diff options
author | Sergii Dmytruk <sergii.dmytruk@3mdeb.com> | 2022-10-23 00:24:37 +0300 |
---|---|---|
committer | Martin L Roth <gaumless@gmail.com> | 2022-11-19 15:11:09 +0000 |
commit | 97fe17ff59849e869d9df646e55393626f187e39 (patch) | |
tree | f710b13b7737f259b144cc478a47cdef9ee76f45 | |
parent | 1d903a24dcb56b141df96314290ad9e23ec1594f (diff) |
security/tpm: make log format configurable via Kconfig
This commit doesn't add any new format options, just makes selecting
existing format explicit.
Ticket: https://ticket.coreboot.org/issues/422
Change-Id: I3903aff54e01093bc9ea75862bbf5989cc6e6c55
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68746
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
-rw-r--r-- | src/security/tpm/Kconfig | 12 | ||||
-rw-r--r-- | src/security/tpm/Makefile.inc | 10 | ||||
-rw-r--r-- | src/security/tpm/tspi/crtm.h | 14 |
3 files changed, 30 insertions, 6 deletions
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index fc339a2b3a..5bc817d7f3 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -94,6 +94,18 @@ config TPM_MEASURED_BOOT help Enables measured boot (experimental) +choice + prompt "TPM event log format" + depends on TPM_MEASURED_BOOT + default TPM_LOG_CB + +config TPM_LOG_CB + bool "coreboot's custom format" + help + Custom coreboot-specific format of the log derived from TPM1 log format. + +endchoice + config TPM_MEASURED_BOOT_INIT_BOOTBLOCK bool depends on TPM_MEASURED_BOOT && !VBOOT diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc index 8f633a89bf..7083c00e33 100644 --- a/src/security/tpm/Makefile.inc +++ b/src/security/tpm/Makefile.inc @@ -55,10 +55,10 @@ romstage-y += tspi/crtm.c ramstage-y += tspi/crtm.c postcar-y += tspi/crtm.c -ramstage-y += tspi/log.c -romstage-y += tspi/log.c -verstage-y += tspi/log.c -postcar-y += tspi/log.c -bootblock-y += tspi/log.c +ramstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c +romstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c +verstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c +postcar-$(CONFIG_TPM_LOG_CB) += tspi/log.c +bootblock-$(CONFIG_TPM_LOG_CB) += tspi/log.c endif # CONFIG_TPM_MEASURED_BOOT diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h index bd5bc5785d..e8e44fd745 100644 --- a/src/security/tpm/tspi/crtm.h +++ b/src/security/tpm/tspi/crtm.h @@ -16,7 +16,19 @@ */ #define TPM_RUNTIME_DATA_PCR 3 -#define TPM_MEASURE_ALGO (CONFIG(TPM1) ? VB2_HASH_SHA1 : VB2_HASH_SHA256) +#if CONFIG(TPM_LOG_CB) && CONFIG(TPM1) +# define TPM_MEASURE_ALGO VB2_HASH_SHA1 +#elif CONFIG(TPM_LOG_CB) && CONFIG(TPM2) +# define TPM_MEASURE_ALGO VB2_HASH_SHA256 +#endif + +#if !defined(TPM_MEASURE_ALGO) +# if !CONFIG(TPM_MEASURED_BOOT) +# define TPM_MEASURE_ALGO VB2_HASH_INVALID +# else +# error "Misconfiguration: failed to determine TPM hashing algorithm" +# endif +#endif /** * Measure digests cached in TCPA log entries into PCRs |