diff options
-rw-r--r-- | src/lib/cbfs.c | 13 | ||||
-rw-r--r-- | src/security/tpm/tspi/crtm.c | 6 | ||||
-rw-r--r-- | src/security/tpm/tspi/crtm.h | 2 |
3 files changed, 16 insertions, 5 deletions
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c index 4392ab7ab0..ccd7e6a7ce 100644 --- a/src/lib/cbfs.c +++ b/src/lib/cbfs.c @@ -56,7 +56,10 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type) * Files can be added to the RO_REGION_ONLY config option to use this feature. */ printk(BIOS_DEBUG, "Fall back to RO region for %s\n", name); - ret = cbfs_locate_file_in_region(fh, "COREBOOT", name, type); + if (fmap_locate_area_as_rdev("COREBOOT", &rdev)) + ERROR("RO region not found\n"); + else + ret = cbfs_locate(fh, &rdev, name, type); } if (!ret) @@ -86,14 +89,18 @@ int cbfs_locate_file_in_region(struct cbfsf *fh, const char *region_name, const char *name, uint32_t *type) { struct region_device rdev; - + int ret = 0; if (fmap_locate_area_as_rdev(region_name, &rdev)) { LOG("%s region not found while looking for %s\n", region_name, name); return -1; } - return cbfs_locate(fh, &rdev, name, type); + ret = cbfs_locate(fh, &rdev, name, type); + if (!ret) + if (tspi_measure_cbfs_hook(fh, name)) + return -1; + return ret; } size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c index dc7d7d21f0..304cea38e9 100644 --- a/src/security/tpm/tspi/crtm.c +++ b/src/security/tpm/tspi/crtm.c @@ -133,10 +133,14 @@ uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name) cbfs_file_data(&rdev, fh); switch (cbfs_type) { - case CBFS_TYPE_MRC: case CBFS_TYPE_MRC_CACHE: pcr_index = TPM_RUNTIME_DATA_PCR; break; + /* + * mrc.bin is code executed on CPU, so it + * should not be considered runtime data + */ + case CBFS_TYPE_MRC: case CBFS_TYPE_STAGE: case CBFS_TYPE_SELF: case CBFS_TYPE_FIT: diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h index dfd91e1c0e..eb624951ca 100644 --- a/src/security/tpm/tspi/crtm.h +++ b/src/security/tpm/tspi/crtm.h @@ -50,7 +50,7 @@ uint32_t tspi_init_crtm(void); */ int tspi_measure_cache_to_pcr(void); -#if CONFIG(TPM_MEASURED_BOOT) +#if !ENV_SMM && CONFIG(TPM_MEASURED_BOOT) /* * Measures cbfs data via hook (cbfs) * fh is the cbfs file handle to measure |