summaryrefslogtreecommitdiff
path: root/src/security/tpm
diff options
context:
space:
mode:
authorArthur Heymans <arthur@aheymans.xyz>2021-04-29 09:31:01 +0200
committerArthur Heymans <arthur@aheymans.xyz>2021-05-05 08:04:54 +0000
commitf28dcbcfc971f7159c853e206933c07f57d3f17c (patch)
tree5e10edbba37eef2b8f23e98614e819a3387d33b9 /src/security/tpm
parent16bc621262f30fb024f37a45a8c1bb418b02b9a5 (diff)
security/tpm/crtm: Measure FMAP into TPM
FMAP is used to look up cbfs files or other FMAP regions so it should be measured too. TESTED: on qemu q35 with swtpm Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Diffstat (limited to 'src/security/tpm')
-rw-r--r--src/security/tpm/tspi/crtm.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 80483d575e..0841d23f13 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -59,6 +59,17 @@ uint32_t tspi_init_crtm(void)
return VB2_SUCCESS;
}
+ struct region_device fmap;
+ if (fmap_locate_area_as_rdev("FMAP", &fmap) == 0) {
+ if (tpm_measure_region(&fmap, TPM_RUNTIME_DATA_PCR, "FMAP: FMAP")) {
+ printk(BIOS_ERR,
+ "TSPI: Couldn't measure FMAP into CRTM!\n");
+ return VB2_ERROR_UNKNOWN;
+ }
+ } else {
+ printk(BIOS_ERR, "TSPI: Could not find FMAP!\n");
+ }
+
/* measure bootblock from RO */
struct cbfsf bootblock_data;
struct region_device bootblock_fmap;