1.. _device-tree/ibm,secureboot: 2 3ibm,secureboot 4============== 5 6The ``ìbm,secureboot`` node provides secure boot and trusted boot information 7up to the target OS. Further information can be found in :ref:`stb-overview`. 8 9Required properties 10------------------- 11 12.. code-block:: none 13 14 compatible: Either one of the following values: 15 16 ibm,secureboot-v1 : The container-verification-code 17 is stored in a secure ROM memory. 18 19 ibm,secureboot-v2 : The container-verification-code 20 is stored in a reserved memory. 21 It described by the ibm,cvc child 22 node. 23 24 secure-enabled: this property exists when the firmware stack is booting 25 in secure mode (hardware secure boot jumper asserted). 26 27 trusted-enabled: this property exists when the firmware stack is booting 28 in trusted mode. 29 30 hw-key-hash: hash of the three hardware public keys trusted by the 31 platformw owner. This is used to verify if a firmware 32 code is signed with trusted keys. 33 34 hw-key-hash-size: hw-key-hash size 35 36 37Obsolete properties 38------------------- 39 40.. code-block:: none 41 42 hash-algo: Superseded by the hw-key-hash-size property in 43 'ibm,secureboot-v2'. 44 45Example 46------- 47 48.. code-block:: dts 49 50 ibm,secureboot { 51 compatible = "ibm,secureboot-v2"; 52 secure-enabled; 53 trusted-enabled; 54 hw-key-hash-size = <0x40>; 55 hw-key-hash = <0x40d487ff 0x7380ed6a 0xd54775d5 0x795fea0d 0xe2f541fe 56 0xa9db06b8 0x466a42a3 0x20e65f75 0xb4866546 0x0017d907 57 0x515dc2a5 0xf9fc5095 0x4d6ee0c9 0xb67d219d 0xfb708535 58 0x1d01d6d1>; 59 phandle = <0x100000fd>; 60 linux,phandle = <0x100000fd>; 61 }; 62