| Age | Commit message (Collapse) | Author |
|---|
|
The macro ENV_HAS_CBMEM achieves the same as this inline function.
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Change-Id: I6d65ca51c863abe2106f794398ddd7d7d9ac4b5e
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77166
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Jakub Czapiga <czapiga@google.com>
|
|
Convert TPM functions to return TPM error codes(referred to as
tpm_result_t) values to match the TCG standard.
BUG=b:296439237
TEST=build and boot to Skyrim
BRANCH=None
Change-Id: Ifdf9ff6c2a1f9b938dbb04d245799391115eb6b1
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77666
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Matt DeVillier <matt.devillier@amd.corp-partner.google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Make naming convention consistent across all functions return values.
BUG=b:296439237
TEST=Boot to OS on Skyrim
BRANCH=None
Change-Id: If86805b39048800276ab90b7687644ec2a0d4bee
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77536
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
|
|
At this moment, only GBB flags are moved from PCR-0 to PCR-1 when
vboot-compatibility is not enabled.
Change-Id: Ib3a192d902072f6f8d415c2952a36522b5bf09f9
Ticket: https://ticket.coreboot.org/issues/424
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68750
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michał Żygowski <michal.zygowski@3mdeb.com>
|
|
Change-Id: I3013bd5f29f1412fbe646dc74d8946704b750a66
Ticket: https://ticket.coreboot.org/issues/423
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69445
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
TCPA usually refers to log described by TPM 1.2 specification.
Change-Id: I896bd94f18b34d6c4b280f58b011d704df3d4022
Ticket: https://ticket.coreboot.org/issues/423
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69444
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Until now tcg-2.0/tss.c was just assuming certain buffer size and
hash algorithm. Change it to accept digest type, which the call sites
know.
Also drop `uint8_t *out_digest` parameter which was always `NULL`
and was handled only by tcg-1.2 code.
Change-Id: I944302b502e3424c5041b17c713a867b0fc535c4
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/68745
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Frans Hendriks <fhendriks@eltan.com>
|
|
There are too many "FIT" in firmware land. In order to reduce possible
confusion of CBFS_TYPE_FIT with the Intel Firmware Interface Table, this
patch renames it to CBFS_TYPE_FIT_PAYLOAD (including the cbfstool
argument, so calling scripts will now need to replace `-t fit` with `-t
fit_payload`).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I826cefce54ade06c6612c8a7bb53e02092e7b11a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64735
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Yu-Ping Wu <yupingso@google.com>
|
|
On platforms where the bootblock is not included in CBFS anymore
(because it is part of another firmware section (IFWI or a different
CBFS), the CRTM measurement fails.
This patch adds a new function to provide a way at SoC level to measure
the bootblock. Following patches will add functionality to retrieve the
bootblock from the SoC related location and measure it from there.
In this way the really executed code will be measured.
Change-Id: I6d0da1e95a9588eb5228f63151bb04bfccfcf04b
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64492
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
All non x86 platforms use bootblock in FMAP (see Makefile.inc). Add a
build time check for that so that all the other possibilities (CBFS or
other places for the bootblock) are dropped at build time.
Change-Id: Ic18336a0b79b5d319c2cdfecb7e1eeb89d241206
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64520
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
|
|
On some platforms the bootblock is not placed in cbfs, but embedded
inside another binary that loads in into DRAM/SRAM.
e8217b11f1 (Kconfig: Add an option to skip adding a cbfs bootblock on
x86) removed adding a cbfs file containing the bootblock in that case.
Change-Id: Id47ecedbc8713ebd5d9814f1c4faf43c52780447
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Werner Zeh <werner.zeh@siemens.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/64418
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: I3c97cb57fe13adee217783973691748d6c542abe
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/63070
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
This patch moves the CBFS file measurement when CONFIG_TPM_MEASURED_BOOT
is enabled from the lookup step into the code where a file is actually
loaded or mapped from flash. This has the advantage that CBFS routines
which just look up a file to inspect its metadata (e.g. cbfs_get_size())
do not cause the file to be measured twice. It also removes the existing
inefficiency that files are loaded twice when measurement is enabled
(once to measure and then again when they are used). When CBFS
verification is enabled and uses the same hash algorithm as the TPM, we
are even able to only hash the file a single time and use the result for
both purposes.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I70d7066c6768195077f083c7ffdfa30d9182b2b7
Reviewed-on: https://review.coreboot.org/c/coreboot/+/59681
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
|
|
If the early crtm is not initialised there is nothing to write to PCR
in the early tpm init.
Change-Id: I9fa05f04588321163afc817de29c03bd426fc1f0
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55470
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
This is only called locally.
Change-Id: Ie3eaf659a2868eee1d4688885495c413f94f42e2
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55469
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Johnny Lin <Johnny_Lin@wiwynn.com>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Christian Walter <christian.walter@9elements.com>
|
|
TPM_RUNTIME_DATA_PCR is for "for measuring data which changes during
runtime e.g. CMOS, NVRAM..." according to comments. FMAP does not
change during runtime.
