Added templating for section-xxx tags.

Security Blueprint doc uses specific tags to display arrays (see docs/security-blueprint/README.md) Signed-off-by: Sebastien Douheret <sebastien.douheret@iot.bzh>
author: Sebastien Douheret <sebastien.douheret@iot.bzh> 2017-12-08 17:40:04 +0100
committer: Sebastien Douheret <sebastien.douheret@iot.bzh> 2017-12-08 17:40:35 +0100
commit: df4bdd6e9e5669451e7f60ecdc5c9e0d25e3f726 (patch)
tree: ab9ab609538816b61789ace9e5ad280cd1727a83 /security-blueprint/part-2
parent: 981e9b9c4a40e248733d45cfedc6a512bdf95f5e (diff)
4 files changed, 26 insertions, 26 deletions
diff --git a/security-blueprint/part-2/0_Abstract.md b/security-blueprint/part-2/0_Abstract.md
index 5ebb750..4574ecf 100644
--- a/security-blueprint/part-2/0_Abstract.md
+++ b/security-blueprint/part-2/0_Abstract.md
@@ -2,13 +2,13 @@
 
 ## Abstract
 
-<!-- todo -->
+<!-- section-todo -->
 
 Domain          | Improvement
 --------------- | ----------------------------------------------------
 Boot-Abstract-1 | More generic and add examples (The chain of trust).
 
-<!-- endtodo -->
+<!-- end-section-todo -->
 
 **Boot Hardening**: Steps/requirements to configure the boot sequence, in order
 to restrict the device from executing anything other than the approved software
@@ -29,13 +29,13 @@ they may be upgraded to requirements status in the future. In addition, specific
 operators may change some of these recommendations into requirements based on
 their specific needs and objectives.
 
-<!-- todo -->
+<!-- section-todo -->
 
 Domain          | Improvement
 --------------- | -------------------------------------------
 Boot-Abstract-1 | Review the definition of the "boot loader".
 
-<!-- endtodo -->
+<!-- end-section-todo -->
 
 **Boot loader**: The boot loader consists of the Primary boot loader residing
 in **OTP** memory, sboot, U-Boot and Secure loader residing in external flash
diff --git a/security-blueprint/part-2/1-Image.md b/security-blueprint/part-2/1-Image.md
index c0eb0b6..453b397 100644
--- a/security-blueprint/part-2/1-Image.md
+++ b/security-blueprint/part-2/1-Image.md
@@ -8,14 +8,14 @@ as specified in the boot environment.
 In U-Boot set the "_bootdelay_" environment variable and/or define
 `CONFIG_BOOTDELAY` to _-2_.
 
-<!-- config -->
+<!-- section-config -->
 
 Domain                 | _Variable_ / `Config` name | `Value`
 ---------------------- | -------------------------- | -------
 Boot-Image-Selection-1 | `CONFIG_BOOTDELAY`         | `-2`
 Boot-Image-Selection-2 | _bootdelay_                | `-2`
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 --------------------------------------------------------------------------------
 
@@ -38,7 +38,7 @@ CONFIG_DEFAULT_DEVICE_TREE: Specifies the default Device Tree used for the run-t
 Generate the U-Boot image with public keys to validate and load the image. It
 shall use RSA2048 and SHA256 for authentication.
 
-<!-- config -->
+<!-- section-config -->
 
 Domain                    | `Config` name                | _State_
 ------------------------- | ---------------------------- | --------
@@ -49,4 +49,4 @@ Boot-Image-Authenticity-4 | `CONFIG_OF_CONTROL`          | _Enable_
 Boot-Image-Authenticity-5 | `CONFIG_OF_SEPARATE`         | _Enable_
 Boot-Image-Authenticity-6 | `CONFIG_DEFAULT_DEVICE_TREE` | _Enable_
 
-<!-- endconfig -->
+<!-- end-section-config -->
diff --git a/security-blueprint/part-2/2-Communication-modes.md b/security-blueprint/part-2/2-Communication-modes.md
index d3a823c..d3539f8 100644
--- a/security-blueprint/part-2/2-Communication-modes.md
+++ b/security-blueprint/part-2/2-Communication-modes.md
@@ -21,7 +21,7 @@ required USB devices. User-initiated USB-filesystems should be treated with
 special care. Whether or not the filesystems are mounted in userspace
 (**FUSE**), restricted mount options should be observed.
 
-<!-- config -->
+<!-- section-config -->
 
 Domain               | Communication modes       | _State_
 -------------------- | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------
@@ -31,7 +31,7 @@ Boot-Communication-3 | `Ethernet`                | _Disabled_
 Boot-Communication-4 | U-boot and sboot `DOCSIS` | _Disabled_
 Boot-Communication-5 | `Serial ports`            | _Disabled_
 
-<!-- endconfig --> <!-- config -->
+<!-- end-section-config --> <!-- section-config -->
 
 Domain                   | `Config` name           | _State_
 ------------------------ | ----------------------- | -------------
@@ -41,7 +41,7 @@ Boot-Communication-USB-3 | `CONFIG_USB_KEYBOARD`   | _Not defined_
 Boot-Communication-USB-4 | `CONFIG_USB_STORAGE`    | _Not defined_
 Boot-Communication-USB-5 | `CONFIG_USB_HOST_ETHER` | _Not defined_
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 --------------------------------------------------------------------------------
 
@@ -50,25 +50,25 @@ Boot-Communication-USB-5 | `CONFIG_USB_HOST_ETHER` | _Not defined_
 Preferably no network interface is allowed, but if required, then the enabled
 services should be restricted to only those used.
 
