From 3faae52febdcea7a102a5c88e32dedc0284a22f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Thu, 18 Dec 2025 06:28:19 +0100 Subject: [PATCH 1/2] dts/features.md: Update trustroot fusing title MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Gołaś --- docs/dasharo-tools-suite/documentation/features.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/dasharo-tools-suite/documentation/features.md b/docs/dasharo-tools-suite/documentation/features.md index 7baf6d9cc8..a75a42e7a1 100644 --- a/docs/dasharo-tools-suite/documentation/features.md +++ b/docs/dasharo-tools-suite/documentation/features.md @@ -15,7 +15,7 @@ This section describes the functionality of the Dasharo Tools Suite. These are: - [Update issues](#update-issues) + [EC transition](#ec-transition) + [EC update](#ec-update) - + [Fusing the device vendor keys](#fusing-the-device-vendor-keys) + + [Fuse Platform (Dasharo TrustRoot)](#fuse-platform-dasharo-trustroot) + [Verify Intel Boot Guard key](#verify-intel-boot-guard-key) + [Additional features](#additional-features) - [Run commands from iPXE shell automatically](#run-commands-from-ipxe-shell-automatically) @@ -482,7 +482,7 @@ version. This is how we can achieve that. version: 2022-08-31_cbff21b ``` -## Fusing the device vendor keys +## Fuse Platform (Dasharo TrustRoot) DTS can be used to fuse the device vendor keys onto the SoC to enable the Dasharo TrustRoot feature. @@ -498,7 +498,7 @@ the Dasharo TrustRoot feature. The decision to fuse the keys requires the user to explicitly opt-in. Updating the firmware will never fuse the device on its own. -To perform fusing procedure: +To perform the fusing procedure: 1. Make sure a power supply is connected to the device if it is battery powered 2. Make sure the device has Dasharo firmware and the support for Dasharo From f8380f51750539826e228b30d6d5cee05ce73498 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Go=C5=82a=C5=9B?= Date: Thu, 18 Dec 2025 07:33:10 +0100 Subject: [PATCH 2/2] scripts/trustroot-support: Add script for automatic support table generation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Filip Gołaś --- scripts/trustroot-support.py | 33 +++++++++++++++++++++++++++++++++ scripts/trustroot-support.sh | 6 ++++++ 2 files changed, 39 insertions(+) create mode 100644 scripts/trustroot-support.py create mode 100644 scripts/trustroot-support.sh diff --git a/scripts/trustroot-support.py b/scripts/trustroot-support.py new file mode 100644 index 0000000000..c71c438d94 --- /dev/null +++ b/scripts/trustroot-support.py @@ -0,0 +1,33 @@ +#!/bin/bash +import sys, os, json + +if len(sys.argv) < 2: + exit(1) +repo = sys.argv[1] +configs = os.path.join(repo, "configs") + +def has_eom(model): + return "eom_path_comm_cap" in model + +eom_models = list() + +for file in os.listdir(configs): + with open(os.path.join(configs, file), "r") as file: + conf = json.load(file) + models = conf["models"] + + eom_models.extend([(m, models[m]) for m in models if has_eom(models[m])]) + + complex_models = [m for m in models if "board_models" in models[m]] + for model in complex_models: + submodels = models[model]["board_models"] + eom_submodels = [(m, submodels[m]) for m in submodels if has_eom(submodels[m])] + eom_models.extend(eom_submodels) + +if "--pretty" in sys.argv: + print('| Manufacturer | Device |') + for m in eom_models: + print(f'| {m[1]["dasharo_rel_name"].split("_")[0]} | {m[0]} |') +else: + for m in eom_models: + print(m) diff --git a/scripts/trustroot-support.sh b/scripts/trustroot-support.sh new file mode 100644 index 0000000000..3411559170 --- /dev/null +++ b/scripts/trustroot-support.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +repo=$(mktemp -d) +git clone https://github.com/Dasharo/dts-configs $repo &> /dev/null +python "$(dirname "$(realpath "$0")")"/trustroot-support.py "$repo" --pretty +rm -rf "$repo"