Commit aef76a11 authored by Raptor Engineering Development Team's avatar Raptor Engineering Development Team
Browse files

Build hostboot with secure boot verification enabled by default

This retains owner control since the images are signed and verified
with the well-known public/private keypairs, but has two benefits:

1.) Component verification is enabled, which will catch corruption
    and eliminate the STB warning messages
2.) The secure boot chain is verified to work on production firmware,
    making transition on a customer-specific basis to customer keys
    a supported operation.
parent 41d344f8
......@@ -68,7 +68,7 @@ set IPLTIME_CHECKSTOP_ANALYSIS
unset CONSOLE_OUTPUT_TRACE
set CONSOLE_OUTPUT_FFDCDISPLAY
# Raptor shipped without Secure Boot
unset SECUREBOOT
# use public well-known transition keys by default
set SECUREBOOT
unset TPMDD
unset TPM_NUVOTON
......@@ -68,6 +68,8 @@ set IPLTIME_CHECKSTOP_ANALYSIS
unset CONSOLE_OUTPUT_TRACE
set CONSOLE_OUTPUT_FFDCDISPLAY
unset SECUREBOOT
# use public well-known transition keys by default
set SECUREBOOT
unset TPMDD
unset TPM_NUVOTON
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment