summaryrefslogtreecommitdiff
path: root/src/security/vboot
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/vboot')
-rw-r--r--src/security/vboot/tpm_common.c6
-rw-r--r--src/security/vboot/vboot_logic.c5
2 files changed, 9 insertions, 2 deletions
diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c
index c330cc2dcd..997c4e9cd9 100644
--- a/src/security/vboot/tpm_common.c
+++ b/src/security/vboot/tpm_common.c
@@ -8,7 +8,7 @@
#define TPM_PCR_BOOT_MODE "VBOOT: boot mode"
#define TPM_PCR_GBB_HWID_NAME "VBOOT: GBB HWID"
-#define TPM_PCR_MINIMUM_DIGEST_SIZE 20
+#define TPM_PCR_FIRMWARE_VERSION "VBOOT: firmware ver"
tpm_result_t vboot_setup_tpm(struct vb2_context *ctx)
{
@@ -54,6 +54,10 @@ tpm_result_t vboot_extend_pcr(struct vb2_context *ctx, int pcr,
case HWID_DIGEST_PCR:
return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo),
TPM_PCR_GBB_HWID_NAME);
+ /* firmware version */
+ case FIRMWARE_VERSION_PCR:
+ return tpm_extend_pcr(pcr, algo, buffer, vb2_digest_size(algo),
+ TPM_PCR_FIRMWARE_VERSION);
default:
return TPM_CB_FAIL;
}
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 93a188cc7a..f98b083d69 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -190,7 +190,10 @@ static tpm_result_t extend_pcrs(struct vb2_context *ctx)
rc = vboot_extend_pcr(ctx, CONFIG_PCR_BOOT_MODE, BOOT_MODE_PCR);
if (rc)
return rc;
- return vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
+ rc = vboot_extend_pcr(ctx, CONFIG_PCR_HWID, HWID_DIGEST_PCR);
+ if (rc)
+ return rc;
+ return vboot_extend_pcr(ctx, CONFIG_PCR_FW_VER, FIRMWARE_VERSION_PCR);
}
#define EC_EFS_BOOT_MODE_VERIFIED_RW 0x00
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 16:46:32 +0000