summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorBill XIE <persmule@hardenedlinux.org>2020-02-13 11:11:35 +0800
committerPhilipp Deppenwiese <zaolin.daisuki@gmail.com>2020-03-31 10:37:38 +0000
commitbad08c2c29210530e584436a562a1c03a68eb693 (patch)
tree3a31836bb0e512010bf9a196120f200f8071e752 /src/lib
parentea861ce83118217f1f639cd696dbdb8de87f8ccf (diff)
security/tpm: Include mrc.bin in CRTM if present
mrc.bin, on platforms where it is present, is code executed on CPU, so it should be considered a part of CRTM. cbfs_locate_file_in_region() is hooked to measurement here too, since mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR. TODO: I have heard that SMM is too resource-limited to link with vboot library, so currently tspi_measure_cbfs_hook() is masked in SMM. Please correct me if I am wrong. Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110 Signed-off-by: Bill XIE <persmule@hardenedlinux.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/cbfs.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index 4392ab7ab0..ccd7e6a7ce 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -56,7 +56,10 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type)
* Files can be added to the RO_REGION_ONLY config option to use this feature.
*/
printk(BIOS_DEBUG, "Fall back to RO region for %s\n", name);
- ret = cbfs_locate_file_in_region(fh, "COREBOOT", name, type);
+ if (fmap_locate_area_as_rdev("COREBOOT", &rdev))
+ ERROR("RO region not found\n");
+ else
+ ret = cbfs_locate(fh, &rdev, name, type);
}
if (!ret)
@@ -86,14 +89,18 @@ int cbfs_locate_file_in_region(struct cbfsf *fh, const char *region_name,
const char *name, uint32_t *type)
{
struct region_device rdev;
-
+ int ret = 0;
if (fmap_locate_area_as_rdev(region_name, &rdev)) {
LOG("%s region not found while looking for %s\n",
region_name, name);
return -1;
}
- return cbfs_locate(fh, &rdev, name, type);
+ ret = cbfs_locate(fh, &rdev, name, type);
+ if (!ret)
+ if (tspi_measure_cbfs_hook(fh, name))
+ return -1;
+ return ret;
}
size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset,