summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/arch/x86/car.ld4
-rw-r--r--src/include/memlayout.h6
-rw-r--r--src/include/symbols.h5
-rw-r--r--src/lib/cbfs.c14
-rw-r--r--src/mainboard/siemens/mc_apl1/variants/mc_apl2/Kconfig2
-rw-r--r--src/mainboard/siemens/mc_apl1/variants/mc_apl4/Kconfig2
-rw-r--r--src/mainboard/siemens/mc_apl1/variants/mc_apl5/Kconfig2
-rw-r--r--src/mainboard/siemens/mc_apl1/variants/mc_apl6/Kconfig2
-rw-r--r--src/security/tpm/Kconfig17
-rw-r--r--src/security/tpm/Makefile.inc45
-rw-r--r--src/security/tpm/tspi.h7
-rw-r--r--src/security/tpm/tspi/crtm.c (renamed from src/security/vboot/vboot_crtm.c)163
-rw-r--r--src/security/tpm/tspi/crtm.h (renamed from src/security/vboot/vboot_crtm.h)19
-rw-r--r--src/security/tpm/tspi/log.c12
-rw-r--r--src/security/tpm/tspi/tspi.c52
-rw-r--r--src/security/vboot/Kconfig16
-rw-r--r--src/security/vboot/Makefile.inc8
-rw-r--r--src/security/vboot/symbols.h2
-rw-r--r--src/security/vboot/vboot_logic.c16
-rw-r--r--src/soc/cavium/cn81xx/include/soc/memlayout.ld2
-rw-r--r--src/soc/mediatek/mt8173/include/soc/memlayout.ld2
-rw-r--r--src/soc/mediatek/mt8183/include/soc/memlayout.ld2
-rw-r--r--src/soc/nvidia/tegra124/include/soc/memlayout.ld2
-rw-r--r--src/soc/nvidia/tegra210/include/soc/memlayout.ld2
-rw-r--r--src/soc/samsung/exynos5250/include/soc/memlayout.ld2
25 files changed, 219 insertions, 187 deletions
diff --git a/src/arch/x86/car.ld b/src/arch/x86/car.ld
index 5e5493a355..92b26a0877 100644
--- a/src/arch/x86/car.ld
+++ b/src/arch/x86/car.ld
@@ -20,8 +20,8 @@
/* Vboot measured boot TCPA log measurements.
* Needs to be transferred until CBMEM is available
*/
-#if CONFIG(VBOOT_MEASURED_BOOT)
- VBOOT2_TPM_LOG(., 2K)
+#if CONFIG(TPM_MEASURED_BOOT)
+ TPM_TCPA_LOG(., 2K)
#endif
/* Stack for CAR stages. Since it persists across all stages that
* use CAR it can be reused. The chipset/SoC is expected to provide
diff --git a/src/include/memlayout.h b/src/include/memlayout.h
index 62c9f7b7aa..bf4b2c5323 100644
--- a/src/include/memlayout.h
+++ b/src/include/memlayout.h
@@ -159,9 +159,9 @@
STR(vboot2 work buffer size must be equivalent to \
VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE! (sz)));
-#define VBOOT2_TPM_LOG(addr, size) \
- REGION(vboot2_tpm_log, addr, size, 16) \
- _ = ASSERT(size >= 2K, "vboot2 tpm log buffer must be at least 2K!");
+#define TPM_TCPA_LOG(addr, size) \
+ REGION(tpm_tcpa_log, addr, size, 16) \
+ _ = ASSERT(size >= 2K, "tpm tcpa log buffer must be at least 2K!");
#if ENV_VERSTAGE
#define VERSTAGE(addr, sz) \
diff --git a/src/include/symbols.h b/src/include/symbols.h
index 94e4668ecb..e37405d4a1 100644
--- a/src/include/symbols.h
+++ b/src/include/symbols.h
@@ -34,8 +34,11 @@ DECLARE_REGION(preram_cbfs_cache)
DECLARE_REGION(postram_cbfs_cache)
DECLARE_REGION(cbfs_cache)
DECLARE_REGION(fmap_cache)
-DECLARE_REGION(payload)
+DECLARE_REGION(tpm_tcpa_log)
+
+/* Regions for execution units. */
+DECLARE_REGION(payload)
/* "program" always refers to the current execution unit. */
DECLARE_REGION(program)
/* _<stage>_size is always the maximum amount allocated in memlayout, whereas
diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c
index 4f0b443360..4392ab7ab0 100644
--- a/src/lib/cbfs.c
+++ b/src/lib/cbfs.c
@@ -13,19 +13,19 @@
*/
#include <assert.h>
-#include <console/console.h>
-#include <string.h>
-#include <stdlib.h>
#include <boot_device.h>
#include <cbfs.h>
#include <commonlib/bsd/compression.h>
+#include <console/console.h>
#include <endian.h>
+#include <fmap.h>
#include <lib.h>
+#include <security/tpm/tspi/crtm.h>
+#include <security/vboot/vboot_common.h>
+#include <stdlib.h>
+#include <string.h>
#include <symbols.h>
#include <timestamp.h>
-#include <fmap.h>
-#include <security/vboot/vboot_crtm.h>
-#include <security/vboot/vboot_common.h>
#define ERROR(x...) printk(BIOS_ERR, "CBFS: " x)
#define LOG(x...) printk(BIOS_INFO, "CBFS: " x)
@@ -60,7 +60,7 @@ int cbfs_boot_locate(struct cbfsf *fh, const char *name, uint32_t *type)
}
if (!ret)
- if (vboot_measure_cbfs_hook(fh, name))
+ if (tspi_measure_cbfs_hook(fh, name))
return -1;
return ret;
diff --git a/src/mainboard/siemens/mc_apl1/variants/mc_apl2/Kconfig b/src/mainboard/siemens/mc_apl1/variants/mc_apl2/Kconfig
index 6adf4e9c41..0f32907da2 100644
--- a/src/mainboard/siemens/mc_apl1/variants/mc_apl2/Kconfig
+++ b/src/mainboard/siemens/mc_apl1/variants/mc_apl2/Kconfig
@@ -9,12 +9,12 @@ config BOARD_SPECIFIC_OPTIONS
select MAINBOARD_HAS_TPM2
select MAINBOARD_HAS_LPC_TPM
select TPM_ON_FAST_SPI
+ select TPM_MEASURED_BOOT
config CBFS_SIZE
default 0xb4e000
config VBOOT
- select VBOOT_MEASURED_BOOT
select VBOOT_VBNV_FLASH
select VBOOT_NO_BOARD_SUPPORT
select GBB_FLAG_DISABLE_LID_SHUTDOWN
diff --git a/src/mainboard/siemens/mc_apl1/variants/mc_apl4/Kconfig b/src/mainboard/siemens/mc_apl1/variants/mc_apl4/Kconfig
index b10bdc846b..55fb4b16bb 100644
--- a/src/mainboard/siemens/mc_apl1/variants/mc_apl4/Kconfig
+++ b/src/mainboard/siemens/mc_apl1/variants/mc_apl4/Kconfig
@@ -9,6 +9,7 @@ config BOARD_SPECIFIC_OPTIONS
select MAINBOARD_HAS_LPC_TPM
select TPM_ON_FAST_SPI
select DRIVERS_I2C_PTN3460
+ select TPM_MEASURED_BOOT
config UART_FOR_CONSOLE
default 1
@@ -17,7 +18,6 @@ config CBFS_SIZE
default 0xb4e000
config VBOOT
- select VBOOT_MEASURED_BOOT
select VBOOT_VBNV_FLASH
select VBOOT_NO_BOARD_SUPPORT
select GBB_FLAG_DISABLE_LID_SHUTDOWN
diff --git a/src/mainboard/siemens/mc_apl1/variants/mc_apl5/Kconfig b/src/mainboard/siemens/mc_apl1/variants/mc_apl5/Kconfig
index e46a0de6f9..bd0b0d7162 100644
--- a/src/mainboard/siemens/mc_apl1/variants/mc_apl5/Kconfig
+++ b/src/mainboard/siemens/mc_apl1/variants/mc_apl5/Kconfig
@@ -12,12 +12,12 @@ config BOARD_SPECIFIC_OPTIONS
select MAINBOARD_HAS_LPC_TPM
select TPM_ON_FAST_SPI
select DRIVERS_I2C_PTN3460
+ select TPM_MEASURED_BOOT
config CBFS_SIZE
default 0xb4e000
config VBOOT
- select VBOOT_MEASURED_BOOT
select VBOOT_VBNV_FLASH
select VBOOT_NO_BOARD_SUPPORT
select GBB_FLAG_DISABLE_LID_SHUTDOWN
diff --git a/src/mainboard/siemens/mc_apl1/variants/mc_apl6/Kconfig b/src/mainboard/siemens/mc_apl1/variants/mc_apl6/Kconfig
index 864e808f17..852294a01d 100644
--- a/src/mainboard/siemens/mc_apl1/variants/mc_apl6/Kconfig
+++ b/src/mainboard/siemens/mc_apl1/variants/mc_apl6/Kconfig
@@ -11,9 +11,9 @@ config BOARD_SPECIFIC_OPTIONS
select MAINBOARD_HAS_TPM2
select MAINBOARD_HAS_LPC_TPM
select TPM_ON_FAST_SPI
+ select TPM_MEASURED_BOOT
config VBOOT
- select VBOOT_MEASURED_BOOT
select VBOOT_VBNV_FLASH
select VBOOT_NO_BOARD_SUPPORT
select GBB_FLAG_DISABLE_LID_SHUTDOWN
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 1766939c4c..d8652b2017 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -100,4 +100,21 @@ config TPM_STARTUP_IGNORE_POSTINIT
or VBOOT on the Intel Arrandale processor, which issues a
CPU-only reset during the romstage.
+config TPM_MEASURED_BOOT
+ bool "Enable Measured Boot"
+ default n
+ select VBOOT_LIB
+ depends on TPM1 || TPM2
+ depends on !VBOOT_RETURN_FROM_VERSTAGE
+ help
+ Enables measured boot (experimental)
+
+config TPM_MEASURED_BOOT_RUNTIME_DATA
+ string "Runtime data whitelist"
+ default ""
+ depends on TPM_MEASURED_BOOT
+ help
+ Runtime data whitelist of cbfs filenames. Needs to be a
+ comma separated list
+
endmenu # Trusted Platform Module (tpm)
diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc
index a2d32cff89..c36183dd9b 100644
--- a/src/security/tpm/Makefile.inc
+++ b/src/security/tpm/Makefile.inc
@@ -6,22 +6,17 @@ ifeq ($(CONFIG_TPM1),y)
ramstage-y += tss/tcg-1.2/tss.c
romstage-y += tss/tcg-1.2/tss.c
-
-verstage-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c
-postcar-$(CONFIG_VBOOT) += tss/tcg-1.2/tss.c
+bootblock-y += tss/tcg-1.2/tss.c
+verstage-y += tss/tcg-1.2/tss.c
+postcar-y += tss/tcg-1.2/tss.c
## TSPI
ramstage-y += tspi/tspi.c
romstage-y += tspi/tspi.c
-
-verstage-$(CONFIG_VBOOT) += tspi/tspi.c
-postcar-$(CONFIG_VBOOT) += tspi/tspi.c
-
-ramstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
-romstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
-verstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
-postcar-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
+bootblock-y += tspi/tspi.c
+verstage-y += tspi/tspi.c
+postcar-y += tspi/tspi.c
endif # CONFIG_TPM1
@@ -39,17 +34,31 @@ verstage-$(CONFIG_VBOOT) += tss/tcg-2.0/tss.c
postcar-y += tss/tcg-2.0/tss_marshaling.c
postcar-y += tss/tcg-2.0/tss.c
+bootblock-y += tss/tcg-2.0/tss_marshaling.c
+bootblock-y += tss/tcg-2.0/tss.c
+
## TSPI
ramstage-y += tspi/tspi.c
romstage-y += tspi/tspi.c
-
+bootblock-y += tspi/tspi.c
verstage-$(CONFIG_VBOOT) += tspi/tspi.c
-postcar-$(CONFIG_VBOOT) += tspi/tspi.c
-
-ramstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
-romstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
-verstage-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
-postcar-$(CONFIG_VBOOT_MEASURED_BOOT) += tspi/log.c
+postcar-y += tspi/tspi.c
endif # CONFIG_TPM2
+
+ifeq ($(CONFIG_TPM_MEASURED_BOOT),y)
+
+bootblock-y += tspi/crtm.c
+verstage-y += tspi/crtm.c
+romstage-y += tspi/crtm.c
+ramstage-y += tspi/crtm.c
+postcar-y += tspi/crtm.c
+
+ramstage-y += tspi/log.c
+romstage-y += tspi/log.c
+verstage-y += tspi/log.c
+postcar-y += tspi/log.c
+bootblock-y += tspi/log.c
+
+endif # CONFIG_TPM_MEASURED_BOOT
diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h
index 6854401d03..7ea90e280e 100644
--- a/src/security/tpm/tspi.h
+++ b/src/security/tpm/tspi.h
@@ -24,6 +24,12 @@
#define HASH_DATA_CHUNK_SIZE 1024
/**
+ * Get the pointer to the single instance of global
+ * tcpa log data, and initialize it when necessary
+ */
+struct tcpa_table *tcpa_log_init(void);
+
+/**
* Clears the pre-RAM tcpa log data and initializes
* any content with default values
*/
@@ -47,6 +53,7 @@ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
*/
void tcpa_log_dump(void *unused);
+
/**
* Ask vboot for a digest and extend a TPM PCR with it.
* @param pcr sets the pcr index
diff --git a/src/security/vboot/vboot_crtm.c b/src/security/tpm/tspi/crtm.c
index 40b56ed881..dc7d7d21f0 100644
--- a/src/security/vboot/vboot_crtm.c
+++ b/src/security/tpm/tspi/crtm.c
@@ -15,12 +15,11 @@
#include <console/console.h>
#include <fmap.h>
#include <cbfs.h>
-#include <security/vboot/vboot_crtm.h>
-#include <security/vboot/misc.h>
+#include "crtm.h"
#include <string.h>
/*
- * This functions sets the TCPA log namespace
+ * This function sets the TCPA log namespace
* for the cbfs file (region) lookup.
*/
static int create_tcpa_metadata(const struct region_device *rdev,
@@ -28,11 +27,12 @@ static int create_tcpa_metadata(const struct region_device *rdev,
{
int i;
struct region_device fmap;
- static const char *fmap_cbfs_names[] = {
- "COREBOOT",
- "FW_MAIN_A",
- "FW_MAIN_B",
- "RW_LEGACY"};
+ static const char *const fmap_cbfs_names[] = {
+ "COREBOOT",
+ "FW_MAIN_A",
+ "FW_MAIN_B",
+ "RW_LEGACY"
+ };
for (i = 0; i < ARRAY_SIZE(fmap_cbfs_names); i++) {
if (fmap_locate_area_as_rdev(fmap_cbfs_names[i], &fmap) == 0) {
@@ -49,17 +49,27 @@ static int create_tcpa_metadata(const struct region_device *rdev,
return -1;
}
-uint32_t vboot_init_crtm(void)
+static int tcpa_log_initialized;
+static inline int tcpa_log_available(void)
+{
+ if (ENV_BOOTBLOCK)
+ return tcpa_log_initialized;
+
+ return 1;
+}
+
+uint32_t tspi_init_crtm(void)
{
struct prog bootblock = PROG_INIT(PROG_BOOTBLOCK, "bootblock");
- struct prog verstage =
- PROG_INIT(PROG_VERSTAGE, CONFIG_CBFS_PREFIX "/verstage");
- struct prog romstage =
- PROG_INIT(PROG_ROMSTAGE, CONFIG_CBFS_PREFIX "/romstage");
- char tcpa_metadata[TCPA_PCR_HASH_NAME];
- /* Initialize TCPE PRERAM log. */
- tcpa_preram_log_clear();
+ /* Initialize TCPA PRERAM log. */
+ if (!tcpa_log_available()) {
+ tcpa_preram_log_clear();
+ tcpa_log_initialized = 1;
+ } else {
+ printk(BIOS_WARNING, "TSPI: CRTM already initialized!\n");
+ return VB2_SUCCESS;
+ }
/* measure bootblock from RO */
struct cbfsf bootblock_data;
@@ -71,66 +81,13 @@ uint32_t vboot_init_crtm(void)
return VB2_ERROR_UNKNOWN;
} else {
if (cbfs_boot_locate(&bootblock_data,
- prog_name(&bootblock), NULL) == 0) {
- cbfs_file_data(prog_rdev(&bootblock), &bootblock_data);
-
- if (create_tcpa_metadata(prog_rdev(&bootblock),
- prog_name(&bootblock), tcpa_metadata) < 0)
- return VB2_ERROR_UNKNOWN;
-
- if (tpm_measure_region(prog_rdev(&bootblock),
- TPM_CRTM_PCR,
- tcpa_metadata))
- return VB2_ERROR_UNKNOWN;
- } else {
- printk(BIOS_INFO,
- "VBOOT: Couldn't measure bootblock into CRTM!\n");
- return VB2_ERROR_UNKNOWN;
- }
- }
-
- if (CONFIG(VBOOT_STARTS_IN_ROMSTAGE)) {
- struct cbfsf romstage_data;
- /* measure romstage from RO */
- if (cbfs_boot_locate(&romstage_data,
- prog_name(&romstage), NULL) == 0) {
- cbfs_file_data(prog_rdev(&romstage), &romstage_data);
-
- if (create_tcpa_metadata(prog_rdev(&romstage),
- prog_name(&romstage), tcpa_metadata) < 0)
- return VB2_ERROR_UNKNOWN;
-
- if (tpm_measure_region(prog_rdev(&romstage),
- TPM_CRTM_PCR,
- tcpa_metadata))
- return VB2_ERROR_UNKNOWN;
- } else {
+ prog_name(&bootblock), NULL)) {
+ /*
+ * measurement is done in
+ * tspi_measure_cbfs_hook()
+ */
printk(BIOS_INFO,
- "VBOOT: Couldn't measure %s into CRTM!\n",
- CONFIG_CBFS_PREFIX "/romstage");
- return VB2_ERROR_UNKNOWN;
- }
- }
-
- if (CONFIG(VBOOT_SEPARATE_VERSTAGE)) {
- struct cbfsf verstage_data;
- /* measure verstage from RO */
- if (cbfs_boot_locate(&verstage_data,
- prog_name(&verstage), NULL) == 0) {
- cbfs_file_data(prog_rdev(&verstage), &verstage_data);
-
- if (create_tcpa_metadata(prog_rdev(&verstage),
- prog_name(&verstage), tcpa_metadata) < 0)
- return VB2_ERROR_UNKNOWN;
-
- if (tpm_measure_region(prog_rdev(&verstage),
- TPM_CRTM_PCR,
- tcpa_metadata))
- return VB2_ERROR_UNKNOWN;
- } else {
- printk(BIOS_INFO,
- "VBOOT: Couldn't measure %s into CRTM!\n",
- CONFIG_CBFS_PREFIX "/verstage");
+ "TSPI: Couldn't measure bootblock into CRTM!\n");
return VB2_ERROR_UNKNOWN;
}
}
@@ -140,8 +97,8 @@ uint32_t vboot_init_crtm(void)
static bool is_runtime_data(const char *name)
{
- const char *whitelist = CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA;
- size_t whitelist_len = sizeof(CONFIG_VBOOT_MEASURED_BOOT_RUNTIME_DATA) - 1;
+ const char *whitelist = CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA;
+ size_t whitelist_len = sizeof(CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA) - 1;
size_t name_len = strlen(name);
int i;
@@ -156,15 +113,21 @@ static bool is_runtime_data(const char *name)
return false;
}
-uint32_t vboot_measure_cbfs_hook(struct cbfsf *fh, const char *name)
+uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name)
{
uint32_t pcr_index;
uint32_t cbfs_type;
struct region_device rdev;
char tcpa_metadata[TCPA_PCR_HASH_NAME];
- if (!vboot_logic_executed())
- return 0;
+ if (!tcpa_log_available()) {
+ if (tspi_init_crtm() != VB2_SUCCESS) {
+ printk(BIOS_WARNING,
+ "Initializing CRTM failed!");
+ return 0;
+ }
+ printk(BIOS_DEBUG, "CRTM initialized.");
+ }
cbfsf_file_type(fh, &cbfs_type);
cbfs_file_data(&rdev, fh);
@@ -192,3 +155,43 @@ uint32_t vboot_measure_cbfs_hook(struct cbfsf *fh, const char *name)
return tpm_measure_region(&rdev, pcr_index, tcpa_metadata);
}
+
+int tspi_measure_cache_to_pcr(void)
+{
+ int i;
+ enum vb2_hash_algorithm hash_alg;
+ struct tcpa_table *tclt = tcpa_log_init();
+
+ if (!tclt) {
+ printk(BIOS_WARNING, "TCPA: Log non-existent!\n");
+ return VB2_ERROR_UNKNOWN;
+ }
+ if (CONFIG(TPM1)) {
+ hash_alg = VB2_HASH_SHA1;
+ } else { /* CONFIG_TPM2 */
+ hash_alg = VB2_HASH_SHA256;
+ }
+
+
+ printk(BIOS_DEBUG, "TPM: Write digests cached in TCPA log to PCR\n");
+ for (i = 0; i < tclt->num_entries; i++) {
+ struct tcpa_entry *tce = &tclt->entries[i];
+ if (tce) {
+ printk(BIOS_DEBUG, "TPM: Write digest for"
+ " %s into PCR %d\n",
+ tce->name, tce->pcr);
+ int result = tlcl_extend(tce->pcr,
+ tce->digest,
+ NULL);
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Writing digest"
+ " of %s into PCR failed with error"
+ " %d\n",
+ tce->name, result);
+ return VB2_ERROR_UNKNOWN;
+ }
+ }
+ }
+
+ return VB2_SUCCESS;
+}
diff --git a/src/security/vboot/vboot_crtm.h b/src/security/tpm/tspi/crtm.h
index ba3dd45abe..dfd91e1c0e 100644
--- a/src/security/vboot/vboot_crtm.h
+++ b/src/security/tpm/tspi/crtm.h
@@ -12,8 +12,8 @@
* GNU General Public License for more details.
*/
-#ifndef __SECURITY_VBOOT_CRTM_H__
-#define __SECURITY_VBOOT_CRTM_H__
+#ifndef __SECURITY_TSPI_CRTM_H__
+#define __SECURITY_TSPI_CRTM_H__
#include <commonlib/cbfs.h>
#include <program_loading.h>
@@ -43,18 +43,23 @@
* Takes the current vboot context as parameter for s3 checks.
* returns on success VB2_SUCCESS, else a vboot error.
