summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorJoel Kitching <kitching@google.com>2018-10-12 15:23:31 +0800
committerPatrick Georgi <pgeorgi@google.com>2018-10-17 12:04:58 +0000
commit6d88a5d5886d4e66bd16b4f59f9ebbfbd1758740 (patch)
treeb01b8074ae82ed3a827528b09d09d0aefb5315b6 /src/security
parent15eb58d77bf7f4d5630c0331ac46a602551931ab (diff)
vboot: do not extend PCRs on resume from S3
BUG=b:114018226,chromium:873099 TEST=compile coreboot Change-Id: I6840c45604535089fa8410f03c69702bec91218f Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/28750 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Furquan Shaikh <furquan@google.com>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/vboot_logic.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 2fc20fabd4..f3a6b415b8 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -393,15 +393,19 @@ void verstage_main(void)
vboot_reboot();
}
- timestamp_add_now(TS_START_TPMPCR);
- rv = extend_pcrs(&ctx);
- if (rv) {
- printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv);
- vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv);
- save_if_needed(&ctx);
- vboot_reboot();
+ /* Only extend PCRs once on boot. */
+ if (!(ctx.flags & VB2_CONTEXT_S3_RESUME)) {
+ timestamp_add_now(TS_START_TPMPCR);
+ rv = extend_pcrs(&ctx);
+ if (rv) {
+ printk(BIOS_WARNING,
+ "Failed to extend TPM PCRs (%#x)\n", rv);
+ vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv);
+ save_if_needed(&ctx);
+ vboot_reboot();
+ }
+ timestamp_add_now(TS_END_TPMPCR);
}
- timestamp_add_now(TS_END_TPMPCR);
/* Lock TPM */