diff options
author | Joel Kitching <kitching@google.com> | 2018-10-12 15:23:31 +0800 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2018-10-17 12:04:58 +0000 |
commit | 6d88a5d5886d4e66bd16b4f59f9ebbfbd1758740 (patch) | |
tree | b01b8074ae82ed3a827528b09d09d0aefb5315b6 /src/security | |
parent | 15eb58d77bf7f4d5630c0331ac46a602551931ab (diff) |
vboot: do not extend PCRs on resume from S3
BUG=b:114018226,chromium:873099
TEST=compile coreboot
Change-Id: I6840c45604535089fa8410f03c69702bec91218f
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://review.coreboot.org/28750
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@google.com>
Diffstat (limited to 'src/security')
-rw-r--r-- | src/security/vboot/vboot_logic.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 2fc20fabd4..f3a6b415b8 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -393,15 +393,19 @@ void verstage_main(void) vboot_reboot(); } - timestamp_add_now(TS_START_TPMPCR); - rv = extend_pcrs(&ctx); - if (rv) { - printk(BIOS_WARNING, "Failed to extend TPM PCRs (%#x)\n", rv); - vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); - save_if_needed(&ctx); - vboot_reboot(); + /* Only extend PCRs once on boot. */ + if (!(ctx.flags & VB2_CONTEXT_S3_RESUME)) { + timestamp_add_now(TS_START_TPMPCR); + rv = extend_pcrs(&ctx); + if (rv) { + printk(BIOS_WARNING, + "Failed to extend TPM PCRs (%#x)\n", rv); + vb2api_fail(&ctx, VB2_RECOVERY_RO_TPM_U_ERROR, rv); + save_if_needed(&ctx); + vboot_reboot(); + } + timestamp_add_now(TS_END_TPMPCR); } - timestamp_add_now(TS_END_TPMPCR); /* Lock TPM */ |