*/
-uint32_t vboot_init_crtm(void);
+uint32_t tspi_init_crtm(void);
-#if CONFIG(VBOOT_MEASURED_BOOT)
+/**
+ * Measure digests cached in TCPA log entries into PCRs
+ */
+int tspi_measure_cache_to_pcr(void);
+
+#if CONFIG(TPM_MEASURED_BOOT)
/*
* Measures cbfs data via hook (cbfs)
* fh is the cbfs file handle to measure
* return 0 if successful, else an error
*/
-uint32_t vboot_measure_cbfs_hook(struct cbfsf *fh, const char *name);
+uint32_t tspi_measure_cbfs_hook(struct cbfsf *fh, const char *name);
#else
-#define vboot_measure_cbfs_hook(fh, name) 0
+#define tspi_measure_cbfs_hook(fh, name) 0
#endif
-#endif /* __VBOOT_VBOOT_CRTM_H__ */
+#endif /* __SECURITY_TSPI_CRTM_H__ */
diff --git a/src/security/tpm/tspi/log.c b/src/security/tpm/tspi/log.c
index 068d78da19..e43f74d069 100644
--- a/src/security/tpm/tspi/log.c
+++ b/src/security/tpm/tspi/log.c
@@ -16,7 +16,7 @@
#include <security/tpm/tspi.h>
#include <region_file.h>
#include <string.h>
-#include <security/vboot/symbols.h>
+#include <symbols.h>
#include <cbmem.h>
#include <bootstate.h>
#include <vb2_sha.h>
@@ -42,7 +42,7 @@ static struct tcpa_table *tcpa_cbmem_init(void)
return tclt;
}
-static struct tcpa_table *tcpa_log_init(void)
+struct tcpa_table *tcpa_log_init(void)
{
MAYBE_STATIC_BSS struct tcpa_table *tclt = NULL;
@@ -50,12 +50,12 @@ static struct tcpa_table *tcpa_log_init(void)
* If cbmem isn't available use CAR or SRAM */
if (!cbmem_possibly_online() &&
!CONFIG(VBOOT_RETURN_FROM_VERSTAGE))
- return (struct tcpa_table *)_vboot2_tpm_log;
+ return (struct tcpa_table *)_tpm_tcpa_log;
else if (ENV_ROMSTAGE &&
!CONFIG(VBOOT_RETURN_FROM_VERSTAGE)) {
tclt = tcpa_cbmem_init();
if (!tclt)
- return (struct tcpa_table *)_vboot2_tpm_log;
+ return (struct tcpa_table *)_tpm_tcpa_log;
} else {
tclt = tcpa_cbmem_init();
}
@@ -128,7 +128,7 @@ void tcpa_log_add_table_entry(const char *name, const uint32_t pcr,
void tcpa_preram_log_clear(void)
{
printk(BIOS_INFO, "TCPA: Clearing coreboot TCPA log\n");
- struct tcpa_table *tclt = (struct tcpa_table *)_vboot2_tpm_log;
+ struct tcpa_table *tclt = (struct tcpa_table *)_tpm_tcpa_log;
tclt->max_entries = MAX_TCPA_LOG_ENTRIES;
tclt->num_entries = 0;
}
@@ -136,7 +136,7 @@ void tcpa_preram_log_clear(void)
#if !CONFIG(VBOOT_RETURN_FROM_VERSTAGE)
static void recover_tcpa_log(int is_recovery)
{
- struct tcpa_table *preram_log = (struct tcpa_table *)_vboot2_tpm_log;
+ struct tcpa_table *preram_log = (struct tcpa_table *)_tpm_tcpa_log;
struct tcpa_table *ram_log = NULL;
int i;
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index 0095183ca2..4f0cc972a7 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -14,13 +14,14 @@
#include <console/cbmem_console.h>
#include <console/console.h>
+#include <security/tpm/tspi/crtm.h>
#include <security/tpm/tspi.h>
#include <security/tpm/tss.h>
-#if CONFIG(VBOOT)
+#include <assert.h>
+#include <security/vboot/misc.h>
+#include <string.h>
#include <vb2_api.h>
#include <vb2_sha.h>
-#include <assert.h>
-#endif
#if CONFIG(TPM1)
static uint32_t tpm1_invoke_state_machine(void)
@@ -100,6 +101,18 @@ static uint32_t tpm_setup_epilogue(uint32_t result)
return result;
}
+static int tpm_is_setup;
+static inline int tspi_tpm_is_setup(void)
+{
+ if (CONFIG(VBOOT))
+ return vboot_logic_executed() || tpm_is_setup;
+
+ if (ENV_RAMSTAGE)
+ return tpm_is_setup;
+
+ return 0;
+}
+
/*
* tpm_setup starts the TPM and establishes the root of trust for the
* anti-rollback mechanism. tpm_setup can fail for three reasons. 1 A bug.