-<!-- config -->
+<!-- section-config -->
 
 Domain               | Communication modes  | _State_
 -------------------- | -------------------- | ---------------------------------------------------------------------------------------------
 Boot-Communication-1 | `Network interfaces` | Preferably _no network interface is allowed_, otherwise, restrict the services to those used.
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 ## Remove or Disable Unnecessary Services, Ports, and Devices
 
 Restrict the `services`, `ports` and `devices` to those used.
 
-<!-- config -->
+<!-- section-config -->
 
 Domain               | Object                            | Recommendations
 -------------------- | --------------------------------- | -------------------------------------------------------------
 Boot-Communication-1 | `Services`, `ports` and `devices` | Restrict the `services`, `ports` and `devices` to those used.
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 ## Disable flash access
 
@@ -78,12 +78,12 @@ In U-Boot following flash memory commands shall be disabled:
 
 **NAND**: Support for nand flash access available through `do_nand` has to be disabled.
 
-<!-- config -->
+<!-- section-config -->
 
 Domain                     | `Command` name | _State_
 -------------------------- | -------------- | ---------
 Boot-Communication-Flash-1 | `do_nand`      | _Disable_
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 Similarly sboot should disable flash access support through command line if any.
diff --git a/security-blueprint/part-2/3-Consoles.md b/security-blueprint/part-2/3-Consoles.md
index 5adad3f..366573b 100644
--- a/security-blueprint/part-2/3-Consoles.md
+++ b/security-blueprint/part-2/3-Consoles.md
@@ -5,7 +5,7 @@
 Serial console output shall be disabled. To disable console output in U-Boot,
 set the following macros:
 
-<!-- config -->
+<!-- section-config -->
 
 Domain                 | `Config` name                           | `Value`
 ---------------------- | --------------------------------------- | ---------
@@ -13,24 +13,24 @@ Boot-Consoles-Serial-1 | `CONFIG_SILENT_CONSOLE`                 | `Disable`
 Boot-Consoles-Serial-2 | `CONFIG_SYS_DEVICE_NULLDEV`             | `Disable`
 Boot-Consoles-Serial-3 | `CONFIG_SILENT_CONSOLE_UPDATE_ON_RELOC` | `Disable`
 
-<!-- endconfig --> <!-- todo -->
+<!-- end-section-config --> <!-- section-todo -->
 
 Domain          | Improvement
 --------------- | ------------------------------------
 Boot-Consoles-1 | Secure loader: No reference earlier?
 
-<!-- endtodo -->
+<!-- end-section-todo -->
 
 And set "**silent**" environment variable. For the Secure loader, disable the
 traces by undefined the below macro:
 
-<!-- config -->
+<!-- section-config -->
 
 Domain                 | `Environment variable` name | _State_
 ---------------------- | --------------------------- | -------------
 Boot-Consoles-Serial-1 | `INC_DEBUG_PRINT`           | _Not defined_
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 For sboot proper configuration needs to be done to disable the serial console.
 
@@ -49,7 +49,7 @@ environment variable and not in non-volatile memory.
 
 Remove configuration options related to non-volatile memory, such as:
 
-<!-- config -->
+<!-- section-config -->
 
 Domain                     | `Config` name                | _State_
 -------------------------- | ---------------------------- | ---------
@@ -66,7 +66,7 @@ Boot-Consoles-Variables-10 | `CONFIG_ENV_IS_IN_REMOTE`    | `#undef`
 Boot-Consoles-Variables-11 | `CONFIG_ENV_IS_IN_UBI`       | `#undef`
 Boot-Consoles-Variables-12 | `CONFIG_ENV_IS_NOWHERE`      | `#define`
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 --------------------------------------------------------------------------------
 
@@ -88,7 +88,7 @@ mtest : Simple ram read/write test.
 loopw : Infinite write loop on address range.
 ```
 
-<!-- config -->
+<!-- section-config -->
 
 Domain                  | `Command` name | _State_
 ----------------------- | -------------- | ----------
@@ -102,6 +102,6 @@ Boot-Consoles-MemDump-7 | `mdc`          | _Disabled_
 Boot-Consoles-MemDump-8 | `mtest`        | _Disabled_
 Boot-Consoles-MemDump-9 | `loopw`        | _Disabled_
 
-<!-- endconfig -->
+<!-- end-section-config -->
 
 Similarly, memory dump support shall be disabled from sboot.
author	Sebastien Douheret <sebastien.douheret@iot.bzh>	2017-12-08 17:40:04 +0100
committer	Sebastien Douheret <sebastien.douheret@iot.bzh>	2017-12-08 17:40:35 +0100
commit	df4bdd6e9e5669451e7f60ecdc5c9e0d25e3f726 (patch)
tree	ab9ab609538816b61789ace9e5ad280cd1727a83 /security-blueprint/part-2
parent	981e9b9c4a40e248733d45cfedc6a512bdf95f5e (diff)