We are using BootGuard 1.0 in order to generate an Intel authorized Locality 3 PCR-0 measurement of the boot block, which is the self-measured root of trust for the PCR-2 measurements of Coreboot. That is, we are not using its verification feature, which would require to fuse the chip. Because there is no BootGuard profile without verification, we still have to use a dummy OEM Key for signing both the Key Manifest and the Boot Policy Manifest, so that we can get the PCR-0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package pinnerbenchmark | |
| /* | |
| inline void* ccall0() { | |
| return NULL; | |
| } | |
| inline void* ccall1(void* p) { | |
| return NULL; | |
| } |
ansiwen
/ h2_mirage.ml
Last active
July 27, 2022 19:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| open Lwt.Infix | |
| module type S = | |
| sig | |
| module Mirage : Mirage_flow.S | |
| type data = (Cstruct.t Mirage_flow.or_eof, Mirage.error) result | |
| type t | |
| val create : Mirage.flow -> t | |
| val mirage_flow : t -> Mirage.flow | |
| val read : |
ansiwen
/ enable-bootguard-measured-boot.md
Created
September 4, 2023 16:42
Enable BootGuard 1.0 on Prodive Hermes
OlderNewer