@@ -170,7 +183,10 @@ uint32_t tpm_setup(int s3flag)
#if CONFIG(TPM1)
result = tpm1_invoke_state_machine();
#endif
+ if (CONFIG(TPM_MEASURED_BOOT))
+ result = tspi_measure_cache_to_pcr();
+ tpm_is_setup = 1;
return tpm_setup_epilogue(result);
}
@@ -210,18 +226,27 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
if (!digest)
return TPM_E_IOERROR;
- result = tlcl_extend(pcr, digest, NULL);
- if (result != TPM_SUCCESS)
- return result;
+ if (tspi_tpm_is_setup()) {
+ result = tlcl_lib_init();
+ if (result != TPM_SUCCESS) {
+ printk(BIOS_ERR, "TPM: Can't initialize library.\n");
+ return result;
+ }
+
+ printk(BIOS_DEBUG, "TPM: Extending digest for %s into PCR %d\n", name, pcr);
+ result = tlcl_extend(pcr, digest, NULL);
+ if (result != TPM_SUCCESS)
+ return result;
+ }
- if (CONFIG(VBOOT_MEASURED_BOOT))
+ if (CONFIG(TPM_MEASURED_BOOT))
tcpa_log_add_table_entry(name, pcr, digest_algo,
digest, digest_len);
return TPM_SUCCESS;
}
-#if CONFIG(VBOOT)
+#if CONFIG(VBOOT_LIB)
uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
const char *rname)
{
@@ -234,11 +259,7 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
if (!rdev || !rname)
return TPM_E_INVALID_ARG;
- result = tlcl_lib_init();
- if (result != TPM_SUCCESS) {
- printk(BIOS_ERR, "TPM: Can't initialize library.\n");
- return result;
- }
+
if (CONFIG(TPM1)) {
hash_alg = VB2_HASH_SHA1;
} else { /* CONFIG_TPM2 */
@@ -277,7 +298,8 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n");
return result;
}
- printk(BIOS_DEBUG, "TPM: Measured %s into PCR %d\n", rname, pcr);
+ printk(BIOS_DEBUG, "TPM: Digest of %s to PCR %d %s\n",
+ rname, pcr, tspi_tpm_is_setup() ? "measured" : "logged");
return TPM_SUCCESS;
}
-#endif /* VBOOT */
+#endif /* VBOOT_LIB */
diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 6e0021d58d..f273265054 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -35,22 +35,6 @@ if VBOOT
comment "Anti-Rollback Protection disabled because mocking secdata is enabled."
depends on VBOOT_MOCK_SECDATA
-config VBOOT_MEASURED_BOOT
- bool "Enable Measured Boot"
- default n
- depends on TPM1 || TPM2
- depends on !VBOOT_RETURN_FROM_VERSTAGE
- help
- Enables measured boot mode in vboot (experimental)
-
-config VBOOT_MEASURED_BOOT_RUNTIME_DATA
- string "Runtime data whitelist"
- default ""
- depends on VBOOT_MEASURED_BOOT
- help
- Runtime data whitelist of cbfs filenames. Needs to be a comma separated
- list
-
config VBOOT_SLOTS_RW_A
bool "Firmware RO + RW_A"
help
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index e7560dd911..d1cc2da807 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -105,14 +105,6 @@ romstage-y += vboot_common.c
ramstage-y += vboot_common.c
postcar-y += vboot_common.c
-ifeq ($(CONFIG_VBOOT_MEASURED_BOOT),y)
-bootblock-y += vboot_crtm.c
-verstage-y += vboot_crtm.c
-romstage-y += vboot_crtm.c
-ramstage-y += vboot_crtm.c
-postcar-y += vboot_crtm.c
-endif
-
bootblock-y += common.c
verstage-y += vboot_logic.c
verstage-y += common.c
diff --git a/src/security/vboot/symbols.h b/src/security/vboot/symbols.h
index 778c8ee949..8f6063efac 100644
--- a/src/security/vboot/symbols.h
+++ b/src/security/vboot/symbols.h
@@ -19,6 +19,4 @@
DECLARE_REGION(vboot2_work)
-DECLARE_REGION(vboot2_tpm_log)
-
#endif /* __VBOOT_SYMBOLS_H__ */
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index b72df9650b..80f7aaa86b 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -17,13 +17,13 @@
#include <bootmode.h>
#include <cbmem.h>
#include <fmap.h>
-#include <string.h>
-#include <timestamp.h>
-#include <vb2_api.h>
+#include <security/tpm/tspi/crtm.h>
#include <security/vboot/misc.h>
#include <security/vboot/vbnv.h>
-#include <security/vboot/vboot_crtm.h>
#include <security/vboot/tpm_common.h>
+#include <string.h>
