summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
authorWerner Zeh <werner.zeh@siemens.com>2022-05-19 14:14:13 +0200
committerFelix Held <felix-coreboot@felixheld.de>2022-05-24 13:04:25 +0000
commit823b7b38e81152735b0f3927e43a88544dbe9c4a (patch)
treee9427feed49863f45f5aa0f59b42d17f340e2ba5 /src/security
parent9642e97c19f82d5244858423e921ed699a47de8c (diff)
security/tpm/crtm: Use bootblock from FMAP on non x86 platforms
All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a build time check for that so that all the other possibilities (CBFS or other places for the bootblock) are dropped at build time. Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206 Signed-off-by: Werner Zeh <werner.zeh@siemens.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'src/security')
-rw-r--r--src/security/tpm/tspi/crtm.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 24b9fbd2d7..6f8f58fcd1 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -54,12 +54,14 @@ static uint32_t tspi_init_crtm(void)
}
/* measure bootblock from RO */
- struct region_device bootblock_fmap;
- if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) {
- if (tpm_measure_region(&bootblock_fmap,
- TPM_CRTM_PCR,
- "FMAP: BOOTBLOCK"))
- return VB2_ERROR_UNKNOWN;
+ if (!CONFIG(ARCH_X86)) {
+ struct region_device bootblock_fmap;
+ if (fmap_locate_area_as_rdev("BOOTBLOCK", &bootblock_fmap) == 0) {
+ if (tpm_measure_region(&bootblock_fmap,
+ TPM_CRTM_PCR,
+ "FMAP: BOOTBLOCK"))
+ return VB2_ERROR_UNKNOWN;
+ }
} else if (CONFIG(BOOTBLOCK_IN_CBFS)){
/* Mapping measures the file. We know we can safely map here because
bootblock-as-a-file is only used on x86, where we don't need cache to map. */