Change-Id: I23e61a2dc25cd1c1343fb438febaf8771d1c0621
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52968
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
FMAP is used to look up cbfs files or other FMAP regions so it should
be measured too.
TESTED: on qemu q35 with swtpm
Change-Id: Ic424a094e7f790cce45c5a98b8bc6d46a8dcca1b
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52753
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
|
|
cbfs_boot_locate() is supposed to be deprecated eventually, after slowly
migrating all APIs to bypass it. That means common features (like
RO-fallback or measurement) need to be moved to the new
cbfs_boot_lookup().
Also export the function externally. Since it is a low-level API and
most code should use the higher-level loading or mapping functions
instead, put it into a new <cbfs_private.h> to raise the mental barrier
for using this API (this will make more sense once cbfs_boot_locate() is
removed from <cbfs.h>).
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I4bc9b7cbc42a4211d806a3e3389abab7f589a25a
Reviewed-on: https://review.coreboot.org/c/coreboot/+/39327
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
|
|
Add line break at debug messages.
Tested on Facebook FBG1701
Change-Id: Idbfcd6ce7139efcb79e2980b366937e9fdcb3a4e
Signed-off-by: Frans Hendriks <fhendriks@eltan.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/46659
Reviewed-by: Christian Walter <christian.walter@9elements.com>
Reviewed-by: Wim Vervoorn <wvervoorn@eltan.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Change-Id: Icb6057ac73fcc038981ef95a648420ac00b3c106
Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44808
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
|
|
Change the name of these variables to 'allowlist'.
Change-Id: I9d5553988a1c9972b8f1ebaeee20878b23a8aa9b
Signed-off-by: Duncan Laurie <dlaurie@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42316
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
The current implementation uses strcmp() without splitting the list
and therefore returns false even when the string pointed to by
'name' is a part of 'whitelist'. The patch fixes this problem.
Also, update help text of CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA to
space delimited list to align it with the other lists we use.
Change-Id: Ifd285162ea6e562a5bb18325a1b767ac2e4276f3
Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41280
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
|
Stefan thinks they don't add value.
Command used:
sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool)
The exceptions are for:
- crossgcc (patch file)
- gcov (imported from gcc)
- elf.h (imported from GNU's libc)
- nvramtool (more complicated header)
The removed lines are:
- fmt.Fprintln(f, "/* This file is part of the coreboot project. */")
-# This file is part of a set of unofficial pre-commit hooks available
-/* This file is part of coreboot */
-# This file is part of msrtool.
-/* This file is part of msrtool. */
- * This file is part of ncurses, designed to be appended after curses.h.in
-/* This file is part of pgtblgen. */
- * This file is part of the coreboot project.
- /* This file is part of the coreboot project. */
-# This file is part of the coreboot project.
-# This file is part of the coreboot project.
-## This file is part of the coreboot project.
--- This file is part of the coreboot project.
-/* This file is part of the coreboot project */
-/* This file is part of the coreboot project. */
-;## This file is part of the coreboot project.
-# This file is part of the coreboot project. It originated in the
- * This file is part of the coreinfo project.
-## This file is part of the coreinfo project.
- * This file is part of the depthcharge project.
-/* This file is part of the depthcharge project. */
-/* This file is part of the ectool project. */
- * This file is part of the GNU C Library.
- * This file is part of the libpayload project.
-## This file is part of the libpayload project.
-/* This file is part of the Linux kernel. */
-## This file is part of the superiotool project.
-/* This file is part of the superiotool project */
-/* This file is part of uio_usbdebug */
Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Done with sed and God Lines. Only done for C-like code for now.
Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
|
|
mrc.bin, on platforms where it is present, is code executed on CPU, so
it should be considered a part of CRTM.
cbfs_locate_file_in_region() is hooked to measurement here too, since
mrc.bin is loaded with it, and CBFS_TYPE_MRC (the type of mrc.bin) is
measured to TPM_CRTM_PCR rather than TPM_RUNTIME_DATA_PCR.
TODO: I have heard that SMM is too resource-limited to link with vboot
library, so currently tspi_measure_cbfs_hook() is masked in SMM.
Please correct me if I am wrong.
Change-Id: Ib4c3cf47b919864056baf725001ca8a4aaafa110
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38858
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
Currently, those who want to use measured boot implemented within
vboot should enable verified boot first, along with sections such
as GBB and RW slots defined with manually written fmd files, even
if they do not actually want to verify anything.
As discussed in CB:34977, measured boot should be decoupled from
verified boot and make them two fully independent options. Crypto
routines necessary for measurement could be reused, and TPM and CRTM
init should be done somewhere other than vboot_logic_executed() if
verified boot is not enabled.
In this revision, only TCPA log is initialized during bootblock.
Before TPM gets set up, digests are not measured into tpm immediately,
but cached in TCPA log, and measured into determined PCRs right after
TPM is up.
This change allows those who do not want to use the verified boot
scheme implemented by vboot as well as its requirement of a more
complex partition scheme designed for chromeos to make use of the
measured boot functionality implemented within vboot library to
measure the boot process.
TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in
CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook().
Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee
Signed-off-by: Bill XIE <persmule@hardenedlinux.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
|