+#include <timestamp.h>
+#include <vb2_api.h>
#include "antirollback.h"
@@ -283,14 +283,6 @@ void verstage_main(void)
antirollback_read_space_firmware(ctx);
timestamp_add_now(TS_END_TPMINIT);
- /* Enable measured boot mode */
- if (CONFIG(VBOOT_MEASURED_BOOT) &&
- !(ctx->flags & VB2_CONTEXT_S3_RESUME)) {
- if (vboot_init_crtm() != VB2_SUCCESS)
- die_with_post_code(POST_INVALID_ROM,
- "Initializing measured boot mode failed!");
- }
-
if (get_recovery_mode_switch()) {
ctx->flags |= VB2_CONTEXT_FORCE_RECOVERY_MODE;
if (CONFIG(VBOOT_DISABLE_DEV_ON_RECOVERY))
diff --git a/src/soc/cavium/cn81xx/include/soc/memlayout.ld b/src/soc/cavium/cn81xx/include/soc/memlayout.ld
index 74786693db..f3b044235f 100644
--- a/src/soc/cavium/cn81xx/include/soc/memlayout.ld
+++ b/src/soc/cavium/cn81xx/include/soc/memlayout.ld
@@ -34,7 +34,7 @@ SECTIONS
PRERAM_CBMEM_CONSOLE(BOOTROM_OFFSET + 0x8000, 8K)
BOOTBLOCK(BOOTROM_OFFSET + 0x20000, 64K)
VBOOT2_WORK(BOOTROM_OFFSET + 0x30000, 12K)
- VBOOT2_TPM_LOG(BOOTROM_OFFSET + 0x33000, 2K)
+ TPM_TCPA_LOG(BOOTROM_OFFSET + 0x33000, 2K)
VERSTAGE(BOOTROM_OFFSET + 0x33800, 50K)
ROMSTAGE(BOOTROM_OFFSET + 0x40000, 256K)
diff --git a/src/soc/mediatek/mt8173/include/soc/memlayout.ld b/src/soc/mediatek/mt8173/include/soc/memlayout.ld
index 89ee8f4e31..2a617b7567 100644
--- a/src/soc/mediatek/mt8173/include/soc/memlayout.ld
+++ b/src/soc/mediatek/mt8173/include/soc/memlayout.ld
@@ -38,7 +38,7 @@ SECTIONS
SRAM_START(0x00100000)
VBOOT2_WORK(0x00100000, 12K)
- VBOOT2_TPM_LOG(0x00103000, 2K)
+ TPM_TCPA_LOG(0x00103000, 2K)
FMAP_CACHE(0x00103800, 2K)
PRERAM_CBMEM_CONSOLE(0x00104000, 12K)
WATCHDOG_TOMBSTONE(0x00107000, 4)
diff --git a/src/soc/mediatek/mt8183/include/soc/memlayout.ld b/src/soc/mediatek/mt8183/include/soc/memlayout.ld
index 6e523d8e32..d2f9a060f8 100644
--- a/src/soc/mediatek/mt8183/include/soc/memlayout.ld
+++ b/src/soc/mediatek/mt8183/include/soc/memlayout.ld
@@ -30,7 +30,7 @@ SECTIONS
{
SRAM_START(0x00100000)
VBOOT2_WORK(0x00100000, 12K)
- VBOOT2_TPM_LOG(0x00103000, 2K)
+ TPM_TCPA_LOG(0x00103000, 2K)
FMAP_CACHE(0x00103800, 2K)
WATCHDOG_TOMBSTONE(0x00104000, 4)
PRERAM_CBMEM_CONSOLE(0x00104004, 63K - 4)
diff --git a/src/soc/nvidia/tegra124/include/soc/memlayout.ld b/src/soc/nvidia/tegra124/include/soc/memlayout.ld
index 0128a86048..adb47b1541 100644
--- a/src/soc/nvidia/tegra124/include/soc/memlayout.ld
+++ b/src/soc/nvidia/tegra124/include/soc/memlayout.ld
@@ -30,7 +30,7 @@ SECTIONS
FMAP_CACHE(0x40005800, 2K)
PRERAM_CBFS_CACHE(0x40006000, 14K)
VBOOT2_WORK(0x40009800, 12K)
- VBOOT2_TPM_LOG(0x4000D800, 2K)
+ TPM_TCPA_LOG(0x4000D800, 2K)
STACK(0x4000E000, 8K)
BOOTBLOCK(0x40010000, 30K)
VERSTAGE(0x40017800, 72K)
diff --git a/src/soc/nvidia/tegra210/include/soc/memlayout.ld b/src/soc/nvidia/tegra210/include/soc/memlayout.ld
index ff44591e94..fdd0e8811f 100644
--- a/src/soc/nvidia/tegra210/include/soc/memlayout.ld
+++ b/src/soc/nvidia/tegra210/include/soc/memlayout.ld
@@ -31,7 +31,7 @@ SECTIONS
FMAP_CACHE(0x40000800, 2K)
PRERAM_CBFS_CACHE(0x40001000, 28K)
VBOOT2_WORK(0x40008000, 12K)
- VBOOT2_TPM_LOG(0x4000B000, 2K)
+ TPM_TCPA_LOG(0x4000B000, 2K)
#if ENV_ARM64
STACK(0x4000B800, 3K)
#else /* AVP gets a separate stack to avoid any chance of handoff races. */
diff --git a/src/soc/samsung/exynos5250/include/soc/memlayout.ld b/src/soc/samsung/exynos5250/include/soc/memlayout.ld
index db637fff28..d117aac828 100644
--- a/src/soc/samsung/exynos5250/include/soc/memlayout.ld
+++ b/src/soc/samsung/exynos5250/include/soc/memlayout.ld
@@ -32,7 +32,7 @@ SECTIONS
TTB(0x2058000, 16K)
PRERAM_CBFS_CACHE(0x205C000, 76K)
FMAP_CACHE(0x206F000, 2K)
- VBOOT2_TPM_LOG(0x206F800, 2K)
+ TPM_TCPA_LOG(0x206F800, 2K)
VBOOT2_WORK(0x2070000, 12K)
STACK(0x2074000, 16K)
SRAM_END(0x2078000)