coreboot Redundancy / Intel Boot Guard compatibility / Implementation

[mkopec]

Brief description

The redundancy feature shall be compatible with Intel Boot Guard.

Brief description

This task is about ensuring that the provisioning scripts are compatible with top swap-enabled SPI flash images and resolving any incompatibilities.

With the redundancy feature, both bootblocks (normal and top swap) shall contain ACMs and be signed by Boot Guard.
Essentially, the top swap and "real" bootblock in the binary need to be be identical.

The boot guard protected ranges should be set in such a way, that only the currently active bootblock CBFS is covered by protection.

Deliverables

PR to repository containing provisioning scripts

Existing Intel Boot Guard tests should pass

[mkopec]

These are the problems to solve:

• ACMs must be added to the BOOTBLOCK/TOPSWAP regions
  • security/intel/acm/Makefile.mk: add ACMs to appropriate redundancy re… coreboot#816
• CBFS code must be aware of the split CBFS design and load files from the appropriate CBFS
  • Must be aware of the Top Swap state
• CBFS verification must be extended to also verify files loaded from the respective BOOTBLOCK/TOPSWAP regions
  • Bootblock must contain hashes for two CBFSes, main COREBOOT/COREBOOT_TS and secondary BOOTBLOCK/TOPSWAP
  • cbfstool must be aware of this
• Provisioning scripts must be extended to add ACMs to the appropriate regions and to sign both bootblocks