security/tpm: make usage of PCRs configurable via Kconfig

At this moment, only GBB flags are moved from PCR-0 to PCR-1 when vboot-compatibility is not enabled. Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9 Ticket: https://ticket.coreboot.org/issues/424 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
author: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> 2022-10-24 01:17:41 +0300
committer: Yu-Ping Wu <yupingso@google.com> 2023-04-10 04:01:08 +0000
commit: 4129c2614c2bb774b7d43a7cfc12130121f90c55 (patch)
tree: dbfc12ffe61a518e31bd4274ba185d3678dadcf4 /src/security/vboot
parent: 7143e96f65ee83be8be7f19bbffd8e621bfbf5b2 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index a72ea87c7f..650a420bad 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -184,8 +184,8 @@ static vb2_error_t hash_body(struct vb2_context *ctx,
 
 static uint32_t extend_pcrs(struct vb2_context *ctx)
 {
-	return vboot_extend_pcr(ctx, 0, BOOT_MODE_PCR) ||
-		   vboot_extend_pcr(ctx, 1, HWID_DIGEST_PCR);
+	return vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR) ||
+		   vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
 }
 
 #define EC_EFS_BOOT_MODE_VERIFIED_RW	0x00
author	Sergii Dmytruk <sergii.dmytruk@3mdeb.com>	2022-10-24 01:17:41 +0300
committer	Yu-Ping Wu <yupingso@google.com>	2023-04-10 04:01:08 +0000
commit	4129c2614c2bb774b7d43a7cfc12130121f90c55 (patch)
tree	dbfc12ffe61a518e31bd4274ba185d3678dadcf4 /src/security/vboot
parent	7143e96f65ee83be8be7f19bbffd8e621bfbf5b2 (diff)