Sven Anderson ansiwen

Enable BootGuard 1.0 for PCR-0 measurement in Firmware on ProDrive Hermes Board

Operation

We are using BootGuard 1.0 in order to generate an Intel authorized Locality 3 PCR-0 measurement of the boot block, which is the self-measured root of trust for the PCR-2 measurements of Coreboot. That is, we are not using its verification feature, which would require to fuse the chip. Because there is no BootGuard profile without verification, we still have to use a dummy OEM Key for signing both the Key Manifest and the Boot Policy Manifest, so that we can get the PCR-0

Original

func myFunc() (string, error) {
	file, err := os.Open("data.json")
	if err != nil {
		return "", fmt.Errorf("open data.json: %w", err)
	}

	jsonData, err := io.ReadAll(file)

Be explicit about certainty levels in your answers. When discussing technical configurations or code, clearly indicate what you're certain about versus what you're inferring. If suggesting solutions, explain your reasoning and note potential issues. Flag any suggestions you're not completely certain about. For complex changes, recommend testing/validation approaches. The goal is preventing issues from incorrect configurations, not just providing quick answers.

	package pinnerbenchmark

	/*
	inline void* ccall0() {
	return NULL;
	}

	inline void* ccall1(void* p) {
	return NULL;
	}

	open Lwt.Infix

	module type S =
	sig
	module Mirage : Mirage_flow.S
	type data = (Cstruct.t Mirage_flow.or_eof, Mirage.error) result
	type t
	val create : Mirage.flow -> t
	val mirage_flow : t -> Mirage.flow
	val read :