security/tpm: make usage of PCRs configurable via Kconfig

At this moment, only GBB flags are moved from PCR-0 to PCR-1 when vboot-compatibility is not enabled. Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Ticket: https://ticket.coreboot.org/issues/424 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
author: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> 2022-10-24 01:17:41 +0300
committer: Yu-Ping Wu <yupingso@google.com> 2023-04-10 04:01:08 +0000
commit: 4129c2614c2bb774b7d43a7cfc12130121f90c55 (patch)
tree: dbfc12ffe61a518e31bd4274ba185d3678dadcf4 /src/security/tpm/Kconfig
parent: 7143e96f65ee83be8be7f19bbffd8e621bfbf5b2 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 8466d80dbe..39134c1c71 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -152,4 +152,23 @@ config TPM_MEASURED_BOOT_RUNTIME_DATA
 	  Runtime data whitelist of cbfs filenames. Needs to be a
 	  space delimited list
 
+config PCR_BOOT_MODE
+	int
+	default 0 if CHROMEOS
+	default 1
+
+config PCR_HWID
+	int
+	default 1
+
+config PCR_SRTM
+	int
+	default 2
+
+# PCR for measuring data which changes during runtime
+# e.g. CMOS, NVRAM...
+config PCR_RUNTIME_DATA
+	int
+	default 3
+
 endmenu # Trusted Platform Module (tpm)
author	Sergii Dmytruk <sergii.dmytruk@3mdeb.com>	2022-10-24 01:17:41 +0300
committer	Yu-Ping Wu <yupingso@google.com>	2023-04-10 04:01:08 +0000
commit	4129c2614c2bb774b7d43a7cfc12130121f90c55 (patch)
tree	dbfc12ffe61a518e31bd4274ba185d3678dadcf4 /src/security/tpm/Kconfig
parent	7143e96f65ee83be8be7f19bbffd8e621bfbf5b2 (diff)