summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/secdata_tpm.c39
1 files changed, 21 insertions, 18 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index db5f2e773e..93a172d718 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -151,9 +151,9 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
return tlcl_write(index, data, length);
}
-static uint32_t set_space(const char *name, uint32_t index, const void *data,
- uint32_t length, const TPMA_NV nv_attributes,
- const uint8_t *nv_policy, size_t nv_policy_size)
+static uint32_t setup_space(const char *name, uint32_t index, const void *data,
+ uint32_t length, const TPMA_NV nv_attributes,
+ const uint8_t *nv_policy, size_t nv_policy_size)
{
uint32_t rv;
@@ -178,35 +178,38 @@ static uint32_t set_space(const char *name, uint32_t index, const void *data,
return safe_write(index, data, length);
}
-static uint32_t set_firmware_space(const void *firmware_blob)
+static uint32_t setup_firmware_space(struct vb2_context *ctx)
{
- return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob,
- VB2_SECDATA_FIRMWARE_SIZE, ro_space_attributes,
- pcr0_allowed_policy, sizeof(pcr0_allowed_policy));
+ uint32_t firmware_space_size = vb2api_secdata_firmware_create(ctx);
+
+ return setup_space("firmware", FIRMWARE_NV_INDEX,
+ ctx->secdata_firmware, firmware_space_size,
+ ro_space_attributes, pcr0_allowed_policy,
+ sizeof(pcr0_allowed_policy));
}
-static uint32_t set_kernel_space(const void *kernel_blob)
+static uint32_t setup_kernel_space(struct vb2_context *ctx)
{
- return set_space("kernel", KERNEL_NV_INDEX, kernel_blob,
- VB2_SECDATA_KERNEL_SIZE, rw_space_attributes, NULL, 0);
+ uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx);
+
+ return setup_space("kernel", KERNEL_NV_INDEX, ctx->secdata_kernel,
+ kernel_space_size, rw_space_attributes, NULL, 0);
}
static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
{
if (index == MRC_REC_HASH_NV_INDEX) {
- return set_space("RO MRC Hash", index, data, HASH_NV_SIZE,
- ro_space_attributes, pcr0_allowed_policy,
+ return setup_space("RO MRC Hash", index, data, HASH_NV_SIZE,
+ ro_space_attributes, pcr0_allowed_policy,
sizeof(pcr0_allowed_policy));
} else {
- return set_space("RW MRC Hash", index, data, HASH_NV_SIZE,
- rw_space_attributes, NULL, 0);
+ return setup_space("RW MRC Hash", index, data, HASH_NV_SIZE,
+ rw_space_attributes, NULL, 0);
}
}
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
{
- vb2api_secdata_kernel_create(ctx);
-
RETURN_ON_FAILURE(tlcl_force_clear());
/*
@@ -215,7 +218,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
* indication that TPM factory initialization was successfully
* completed.
*/
- RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel));
+ RETURN_ON_FAILURE(setup_kernel_space(ctx));
/*
* Define and set rec hash space, if available. No need to
@@ -227,7 +230,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
- RETURN_ON_FAILURE(set_firmware_space(ctx->secdata_firmware));
+ RETURN_ON_FAILURE(setup_firmware_space(ctx));
return TPM_SUCCESS;
}