summaryrefslogtreecommitdiff
path: root/src/security/vboot/tpm_common.c
AgeCommit message (Collapse)Author
2020-09-21src/security: Drop unneeded empty linesElyes HAOUAS
Change-Id: Icb6057ac73fcc038981ef95a648420ac00b3c106 Signed-off-by: Elyes HAOUAS <ehaouas@noos.fr> Reviewed-on: https://review.coreboot.org/c/coreboot/+/44808 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
2020-05-11treewide: Remove "this file is part of" linesPatrick Georgi
Stefan thinks they don't add value. Command used: sed -i -e '/file is part of /d' $(git grep "file is part of " |egrep ":( */\*.*\*/\$|#|;#|-- | *\* )" | cut -d: -f1 |grep -v crossgcc |grep -v gcov | grep -v /elf.h |grep -v nvramtool) The exceptions are for: - crossgcc (patch file) - gcov (imported from gcc) - elf.h (imported from GNU's libc) - nvramtool (more complicated header) The removed lines are: - fmt.Fprintln(f, "/* This file is part of the coreboot project. */") -# This file is part of a set of unofficial pre-commit hooks available -/* This file is part of coreboot */ -# This file is part of msrtool. -/* This file is part of msrtool. */ - * This file is part of ncurses, designed to be appended after curses.h.in -/* This file is part of pgtblgen. */ - * This file is part of the coreboot project. - /* This file is part of the coreboot project. */ -# This file is part of the coreboot project. -# This file is part of the coreboot project. -## This file is part of the coreboot project. --- This file is part of the coreboot project. -/* This file is part of the coreboot project */ -/* This file is part of the coreboot project. */ -;## This file is part of the coreboot project. -# This file is part of the coreboot project. It originated in the - * This file is part of the coreinfo project. -## This file is part of the coreinfo project. - * This file is part of the depthcharge project. -/* This file is part of the depthcharge project. */ -/* This file is part of the ectool project. */ - * This file is part of the GNU C Library. - * This file is part of the libpayload project. -## This file is part of the libpayload project. -/* This file is part of the Linux kernel. */ -## This file is part of the superiotool project. -/* This file is part of the superiotool project */ -/* This file is part of uio_usbdebug */ Change-Id: I82d872b3b337388c93d5f5bf704e9ee9e53ab3a9 Signed-off-by: Patrick Georgi <pgeorgi@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/41194 Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2020-04-04src/security: Use SPDX for GPL-2.0-only filesAngel Pons
Done with sed and God Lines. Only done for C-like code for now. Change-Id: I51f5764b57fb8b62e3a4b3d41bd32e5330a2983c Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/40057 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
2019-09-21vboot: extend BOOT_MODE_PCR to SHA256 bank on TPM2Andrey Pronin
With the support of various algorithms and banks in tlcl_extend(), digest_algo parameter of tpm_extend_pcr() started defining the target PCR bank in TPM2 case. The OS expects coreboot to extend the SHA256 bank of BOOT_MODE_PCR. The value that the OS expects coreboot to extend into BOOT_MODE_PCR is the SHA1 digest of mode bits extended to the length of SHA256 digest by appending zero bytes. Thus the correct value for digest_algo passed into tpm_extend_pcr() for BOOT_MODE_PCR is TPM_ALG_SHA256. This didn't matter until adding the support for multiple digest introduced by patches like https://review.coreboot.org/c/coreboot/+/33252, as tlcl_extend always used SHA256 bank before. Change-Id: I834fec24023cd10344cc359117f00fc80c61b80c Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://review.coreboot.org/c/coreboot/+/35476 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-08-21vboot: update vboot2 functions to use new vb2_error_tJoel Kitching
To make explicit when vboot2 error codes should be returned, use the new vb2_error_t type on all functions which return VB2_ERROR_* constants. Additionally, add required vboot submodule commit id e6700f4c: 2019-07-31 14:12:30 +0800 - (vboot: update vboot2 functions to use new vb2_error_t) NOTE: This patch was merged separately on the Chromium tree: https://chromium-review.googlesource.com/c/1728499 BUG=b:124141368, chromium:988410 TEST=make clean && make test-abuild BRANCH=none Change-Id: I804c2b407e496d0c8eb9833be629b7c40118415c Signed-off-by: Joel Kitching <kitching@google.com> Cq-Depend: chromium:1728292 Reviewed-on: https://review.coreboot.org/c/coreboot/+/34860 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-08-06security/vboot: Add Support for Intel PTTChristian Walter
Add support for Intel PTT. For supporting Intel PTT we need to disable read and write access to the TPM NVRAM during the bootblock. TPM NVRAM will only be available once the DRAM is initialized. To circumvent this, we mock secdata if HAVE_INTEL_PTT is set. The underlying problem is, that the iTPM only supports a stripped down instruction set while the Intel ME is not fully booted up. Details can be found in Intel document number 571993 - Paragraph 2.10. Change-Id: I08c9a839f53f96506be5fb68f7c1ed5bf6692505 Signed-off-by: Christian Walter <christian.walter@9elements.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/34510 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com> Reviewed-by: Julius Werner <jwerner@chromium.org>