Hi Michal,
On Wednesday, August 7, 2019 10:06 AM, Michal Zygowski
<michal.zygow...@3mdeb.com> wrote:
> Here is an
> example:https://github.com/coreboot/coreboot/blob/master/src/mainboard/lenovo/x220/vboot-rwa.fmd
>
> Vboot is responsible for firmware verification (checks firmware signature
> blocks). The TPM measurements are only an extension to Vboot logic adopted in
> coreboot. In order to have verified boot, at least one RW partition must
> exists.
Is it possible to omit RW sections completely, letting vboot always boot into
"system recovery" (in the RO section) which is actually used for normal boot?
(I believe that stages and payloads in the RO section will be measured too when
booting into "system recovery". Please correct me if I am wrong.)
> for Measured boot, only single CBFS is fine. to support verified and measured
> boot, one RW partition is sufficient. The example linked above has the
> minimal fmap layout for verified and measured boot for Lenovo x220. SMMSTORE
> is optional as well as RW_VPD and RO_VPD (depends on use case). SI_GBE region
> is mandatory for vPRO platforms to support Gigabit Ethernet, SI_ME and
> SI_DESC are Intel ME and Flash descriptor regions, also mandatory.
Besides, at least how many bytes should be retained for the GBB section?
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
