diff options
Diffstat (limited to 'src/security/tpm/tspi/tspi.c')
-rw-r--r-- | src/security/tpm/tspi/tspi.c | 52 |
1 files changed, 37 insertions, 15 deletions
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 0095183ca2..4f0cc972a7 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -14,13 +14,14 @@ #include <console/cbmem_console.h> #include <console/console.h> +#include <security/tpm/tspi/crtm.h> #include <security/tpm/tspi.h> #include <security/tpm/tss.h> -#if CONFIG(VBOOT) +#include <assert.h> +#include <security/vboot/misc.h> +#include <string.h> #include <vb2_api.h> #include <vb2_sha.h> -#include <assert.h> -#endif #if CONFIG(TPM1) static uint32_t tpm1_invoke_state_machine(void) @@ -100,6 +101,18 @@ static uint32_t tpm_setup_epilogue(uint32_t result) return result; } +static int tpm_is_setup; +static inline int tspi_tpm_is_setup(void) +{ + if (CONFIG(VBOOT)) + return vboot_logic_executed() || tpm_is_setup; + + if (ENV_RAMSTAGE) + return tpm_is_setup; + + return 0; +} + /* * tpm_setup starts the TPM and establishes the root of trust for the * anti-rollback mechanism. tpm_setup can fail for three reasons. 1 A bug. @@ -170,7 +183,10 @@ uint32_t tpm_setup(int s3flag) #if CONFIG(TPM1) result = tpm1_invoke_state_machine(); #endif + if (CONFIG(TPM_MEASURED_BOOT)) + result = tspi_measure_cache_to_pcr(); + tpm_is_setup = 1; return tpm_setup_epilogue(result); } @@ -210,18 +226,27 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, if (!digest) return TPM_E_IOERROR; - result = tlcl_extend(pcr, digest, NULL); - if (result != TPM_SUCCESS) - return result; + if (tspi_tpm_is_setup()) { + result = tlcl_lib_init(); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TPM: Can't initialize library.\n"); + return result; + } + + printk(BIOS_DEBUG, "TPM: Extending digest for %s into PCR %d\n", name, pcr); + result = tlcl_extend(pcr, digest, NULL); + if (result != TPM_SUCCESS) + return result; + } - if (CONFIG(VBOOT_MEASURED_BOOT)) + if (CONFIG(TPM_MEASURED_BOOT)) tcpa_log_add_table_entry(name, pcr, digest_algo, digest, digest_len); return TPM_SUCCESS; } -#if CONFIG(VBOOT) +#if CONFIG(VBOOT_LIB) uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, const char *rname) { @@ -234,11 +259,7 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, if (!rdev || !rname) return TPM_E_INVALID_ARG; - result = tlcl_lib_init(); - if (result != TPM_SUCCESS) { - printk(BIOS_ERR, "TPM: Can't initialize library.\n"); - return result; - } + if (CONFIG(TPM1)) { hash_alg = VB2_HASH_SHA1; } else { /* CONFIG_TPM2 */ @@ -277,7 +298,8 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n"); return result; } - printk(BIOS_DEBUG, "TPM: Measured %s into PCR %d\n", rname, pcr); + printk(BIOS_DEBUG, "TPM: Digest of %s to PCR %d %s\n", + rname, pcr, tspi_tpm_is_setup() ? "measured" : "logged"); return TPM_SUCCESS; } -#endif /* VBOOT */ +#endif /* VBOOT_LIB */ |