyg1 commented Sep 4, 2023

Finally managed to launch with TBOOT:

txt-stat.log

@miczyg1 miczyg1 requested review from mkopec and macpijan and removed request for krystian-hebel September 4, 2023 12:42
SergiiDmytruk
SergiiDmytruk approved these changes Sep 13, 2023
View reviewed changes
Copy link
Member

@SergiiDmytruk SergiiDmytruk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall the changes make sense to me. I didn't go into comparing definitions, values and behaviour against the specs given that the code seems to work.

@miczyg1 miczyg1 merged commit 0cc0bc9 into protectli_vault_cml/develop Sep 25, 2023
2 checks passed
@miczyg1 miczyg1 deleted the protectli_vault_cml/txt_support branch September 25, 2023 07:46
@miczyg1 miczyg1 temporarily deployed to Protectli September 25, 2023 07:46 — with GitHub Actions Inactive
@miczyg1 miczyg1 temporarily deployed to Protectli September 25, 2023 07:46 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SergiiDmytruk SergiiDmytruk SergiiDmytruk approved these changes

@mkopec mkopec Awaiting requested review from mkopec

@macpijan macpijan Awaiting requested review from macpijan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@miczyg1 @SergiiDmytruk