From cc255b9f85c1bed5ad57dea9dfe896c2f4caaab7 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Thu, 10 Jun 2021 11:18:04 +0200 Subject: [PATCH] docs: explain Measured Boot dependency on Trusted Boot Change-Id: I04d9439d5967e93896dfdb0f3d7b0aec96c743f9 Signed-off-by: Sandrine Bailleux --- Makefile | 3 +++ docs/getting_started/build-options.rst | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 017fc659e..2ec988e0b 100644 --- a/Makefile +++ b/Makefile @@ -735,6 +735,9 @@ ifeq ($(CTX_INCLUDE_MTE_REGS),1) endif endif +# Trusted Boot is a prerequisite for Measured Boot. It provides trust that the +# code taking the measurements and recording them has not been tampered +# with. This is referred to as the Root of Trust for Measurement. ifeq ($(MEASURED_BOOT),1) ifneq (${TRUSTED_BOARD_BOOT},1) $(error MEASURED_BOOT requires TRUSTED_BOARD_BOOT=1) diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 99fc21db3..6f60a8e38 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -463,7 +463,10 @@ Common build options the build. The default value is 40 in debug builds and 20 in release builds. - ``MEASURED_BOOT``: Boolean flag to include support for the Measured Boot - feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set. + feature. If this flag is enabled ``TRUSTED_BOARD_BOOT`` must be set as well + in order to provide trust that the code taking the measurements and recording + them has not been tampered with. + This option defaults to 0 and is an experimental feature in the stage of development.