From c79e96b4eb310db9d44e36e2dff072c01469c380 Mon Sep 17 00:00:00 2001 From: Bill XIE Date: Thu, 22 Aug 2019 20:28:36 +0800 Subject: security/vboot: Decouple measured boot from verified boot Currently, those who want to use measured boot implemented within vboot should enable verified boot first, along with sections such as GBB and RW slots defined with manually written fmd files, even if they do not actually want to verify anything. As discussed in CB:34977, measured boot should be decoupled from verified boot and make them two fully independent options. Crypto routines necessary for measurement could be reused, and TPM and CRTM init should be done somewhere other than vboot_logic_executed() if verified boot is not enabled. In this revision, only TCPA log is initialized during bootblock. Before TPM gets set up, digests are not measured into tpm immediately, but cached in TCPA log, and measured into determined PCRs right after TPM is up. This change allows those who do not want to use the verified boot scheme implemented by vboot as well as its requirement of a more complex partition scheme designed for chromeos to make use of the measured boot functionality implemented within vboot library to measure the boot process. TODO: Measure MRC Cache somewhere, as MRC Cache has never resided in CBFS any more, so it cannot be covered by tspi_measure_cbfs_hook(). Change-Id: I1fb376b4a8b98baffaee4d574937797bba1f8aee Signed-off-by: Bill XIE Reviewed-on: https://review.coreboot.org/c/coreboot/+/35077 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese Reviewed-by: Julius Werner Reviewed-by: Werner Zeh --- src/include/memlayout.h | 6 +++--- src/include/symbols.h | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'src/include') diff --git a/src/include/memlayout.h b/src/include/memlayout.h index 62c9f7b7aa..bf4b2c5323 100644 --- a/src/include/memlayout.h +++ b/src/include/memlayout.h @@ -159,9 +159,9 @@ STR(vboot2 work buffer size must be equivalent to \ VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE! (sz))); -#define VBOOT2_TPM_LOG(addr, size) \ - REGION(vboot2_tpm_log, addr, size, 16) \ - _ = ASSERT(size >= 2K, "vboot2 tpm log buffer must be at least 2K!"); +#define TPM_TCPA_LOG(addr, size) \ + REGION(tpm_tcpa_log, addr, size, 16) \ + _ = ASSERT(size >= 2K, "tpm tcpa log buffer must be at least 2K!"); #if ENV_VERSTAGE #define VERSTAGE(addr, sz) \ diff --git a/src/include/symbols.h b/src/include/symbols.h index 94e4668ecb..e37405d4a1 100644 --- a/src/include/symbols.h +++ b/src/include/symbols.h @@ -34,8 +34,11 @@ DECLARE_REGION(preram_cbfs_cache) DECLARE_REGION(postram_cbfs_cache) DECLARE_REGION(cbfs_cache) DECLARE_REGION(fmap_cache) -DECLARE_REGION(payload) +DECLARE_REGION(tpm_tcpa_log) + +/* Regions for execution units. */ +DECLARE_REGION(payload) /* "program" always refers to the current execution unit. */ DECLARE_REGION(program) /* __size is always the maximum amount allocated in memlayout, whereas -- cgit v1.2.3