use coreboot vboot measured boot #562
Description
the goal here is basically to close #41 . Currently we have https://github.com/osresearch/heads/blob/master/patches/coreboot-4.8.1/0000-measuredboot.patch that allows us to do measurements in initrd. We can still continue to use this on top of a recent release of coreboot and should do so, and update coreboot independently of this task!
Now since https://review.coreboot.org/c/coreboot/+/29547 and https://review.coreboot.org/q/topic:%22LENOVO_VBOOT%22+(status:open%20OR%20status:merged) coreboot allows to measure boot as part of the vboot scheme. Even if we won't use parts of vboot (keys in GBB), but only the measured-boot part, it would make sense to use a well-define upstream maintained solution.
A different FMAP (fmd file) is being used in that case:
vboot basically supports 3 different parition schemes (FMAP) to choose from, that defines what funcitonality will be available. "RW_A and RW_B" (which would enable updates) is out of scope for us due to size limitation. "RW_A only" would theoretically be possible, but would also impose at least some unnecessary size limitations and also, we would not need to have a pre-defined static "RO" seperate of "RW_A". Our root of trust will be just Heads itself with it's code up until the point where we will enable write-protection for the SPI flash. Basically, our flashrom update-scripts need to run before that. The paritioning scheme to use for use will most likely be "RO only" (even if it's no static read-only, but locks the flash at some point).
I only quickly tried to write an appropriate "vboot_ro.fmd" file (not yet merged upstream) for the x230. "RO only" still reduces the available CBFS size for coreboot+payload a little, in order to fit into the vboot mechanism and I ran into problems with building because our kernel+initrd are just a little to big:
FLASH@0xff400000 0xc00000 {
SI_ALL@0x0 0x500000 {
SI_DESC@0x0 0x1000
SI_GBE@0x1000 0x2000
SI_ME@0x3000 0x4ed000
}
SI_BIOS@0x500000 0x700000 {
WP_RO@0x0 0x700000 {
FMAP@0x0 0x800
RO_FRID@0x800 0x40
RO_PADDING@0x840 0x7c0
RO_VPD(PRESERVE)@0x1000 0x1000
GBB@0x2000 0x1e000
COREBOOT(CBFS)@0x20000 0x6e0000
}
}
}
Would this be enough? / Can this work?
So first, it seems like we need to reduce the size (of the x230 build). Mostl probably Linux.
And of course have a working fmd "ro" file (merged) and thus a working build. The tpm tools should still work, but what changes are needed in userspace for us to test this?
Please question everything I write here! I could be totally wrong about things and just want input from you if you know better. I hardly have had any time to look into this. Let's move forward and get rid of your patches.
