Hi Michal,
this _could_ have been a good starting point - however we decided to
integrate this into the Converged Security Suite
(github.com/9elements/converged-security-suite
<http://github.com/9elements/converged-security-suite>) which already is
part of coreboot as a 3rdparty module. However even if we _would_ extend
your tooling - NDA issues still are not resolved. As Arthur pointed out,
we would hope to integrate this as a binary as a temporary solution,
until Intel clears out the NDA issues. And also in the sense of moving
forward, I would like to choose Golang over C in this case.
Best,
Chris
Am Di., 9. Feb. 2021 um 12:14 Uhr schrieb Michal Zygowski
<michal.zygow...@3mdeb.com <mailto:michal.zygow...@3mdeb.com>>:
Hi Christian,
On 09.02.2021 11:58, Christian Walter wrote:
> Hi Michal,
>
> mind pointing me to the tooling you make for *creating* these
manifests?
>
There is a whole intel_bootguard topic:
https://review.coreboot.org/q/topic:intel_bootguard
<https://review.coreboot.org/q/topic:intel_bootguard>
In particular have a look at these patches:
- Tool: https://review.coreboot.org/c/coreboot/+/43403
<https://review.coreboot.org/c/coreboot/+/43403>
- Hook manifest creation into build system:
https://review.coreboot.org/c/coreboot/+/43404
<https://review.coreboot.org/c/coreboot/+/43404>
The manifests layout is implemented in the tool. Although it creates the
v1.0 manifests and AFAIK CBnT required v2.1 format, but this tool can be
a good base, isn't it?
Best regards,
--
Michał Żygowski
Firmware Engineer
https://3mdeb.com <https://3mdeb.com> | @3mdeb_com
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
<mailto:coreboot@coreboot.org>
To unsubscribe send an email to coreboot-le...@coreboot.org
<mailto:coreboot-le...@coreboot.org>
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org