diff options
author | Julius Werner <jwerner@chromium.org> | 2021-08-11 18:19:23 -0700 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2021-12-03 21:20:35 +0000 |
commit | 7e7cc1a8c9a87e33bd772e8526734c7a82ec2db7 (patch) | |
tree | c091beebe657af44f3800402645fa8d257eaab8e /src/lib/libgcc.c | |
parent | c75d846971c2fd96c989a7f8a14011bb70866409 (diff) |
cbfs | tspi: Join hash calculation for verification and measurement
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT
is enabled from the lookup step into the code where a file is actually
loaded or mapped from flash. This has the advantage that CBFS routines
which just look up a file to inspect its metadata (e.g. cbfs_get_size())
do not cause the file to be measured twice. It also removes the existing
inefficiency that files are loaded twice when measurement is enabled
(once to measure and then again when they are used). When CBFS
verification is enabled and uses the same hash algorithm as the TPM, we
are even able to only hash the file a single time and use the result for
both purposes.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Diffstat (limited to 'src/lib/libgcc.c')
0 files changed, 0 insertions, 0 deletions