We are using BootGuard 1.0 in order to generate an Intel authorized Locality 3 PCR-0 measurement of the boot block, which is the self-measured root of trust for the PCR-2 measurements of Coreboot. That is, we are not using its verification feature, which would require to fuse the chip. Because there is no BootGuard profile without verification, we still have to use a dummy OEM Key for signing both the Key Manifest and the Boot Policy Manifest, so that we can get the PCR-0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package pinnerbenchmark | |
/* | |
inline void* ccall0() { | |
return NULL; | |
} | |
inline void* ccall1(void* p) { | |
return NULL; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
open Lwt.Infix | |
module type S = | |
sig | |
module Mirage : Mirage_flow.S | |
type data = (Cstruct.t Mirage_flow.or_eof, Mirage.error) result | |
type t | |
val create : Mirage.flow -> t | |
val mirage_flow : t -> Mirage.flow | |
val read : |
OlderNewer