summaryrefslogtreecommitdiff
path: root/src/security/intel/txt
diff options
context:
space:
mode:
authorJulius Werner <jwerner@chromium.org>2021-08-11 18:19:23 -0700
committerFelix Held <felix-coreboot@felixheld.de>2021-12-03 21:20:35 +0000
commit7e7cc1a8c9a87e33bd772e8526734c7a82ec2db7 (patch)
treec091beebe657af44f3800402645fa8d257eaab8e /src/security/intel/txt
parentc75d846971c2fd96c989a7f8a14011bb70866409 (diff)
cbfs | tspi: Join hash calculation for verification and measurement
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT is enabled from the lookup step into the code where a file is actually loaded or mapped from flash. This has the advantage that CBFS routines which just look up a file to inspect its metadata (e.g. cbfs_get_size()) do not cause the file to be measured twice. It also removes the existing inefficiency that files are loaded twice when measurement is enabled (once to measure and then again when they are used). When CBFS verification is enabled and uses the same hash algorithm as the TPM, we are even able to only hash the file a single time and use the result for both purposes. Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7 Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
Diffstat (limited to 'src/security/intel/txt')
0 files changed, 0 insertions, 0 deletions