summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/tpm/Kconfig12
-rw-r--r--src/security/tpm/Makefile.inc10
-rw-r--r--src/security/tpm/tspi/crtm.h14
3 files changed, 30 insertions, 6 deletions
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index fc339a2b3a..5bc817d7f3 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -94,6 +94,18 @@ config TPM_MEASURED_BOOT
help
Enables measured boot (experimental)
+choice
+ prompt "TPM event log format"
+ depends on TPM_MEASURED_BOOT
+ default TPM_LOG_CB
+
+config TPM_LOG_CB
+ bool "coreboot's custom format"
+ help
+ Custom coreboot-specific format of the log derived from TPM1 log format.
+
+endchoice
+
config TPM_MEASURED_BOOT_INIT_BOOTBLOCK
bool
depends on TPM_MEASURED_BOOT && !VBOOT
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
index 8f633a89bf..7083c00e33 100644
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc
@@ -55,10 +55,10 @@ romstage-y += tspi/crtm.c
ramstage-y += tspi/crtm.c
postcar-y += tspi/crtm.c
-ramstage-y += tspi/log.c
-romstage-y += tspi/log.c
-verstage-y += tspi/log.c
-postcar-y += tspi/log.c
-bootblock-y += tspi/log.c
+ramstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+romstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+verstage-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+postcar-$(CONFIG_TPM_LOG_CB) += tspi/log.c
+bootblock-$(CONFIG_TPM_LOG_CB) += tspi/log.c
endif # CONFIG_TPM_MEASURED_BOOT
diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h
index bd5bc5785d..e8e44fd745 100644
--- a/src/security/tpm/tspi/crtm.h
+++ b/src/security/tpm/tspi/crtm.h
@@ -16,7 +16,19 @@
*/
#define TPM_RUNTIME_DATA_PCR 3
-#define TPM_MEASURE_ALGO (CONFIG(TPM1) ? VB2_HASH_SHA1 : VB2_HASH_SHA256)
+#if CONFIG(TPM_LOG_CB) && CONFIG(TPM1)
+# define TPM_MEASURE_ALGO VB2_HASH_SHA1
+#elif CONFIG(TPM_LOG_CB) && CONFIG(TPM2)
+# define TPM_MEASURE_ALGO VB2_HASH_SHA256
+#endif
+
+#if !defined(TPM_MEASURE_ALGO)
+# if !CONFIG(TPM_MEASURED_BOOT)
+# define TPM_MEASURE_ALGO VB2_HASH_INVALID
+# else
+# error "Misconfiguration: failed to determine TPM hashing algorithm"
+# endif
+#endif
/**
* Measure digests cached in TCPA log entries into PCRs