summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/drivers/intel/fsp2_0/memory_init.c13
-rw-r--r--src/drivers/mrc_cache/mrc_cache.c11
-rw-r--r--src/security/vboot/Makefile.inc1
3 files changed, 12 insertions, 13 deletions
diff --git a/src/drivers/intel/fsp2_0/memory_init.c b/src/drivers/intel/fsp2_0/memory_init.c
index 09aad6be81..68cc1215a5 100644
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@@ -19,18 +19,12 @@
#include <symbols.h>
#include <timestamp.h>
#include <security/vboot/vboot_common.h>
-#include <security/vboot/mrc_cache_hash_tpm.h>
#include <security/tpm/tspi.h>
#include <vb2_api.h>
#include <types.h>
static uint8_t temp_ram[CONFIG_FSP_TEMP_RAM_SIZE] __aligned(sizeof(uint64_t));
-/* TPM MRC hash functionality depends on vboot starting before memory init. */
-_Static_assert(!CONFIG(MRC_SAVE_HASH_IN_TPM) ||
- CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
- "for TPM MRC hash functionality, vboot must start in bootblock");
-
static void save_memory_training_data(bool s3wake, uint32_t fsp_version)
{
size_t mrc_data_size;
@@ -54,9 +48,6 @@ static void save_memory_training_data(bool s3wake, uint32_t fsp_version)
if (mrc_cache_stash_data(MRC_TRAINING_DATA, fsp_version, mrc_data,
mrc_data_size) < 0)
printk(BIOS_ERR, "Failed to stash MRC data\n");
-
- if (CONFIG(MRC_SAVE_HASH_IN_TPM))
- mrc_cache_update_hash(mrc_data, mrc_data_size);
}
static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
@@ -121,10 +112,6 @@ static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, uint32_t fsp_version)
if (data == NULL)
return;
- if (CONFIG(MRC_SAVE_HASH_IN_TPM) &&
- !mrc_cache_verify_hash(data, mrc_size))
- return;
-
/* MRC cache found */
arch_upd->NvsBufferPtr = data;
diff --git a/src/drivers/mrc_cache/mrc_cache.c b/src/drivers/mrc_cache/mrc_cache.c
index a083655a2f..95abc4f1f8 100644
--- a/src/drivers/mrc_cache/mrc_cache.c
+++ b/src/drivers/mrc_cache/mrc_cache.c
@@ -10,6 +10,7 @@
#include <fmap.h>
#include <ip_checksum.h>
#include <region_file.h>
+#include <security/vboot/mrc_cache_hash_tpm.h>
#include <security/vboot/vboot_common.h>
#include <spi_flash.h>
@@ -82,6 +83,11 @@ static const struct cache_region *cache_regions[] = {
&variable_data,
};
+/* TPM MRC hash functionality depends on vboot starting before memory init. */
+_Static_assert(!CONFIG(MRC_SAVE_HASH_IN_TPM) ||
+ CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
+ "for TPM MRC hash functionality, vboot must start in bootblock");
+
static int lookup_region_by_name(const char *name, struct region *r)
{
if (fmap_locate_area(name, r) == 0)
@@ -185,6 +191,9 @@ static int mrc_data_valid(const struct mrc_metadata *md,
return -1;
}
+ if (CONFIG(MRC_SAVE_HASH_IN_TPM) && !mrc_cache_verify_hash(data, data_size))
+ return -1;
+
return 0;
}
@@ -443,6 +452,8 @@ static void update_mrc_cache_by_type(int type,
} else {
printk(BIOS_DEBUG, "MRC: updated '%s'.\n", cr->name);
log_event_cache_update(cr->elog_slot, UPDATE_SUCCESS);
+ if (CONFIG(MRC_SAVE_HASH_IN_TPM))
+ mrc_cache_update_hash(new_data, new_data_size);
}
}
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index d4dabe2493..4cf809016a 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -119,6 +119,7 @@ ramstage-y += common.c
postcar-y += common.c
romstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
+ramstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)