summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/lib/cbfs.c13
-rw-r--r--src/security/tpm/tspi/crtm.c6
-rw-r--r--src/security/tpm/tspi/crtm.h2
3 files changed, 16 insertions, 5 deletions
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index 4392ab7ab0..ccd7e6a7ce 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -56,7 +56,10 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type)
* Files can be added to the RO_REGION_ONLY config option to use this feature.
*/
printk(BIOS_DEBUG, "Fall back to RO region for %s\n", name);
- ret = cbfs_locate_file_in_region(fh, "COREBOOT", name, type);
+ if (fmap_locate_area_as_rdev("COREBOOT", &rdev))
+ ERROR("RO region not found\n");
+ else
+ ret = cbfs_locate(fh, &rdev, name, type);
}
if (!ret)
@@ -86,14 +89,18 @@ int cbfs_locate_file_in_region(struct cbfsf *fh, const char *region_name,
const char *name, uint32_t *type)
{
struct region_device rdev;
-
+ int ret = 0;
if (fmap_locate_area_as_rdev(region_name, &rdev)) {
LOG("%s region not found while looking for %s\n",
region_name, name);
return -1;
}
- return cbfs_locate(fh, &rdev, name, type);
+ ret = cbfs_locate(fh, &rdev, name, type);
+ if (!ret)
+ if (tspi_measure_cbfs_hook(fh, name))
+ return -1;
+ return ret;
}
size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset,
diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index dc7d7d21f0..304cea38e9 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -133,10 +133,14 @@ uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)
cbfs_file_data(&rdev, fh);
switch (cbfs_type) {
- case CBFS_TYPE_MRC:
case CBFS_TYPE_MRC_CACHE:
pcr_index = TPM_RUNTIME_DATA_PCR;
break;
+ /*
+ * mrc.bin is code executed on CPU, so it
+ * should not be considered runtime data
+ */
+ case CBFS_TYPE_MRC:
case CBFS_TYPE_STAGE:
case CBFS_TYPE_SELF:
case CBFS_TYPE_FIT:
diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h
index dfd91e1c0e..eb624951ca 100644
--- a/src/security/tpm/tspi/crtm.h
+++ b/src/security/tpm/tspi/crtm.h
@@ -50,7 +50,7 @@ uint32_t tspi_init_crtm(void);
*/
int tspi_measure_cache_to_pcr(void);
-#if CONFIG(TPM_MEASURED_BOOT)
+#if !ENV_SMM && CONFIG(TPM_MEASURED_BOOT)
/*
* Measures cbfs data via hook (cbfs)
* fh is the cbfs file handle to measure