diff options
| author | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2021-07-05 10:19:19 +0200 |
|---|---|---|
| committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2021-07-05 10:19:19 +0200 |
| commit | 9fa5db4da847294f895a85486491ff9c78ed32c8 (patch) | |
| tree | 318a887237832553315fd8b13681451a7a00b03f | |
| parent | 7fa35d068ff9eabbf252414fd778cc4de7a4b141 (diff) | |
| parent | 64dd1dee2da507c0a686dacece81b07487a9a996 (diff) | |
| download | arm-trusted-firmware-9fa5db4da847294f895a85486491ff9c78ed32c8.tar.gz | |
Merge changes from topic "sb/measured-boot" into integration
* changes:
refactor(plat/fvp): tidy up list of images to measure
docs: explain Measured Boot dependency on Trusted Boot
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | docs/getting_started/build-options.rst | 5 | ||||
| -rw-r--r-- | plat/arm/board/fvp/fvp_measured_boot.c | 2 |
3 files changed, 7 insertions, 3 deletions
@@ -735,6 +735,9 @@ ifeq ($(CTX_INCLUDE_MTE_REGS),1) endif endif +# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the +# code taking the measurements and recording them has not been tampered +# with. This is referred to as the Root of Trust for Measurement. ifeq ($(MEASURED_BOOT),1) ifneq (${TRUSTED_BOARD_BOOT},1) $(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1) diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 584430432..86618e47e 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -469,7 +469,10 @@ Common build options the build. The default value is 40 in debug builds and 20 in release builds. - ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot - feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set. + feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well + in order to provide trust that the code taking the measurements and recording + them has not been tampered with. + This option defaults to 0 and is an experimental feature in the stage of development. diff --git a/plat/arm/board/fvp/fvp_measured_boot.c b/plat/arm/board/fvp/fvp_measured_boot.c index b145aae58..5dcadba36 100644 --- a/plat/arm/board/fvp/fvp_measured_boot.c +++ b/plat/arm/board/fvp/fvp_measured_boot.c @@ -15,12 +15,10 @@ static const image_data_t fvp_images_data[] = { { BL32_EXTRA1_IMAGE_ID, BL32_EXTRA1_IMAGE_STRING, PCR_0 }, { BL32_EXTRA2_IMAGE_ID, BL32_EXTRA2_IMAGE_STRING, PCR_0 }, { BL33_IMAGE_ID, BL33_STRING, PCR_0 }, - { GPT_IMAGE_ID, GPT_IMAGE_STRING, PCR_0 }, { HW_CONFIG_ID, HW_CONFIG_STRING, PCR_0 }, { NT_FW_CONFIG_ID, NT_FW_CONFIG_STRING, PCR_0 }, { SCP_BL2_IMAGE_ID, SCP_BL2_IMAGE_STRING, PCR_0 }, { SOC_FW_CONFIG_ID, SOC_FW_CONFIG_STRING, PCR_0 }, - { STM32_IMAGE_ID, STM32_IMAGE_STRING, PCR_0 }, { TOS_FW_CONFIG_ID, TOS_FW_CONFIG_STRING, PCR_0 }, { INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */ }; |