diff options
| author | Werner Zeh <werner.zeh@siemens.com> | 2022-05-19 09:16:28 +0200 |
|---|---|---|
| committer | Felix Held <felix-coreboot@felixheld.de> | 2022-05-24 13:44:28 +0000 |
| commit | 5c808e03e2d80edd9ecd6a2a9268152b477940b6 (patch) | |
| tree | f49680d445e435871dd5bbbef3c5e569dd644a47 /src/soc | |
| parent | ca29a191d591e1e3e47e1577418916f72e6e108a (diff) | |
security/tpm/crtm: Add a function to measure the bootblock on SoC level
On platforms where the bootblock is not included in CBFS anymore
(because it is part of another firmware section (IFWI or a different
CBFS), the CRTM measurement fails.
This patch adds a new function to provide a way at SoC level to measure
the bootblock. Following patches will add functionality to retrieve the
bootblock from the SoC related location and measure it from there.
In this way the really executed code will be measured.
Change-Id: I6d0da1e95a9588eb5228f63151bb04bfccfcf04b
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64492
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'src/soc')
4 files changed, 18 insertions, 0 deletions
diff --git a/src/soc/amd/common/block/cpu/noncar/Makefile.inc b/src/soc/amd/common/block/cpu/noncar/Makefile.inc index 71927961db..2ffe52b361 100644 --- a/src/soc/amd/common/block/cpu/noncar/Makefile.inc +++ b/src/soc/amd/common/block/cpu/noncar/Makefile.inc @@ -3,6 +3,7 @@ ifeq ($(CONFIG_SOC_AMD_COMMON_BLOCK_NONCAR),y) bootblock-y += early_cache.c bootblock-y += pre_c.S bootblock-y += write_resume_eip.c +bootblock-$(CONFIG_TPM_MEASURED_BOOT) += bootblock_measure.c romstage-y += memmap.c ramstage-y += cpu.c romstage-y += cpu.c diff --git a/src/soc/amd/common/block/cpu/noncar/bootblock_measure.c b/src/soc/amd/common/block/cpu/noncar/bootblock_measure.c new file mode 100644 index 0000000000..16ba154bb7 --- /dev/null +++ b/src/soc/amd/common/block/cpu/noncar/bootblock_measure.c @@ -0,0 +1,8 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#include <security/tpm/tspi/crtm.h> + +int tspi_soc_measure_bootblock(int pcr_index) +{ + return 1; +} diff --git a/src/soc/intel/apollolake/Makefile.inc b/src/soc/intel/apollolake/Makefile.inc index a6d42247e2..a4ed87f45d 100644 --- a/src/soc/intel/apollolake/Makefile.inc +++ b/src/soc/intel/apollolake/Makefile.inc @@ -4,6 +4,7 @@ subdirs-y += ../../../cpu/intel/common subdirs-y += ../../../cpu/intel/microcode subdirs-y += ../../../cpu/intel/turbo +bootblock-$(CONFIG_TPM_MEASURED_BOOT) += bootblock/bootblock_measure.c bootblock-y += bootblock/bootblock.c bootblock-y += ../common/block/cpu/pm_timer_emulation.c bootblock-y += car.c diff --git a/src/soc/intel/apollolake/bootblock/bootblock_measure.c b/src/soc/intel/apollolake/bootblock/bootblock_measure.c new file mode 100644 index 0000000000..16ba154bb7 --- /dev/null +++ b/src/soc/intel/apollolake/bootblock/bootblock_measure.c @@ -0,0 +1,8 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#include <security/tpm/tspi/crtm.h> + +int tspi_soc_measure_bootblock(int pcr_index) +{ + return 1; +} |