2 files changed, 16 insertions, 1 deletions

diff --git a/src/security/tpm/tspi/crtm.c b/src/security/tpm/tspi/crtm.c
index 6f8f58fcd1..41f6a9483a 100644
--- a/src/security/tpm/tspi/crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -73,7 +73,16 @@ static uint32_t tspi_init_crtm(void)
 			return VB2_ERROR_UNKNOWN;
 		}
 		cbfs_unmap(mapping);
-	} /* else: TODO: Add SoC specific measurement methods. */
+	} else {
+		/* Since none of the above conditions are met let the SOC code measure the
+		 * bootblock. This accomplishes for cases where the bootblock is treated
+		 * in a special way (e.g. part of IFWI or located in a different CBFS). */
+		if (tspi_soc_measure_bootblock(TPM_CRTM_PCR)) {
+			printk(BIOS_INFO,
+			       "TSPI: Couldn't measure bootblock into CRTM on SoC level!\n");
+			return VB2_ERROR_UNKNOWN;
+		}
+	}
 
 	return VB2_SUCCESS;
 }
diff --git a/src/security/tpm/tspi/crtm.h b/src/security/tpm/tspi/crtm.h
index c4d051d988..bd5bc5785d 100644
--- a/src/security/tpm/tspi/crtm.h
+++ b/src/security/tpm/tspi/crtm.h
@@ -28,4 +28,10 @@ int tspi_measure_cache_to_pcr(void);
  */
 uint32_t tspi_cbfs_measurement(const char *name, uint32_t type, const struct vb2_hash *hash);
 
+/*
+ * Provide a function on SoC level to measure the bootblock for cases where bootblock is
+ * neither in FMAP nor in CBFS (e.g. in IFWI).
+ */
+int tspi_soc_measure_bootblock(int pcr_index);
+
 #endif /* __SECURITY_TSPI_CRTM_H__ */